cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
395
Views
0
Helpful
5
Replies

802.1Q Troubles

nfurman
Level 1
Level 1

Excuse the "quickness" of the message, I'm in a hurry to get out the door because I've spent all day working on this, trying to find out what the problem is. Here's a quick run down of what I have:

2x Catalyst 2950

1x Cisco 2621XM

I'm trying to do this for a friend of mine, who has his internet gateway at 10.112.112.100 (Linksys router that connects with the backbone of the university) and a Windows 2000 DC at 10.112.112.150. Switch2 is the switch that both devices (.150 and .100) are directly attached to, among other devices (and the trunk to Switch1). Switch1 is the switch that runs across the building into a lab, which I'm trying to get these computers to communicate with the rest of that network, but have them be on their own seperate LAN (in this case, VLAN). Right now I'm sitting on 10.112.1.1 (1.x row 1 in the lab) and it can ping 10.112.112.100 without a problem (which is all the way in the other room, across the building):

C:\DOCUME~1\ADMINI~1>ping 10.112.112.100

Pinging 10.112.112.100 with 32 bytes of data:

Reply from 10.112.112.100: bytes=32 time<1ms TTL=149

Reply from 10.112.112.100: bytes=32 time<1ms TTL=149

But if you try and ping any of the other directly connected devices (.150 is the DC, .151 and .152 are IP printers) I get the request timed out error. I'm really not sure why it can reach .100 and nothing else, the only thing special about .100 is that my router has a default route setup for that IP address because it used to be a back-up-backbone, but I figured I'd leave it just in case some traffic got to it, looking for the internet connection. Anyhow, here are my configs, let me know if you have any suggestions:

Thanks in advance.

2621-

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

ip subnet-zero

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet0/1

ip address 10.112.112.101 255.255.255.0

speed 100

duplex full

!

interface FastEthernet0/1.1

shutdown

!

interface FastEthernet0/1.2

encapsulation dot1Q 2

ip address 10.112.1.254 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.112.112.100

ip http server

!

!

line con 0

line aux 0

line vty 0 4

login

!

end

Switch 2-

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname ISTSWTME

!

enable secret 5 $1$vNBN$EF8UKANBscPjshG48AWlN0

enable password Cisco

!

ip subnet-zero

!

spanning-tree extend system-id

!

!

interface FastEthernet0/1

no ip address

!

interface FastEthernet0/2

no ip address

!

interface FastEthernet0/3

no ip address

!

interface FastEthernet0/4

no ip address

!

interface FastEthernet0/5

no ip address

!

interface FastEthernet0/6

no ip address

!

interface FastEthernet0/7

no ip address

!

interface FastEthernet0/8

no ip address

!

interface FastEthernet0/9

no ip address

!

interface FastEthernet0/10

no ip address

!

interface FastEthernet0/11

no ip address

!

interface FastEthernet0/12

no ip address

!

interface FastEthernet0/13

no ip address

!

interface FastEthernet0/14

no ip address

!

interface FastEthernet0/15

no ip address

!

interface FastEthernet0/16

no ip address

!

interface FastEthernet0/17

no ip address

!

interface FastEthernet0/18

no ip address

!

interface FastEthernet0/19

no ip address

!

interface FastEthernet0/20

no ip address

!

interface FastEthernet0/21

no ip address

!

interface FastEthernet0/22

no ip address

!

interface FastEthernet0/23

no ip address

!

interface FastEthernet0/24 (to Switch1)

switchport mode trunk

no ip address

duplex full

speed 100

!

interface Vlan1

ip address 10.112.112.50 255.255.255.0

no ip route-cache

!

!

ip http server

!

!

line con 0

exec-timeout 0 0

line vty 0 4

password Cisco

login

line vty 5 15

password Cisco

login

!

end

Switch 1-

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

!

ip subnet-zero

!

spanning-tree extend system-id

!

!

interface FastEthernet0/1

switchport access vlan 2

no ip address

!

interface FastEthernet0/2

no ip address

interface FastEthernet0/3

no ip address

!

interface FastEthernet0/4

no ip address

!

interface FastEthernet0/5

no ip address

!

interface FastEthernet0/6

no ip address

!

interface FastEthernet0/7

no ip address

!

interface FastEthernet0/8

no ip address

!

interface FastEthernet0/9

no ip address

!

interface FastEthernet0/10

no ip address

!

interface FastEthernet0/11

no ip address

!

interface FastEthernet0/12

no ip address

!

interface FastEthernet0/13

no ip address

!

interface FastEthernet0/14

no ip address

!

interface FastEthernet0/15

no ip address

!

interface FastEthernet0/16

no ip address

!

interface FastEthernet0/17

no ip address

!

interface FastEthernet0/18

no ip address

interface FastEthernet0/19

no ip address

!

interface FastEthernet0/20

no ip address

!

interface FastEthernet0/21

no ip address

!

interface FastEthernet0/22

no ip address

!

interface FastEthernet0/23 (out to router)

switchport mode trunk

no ip address

duplex full

speed 100

!

interface FastEthernet0/24 (link to switch1)

switchport mode trunk

no ip address

duplex full

speed 100

!

interface Vlan1

ip address 10.112.112.51 255.255.255.0

no ip route-cache

!

ip http server

!

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

My ultimate goal is to have each row (I'm in a computer lab) of 8 computers, be their own VLAN.

Row 1 - 10.112.1/24

Row 2 - 10.112.2/24

Row 3 - 10.112.3/24

etc.

The reason I need to reach 10.112.112.150 is because that's his DHCP server, which once I can ping the address, hopefully the ip helper-address command will work in that case.

A computer on VLAN2 (10.112.1.1/24) can ping 10.112.112.50 and gets a reply, which means it's reaching the switch, but it gets not repsonse on 10.112.112.150. However, if you get on either switch and ping 10.112.112.150, there's plently of replies.

5 Replies 5

This looks like a simple routing problem. Are the devices on the 10.112.112.0/24 subnet pointing at the Linksys router (.100) as their default gateway?

You have no dynamic routing protocols configured so you will have to use statics - on the Linksys router if it will do ICMP redirect, or on the clients directly if it can't. You need the clients on the 10.112.112.0/24 subnet to send packets to the Cisco 2621 to reach the 10.112.1.0/24 subnet.

Also as you are doing trunking and sub-interfaces on the FatEthernet 0/1 interface you should ideally not configure an IP address on the 'parent' interface but use a sub-interface as well.

I also can't see the VLANs defined in Global Configuration.

Andy

Andy,

Thanks for your help. I'm fairly new to this stuff, so I have a few other questions.

The devices on 10.112.112.0/24 are more then likely pointing to 10.112.112.100 as their default gateway presently because as it stands now, that's their source of connectivity. I wanted to replace that Linksys router with the 2621 since it has dual ethernet ports, but I was told here on the university network that whatever MAC address you register your office port with, is the one your stuck with. I'm sure you can change it, but I'm not really sure who to contact about that.

Anyhow, so all the devices on the network 10.112.112.0/24 now I should change their default gateway to 10.112.112.254? I guess that makes sense, then the response packets would be sent to the 2621, which can send them to the appropriate VLAN?

On a side note, I set this up before on an ISL enabled network and created f0/0.1 for the native VLAN. However, in my setup with the 2950 that doesn't support ISL, I read on Cisco's website about this:

!-- Note that the IP address for VLAN1 is configured on the main interface,

!-- and no encapsulation for VLAN1 will be done under the sub-interface.

c2600(config-if)#ip address 10.10.10.1 255.255.255.0

c2600(config-if)#exit

!-- Configure dot1q encapsulation for VLAN 2

!-- on sub-interface fastEthernet 0/0.2.

c2600(config)#int fastEthernet 0/0.2

c2600(config-subif)#encapsulation dot1Q 2

c2600(config-subif)#

I was just following that example because I didn't know if the switch would realize VLAN1 was the native VLAN if I just made f0/0.1 and assigned it "encapsulation dot1q 1". I suppose I could try it though.

Thanks again for your help.

The workstations on VLAN 2 (10.112.1.0/24) need their gateway configuring as the 2621 router 10.112.1.254. The devices on VLAN 1 (10.112.112.0/24) have 2 routers - the LinkSys and the Cisco 2621. Since you are not running a dynamic routing protocol you will have to use static routes - if the LinkSys will do ICMP redirect then you can to configure a static route on this and allow it to 'redirect' the clients. If it can't then you can either point the devices at the Cisco 2621 as their default gateway and use ICMP redirect on the Cisco or add static routes on the devices themselves. On Windows at the command prompt type:

route add 10.112.1.0 mask 255.255.255.0 10.112.112.101

This will add a static route to their IP routing table and make them use the Cisco 2621 as the next-hop for the 10.112.1.0/24 network.

With regards to the 802.1q thing, I have never seen this documented like this before so it is probably OK. I have always used the encapsulation dot1q x native command to identify the native vlan on a trunk, remember the native vlan is the one without any encapsulation so won't have a vlan tag attached to frames sent.

interface fastethernet 0/0.1

encapsulation dot1q 1 native

A word of caution here, you mentioned that you are part of a University Network and you had to register the MAC address of your LinkSys router to gain access. I would assume here then a certain amount of security, so you introducing routers and new IP networks sounds like a recipe for disaster - have the University approved this?

Andy

Andy,

Turns out I found out that dot1Q method of encapsulation is suggested for older IOS's. The routers they got there where off a grant and probably came from somewhere where they had been sitting around for quite sometime. The "native" syntax isn't available in older IOS releases, that's why I have an IP address assigned to the phyiscal interface.

I got things working, that was the problem. My DC (.150) had .100 as it's default gateway.

Now that I've got that done, all I need to do is add ip helper-address 10.112.112.150 to all the interfaces I want DHCP done on, and that will assign my lab it's addresses?

Also, I haven't really tried but I'm assuming I won't be able to logon to the 2000 domain once I change the IP addresses because the DC won't be in the same subnet anymore. Is there a way I can have the domain span across different VLAN's as well?

TIA,

Nick

Keyurp
Level 1
Level 1

Make sure your subents are properly configured. Also, make sure there are not access list that are keeping you from "talking" to the switches.

Review Cisco Networking for a $25 gift card