cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
450
Views
3
Helpful
10
Replies

Can't ping Router to Router and Host in a different VLAN

wik1785
Level 1
Level 1

Hey guys,
I am using IOU L2 switch and c7200 cisco router in my topology.

 

topology.png

 

The goal of my project was to configure a toppology with static routing and 3 different vlans but when I am trying to ping Router to Router it doesnt seem to work. Also when i try to ping Host in a different VLAN it timeouts. The hosts are only able to ping their gateways succesfully. What i noticed is that the routers arp table is empty.

I was trying to find any solutions online but since I am a novice at computer networks stuff I either didnt understand potential solutions or was not able to implement them.

I provide you with everything that I think might be necessary to resolve my case. Please feel free to ask me for more info if its needed.

IOU1 config:

Spoiler
Building configuration...

Current configuration : 1725 bytes
!
! Last configuration change at 15:15:15 UTC Fri Dec 27 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname IOU1
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
no ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200,300
 switchport mode trunk
 duplex auto
!
interface Ethernet0/1
 switchport access vlan 100
 duplex auto
!
interface Ethernet0/2
 switchport access vlan 200
 duplex auto
!
interface Ethernet0/3
 switchport access vlan 300
 duplex auto
!
interface Ethernet1/0
 duplex auto
!
interface Ethernet1/1
 duplex auto
!
interface Ethernet1/2
 duplex auto
!
interface Ethernet1/3
 duplex auto
!
interface Ethernet2/0
 duplex auto
!
interface Ethernet2/1
 duplex auto
!
interface Ethernet2/2
 duplex auto
!
interface Ethernet2/3
 duplex auto
!
interface Ethernet3/0
 duplex auto
!
interface Ethernet3/1
 duplex auto
!
interface Ethernet3/2
 duplex auto
!
interface Ethernet3/3
 duplex auto
!
interface Vlan1
 no ip address
 shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end

IOU2 config:

Spoiler
Building configuration...

Current configuration : 1841 bytes
!
! Last configuration change at 15:15:13 UTC Fri Dec 27 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname IOU2
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
no ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200,300
 switchport mode trunk
 duplex auto
!
interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200,300
 switchport mode trunk
 duplex auto
!
interface Ethernet0/2
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100
 switchport mode trunk
 duplex auto
!
interface Ethernet1/1
 duplex auto
!
interface Ethernet1/2
 duplex auto
!
interface Ethernet1/3
 duplex auto
!
interface Ethernet2/0
 duplex auto
!
interface Ethernet2/1
 duplex auto
!
interface Ethernet2/2
 duplex auto
!
interface Ethernet2/3
 duplex auto
!
interface Ethernet3/0
 duplex auto
!
interface Ethernet3/1
 duplex auto
!
interface Ethernet3/2
 duplex auto
!
interface Ethernet3/3
 duplex auto
!
interface Vlan1
 no ip address
 shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end

IOU3 config:

Spoiler
Building configuration...

Current configuration : 1841 bytes
!
! Last configuration change at 15:15:11 UTC Fri Dec 27 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname IOU3
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
no ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 duplex auto
!
interface Ethernet0/1
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200,300
 switchport mode trunk
 duplex auto
!
interface Ethernet0/2
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200,300
 switchport mode trunk
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 200
 switchport mode trunk
 duplex auto
!
interface Ethernet1/1
 duplex auto
!
interface Ethernet1/2
 duplex auto
!
interface Ethernet1/3
 duplex auto
!
interface Ethernet2/0
 duplex auto
!
interface Ethernet2/1
 duplex auto
!
interface Ethernet2/2
 duplex auto
!
interface Ethernet2/3
 duplex auto
!
interface Ethernet3/0
 duplex auto
!
interface Ethernet3/1
 duplex auto
!
interface Ethernet3/2
 duplex auto
!
interface Ethernet3/3
 duplex auto
!
interface Vlan1
 no ip address
 shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end

IOU4 config:

Spoiler
Building configuration...

Current configuration : 1737 bytes
!
! Last configuration change at 15:15:09 UTC Fri Dec 27 2024
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname IOU4
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
no ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 duplex auto
!
interface Ethernet0/1
 duplex auto
!
interface Ethernet0/2
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200,300
 switchport mode trunk
 duplex auto
!
interface Ethernet0/3
 duplex auto
!
interface Ethernet1/0
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 300
 switchport mode trunk
 duplex auto
!
interface Ethernet1/1
 duplex auto
!
interface Ethernet1/2
 duplex auto
!
interface Ethernet1/3
 duplex auto
!
interface Ethernet2/0
 duplex auto
!
interface Ethernet2/1
 duplex auto
!
interface Ethernet2/2
 duplex auto
!
interface Ethernet2/3
 duplex auto
!
interface Ethernet3/0
 duplex auto
!
interface Ethernet3/1
 duplex auto
!
interface Ethernet3/2
 duplex auto
!
interface Ethernet3/3
 duplex auto
!
interface Vlan1
 no ip address
 shutdown
!
!
no ip http server
!
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end

R1 config:

Spoiler
Building configuration...

Current configuration : 1568 bytes
!
! Last configuration change at 15:13:06 UTC Fri Dec 27 2024
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.0.0.1 255.255.255.248
 duplex half
!
interface FastEthernet0/0.100
 encapsulation dot1Q 100
 ip address 142.168.10.1 255.255.255.0
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 142.168.20.0 255.255.255.0 10.0.0.2
ip route 142.168.30.0 255.255.255.0 10.0.0.3
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input all
!
!
end

R2 config:

Spoiler
Building configuration...

Current configuration : 1568 bytes
!
! Last configuration change at 15:11:02 UTC Fri Dec 27 2024
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.0.0.2 255.255.255.248
 duplex half
!
interface FastEthernet0/0.200
 encapsulation dot1Q 200
 ip address 142.168.20.1 255.255.255.0
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 142.168.10.0 255.255.255.0 10.0.0.1
ip route 142.168.30.0 255.255.255.0 10.0.0.3
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input all
!
!
end

R3 config:

Spoiler
Building configuration...

Current configuration : 1568 bytes
!
! Last configuration change at 15:10:46 UTC Fri Dec 27 2024
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 10.0.0.3 255.255.255.248
 duplex half
!
interface FastEthernet0/0.300
 encapsulation dot1Q 300
 ip address 142.168.30.1 255.255.255.0
!
interface FastEthernet1/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet1/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 142.168.10.0 255.255.255.0 10.0.0.1
ip route 142.168.20.0 255.255.255.0 10.0.0.2
!
no cdp log mismatch duplex
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
 shutdown
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
 stopbits 1
line vty 0 4
 login
 transport input all
!
!
end

PC1:

ip -> 142.168.10.2/24

gateway -> 142.168.10.1

PC2:

ip -> 142.168.20.2/24

gateway -> 142.168.20.1

PC3:

ip -> 142.168.30.2/24

gateway -> 142.168.30.1

Errors and additional info:

image.png

image.png

image.png

image.png

 

 

 

1 Accepted Solution

Accepted Solutions

Devaa
Level 1
Level 1

Hi @wik1785 

Your topology looks like a puzzle. In Production networks, just one Router and one Switch is enough to get this inter-vlan routing done. If it's a L3 switch, only one switch is enough. 

However, all good with your topology and config, except that you missed to allow vlan 1 in all the switch trunk ports. 

For R1 to reach 10.0.0.2 in R2, it has to send the packet with no dot1q tag. When that frame reach switch, it will treat it as native vlan 1 frame by default. As you have allowed only vlan 100 in that switchport, switch will drop that frame. That's the problem. You have to allow vlan 1 in all the trunk ports throughout the topology to get this work. 

In all the switch trunk ports, run the below command to add vlan 1 as well and check. 

switchport trunk allowed vlan add 1

 

View solution in original post

10 Replies 10

@wik1785 

 It seems in IOU2  you are missing this config 

!
interface Ethernet0/2
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 100,200,300
 switchport mode trunk
 duplex auto
!

Did you create the vlans in all IOUs?  you need to.

Yes, I did create vlans in all my switches. Also int e0/2 isnt used in my IOU2 switch as it is shown on the picture of my topology I provided.

Got it.

 Your scenario is not good. You are using subinterface on the router with IP address and add IP address on the interface at the same time and using this IP address as gateway. 

  What you can do is create all the three subinterfaces in all router and should work. But, on this case, you will not need static route.

I believe you can have better scenario to play with static router than  this one. 

 

I created all subinterfaces from f0/0.100-300 on all my routers but it still doesnt work. Routers cant ping each other and  host timeouts when i ping the one in different vlan. My static route is somehow not shown when i type "show ip route" on Router 1.

wik1785_0-1735318844468.png

wik1785_1-1735318870410.png

wik1785_2-1735318890205.png

wik1785_3-1735318951879.png

wik1785_4-1735319017563.png

wik1785_5-1735319029789.png

 



If you have all the three subinterface on each router and you have trunk all the way, you need to ping. And here comes the barrier between what should work in real world and dont work in simulators.

 I gave up GNS3 few years ago because we waste too much time trying to figure out where is the problem on the network and where is the problem with GNS3.

The scenario you are playing with can be done in Cisco PacketTracer with zero error.

Joseph W. Doherty
Hall of Fame
Hall of Fame

". . . I am a novice at computer networks stuff I either didnt understand potential solutions or was not able to implement them."

Yes, I would agree you're a networking novice, which is fine, we all were at some point.

I believe you conceptionally misunderstand routing.

What it appears you were trying to to do is have a physical gateway router for each VLAN.  That's fine, but you also need to route between the routers, so for routers to pass traffic between networks they need an interconnection, a common path between networks.

For example one physical router, could have an interface in all 3 subnets.  But separate routers need to share at least one subnet.  It could be one of the 3 VLAN subnets, or it might be done using a transit network.

In your topology you could define a 4th VLAN as a transit network.  Each router would have a gateway in just one of the hosts VLANs and an interface in a shared transit VLAN.  To work, you would need static and/or dynamic routing.

Does the forgoing make any sense to you or do you need a config example?  If the latter, do you have a copy of PT?

Devaa
Level 1
Level 1

Hi @wik1785 

Your topology looks like a puzzle. In Production networks, just one Router and one Switch is enough to get this inter-vlan routing done. If it's a L3 switch, only one switch is enough. 

However, all good with your topology and config, except that you missed to allow vlan 1 in all the switch trunk ports. 

For R1 to reach 10.0.0.2 in R2, it has to send the packet with no dot1q tag. When that frame reach switch, it will treat it as native vlan 1 frame by default. As you have allowed only vlan 100 in that switchport, switch will drop that frame. That's the problem. You have to allow vlan 1 in all the trunk ports throughout the topology to get this work. 

In all the switch trunk ports, run the below command to add vlan 1 as well and check. 

switchport trunk allowed vlan add 1

 

Possibly, @wik1785 you have a better understanding of routing than my first impression.  (As the others have already remarked, the topology is "unusual".)

I too had noticed the lack of VLAN 1 on the trunks in addition to routers having a main interface IP.  But, I hadn't looked at your static route statements which appear to show you intended to use the main interface network as a transit network.  So, if that was the intention, @Devaa is correct about the specific correction needed.  Maybe the conceptional issue is the mixture of tagged vs. untagged VLANs in conjunction with router interfaces?

Until I looked at your static route statements, going by OP description and diagram, I considered the router main interface IP being intentionally disallowed on the trunks.

Hello
Suggest change back your cfg how it was originally and then allow all vlans on all your trunks and set your rtr physical interfaces to be full duplex.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Regarding Paul's suggestions. . .

On real devices, traffic can pass across an Ethernet duplex mismatch, but often with a very high error rate.  With PT, unsure it matters at all or will work at all.  But, it's certainly something you don't want.  Generally, at least this century, you should be using auto for speed and duplex.  I mention this, because old material may show hard coding speed and/or duplex.

Regarding not restricting VLANs on trunks, in this case, and L3 LANs, I agree with Paul.  In large L2 topologies (hopefully to be avoided), restricting the span of a VLAN, can be important.

One might argue, restricting VLANs is best practice, and should be done all the time, but such a best practice, IMO, stems from large physical L2 topologies, where modern LANs adopt/use more embedded L3 (although DC LANs still often use extended L2).

Review Cisco Networking for a $25 gift card