02-21-2007 01:57 PM - edited 03-05-2019 02:30 PM
I have 2 vlans on a 2960 switch. I also have the encapsulation on the 2851 router. I am able to ping the other WAN site from the router but not the 2960 switch even if I source the pings from a vlan. Does anybody know why this is happening?
02-21-2007 02:01 PM
will you please post the show run of switch and router... and it will be good if you post topology...
regards
Devang
02-21-2007 06:06 PM
02-21-2007 07:25 PM
On the router side add this under the subinterface "encapsulation dot1Q 20 native" , on the switch side add " switchport trunk native vlan 20 " . retest .
02-22-2007 05:50 AM
Thank you for your reply -
I have 2 vlans on the switch. I have added your suggestions but I am still unable to ping from the switch across the network to the other side.
Just to be sure you wanted me to put the switchport trunk native vlan 20 on fa0/1 on the switch correct? What do I do with vlan 101?
Thank you for your help
02-22-2007 07:03 AM
That command goes on the subinterface for vlan 20 not the regular interface and nothing would change under the vlan 101 subinterface .
02-22-2007 07:29 AM
so this would go under the sub interface of the router not the switch?
int g0/1.20 but not g0/1.101?
02-22-2007 07:06 PM
Can some one please answer this question, I am very stuck and I need help
02-23-2007 07:27 AM
02-23-2007 07:54 AM
Thank you for your response - it worked, however now when I try to ping 10.57.0.50 which is a computer on the other end of the tunnel from my switch it does not ping, do you have any ideas why this is happening. I am able to ping the 10.57.0.50 from the router. Thank you fro your help
02-23-2007 10:58 AM
I would look at your nat statement which you are overloading out the external interface, looks like everything is being natted at the moment.. and not going down the tunnel.
access-list 101 permit ip 10.0.2.0 0.0.0.255 any
access-list 101 permit ip 10.0.101.0 0.0.0.255 any
try adding at the top of your acl the following two statements, and leaving in the two statements above at the bottom of your access-list 101
access-list 101 deny ip 10.0.2.0 0.0.0.255 x.x.x.x mask
access-list 101 deny ip 10.0.101.0 0.0.0.255 x.x.x.x mask
where x.x.x.x mask equals the network on the other side of the tunnel.
effectively saying dont nat anything going to the x.x.x.x mask network, but nat everything else.
hope this helps
02-23-2007 12:06 PM
I have added this, but it still doesn't work, is there anything else I can do?
access-list 100 deny ip 10.0.0.0 0.0.255.255 10.57.0.0 0.0.255.255
access-list 100 deny ip host 10.0.255.100 host 10.157.255.1
access-list 100 permit ip 10.0.2.0 0.0.0.255 any
access-list 100 permit ip 10.0.101.0 0.0.0.255 any
02-23-2007 12:41 PM
Hi peter
you should of applied the statements to access-list 101 not 100.
you are referencing route-map SDM_RMAP_3 in your nat overload statement, SDM_RMAP_3 matches access-list 101 not 100.
ip nat inside source route-map SDM_RMAP_3 interface GigabitEthernet0/0 overload
route-map SDM_RMAP_3 permit 1
match ip address 101
Try it again on access-list 101.
Hope this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide