Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3481
Views
35
Helpful
35
Replies

Inter VLAN Routing Non-Operational?

NicP270591
Level 1
Level 1

‎01-12-2013 08:34 PM - edited ‎03-04-2019 06:41 PM

Hi all,

I have set up a 2811 with seperate VLANs for phones, and another for computers/printers. Fa0/0 is trunked to a 3560 switch, which has all end devices plugged in. I have enabled the IP Routing commands on both devices, and from advice turned off proxy-arp on the VLANs on the router (unsure if this is causing the issue). The setup is as follows

Computer VLAN = 192.168.20.0

Phone VLAN = 192.168.50.0

Both on the same subnet, along with a router loopback address in the same subnet, at 192.168.10.1.

I am having an issue understanding why, but if I try to ping a phone from a PC it times out. Or if I try to type the phone's IP into an internet browser to get the phone's GUI on screen, it fails. This should not be happening as IP routing has been enabled on both, and everything is in the same subnet, correct? PC's can ping other PC's and network printing works fine. Phones register and operate fine, but the two VLAN's will not interoute.

Furthermore if I try and ping the router's loopback from the switch, it fails. But the trunk is up and operational because DHCP and devices work within their own VLAN. If I try to ping end devices from the switch, it returns 100%. There seems to be an issue with the router looping the different networks together.

What am I missing here?

Nic.

Labels:
0 Helpful
35 Replies 35

NicP270591
Level 1
Level 1
In response to Praveen AR

‎01-13-2013 02:31 AM

Praveen,

I have tested from PC, all pings fail except the 192.102.20.1 network (because it is the same as the computer VLAN). I am running CME yes. I have obtained and IP of a phone through the settings menu on the phone, the IP is 192.102.50.4. Pinging from a PC to this address also times out. Shut and no shut were tried on both the router ethernet 0/0 and the switch ethernet 0/48, and this did not have any affect. Updated part of the router config for the native VLAN is as below:

interface FastEthernet0/0.12

description VLAN-12-NATIVE,OPQ4022ISW01

encapsulation dot1Q 12 native

ip address 192.102.12.1 255.255.255.192

no cdp enable

Thank you,

Nic.

0 Helpful

Praveen AR
Level 1
Level 1
In response to NicP270591

‎01-13-2013 02:43 AM

Hi Nic,

Can you connect any pc in  voice vlan  and ping from that pc  all router iinterfaces as  you tested before for Computer VLAN.

Can you disable ip routing on switch , you dont need to enable routing on switch .In your scenario routing is done by router.

  send me below output

SWITCH 

sh int trunk

sh  vlan bruef

Router

sh ip int brief

NicP270591
Level 1
Level 1
In response to Praveen AR

‎01-14-2013 03:33 AM

Hi Praveen,

Please see below output. Also note, I connected a PC into a spare port on the switch which I configured to access the voice VLAN as requested. Successful pings on the Voice VLAN from PC, 100% to all devices - 192.102.50.1, 192.102.50.4, 192.102.20.1, 192.102.20.25 and 192.102.50.12.1 - no problems there! If the PC is in the voice VLAN I can also type the phone IP into a browser and have the GUI come right up. Pings from the 20 network (proper PC VLAN) still do not work. I have also disabled IP Routing on the switch as per your request.

RTR:

sh ip int brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            unassigned      YES NVRAM  up                    up     

FastEthernet0/0.10         unassigned      YES unset  deleted               down   

FastEthernet0/0.11         unassigned      YES manual deleted               down   

FastEthernet0/0.12         192.102.12.1    YES manual up                    up     

FastEthernet0/0.20         192.102.20.1    YES NVRAM  up                    up     

FastEthernet0/0.21         192.102.21.1    YES NVRAM  up                    up     

FastEthernet0/0.22         192.102.22.1    YES NVRAM  up                    up     

FastEthernet0/0.30         unassigned      YES unset  administratively down down   

FastEthernet0/0.40         192.102.40.1    YES NVRAM  up                    up     

FastEthernet0/0.41         192.102.41.1    YES NVRAM  administratively down down   

FastEthernet0/0.50         192.102.50.1    YES NVRAM  up                    up     

FastEthernet0/0.51         192.102.51.1    YES NVRAM  up                    up     

FastEthernet0/0.99         192.102.99.1    YES manual up                    up     

FastEthernet0/1            unassigned      YES NVRAM  administratively down down   

ATM0/2/0                   unassigned      YES NVRAM  administratively down down   

ATM0/2/0.1                 unassigned      YES unset  administratively down down   

Service-Engine1/0          unassigned      YES NVRAM  administratively down down   

Dialer1                    unassigned      YES NVRAM  up                    up     

Loopback0                  192.102.10.1    YES manual up                    up     

NVI0                       192.102.10.1    YES unset  up                    up     

SWITCH

sh int trunk

Port        Mode         Encapsulation  Status        Native vlan

Fa0/47      on           802.1q         trunking      1

Fa0/48      on           802.1q         trunking      12

Port        Vlans allowed on trunk

Fa0/47      21-22,40-41,51

Fa0/48      12,20-22,30,40-41,50-51,60,99

Port        Vlans allowed and active in management domain

Fa0/47      21-22,40-41,51

Fa0/48      12,20-22,30,40-41,50-51,99

Port        Vlans in spanning tree forwarding state and not pruned

Fa0/47      21-22,40-41,51

Fa0/48      12,20-22,30,40-41,50-51,99

sh vlan brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/4, Fa0/5, Fa0/9, Fa0/10

                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14

                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18

                                                Fa0/19, Fa0/20, Fa0/21, Fa0/22

                                                Fa0/23, Fa0/24, Fa0/25, Fa0/26

                                                Fa0/27, Fa0/28, Fa0/29, Fa0/30

                                                Fa0/31, Fa0/32, Fa0/33, Fa0/34

                                                Fa0/35, Fa0/36, Fa0/37, Fa0/38

                                                Fa0/39, Fa0/40, Fa0/41, Fa0/42

                                                Fa0/43, Fa0/44, Fa0/46, Gi0/1

                                                Gi0/2, Gi0/3, Gi0/4

12   VLAN-12-NATIVE                   active   

20   VLAN-20-LAN                      active    Fa0/1, Fa0/2, Fa0/3, Fa0/6

                                                Fa0/7, Fa0/8, Fa0/45

21   VLAN-21-WLAN                     active   

22   VLAN-22-GUEST-WLAN               active   

30   VLAN-30-WAN                      active   

40   VLAN-40-PRINT-WLAN               active   

41   VLAN-41-PDT-WLAN                 active   

50   VLAN-50-VOICE                    active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7

51   WLAN-51-VOICE                    active   

99   VLAN-99-NETMGT                   active   

101  aume-ue-101                      active   

701  aume-ve-701                      active   

999  Management_Vlan                  active   

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

0 Helpful

Praveen AR
Level 1
Level 1
In response to NicP270591

‎01-14-2013 07:15 AM

Hi Nica,

When you tried connecting  pc in voice lan ,Did you try  to ping any pc in data vlan.

I suggest you to restart he router or make default int fa0/0

and do interface  configuration in router from scratch and try.

Pleas let me know it works or not

Regards

Praveen

kcnajaf
Level 7
Level 7
In response to NicP270591

‎01-13-2013 03:07 AM

Hi Nic,

You need to ensure that the CDP is enabled on the switch. Once CDP is enabled on switch, it will tell the ip phone about the voice vlan. You should be able see this by checking the operation vlan id on the phone screen. The operation vlan id should be the voice vlan. If some reason the operational vlan id is not showing up, you can configure the Admin Vlan id as the voice vlan manually.

Also hope you have configured as below on the ip phone.

IP Address:-192.102.50.4

Subnet Mask:-255.255.255.192

Gateway :- 192.102.50.1

For some reason I can see same interface repeated twice surprisingly as below :-)

!       

interface FastEthernet0/0.50

description VLAN-50-VOICE

encapsulation dot1Q 50

ip address 192.102.50.1 255.255.255.192

no ip redirects

no ip proxy-arp

ip flow ingress

!       

interface FastEthernet0/0.50

description VLAN-50-VOICE

encapsulation dot1Q 50

ip address 192.102.50.1 255.255.255.192

no ip redirects

no ip proxy-arp

ip flow ingress

!

Shutdown one of the sub interface if you have multiple interface showing up on the configuration.

Also when above points are corrected try pining the ip phone address and pc address from the router and verify if that works first before you try pinging from phone from PC.

Regards

Najaf

Please rate when applicable or helpful !!!

0 Helpful

Peter Koltl
Level 7
Level 7
In response to kcnajaf

‎01-13-2013 05:47 AM

Remove this line from the router too:

duplex full

as it's auto on the switch side

NicP270591
Level 1
Level 1
In response to Peter Koltl

‎01-14-2013 03:37 AM

Peter,

I have also switched the duplex from full to auto.

Nic.

0 Helpful

NicP270591
Level 1
Level 1
In response to kcnajaf

‎01-14-2013 03:36 AM

Hi Najaf,

I don't think I need to enable CDP as the IP phone is already displaying correct IP, gateway subnet mask and operational VLAN ID 50 as you described. Should I enable it anyway? I originally had it off as a security measure. That extra duplicate interface does not exist on the router, it seems to be an error from when I was pasting my config into the reply. Pinging the IP Phone and PC address (and any other address) from the router works fine! I'm assuming we have an issue with the switch if this is the case? Thanks for all your help.

Nic.

0 Helpful

kcnajaf
Level 7
Level 7
In response to NicP270591

‎01-14-2013 08:13 AM

Hi Nic,

I hope you have statically configured the ip address and other parameters on the phone. If your phone was suppose to pick an ip address from dhcp pool the you need to ensure the cdp is enabled on the switch.

show interface trunk still shows native vlan as 12, Please remove this line from trunk port configuration (as below) on switch and from router sub interface if it have it.

interface FastEthernet0/48

no switchport trunk native vlan 12

Regards

Najaf

0 Helpful

NicP270591
Level 1
Level 1
In response to kcnajaf

‎01-19-2013 01:30 AM

Hi Najaf,

I have enabled cdp on both the router and switch using the cdp run command in global, and cdp run command on fa0/0 and all fa0/0 sub interfaces. I have also deleted vlan 12 subif from router and vlan 12 from switch. still no go. pings to every network are successful if I put a computer in the phone VLAN, but trying to ping devices from a computer in the data vlan still fails, unless the device has an ip address from the 20 network.

Nic.

0 Helpful

paul driver
VIP
VIP
In response to NicP270591

‎01-19-2013 03:30 AM

Hello Nic,


If applicable can you do this on the switch:

1) remove the SVI vlan 50

2) disable ip routing

3) add default-gateway 192.102.20.1

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

NicP270591
Level 1
Level 1
In response to paul driver

‎01-19-2013 09:21 PM

Paul,

These changes have not made any difference. Should I just post my entire configuration of both switch and router to see if anyone can spot anything?

Nic.

0 Helpful

kcnajaf
Level 7
Level 7
In response to NicP270591

‎01-19-2013 09:28 PM

Hi Nic,

Yes please...Also please mention which port what device is connected along with ip address

Thanks in advance

Regards

Najaf

0 Helpful

paul driver
VIP
VIP
In response to NicP270591

‎01-20-2013 01:11 AM

Hello Nic

Yes can you do that, As i have just simulated your setup with the information you supplied and those changes and everything works..

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

tobyarnett
Level 1
Level 1

‎01-20-2013 06:21 AM

You should reenable cdp from the router to the switch if your IP phones are cisco brand. If they are avaya or some other vender you should use lldp run. If your concerned about security then you can simply disable cdp/lldp on ports that it is not needed. Cdp/lldp should be enabled on all ip phone ports. cdp will help set qos policies and pass other needed information to your phones.


-Toby


Sent from Cisco Technical Support Android App

-Toby


Please don't forget to rate any helpful post.

_____________________________________
There are no great limits to growth because there are no limits of human intelligence, imagination, and wonder.
- Ronald Reagan
Customers Also Viewed These Support Documents