Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Why can't i ping secondary from LAN but I can from WAN

Tryin to set up a new network in the current LAN..using secondary IP address..currently using glbp

so would be the GW of the device in it.

From the WAN i can hit the gw ip addres and the real ip address on g0/0...but from the directly connected switch on g0/0 i can not.

interface GigabitEthernet0/0
ip address secondary
ip address secondary
ip address
duplex auto
speed auto
media-type rj45
glbp 1 ip
glbp 1 ip secondary
glbp 1 weighting track 1 decrement 100

router1#sh cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
switch1       Gig 0/0            148        R S I      WS-C4006  Fas 2/1

swtich1# sh cdp neigh det

Device ID: XR1.IAD1
Entry address(es):
  IP address:
  IP address:
  IP address: network
Platform: Cisco 3845,  Capabilities: Router Switch IGMP
Interface: FastEthernet2/1,  Port ID (outgoing port): GigabitEthernet0/0

switch1#sh run int fastethernet 2/1

interface FastEthernet2/1
switchport access vlan 119
qos trust dscp

so it looks like the switchport on the switch is configured as an accessport which is connected to the router..

is there any way to make this work without creating subinterfaces on the router gig port and trunking on the switch?


Re: Why can't i ping secondary from LAN but I can from WAN


You have a switch (4006) connected to Gig0/0 of the router 3845 correct?

From that switch you can PING the real IP of the Gig0/0 ( but not the secondary IP ( correct?

I would think that is because the 4006 does not have an IP from the 172.20.255.x subnet?

If you check the IP routing table of the 4006, which is the next-hop to reach 172.20.255.x?


New Member

Re: Why can't i ping secondary from LAN but I can from WAN

swtich1#sh ip int br

Interface              IP-Address      OK? Method Status                Protoco

Vlan1                  unassigned      YES manual up                    up

Vlan119       YES manual up                    up

Vlan172         YES manual up                    up

GigabitEthernet1/1     unassigned      YES unset  up                    up

you are correct about being able to ping 119.246..and not the or .18

as you can see..i do have an interface configured on that network

I looked at another router/switch on our network

and i noticed in that worknig situation...the gig interface on the switch is not configured for any vlan

however in that sitatution there are not vlans configured, everything is on vlan 1

Re: Why can't i ping secondary from LAN but I can from WAN

The connection from the 4006 to the Gig0/0 of the 3845 is an access port on VLAN 119
The interface VLAN on 4006 that has an IP of 172.20.255.x is part of VLAN 172

I would have this scenario working with trunk on the switch and subinterfaces on the router
(why don't you want this setup)?

In terms of routing, if you do a ''sh ip route'' on the 4006, do you get a directly connected entry for
172.20.255.x through port Fas2/1?


Re: Why can't i ping secondary from LAN but I can from WAN

This is what I think is happening (I may be wrong ;-))

At Layer2, Switch 4006 Fas2/1 is directly connected to Router 3845 Gig0/0
When you try to PING from the 4006 to, the 4006 sends an ARP for, it will send that ARP in its broadcast domain
(VLAN 172 which is where the SVI for 172.20.255.x resides)

This broadcast is not going to be propagated out Fas2/1 (since Fas2/1 is an access port on VLAN 119)

So, if you check the ARP table on 4006, you will not get an entry for
This is why you don't get a PING to that IP from the switch.


New Member

Re: Why can't i ping secondary from LAN but I can from WAN

when i do a show ip route

Gateway of last resort is not set is subnetted, 1 subnets
C is directly connected, Vlan172
C is directly connected, Vlan119

however when i remove the ip address from int vlan 172 on the 4006

i only get

Gateway of last resort is not set

C is directly connected, Vlan119

im not sure why i would need an interface vlan configured with an IP address on it.....we have many

situation where there are no IP addresses associated with a vlan on a layer 2 switch

in any event...the gw is unpingable with or without an ip address on vlan 172

Re: Why can't i ping secondary from LAN but I can from WAN

If you change Fas2/1 on the 4006 to be an access port on VLAN 172, you can then PING  172.20.255.x from the 4006 correct?

I think that the problem is that the only connection between 4006 and 3845 is a single physical interface Fast2/1 (which is an access port on VLAN 119)

If you configure Fas2/1 to a trunk port or access port on VLAN 172 (just to do the test), can you then PING the 172.20.255.x?