Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1226
Views
0
Helpful
1
Replies

inter-vlan routing cisco 1921

mmartinez
Level 1
Level 1

‎05-27-2014 05:43 AM - edited ‎03-04-2019 11:02 PM

I setup this Cisco 1921 with three vlans; vlan2, vlan3, vlan11 & vlan 3500. Vlan 3500 is my management vlan and I am currently not able to ping or access any of the management devices. The switch where all of the devices are connected has the uplink port tagged with the same vlans and the ports have the correct settings for its particular vlan configuration. What am I missing??? Here is part of the config:


version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RT1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone EST -5 0
clock summer-time EDT recurring
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 192.168.1.120 192.168.1.140
ip dhcp excluded-address 10.10.10.2 10.10.10.10
ip dhcp excluded-address 192.168.2.1 192.168.2.10
ip dhcp excluded-address 192.168.1.98 192.168.1.100
!
ip dhcp pool OPERATIONS
 network 192.168.1.0 255.255.255.0
 domain-name OPs
 default-router 192.168.1.254
 dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool OPERATIONS2
 network 192.168.2.0 255.255.255.0
 domain-name OPsPhones
 default-router 192.168.2.1
 dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool WIFI
 network 10.170.1.0 255.255.255.0
 domain-name Wifi
 default-router 10.170.1.1
 dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool MGMT
 network 10.10.10.0 255.255.255.0
 domain-name MGMT
 default-router 10.10.10.1
 dns-server 8.8.8.8 8.8.4.4
!
!
multilink bundle-name authenticated
!
!
redundancy
!
class-map match-any WebEmail
 match protocol http
 match protocol secure-http
 match protocol ftp
 match protocol smtp
 match protocol pop3
class-map match-any Voip
 match protocol sip
 match protocol skype
!
!
policy-map QoSPolicy
 class Voip
  set dscp ef
  priority percent 70
 class WebEmail
  bandwidth remaining percent 30
 class class-default
  fair-queue
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description Fiber
 ip address 100.100.100.200 255.255.255.240
 ip nbar protocol-discovery
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 service-policy output QoSPolicy
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.2
 description [0/1.2] OPERATIONS
 encapsulation dot1Q 2
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
 description [0/1.3] Operations2
 encapsulation dot1Q 3
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.11
 description [0/1.11] WIFI
 encapsulation dot1Q 11
 ip address 10.170.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.3500
 description [0/1.3500] MGMT
 encapsulation dot1Q 3500
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!

ip route 0.0.0.0 0.0.0.0 100.100.100.199
!
ip access-list extended dvr
 permit tcp any any range 8000 8001
 permit tcp any any eq 7000
 permit tcp any any range 8000 8002
 permit tcp any any range 9010 9012
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.2.0 0.0.0.255 any
access-list 100 permit ip 10.10.10.0 0.0.0.255 any
access-list 100 permit ip 10.170.1.0 0.0.0.255 any
!
!
route-map ACL-ACCESS permit 10
 match ip address 100

Labels:
0 Helpful
1 Reply 1

Richard Burts
Hall of Fame
Hall of Fame

‎05-27-2014 09:58 AM

I have looked through the part of the config that you posted and do not see any particular issues that would impact access for the management vlan. I do see some things such as route-map ACL-ACCESS and ip access-list extended dvr which are not used in the part of the config that you posted and it makes me wonder what else is in the config that you have not shown us.

 

As a starting point in investigating the issue I would suggest that you post the output of show arp (or show ip arp) from the 1921. It will show us some things about what can be accessed. In particular I would like to see whether the router has learned any arp entries in vlan 3500.

 

I would suggest that we should consider the possibility that the issue is not with the 1921 but with the switches to which it connects. What can you tell us about those switches? Is vlan 3500 a valid vlan on the switch to which the 1921 connects? Can you post the output of these commands from that switch

show vlan

show interface trunk

 

HTH

 

Rick 

 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card