02-15-2010 12:52 PM - edited 03-04-2019 07:30 AM
Imagine I have:
client1: IP=10.0.0.1/12, default-gateway=10.15.255.254
connected to switch1, port fa0/2.
client2: IP=10.31.255.1/12, default-gateway=10.31.255.254
connected to switch1, port fa0/3.
From client1 and client2, I can ping respective default-gateways OK.
However, neither client1 nor client2 can ping each other.
It seems this router on a stick config is not working. Based on the output of the show tech for both rotuer and switch, do you have any idea why this does not work?
Solved! Go to Solution.
02-15-2010 01:40 PM
news2010a wrote:
From the router, ping to each PC times out.
When I added an IP address to SVI on the switch int vlan 1 (only did this for a ping test), I can't ping the router default-gateways either from the switch.
From the switch, I can't ping the PC's either.
Marlon
For a ping test you would need to configure the vlan interface on the switch to be in vlan 298 not vlan 1 ie.
int vlan 298
ip address 10.15.255.253 255.240.0.0
Can you do this and then ping router from switch and switch from router.
Jon
02-17-2010 08:45 AM
news2010a wrote:
Once I powered on devices and client machines in the rack to work on this again, everything worked fine.
One thing that I learned though:
I thought that placing an IP address (which belongs to vlan 298 network range) under vlan 1 for example could let me establish IP communications. I see that I had to place it under vlan 298. Interesting.
Thanks everyone for all your help.
Marlon
Glad you got it working.
The reason you need to use an SVI for vlan 298 is because the connection between the switch and the router is an 802.1q trunk so the vlan packets will be tagged. And the router expects to see vlan tags for vlans 298, 442, 503 and 550. So if it receives a packet with a vlan 1 tag it doesn't know what to do. And if the native vlan is vlan 1 and so the packet is sent untagged it still doesn't know what to do as you have not explicitly configured any of the subinterfaces as the native vlan.
Jon
02-15-2010 01:04 PM
news2010a wrote:
Imagine I have:
client1: IP=10.0.0.1/12, default-gateway=10.15.255.254
connected to switch1, port fa0/2.
client2: IP=10.31.255.1/12, default-gateway=10.31.255.254
connected to switch1, port fa0/3.
From client1 and client2, I can ping respective default-gateways OK.
However, neither client1 nor client2 can ping each other.
It seems this router on a stick config is not working. Based on the output of the show tech for both rotuer and switch, do you have any idea why this does not work?
Marlon
Can you check to see if there are any personal firewalls running on the PC's that would block an incoming ICMP request ?
Jon
02-15-2010 01:24 PM
I checked that; I turned off Microsoft firewall thing and I am familiar with the PC's and I know there are no firewalls blocking ICMP.
02-15-2010 01:27 PM
Marlon
Quick test -
from the router can you ping each PC ?
Jon
02-15-2010 01:33 PM
From the router, ping to each PC times out.
When I added an IP address to SVI on the switch int vlan 1 (only did this for a ping test), I can't ping the router default-gateways either from the switch.
From the switch, I can't ping the PC's either.
02-15-2010 01:40 PM
news2010a wrote:
From the router, ping to each PC times out.
When I added an IP address to SVI on the switch int vlan 1 (only did this for a ping test), I can't ping the router default-gateways either from the switch.
From the switch, I can't ping the PC's either.
Marlon
For a ping test you would need to configure the vlan interface on the switch to be in vlan 298 not vlan 1 ie.
int vlan 298
ip address 10.15.255.253 255.240.0.0
Can you do this and then ping router from switch and switch from router.
Jon
02-15-2010 01:44 PM
Ding, I click 'correct' instead of clicking on 'reply'.
True, OK Jon, please give me few days and I will have access to hardware rack again. I will post the result back.
02-15-2010 01:47 PM
Checked your config. I have one question: Where is your VLAN instance?
vlan 298
vlan 442
vlan 503
vlan 550
02-15-2010 01:55 PM
I am not sure if I understand your question ab out "instance". The respective Vlans were created on vlan.dat as shown below.
Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/24 1-4094
Port Vlans allowed and active in management domain
Fa0/24 1-3,298,442,503,550
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1-3,298,442,503,550
------------------ show cdp neighbors ------------------
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
Router1 Fas 0/24 170 R S I 2811 Fas 0/0
------------------ show spanning-tree summary ------------------
Switch is in pvst mode
Root bridge for: VLAN0001-VLAN0003, VLAN0298, VLAN0442, VLAN0503, VLAN0550
EtherChannel misconfig guard is enabled
Extended system ID is enabled
Portfast Default is disabled
PortFast BPDU Guard Default is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default is disabled
UplinkFast is disabled
BackboneFast is disabled
Pathcost method used is short
Name Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001 0 0 0 1 1
VLAN0002 0 0 0 1 1
VLAN0003 0 0 0 1 1
VLAN0298 0 0 0 2 2
VLAN0442 0 0 0 2 2
VLAN0503 0 0 0 1 1
VLAN0550 0 0 0 1 1
---------------------- -------- --------- -------- ---------- ----------
7 vlans 0 0 0 9 9
02-15-2010 02:01 PM
Maybe I'm running a different IOS but what is the result with the "sh vlan"? Do you see your VLANS there and ports associated to the VLANs?
02-15-2010 02:11 PM
Yes it is assigned correctly.
------------------ show vlan ------------------
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23
2 VLAN2 active
3 VLAN# active
298 KELLY active Fa0/2
442 MRBROWN active Fa0/3
503 CHRIS active Fa0/4
550 DAN active Fa0/5
1002 fddi-default act/unsup
02-15-2010 04:08 PM
Can you post the output of a "show ip route" command from the router?
I have seen on rare occasions I have seen routing turned off on a router. If that is the case, the output of the above command is different than normal. It can be turned back on with the "ip routing" command.
It is a long shot, but I just don't see anything immediately wrong with your configs.
Robert
02-15-2010 04:29 PM
From the configs you've attached, it looks like vlan 1 is in the same subnet as vlan 298. I would suggest changing this or even removing it altogether. You also don't really need the ip default-gateway configuration on the switch aswell. Just make sure the vlans are allowed on the trunk ports. best way to check this out is a "show int fa0/24 trunk"
On Switch:
interface Vlan1
ip address 10.15.255.253 255.240.0.0
no ip route-cache
On Router:
interface FastEthernet0/0.298
description KELLY
encapsulation dot1Q 298
ip address 10.15.255.254 255.240.0.0
no snmp trap link-status
02-16-2010 07:02 AM
Yes, initially I had no SVI whatsoever and no default-gateway configured on the switch. So I added
the SVI IP address for a quick test. Yes, this can be removed. I will have access to the gear tonight and I will update you.
02-17-2010 08:34 AM
Once I powered on devices and client machines in the rack to work on this again, everything worked fine.
One thing that I learned though:
I thought that placing an IP address (which belongs to vlan 298 network range) under vlan 1 for example could let me establish IP communications. I see that I had to place it under vlan 298. Interesting.
Thanks everyone for all your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide