cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8103
Views
5
Helpful
61
Replies

Inter VLAN routing: Can ping default VLAN IP from other VLAN's but no further. Default VLAN IP not forwarding the request?

Tom
Level 1
Level 1

Hi All,

 

Please bear with me as I'm new to this and relatively new to Networking at this level.

I'm trying to set up inter VLAN routing.  Following this post:

https://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html

I've configured everything I could (or perhaps almost everything except for 6) Configure the interface to the default router.  part. ).  This is an older Cisco 3750G switch:  

 

VLAN1 192.168.0 (IP 192.168.0.3, Secondary 192.168.0.4)
VLAN2 10.0.0.0 ( IP 10.0.0.1 )
VLAN3 10.1.0.0 ( IP 10.1.0.1 )
VLAN4 10.2.0.0 ( IP 10.2.0.1 )

Now from the switch itself, I can ping all IP's without any issues.  For example, I can ping 192.168.0.100 from the switch but not from within VLAN 2 devices.  However, I can ping 192.168.0.3 and 192.168.0.4 (secondary), the switch VLAN 1 IP's from within devices on VLAN 2. 

 

Devices on VLAN2 can ping each other, the VLAN IP and even the default VLAN (Switch IP) 192.168.0.3 and 192.168.0.4  above.  But nothing beyond the two VLAN 1 IP's above.  What am I missing?  My first thought is missing trunking or a setting on VLAN1 but I'm not 100% on that nor what those commands would be.

 

Thx,

 

mdscisco01#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Vlan2
C    192.168.0.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.0.1
mdscisco01#

 

61 Replies 61

Only option I have are these:

 

 

mdscisco01(config)#int vlan4
mdscisco01(config-if)#ip ospf 1 area 0
                              ^
% Invalid input detected at '^' marker.

mdscisco01(config-if)#ip ospf network broadcast
mdscisco01(config-if)#ip ospf
mdscisco01(config-if)#ip ospf ?
  authentication       Enable authentication
  authentication-key   Authentication password (key)
  bfd                  Enable BFD on this interface
  cost                 Interface cost
  database-filter      Filter OSPF LSA during synchronization and flooding
  dead-interval        Interval after which a neighbor is declared dead
  demand-circuit       OSPF demand circuit
  flood-reduction      OSPF Flood Reduction
  hello-interval       Time between HELLO packets
  lls                  Link-local Signaling (LLS) support
  message-digest-key   Message digest authentication password (key)
  mtu-ignore           Ignores the MTU in DBD packets
  network              Network type
  priority             Router priority
  resync-timeout       Interval after which adjacency is reset if oob-resync is not started
  retransmit-interval  Time between retransmitting lost link state advertisements
  transmit-delay       Link state transmit delay

mdscisco01(config-if)#

 

So I tried:

ip ospf network broadcast

but no effect.  Latest config

 

mdscisco01#show running-config
Building configuration...

Current configuration : 2330 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname mdscisco01
!
enable secret 5 <SECRET>
enable password <SECRET>
!
username cisco password 0 <SECRET>
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
!
aaa session-id common
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
 switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip ospf network broadcast
!
interface Vlan2
 ip address 10.0.0.1 255.255.255.0
 ip ospf network broadcast
!
interface Vlan3
 ip address 10.1.0.1 255.255.255.0
 ip ospf network broadcast
!
interface Vlan4
 ip address 10.2.0.1 255.255.255.0
 ip ospf network broadcast
!
interface Vlan5
 ip address 10.3.0.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.0.6
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
line vty 5 15
!
end

mdscisco01#

 

 

Included logs before adjusted the configuration per your last post.  

 

Also tried this configuration with networks back under route ospf1, no luck either:

interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
interface Vlan2
 ip address 10.0.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
interface Vlan3
 ip address 10.1.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
interface Vlan4
 ip address 10.2.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
interface Vlan5
 ip address 10.3.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.0.255 area 0
 network 10.1.0.0 0.0.0.255 area 0
 network 10.2.0.0 0.0.0.255 area 0
 network 10.3.0.0 0.0.0.255 area 0
 network 192.168.0.0 0.0.0.255 area 0
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.0.6
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
line vty 5 15
!

Going to bounce the routers and switches to ensure the config truly doesn't work.

After reboot, OSPF database is even more empty.  Still can't ping from VLAN 2, 3, 4, 5.  :(

 

 

interface Vlan1
 ip address 192.168.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
interface Vlan2
 ip address 10.0.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
interface Vlan3
 ip address 10.1.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
interface Vlan4
 ip address 10.2.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
interface Vlan5
 ip address 10.3.0.1 255.255.255.0
 ip ospf network broadcast
 ip ospf mtu-ignore
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.0 0.0.0.255 area 0
 network 10.1.0.0 0.0.0.255 area 0
 network 10.2.0.0 0.0.0.255 area 0
 network 10.3.0.0 0.0.0.255 area 0
 network 192.168.0.0 0.0.0.255 area 0
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.0.6
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
line vty 5 15
!
end

mdscisco01#
mdscisco01#
mdscisco01#
mdscisco01#sh ip ospf database

            OSPF Router with ID (192.168.0.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
192.168.0.1     192.168.0.1     149         0x80000003 0x00FFD6 2
mdscisco01#

I've reverted the configuration back to the below now:

!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
 switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan3
 ip address 10.1.0.1 255.255.255.0
!
interface Vlan4
 ip address 10.2.0.1 255.255.255.0
!
interface Vlan5
 ip address 10.3.0.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 10.1.0.1 0.0.0.0 area 0
 network 10.2.0.1 0.0.0.0 area 0
 network 10.3.0.1 0.0.0.0 area 0
 network 10.4.0.1 0.0.0.0 area 0
 network 192.168.0.1 0.0.0.0 area 0
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.0.6
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
line vty 5 15
!
end

 

 

Thx,

 

 

 

Well.. this command is stranger for me "ip default-gateway 192.168.0.1", it is possible to remove it?
Jaderson Pessoa
*** Rate All Helpful Responses ***

I'll try this again tonight.  

 

Correct me if I'm wrong please but here's my understanding about how OSPF does it's work:

 

1) OSPF on each router collect's it's own routes and build its own DB from the OSPF configuration provided, including network 

2) Said OSPF instance then shares its routes with the rest of the OSPF neighbours.

3) These OSPF neighbours, in turn, share their routes, building the LSDB.

4) Inter VLAN communication will then work correctly.

 

Let me know if my understanding is correct above or if I'm missing anything.  Given that, if I don't have static routes defined, I see this:

mdscisco01#sh ip ospf database

            OSPF Router with ID (192.168.0.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
192.168.0.1     192.168.0.1     1570        0x80000013 0x00934E 1
mdscisco01#

Now if I define static routes on the AsusRouter, I see the following:

 

mdscisco01#sh ip ospf database

            OSPF Router with ID (192.168.0.1) (Process ID 1)

                Router Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum Link count
192.168.0.1     192.168.0.1     136         0x80000023 0x00ACBA 1
192.168.0.6     192.168.0.6     901         0x80000019 0x004136 1
192.168.0.7     192.168.0.7     878         0x8000001A 0x003D36 1

                Net Link States (Area 0)

Link ID         ADV Router      Age         Seq#       Checksum
192.168.0.1     192.168.0.1     1380        0x80000017 0x001BE5

                Type-5 AS External Link States

Link ID         ADV Router      Age         Seq#       Checksum Tag
0.0.0.0         192.168.0.6     911         0x80000014 0x00F055 0
0.0.0.0         192.168.0.7     958         0x80000018 0x00676A 0
10.0.0.0        192.168.0.6     891         0x80000015 0x000FB7 0
10.1.0.0        192.168.0.6     931         0x80000015 0x0003C2 0
10.2.0.0        192.168.0.6     911         0x80000015 0x00F6CD 0
10.3.0.0        192.168.0.6     941         0x80000015 0x00EAD8 0
108.168.115.96  192.168.0.6     941         0x80000018 0x006FFE 0
192.168.45.0    192.168.0.6     117         0x80000065 0x001044 0
192.168.75.0    192.168.0.6     113         0x8000005F 0x00D06B 0
mdscisco01#


The other DB's get updated equally well.

So my question is, shouldn't all OSPF configurations build their routing database from the OSPF configuration configured earlier?  For example, if I have the following:

router ospf
 ospf router-id 192.168.0.6
 log-adjacency-changes
 redistribute kernel
 redistribute connected
 redistribute static
 passive-interface br0:0
 passive-interface lo
 network 10.0.0.0/24 area 0
 network 10.1.0.0/24 area 0
 network 10.2.0.0/24 area 0
 network 10.3.0.0/24 area 0
 network 192.168.0.0/24 area 0

Shouldn't I expect the OSPF LSDB on that router to have an entry for each of the networks defined above?  If I should, then I don't:

DD-WRT-INTERNET-ASUS# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

K>* 0.0.0.0/0 [0/0] via 123.123.123.97, vlan2, 00:00:27
C>* 123.123.123.96/27 is directly connected, vlan2, 00:00:27
K>* 127.0.0.0/8 [0/0] is directly connected, lo, 00:00:27
O   192.168.0.0/24 [110/10] is directly connected, br0, 00:00:26
C>* 192.168.0.0/24 is directly connected, br0, 00:00:27
C>* 192.168.45.0/24 is directly connected, wl0.1, 00:00:16
C>* 192.168.75.0/24 is directly connected, wl1.1, 00:00:09
DD-WRT-INTERNET-ASUS#

I only see what is statically defined.  If I shouldn't, then defining the static routes is the way to go since OSPF apparently picks up only the statically defined routes.  ( But my understanding tells me OSPF should be doing that automagically. )

 

If OSPF should be building these routes automatically, I don't see that in the logs on the routers.  I do see routes listed on the Cisco 3750G for the online VLAN's 2, 3, 4, 5 but not on the AsusRouter.    On the other hand, Cisco 3750G routes don't appear to be shared with the rest of the two AsusRouters.  OSPF version mismatch perhaps?  

 

I've also asked on the DD-WRT forums about their Quagga implementation which houses OSPF, Zebra, RIP etc.


Thx,
TK

@Tom Hello,

 

Anwser your questions: This is a OSPF miss configuration.

Regarding this configuration

 

router ospf
 ospf router-id 192.168.0.6
 log-adjacency-changes
 redistribute kernel
 redistribute connected
 redistribute static
 passive-interface br0:0
 passive-interface lo
 network 10.0.0.0/24 area 0
 network 10.1.0.0/24 area 0
 network 10.2.0.0/24 area 0
 network 10.3.0.0/24 area 0
 network 192.168.0.0/24 area 0

 

Why are you redistributing these static, connected and kernel routers? Why you are put into passive state br0:0? 

 

Please remove all of this configuration and just let "network statements" under the process.

Jaderson Pessoa
*** Rate All Helpful Responses ***

@Tom 

Your going around in circles here - you need to stick to one desgin and addressing and troubleshoot that instead of adding addtional devices changing the addressing etc, Then establishing an simplistic opsf routing policy shouldnt be hard to complete.

 

So your first step would be to clarify your present toplogy and the ip addressing of each device  and then we can go from there.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

@paul driver 

My last reply with an image is my entire topology.  The IP change was necessary to resolve the original issue in this thread.

 

@Jaderson Pessoa 

Agree, I think it's a config issue as well.  However, I've started to question those settings myself well.  I was simply going by what the vendor recommends first (https://wiki.dd-wrt.com/wiki/index.php/Quagga) before I start adjusting things my way.

 

---------------------------------

@Jaderson Pessoa 

I've removed the entries you asked to remove.  No change:

 

AsusRouter

router ospf
log-adjacency-changes
ospf router-id 192.168.0.6
network 10.0.0.1/24 area 0
network 10.1.0.1/24 area 0
network 10.2.0.1/24 area 0
network 10.3.0.1/24 area 0
network 192.168.0.1/24 area 0
debug ospf ism
debug ospf lsa
debug ospf nsm
debug ospf nssa
debug ospf packet all
debug ospf sr
debug ospf te
debug ospf zebra
log file /var/log/ospf
hostname AsusRouter

I've also removed the static routes from the AsusRouter ( Of course pings from hosts on VLAN 2, 3, 4, 5 stop working when no static routes are present. )

Cisco 3750G as of this writing:

aaa new-model
aaa authentication login default local
aaa authentication enable default enable
!
aaa session-id common
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
 switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan3
 ip address 10.1.0.1 255.255.255.0
!
interface Vlan4
 ip address 10.2.0.1 255.255.255.0
!
interface Vlan5
 ip address 10.3.0.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 10.1.0.1 0.0.0.0 area 0
 network 10.2.0.1 0.0.0.0 area 0
 network 10.3.0.1 0.0.0.0 area 0
 network 10.4.0.1 0.0.0.0 area 0
 network 192.168.0.1 0.0.0.0 area 0
!
ip default-gateway 192.168.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.0.6
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
line vty 5 15
!
end

Hello

You have duplicate addressing in your ospf config and missing statements also!

And why do you have the same subnets on both devices, surely the cisco is the device for the intervlan routing so you dont need those same interfaces/subnet on the router?

Only ospf statements on the asus which relates to its connect interface towards the cisco is required( whatever that may be)  and obviously any wan interface/subnets -  what ever they maybe 

 

 

AsusRouter

router ospf
log-adjacency-changes
ospf router-id 192.168.0.6
no network 10.0.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 2 needs to the router own ip
no network 10.1.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 3 needs to the router own ip
no network 10.2.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 4 needs to the router own ip
no network 10.3.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 5 needs to the router own ip
no network 192.168.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 1 needs to the router own ip

 

 

 

Cisco 3750G
router ospf 1
                                          < vlan 2 doesn't exit
network 10.1.0.1 0.0.0.0 area 0 <- vlan 3
network 10.2.0.1 0.0.0.0 area 0 <-vlan 4
network 10.3.0.1 0.0.0.0 area 0 <-vlan 5
network 10.4.0.1 0.0.0.0 area 0 < no l3 interface for this vlan , IF NOT NEEDED REMOVE IT
network 192.168.0.1 0.0.0.0 area 0 <-vlan1

 

router ospf 1
passive interface default <-- if applicable
no passive interface vlan x<-- if applicable to the  interface/vlan connected towards asus
network 10.0.0.1 0.0.0.0 area

network 10.4.0.1 0.0.0.0 area 0  <-- if applicable

no p default-gateway 192.168.0.1 ---not needed
no ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.0.6 <---not needed

 

int vlan x
ip opsf mtu-ignore  < applied to then interface /vlan connected towards the asus

int vlan 4  <-- If applicable
ip address 10.4.0.1 255.255.255.0


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

@paul driver 

 

>> And why do you have the same subnets on both devices, surely the cisco is the device for the inter-VLAN routing so you don't need those same interfaces/subnet on the router?

I've started to ask myself this too. But apparently I do.  See my results below, please.  

 

Missing VLAN entry on the Cisco 3750G in the OSPF section was the issue.  Too much troubleshooting back and forth and I ended up making a critical typo without noticing it.  Hence why I needed the second set of eyes.  Thank you.

 

Cisco 3750G
router ospf 1
                                          < vlan 2 doesn't exit

 

Next, I removed these entries from the AsusRouter:

 

no network 10.0.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 2 needs to the router own ip
no network 10.1.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 3 needs to the router own ip
no network 10.2.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 4 needs to the router own ip
no network 10.3.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 5 needs to the router own ip
no network 192.168.0.1/24 area 0 <---INCORRECT duplicate ip of the cisco vlan 1 needs to the router own ip

 

and ping stops to work off the VLAN 2, 3, 4, 5 connected machines.  So I added them back.  Why this works when the entries are there?  Not sure.  Since I upgraded the F/W on the AsusRouter to make some of this work, I lost tcpdump.  So can't tell precisely which ICMP traffic direction is impacted when these are gone. 

 

I don't fully understand the function of these two items. Looked them up and I get the definition but I think I need to see them functioning before I fully understand.   

passive interface default <-- if applicable
no passive interface vlan x<-- if applicable to the  interface/vlan connected towards asus

 

Added the first entry below to the Cisco router.  Removed the second.  The second was a typo.  Don't have or need that network.

network 10.0.0.1 0.0.0.0 area 0

network 10.4.0.1 0.0.0.0 area 0  <-- if applicable

 

Removed these two and ping still worked from VLAN 2 machines.   So took these out.  

no ip default-gateway 192.168.0.1 ---not needed
no ip route 0.0.0.0 0.0.0.0 Vlan1 192.168.0.6 <---not needed

 

Second entry above was a typo as well it seems.  Not sure how the Vlan1 got in.  Typo from all the troubleshooting I presume.  Added this instead: ip route 0.0.0.0 0.0.0.0 192.168.0.6. Otherwise, ping to outside stopped from all the machines.

 

I've verified that the MTU is 1500 across all my switches.  See one of my replies above.  I had added this earlier and it made no difference.  So I haven't yet added this per VLAN but I see no harm adding it in any way if you feel this is a good fail-safe approach as well.

int vlan x
ip opsf mtu-ignore  < applied to then interface /vlan connected towards the asus

 

VLAN 4 is defined with subnet 10.2.0.0/24.  So I just skipped these.
int vlan 4  <-- If applicable
ip address 10.4.0.1 255.255.255.0

 

After making all these changes, this is how my configuration looks like now ( to level set and ensure we're on the same page ):

 

Cisco 3750G

 

mdscisco01#sh running-config
Building configuration...

Current configuration : 2316 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname mdscisco01
!
enable secret 5 <SECRET>
enable password <SECRET>
!
username cisco password 0 <SECRET>
aaa new-model
aaa authentication login default local
aaa authentication enable default enable
!
aaa session-id common
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
 switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 ip address 192.168.0.1 255.255.255.0
!
interface Vlan2
 ip address 10.0.0.1 255.255.255.0
!
interface Vlan3
 ip address 10.1.0.1 255.255.255.0
!
interface Vlan4
 ip address 10.2.0.1 255.255.255.0
!
interface Vlan5
 ip address 10.3.0.1 255.255.255.0
!
router ospf 1
 log-adjacency-changes
 network 10.0.0.1 0.0.0.0 area 0
 network 10.1.0.1 0.0.0.0 area 0
 network 10.2.0.1 0.0.0.0 area 0
 network 10.3.0.1 0.0.0.0 area 0
 network 192.168.0.1 0.0.0.0 area 0
!
ip classless
ip http server
ip http secure-server
!
!
radius-server source-ports 1645-1646
!
control-plane
!
!
line con 0
line vty 5 15
!
end

mdscisco01#
mdscisco01#
mdscisco01#
mdscisco01#sh ip rou
mdscisco01#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.6 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 1 subnets
C       10.0.0.0 is directly connected, Vlan2
C    192.168.0.0/24 is directly connected, Vlan1
O*E2 0.0.0.0/0 [110/10] via 192.168.0.6, 00:06:35, Vlan1
mdscisco01#

 

 

AsusRouter

 

AsusRouter# sh running-config
Building configuration...

Current configuration:
!
frr version 7.1
frr defaults traditional
hostname AsusRouter
domainname
domainname
log file /var/log/ospf
domainname
!
debug ospf ism
debug ospf nsm
debug ospf lsa
debug ospf zebra
debug ospf nssa
debug ospf packet all
!
router ospf
 ospf router-id 192.168.0.6
 log-adjacency-changes
 network 10.0.0.0/24 area 0
 network 10.1.0.0/24 area 0
 network 10.2.0.0/24 area 0
 network 10.3.0.0/24 area 0
 network 192.168.0.0/24 area 0
!
line vty
!
end
AsusRouter # sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

K>* 0.0.0.0/0 [0/0] via 123.123.123.97, vlan2, 00:11:47
O>* 10.0.0.0/24 [110/11] via 192.168.0.1, br0, 00:11:35
C>* 123.123.123.96/27 is directly connected, vlan2, 00:11:47
K>* 127.0.0.0/8 [0/0] is directly connected, lo, 00:11:47
O   192.168.0.0/24 [110/10] is directly connected, br0, 00:11:35
C>* 192.168.0.0/24 is directly connected, br0, 00:11:47
C>* 192.168.45.0/24 is directly connected, wl0.1, 00:11:47
C>* 192.168.75.0/24 is directly connected, wl1.1, 00:11:47
AsusRouter#

 

 

AsusRouter2

AsusRouter2# sh running-config
Building configuration...

Current configuration:
!
frr version 7.1
frr defaults traditional
hostname AsusRouter2
log file /var/log/zebra.log
log file /var/log/ospf
!
debug ospf ism
debug ospf nsm
debug ospf lsa
debug ospf zebra
debug ospf nssa
debug ospf packet all
!
router ospf
 ospf router-id 192.168.0.7
 log-adjacency-changes
 redistribute kernel
 redistribute connected
 redistribute static
 passive-interface br0:0
 passive-interface lo
 network 10.0.0.0/24 area 0
 network 10.1.0.0/24 area 0
 network 10.2.0.0/24 area 0
 network 10.3.0.0/24 area 0
 network 192.168.0.0/24 area 0
 default-information originate
!
line vty
!
end
AsusRouter2#
AsusRouter2# sh ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route

K>* 0.0.0.0/0 [0/0] via 192.168.0.6, br0, 1d04h10m
O>* 10.0.0.0/24 [110/11] via 192.168.0.1, br0, 01:19:41
K>* 127.0.0.0/8 [0/0] is directly connected, lo, 1d04h10m
O   192.168.0.0/24 [110/10] is directly connected, br0, 1d00h15m
C>* 192.168.0.0/24 is directly connected, br0, 1d04h10m
AsusRouter2#

 

NOTE: This now works even without any static routes defined on the AsusRouters.  

 

 

Thx,
TK

Hello


@Tom wrote:

NOTE: This now works even without any static routes defined on the AsusRouters.  


FYI - you still dont to advertised (network statements) the cisco subnet in the asus routers ospf process, ONLY what you advertied in thiose rtr opsf process is their own directly connected interfaces, becasue the cisco subnets will be advertied by the cisco siwtch into the asus routers via ospf


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

That's how I understood it as well.  I'll try to allocate some time this week to check this out to see why I need those OSPF network entries on the AsusRouters at all.  

 

Before I do that, is there anything I need to look for in the tcpdump or the OSPF log files to determine why the exchange isn't happening?


@Tom wrote:

 

Before I do that, is there anything I need to look for in the tcpdump or the OSPF log files to determine why the exchange isn't happening?


- the opsf enabled interfaces need to correct addressing regards the routing

- running the same of compatiable ospf network type
-same mtu setting or disabling the mtu check -(ip ospf mtu-ignore)

Dont post any more configuration, just post a topology diagram outlining the physcall connections between those two rtrs and the cisco switch detailing the subnets running between them.

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

"FYI - you still dont to advertised (network statements) the cisco subnet in the asus routers ospf process, ONLY what you advertied in thiose rtr opsf process is their own directly connected interfaces, becasue the cisco subnets will be advertied by the cisco siwtch into the asus routers via ospf"

 

@paul driver 

Paul, could you please clarify the above comment?  I thought I understood but reading it again, I'm no longer certain.

Thx,
TK

Hello
What I mean is -
In your routers configurations you show them advertising the Cisco switches subnets - You don’t need to do that.
In a basic ospf setup between devices you would enable ospf only on the interfaces that require opsf adjacency on them and then disable any other interfaces you don’t won’t ospf to run on, then you just advertised those other interfaces in ospf.

Example:

RTRx

Int xx
ip address 1.1.1.1 255 255.255.0
int yy
ip address 2,2,2,2 255.255.255.0

 

router ospf x
passive interface-default
no passive interface xx
network 1.1.1.1 0.0.0.0 area 0
network 2.2.2.2 0.0.0.0 area 0

As you see only int xx will be running ospf and int yy subnet will just be advertised
Any other subnet/addressing relating to another routers interface then you don’t advertise them.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

@paul driver 

 

Thx Paul.  I tried the suggestions below in the written configuration and various other configurations. 

 

CORRECTION

"In your routers configurations you show them advertising the Cisco switches subnets - You don’t need to do that."

This worked.

Unfortunately, it ONLY didn't change the ping command not working from VLAN 2 hosts if I had network 192.168.0.1/24 area 0 taken out as well. (My bad).  Taking out VLAN 2, 3, 4, 5 from the Asus Router's config, as I think you meant, still allowed ping to work just fine since these VLAN's are routed via VLAN 1.  (Correct me in case my terminology is off pls.)

 

Found I have to keep network 192.168.0.1 0.0.0.0 area 0 on the Cisco Router and network 192.168.0.0/24 area 0 on the Asus Router for pings from hosts on VLAN 2 ( network 10.0.0.1 0.0.0.0 area 0) to work.  VLAN 2, 3, 4, 5 only need to exist on the Cisco router for ping to work, so apparently, VLAN 2, 3, 4, 5 are shared successfully via OSPF.  ( This is what you meant I think, now that I reread this. )

 

This does make sense to me.  VLAN 2, 3, 4, 5 are routed via Gateways on VLAN 1 and therefore only need the OSPF network commands on the switch where these VLAN's are defined I'm thinking.  Correct me if I'm wrong.   So I'm OK with this setup the way that it is unless you can point out anything else.

 


Thx,
TK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco