Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Using a Cisco 1941/K9 configured "Router-on-a-Stick" down to a Cisco 2960 Switch with 11 VLANs

Using a Cisco 1941/K9 configured "Router-on-a-Stick" down to a Cisco 2960 Switch with 11 VLANs. I can ping from each VLAN to its Gateway in the Router and I can ping a device in each VLAN from the Router. There are some devices in some VLANs that I consistently ping but they cannot ping me back. There are devices in VLANs that can ping me but I cannot pink them back. There are some devices that I can Ping and they can ping me too.

 

THE ROUTER CONFIGURATION:

show run
Building configuration...

Current configuration : 7224 bytes
!
! Last configuration change at 09:05:48 EDT Wed Aug 6 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone EDT -8 0
!
ip cef
!
!
!
!
!
!
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9
!
!
object-group network Net_Obj_Group1 
 description This network group allows all 10.0.0.0 and Email Forwarder server through to the Plt PCs
 205.191.0.0 255.255.0.0
 10.0.0.0 255.0.0.0
!
object-group network Net_Obj_Group2 
 description This Network Group includes the Host IPs allowed through the Plant Router
 host 10.194.28.23
 host 10.194.28.25
 host 10.194.28.26
 host 10.194.28.27
 host 10.194.28.28
 host 10.194.28.29
 host 10.194.28.37
 host 10.194.28.39
 host 10.194.28.40
 host 10.194.28.70
 host 10.194.28.130
 host 10.194.28.131
 host 10.194.28.132
 host 10.194.28.133
 host 10.194.28.134
 host 10.194.28.135
 host 10.194.28.136
 host 10.194.28.137
 host 10.194.28.138
 host 10.194.28.139
 host 10.194.28.140
 host 10.194.28.141
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description Port Ge0/0 to IT Enterprise network Switch GE1/0/38
 ip address 10.194.28.111 255.255.255.0
 ip access-group 105 in
 ip access-group 106 out
 ip nat outside
 ip virtual-reassembly in
 shutdown
 duplex full
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 description Port to Plant PCN-K/L24 Sw1 Port 0/24
 no ip address
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1.102
 description Port to VLAN 102
 encapsulation dot1Q 102
 ip address 192.168.102.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.104
 description Port to VLAN 104
 encapsulation dot1Q 104
 ip address 192.168.104.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.105
 description Port to VLAN 105
 encapsulation dot1Q 105
 ip address 192.168.105.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.106
 description Port to VLAN 106
 encapsulation dot1Q 106
 ip address 192.168.106.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.107
 description Port to VLAN 107
 encapsulation dot1Q 107
 ip address 192.168.107.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.111
 description Port to VLAN 111
 encapsulation dot1Q 111
 ip address 192.168.111.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.117
 description Port to VLAN 117
 encapsulation dot1Q 117
 ip address 192.168.117.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.121
 description Port to VLAN 121
 encapsulation dot1Q 121
 ip address 192.168.121.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.125
 description Port to VLAN 125
 encapsulation dot1Q 125
 ip address 192.168.125.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.150
 description Port to to VLAN 150
 encapsulation dot1Q 150
 ip address 192.168.150.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.999
 description Port to VLAN 999
 encapsulation dot1Q 999
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source static 192.168.102.201 10.194.28.23
ip nat inside source static 192.168.121.201 10.194.28.25
ip nat inside source static 192.168.106.251 10.194.28.26
ip nat inside source static 192.168.107.245 10.194.28.27
ip nat inside source static 192.168.102.251 10.194.28.28
ip nat inside source static 192.168.150.201 10.194.28.29
ip nat inside source static 192.168.107.179 10.194.28.37
ip nat inside source static 192.168.111.201 10.194.28.39
ip nat inside source static 192.168.105.201 10.194.28.40
ip nat inside source static 192.168.106.21 10.194.28.70
ip nat inside source static 192.168.107.146 10.194.28.130
ip nat inside source static 192.168.107.156 10.194.28.131
ip nat inside source static 192.168.107.161 10.194.28.132
ip nat inside source static 192.168.107.181 10.194.28.133
ip nat inside source static 192.168.107.191 10.194.28.134
ip nat inside source static 192.168.106.202 10.194.28.135
ip nat inside source static 192.168.106.212 10.194.28.136
ip nat inside source static 192.168.117.190 10.194.28.137
ip nat inside source static 192.168.117.100 10.194.28.138
ip nat inside source static 192.168.106.242 10.194.28.139
ip nat inside source static 192.168.125.100 10.194.28.140
ip nat inside source static 192.168.125.99 10.194.28.141
ip nat outside source static 10.194.28.23 10.194.28.23
ip nat outside source static 10.194.28.25 10.194.28.25
ip nat outside source static 10.194.28.26 10.194.28.26
ip nat outside source static 10.194.28.27 10.194.28.27
ip nat outside source static 10.194.28.28 10.194.28.28
ip nat outside source static 10.194.28.29 10.194.28.29
ip nat outside source static 10.194.28.37 10.194.28.37
ip nat outside source static 10.194.28.39 10.194.28.39
ip nat outside source static 10.194.28.40 10.194.28.40
ip nat outside source static 10.194.28.70 10.194.28.70
ip nat outside source static 10.194.28.130 10.194.28.130
ip nat outside source static 10.194.28.131 10.194.28.131
ip nat outside source static 10.194.28.132 10.194.28.132
ip nat outside source static 10.194.28.133 10.194.28.133
ip nat outside source static 10.194.28.134 10.194.28.134
ip nat outside source static 10.194.28.135 10.194.28.135
ip nat outside source static 10.194.28.136 10.194.28.136
ip nat outside source static 10.194.28.137 10.194.28.137
ip nat outside source static 10.194.28.138 10.194.28.138
ip nat outside source static 10.194.28.139 10.194.28.139
ip nat outside source static 10.194.28.140 10.194.28.140
ip nat outside source static 10.194.28.141 10.194.28.141
ip route 0.0.0.0 0.0.0.0 10.194.28.1
!
access-list 105 permit ip object-group Net_Obj_Group1 object-group Net_Obj_Group2
access-list 106 permit ip object-group Net_Obj_Group2 object-group Net_Obj_Group1
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
banner login ^CC
Login banner for Plant Router #01^C
banner motd ^CC
MOTD Banner for Plant Router^C
!
line con 0
 password XXXXXXXXX
 logging synchronous
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password XXXXXXXXX
 logging synchronous
 login
 transport input all
!
scheduler allocate 20000 1000
ntp server 10.199.100.92
!
end

 

 

THE SWITCH CONFIGURATION:

sh ru
Building configuration...

Current configuration : 6513 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname K24Sw01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
!
!
udld aggressive

!
!
crypto pki trustpoint TP-self-signed-593746944
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-593746944
 revocation-check none
 rsakeypair TP-self-signed-593746944
!
!
  4B58BCE9 44
  quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet0/1
 description Trunk port for vlans 105, 111, 125 and 999 from K24Sw01 port Ge0/1 to P22Sw01 port Ge0/24
 switchport trunk allowed vlan 105,111,125,999
 switchport mode trunk
!
interface GigabitEthernet0/2
 description Trunk port for vlans 150 and 999 from K24Sw01 port Ge0/2 to N25Sw01 port Ge0/26
 switchport trunk allowed vlan 150,999
 switchport mode trunk
!
interface GigabitEthernet0/3
 description Trunk port for vlans 102, 104, 106, 107, 117 and 999 from K24Sw01 port Ge0/3 to K28Sw01 port Ge0/26
 switchport trunk allowed vlan 102,104,106,107,117,999
 switchport mode trunk
!
interface GigabitEthernet0/4
 description Trunk port for vlans 102, 106, 107 and 999 from K24Sw01 port Ge0/4 to H23Sw01 port Ge0/26
 switchport trunk allowed vlan 102,106,107,999
 switchport mode trunk
!
interface GigabitEthernet0/5
 description Trunk port for vlans 121, 125 and 999 from K24Sw01 port Ge0/5 to M21Sw01 port Ge0/24
 switchport trunk allowed vlan 121,125,999
 switchport mode trunk
!
interface GigabitEthernet0/6
 description OPEN
 spanning-tree portfast
!
interface GigabitEthernet0/7
 description OPEN
 spanning-tree portfast
!
interface GigabitEthernet0/8
 description OPEN
 spanning-tree portfast
!
interface GigabitEthernet0/9
 description OPEN
 spanning-tree portfast
!
interface GigabitEthernet0/10
 description VLan 102 access port
 switchport access vlan 102
 spanning-tree portfast
!
interface GigabitEthernet0/11
 description - VLan 104 access port
 switchport access vlan 104
 spanning-tree portfast
!
interface GigabitEthernet0/12
 description - VLan 105 access port
 switchport access vlan 105
 spanning-tree portfast
!
interface GigabitEthernet0/13
 description - VLan 106 access port
 switchport access vlan 106
 spanning-tree portfast
!
interface GigabitEthernet0/14
 description - VLan 107 access port
 switchport access vlan 107
 spanning-tree portfast
!
interface GigabitEthernet0/15
 description - VLan 111 access port
 switchport access vlan 111
 spanning-tree portfast
!
interface GigabitEthernet0/16
 description - VLan 117 access port
 switchport access vlan 117
 spanning-tree portfast
!
interface GigabitEthernet0/17
 description - VLan 121 access port
 switchport access vlan 121
 spanning-tree portfast
!
interface GigabitEthernet0/18
 description - VLan 125 access port
 switchport access vlan 125
 spanning-tree portfast
!
interface GigabitEthernet0/19
 description - VLan 150 access port
 switchport access vlan 150
 spanning-tree portfast
!
interface GigabitEthernet0/20
 description - VLan 999 access port
 switchport access vlan 999
 spanning-tree portfast
!
interface GigabitEthernet0/21
 description OPEN
 spanning-tree portfast
!
interface GigabitEthernet0/22
 description OPEN
 spanning-tree portfast
!
interface GigabitEthernet0/23
 description OPEN
 spanning-tree portfast
!
interface GigabitEthernet0/24
 description From ROUTER Gw ge0/1
 switchport trunk allowed vlan 102,104-107,111,117,121,125,150,999
 switchport mode trunk
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan102
 ip address 192.168.102.253 255.255.255.0
!
interface Vlan104
 no ip address
 no ip route-cache
!
interface Vlan105
 no ip address
 no ip route-cache
!
interface Vlan106
 no ip address
 no ip route-cache
!
interface Vlan107
 no ip address
 no ip route-cache
!
interface Vlan111
 no ip address
 no ip route-cache
!
interface Vlan117
 no ip address
 no ip route-cache
!
interface Vlan121
 no ip address
 no ip route-cache
!
interface Vlan125
 no ip address
 no ip route-cache
!
interface Vlan150
 no ip address
 no ip route-cache
!
interface Vlan999
 no ip address
 no ip route-cache
!
ip default-gateway 192.168.102.1
ip http server
ip http secure-server
snmp-server engineID local 00000009020000019634C2C0
snmp-server community public RO
snmp-server location 
snmp-server contact 
banner motd ^CCC ADMIN USE ONLY! ^C
!
line con 0
 session-timeout 10 
 password xxxxxx
 logging synchronous
 login
 stopbits 1
line vty 0 4
 session-timeout 10 
 password xxxxxxx
 login
line vty 5 15
 session-timeout 10 
 password xxxxxxxx
 login
!

ntp server 10.199.100.92
end

K24Sw01#

 

Cisco 1941/K9 Router-on-a-Stick Cisco 2960 VLAN NAT PING

5 REPLIES
New Member

May you please tell us which

May you please tell us which devices are displaying which behavior?

New Member

This discussion has been

This discussion has been reposted from Additional Communities to the LAN, Switching and Routing community.

New Member

Also, this could be ARP

Also, this could be ARP-related, so check your host's ARP tables ... Do you see incomplete ARPs in the cache?

Dennis

New Member

Hi Tom,from a quick glimpse,

Hi Tom,

from a quick glimpse, your config seems good. As only 3 testing hosts are affected (according to your schematic), did you already verify that your issue is not at the host side, i.e. missing default gateways or desktop firewalls blocking ICMP (could be default behaviour in some operating systems)? What OS do your hosts use?

 

Cheers,

Dennis

New Member

Just curious, Why don't you

Just curious, Why don't you enable interVLAN routing on your 2960S?

 

678
Views
0
Helpful
5
Replies
CreatePlease login to create content