12-27-2024 08:13 AM
Hey guys,
I am using IOU L2 switch and c7200 cisco router in my topology.
The goal of my project was to configure a toppology with static routing and 3 different vlans but when I am trying to ping Router to Router it doesnt seem to work. Also when i try to ping Host in a different VLAN it timeouts. The hosts are only able to ping their gateways succesfully. What i noticed is that the routers arp table is empty.
I was trying to find any solutions online but since I am a novice at computer networks stuff I either didnt understand potential solutions or was not able to implement them.
I provide you with everything that I think might be necessary to resolve my case. Please feel free to ask me for more info if its needed.
IOU1 config:
Building configuration...
Current configuration : 1725 bytes
!
! Last configuration change at 15:15:15 UTC Fri Dec 27 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname IOU1
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
no ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300
switchport mode trunk
duplex auto
!
interface Ethernet0/1
switchport access vlan 100
duplex auto
!
interface Ethernet0/2
switchport access vlan 200
duplex auto
!
interface Ethernet0/3
switchport access vlan 300
duplex auto
!
interface Ethernet1/0
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
duplex auto
!
interface Ethernet3/0
duplex auto
!
interface Ethernet3/1
duplex auto
!
interface Ethernet3/2
duplex auto
!
interface Ethernet3/3
duplex auto
!
interface Vlan1
no ip address
shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
IOU2 config:
Building configuration...
Current configuration : 1841 bytes
!
! Last configuration change at 15:15:13 UTC Fri Dec 27 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname IOU2
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
no ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300
switchport mode trunk
duplex auto
!
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300
switchport mode trunk
duplex auto
!
interface Ethernet0/2
duplex auto
!
interface Ethernet0/3
duplex auto
!
interface Ethernet1/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100
switchport mode trunk
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
duplex auto
!
interface Ethernet3/0
duplex auto
!
interface Ethernet3/1
duplex auto
!
interface Ethernet3/2
duplex auto
!
interface Ethernet3/3
duplex auto
!
interface Vlan1
no ip address
shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
IOU3 config:
Building configuration...
Current configuration : 1841 bytes
!
! Last configuration change at 15:15:11 UTC Fri Dec 27 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname IOU3
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
no ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
duplex auto
!
interface Ethernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300
switchport mode trunk
duplex auto
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300
switchport mode trunk
duplex auto
!
interface Ethernet0/3
duplex auto
!
interface Ethernet1/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 200
switchport mode trunk
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
duplex auto
!
interface Ethernet3/0
duplex auto
!
interface Ethernet3/1
duplex auto
!
interface Ethernet3/2
duplex auto
!
interface Ethernet3/3
duplex auto
!
interface Vlan1
no ip address
shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
IOU4 config:
Building configuration...
Current configuration : 1737 bytes
!
! Last configuration change at 15:15:09 UTC Fri Dec 27 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname IOU4
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
no ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
duplex auto
!
interface Ethernet0/1
duplex auto
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300
switchport mode trunk
duplex auto
!
interface Ethernet0/3
duplex auto
!
interface Ethernet1/0
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 300
switchport mode trunk
duplex auto
!
interface Ethernet1/1
duplex auto
!
interface Ethernet1/2
duplex auto
!
interface Ethernet1/3
duplex auto
!
interface Ethernet2/0
duplex auto
!
interface Ethernet2/1
duplex auto
!
interface Ethernet2/2
duplex auto
!
interface Ethernet2/3
duplex auto
!
interface Ethernet3/0
duplex auto
!
interface Ethernet3/1
duplex auto
!
interface Ethernet3/2
duplex auto
!
interface Ethernet3/3
duplex auto
!
interface Vlan1
no ip address
shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
R1 config:
Building configuration...
Current configuration : 1568 bytes
!
! Last configuration change at 15:13:06 UTC Fri Dec 27 2024
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.248
duplex half
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 142.168.10.1 255.255.255.0
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 142.168.20.0 255.255.255.0 10.0.0.2
ip route 142.168.30.0 255.255.255.0 10.0.0.3
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end
R2 config:
Building configuration...
Current configuration : 1568 bytes
!
! Last configuration change at 15:11:02 UTC Fri Dec 27 2024
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.2 255.255.255.248
duplex half
!
interface FastEthernet0/0.200
encapsulation dot1Q 200
ip address 142.168.20.1 255.255.255.0
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 142.168.10.0 255.255.255.0 10.0.0.1
ip route 142.168.30.0 255.255.255.0 10.0.0.3
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end
R3 config:
Building configuration...
Current configuration : 1568 bytes
!
! Last configuration change at 15:10:46 UTC Fri Dec 27 2024
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.3 255.255.255.248
duplex half
!
interface FastEthernet0/0.300
encapsulation dot1Q 300
ip address 142.168.30.1 255.255.255.0
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial2/0
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/1
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/2
no ip address
shutdown
serial restart-delay 0
!
interface Serial2/3
no ip address
shutdown
serial restart-delay 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 142.168.10.0 255.255.255.0 10.0.0.1
ip route 142.168.20.0 255.255.255.0 10.0.0.2
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end
PC1:
ip -> 142.168.10.2/24
gateway -> 142.168.10.1
PC2:
ip -> 142.168.20.2/24
gateway -> 142.168.20.1
PC3:
ip -> 142.168.30.2/24
gateway -> 142.168.30.1
Errors and additional info:
Solved! Go to Solution.
12-27-2024 07:12 PM
Hi @wik1785
Your topology looks like a puzzle. In Production networks, just one Router and one Switch is enough to get this inter-vlan routing done. If it's a L3 switch, only one switch is enough.
However, all good with your topology and config, except that you missed to allow vlan 1 in all the switch trunk ports.
For R1 to reach 10.0.0.2 in R2, it has to send the packet with no dot1q tag. When that frame reach switch, it will treat it as native vlan 1 frame by default. As you have allowed only vlan 100 in that switchport, switch will drop that frame. That's the problem. You have to allow vlan 1 in all the trunk ports throughout the topology to get this work.
In all the switch trunk ports, run the below command to add vlan 1 as well and check.
switchport trunk allowed vlan add 1
12-27-2024 08:26 AM
It seems in IOU2 you are missing this config
!
interface Ethernet0/2
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 100,200,300
switchport mode trunk
duplex auto
!
Did you create the vlans in all IOUs? you need to.
12-27-2024 08:30 AM
Yes, I did create vlans in all my switches. Also int e0/2 isnt used in my IOU2 switch as it is shown on the picture of my topology I provided.
12-27-2024 08:49 AM - edited 12-27-2024 09:00 AM
Got it.
Your scenario is not good. You are using subinterface on the router with IP address and add IP address on the interface at the same time and using this IP address as gateway.
What you can do is create all the three subinterfaces in all router and should work. But, on this case, you will not need static route.
I believe you can have better scenario to play with static router than this one.
12-27-2024 09:05 AM
I created all subinterfaces from f0/0.100-300 on all my routers but it still doesnt work. Routers cant ping each other and host timeouts when i ping the one in different vlan. My static route is somehow not shown when i type "show ip route" on Router 1.
12-27-2024 09:15 AM - edited 12-27-2024 09:22 AM
If you have all the three subinterface on each router and you have trunk all the way, you need to ping. And here comes the barrier between what should work in real world and dont work in simulators.
I gave up GNS3 few years ago because we waste too much time trying to figure out where is the problem on the network and where is the problem with GNS3.
The scenario you are playing with can be done in Cisco PacketTracer with zero error.
12-27-2024 05:37 PM
". . . I am a novice at computer networks stuff I either didnt understand potential solutions or was not able to implement them."
Yes, I would agree you're a networking novice, which is fine, we all were at some point.
I believe you conceptionally misunderstand routing.
What it appears you were trying to to do is have a physical gateway router for each VLAN. That's fine, but you also need to route between the routers, so for routers to pass traffic between networks they need an interconnection, a common path between networks.
For example one physical router, could have an interface in all 3 subnets. But separate routers need to share at least one subnet. It could be one of the 3 VLAN subnets, or it might be done using a transit network.
In your topology you could define a 4th VLAN as a transit network. Each router would have a gateway in just one of the hosts VLANs and an interface in a shared transit VLAN. To work, you would need static and/or dynamic routing.
Does the forgoing make any sense to you or do you need a config example? If the latter, do you have a copy of PT?
12-27-2024 07:12 PM
Hi @wik1785
Your topology looks like a puzzle. In Production networks, just one Router and one Switch is enough to get this inter-vlan routing done. If it's a L3 switch, only one switch is enough.
However, all good with your topology and config, except that you missed to allow vlan 1 in all the switch trunk ports.
For R1 to reach 10.0.0.2 in R2, it has to send the packet with no dot1q tag. When that frame reach switch, it will treat it as native vlan 1 frame by default. As you have allowed only vlan 100 in that switchport, switch will drop that frame. That's the problem. You have to allow vlan 1 in all the trunk ports throughout the topology to get this work.
In all the switch trunk ports, run the below command to add vlan 1 as well and check.
switchport trunk allowed vlan add 1
12-27-2024 08:00 PM - edited 12-27-2024 08:01 PM
Possibly, @wik1785 you have a better understanding of routing than my first impression. (As the others have already remarked, the topology is "unusual".)
I too had noticed the lack of VLAN 1 on the trunks in addition to routers having a main interface IP. But, I hadn't looked at your static route statements which appear to show you intended to use the main interface network as a transit network. So, if that was the intention, @Devaa is correct about the specific correction needed. Maybe the conceptional issue is the mixture of tagged vs. untagged VLANs in conjunction with router interfaces?
Until I looked at your static route statements, going by OP description and diagram, I considered the router main interface IP being intentionally disallowed on the trunks.
12-28-2024 02:08 AM
Hello
Suggest change back your cfg how it was originally and then allow all vlans on all your trunks and set your rtr physical interfaces to be full duplex.
12-28-2024 04:39 AM
Regarding Paul's suggestions. . .
On real devices, traffic can pass across an Ethernet duplex mismatch, but often with a very high error rate. With PT, unsure it matters at all or will work at all. But, it's certainly something you don't want. Generally, at least this century, you should be using auto for speed and duplex. I mention this, because old material may show hard coding speed and/or duplex.
Regarding not restricting VLANs on trunks, in this case, and L3 LANs, I agree with Paul. In large L2 topologies (hopefully to be avoided), restricting the span of a VLAN, can be important.
One might argue, restricting VLANs is best practice, and should be done all the time, but such a best practice, IMO, stems from large physical L2 topologies, where modern LANs adopt/use more embedded L3 (although DC LANs still often use extended L2).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide