cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4267
Views
3
Helpful
11
Replies

Intervlan Troubleshooting w/ Trace file wireshark

Adrian_T
Level 1
Level 1

Hi guys, I want to ask for your expertise to help me troubleshooting my simple topology, kindly refer to the image.

I have a connectivity from my DHCP pool but when I try to search in the internet it failed to reach google and I decided to capture connection in wireshark.

I tried to check the connectivity(ping) two WAN IP from our core network
120.189.31.133 : OK
120.189.31.134: Failed

Ping from Switch to
120.189.31.133 : Ok

8.8.8.8 : Ok


I have attached the trace file.

Thanks guys.

2 Accepted Solutions

Accepted Solutions

Hi, adrian_tiamson1.

The configuration of the swithc and the router should work. I see an error at the traceroute. The error code is referring to the problem with TCP/IP stack at the windows and to this solution: https://kb.datto.com/hc/en-us/articles/200555675-PING-transmit-failed-error-code-1231

Could you try it?

Also, could you do this 2 lines at the windows cmd?

ping 192.168.1.1
arp -a

Best Regards, Aleksander.

View solution in original post

Hello

Apply nat to you subinterfaces on the rtr
Disable ip routing on the switch remove and two of the SVI interfaces for vlan 10/30 ( chose these two as they were in shutdown state)

RTR
interface FastEthernet0/1.10
ip nat inside

interface FastEthernet0/1.20
ip nat inside

interface FastEthernet0/1.30
ip nat inside


Switch
no interface Vlan10
no interface Vlan30
no ip routing
ip default-gateway 192.168.20.1

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

11 Replies 11

AllertGen
Level 3
Level 3

Hi, .

Could you try this commands on Cisco router?

int fa0/0.10
ip nat inside
int fa0/0.20
ip nat inside
int fa0/0.30
ip nat inside

And it would be better to not create vlan interfaces at the switch if your're using router as default gateway at the each vlan.

Best Regards.

Hi  AllertGen  

I will execute the commands you suggests tomorrow, I would like also to know more what do you mean by

And it would be better to not create vlan interfaces at the switch if your're using router as default gateway at the each vlan.

Thank you and regards,

Hi, adrian_tiamson1.

It was about interfaces "interface vlan ##" at the swith. Somebody could use switch IP address in each vlan as gateway and get access to another vlan via it.

Best Regards.

Thanks for that info, btw, I did try to execute the command and still not working.

I tried to ping from my WAN IP

router to .133 = Ok

Switch to .134 = ok

switch to .133 = failed

I will try to configure NAT in the router.

Hi.

Am I right that you did try to ping .133 and .134 from router and switch? What about dhcp client? I'm not sure that your switch could ping anything, because I don't see any routes at the switch configuration.

Best Regards.

Hi AllertGen  

Yes, I also did try to ping from my PC to

.134 = Ok

.133 = failed

I would welcome any correction in my configuration to make my topology work.

Regards,

Adrian

Hi.

Could you show output of the commands bellow?

route print - at the PC

tracert -d 120.189.31.133 - from PC

sh run - from router and swith (you can mask your IP addresses, passwords and any other sensetive information).

Edited:

btw, could you alslo give output of "ipconfig /all" from PC?

Hi AllertGen  

I'll give you and update for that one.

Happy new year!

Sorry for the late reply,

Kindly refer to the attached file AllertGen  

Router Config

ip subnet-zero
!
!
ip dhcp excluded-address 192.168.20.1 192.168.20.10
ip dhcp excluded-address 192.168.30.1 192.168.30.10
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool vlan20
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
   dns-server 203.211.152.66 210.193.2.66 8.8.8.8 8.8.4.4
!
ip dhcp pool vlan30
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1
   dns-server 203.211.152.66 210.193.2.66 8.8.8.8 8.8.4.4
!
ip dhcp pool vlan10
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 203.211.152.66 210.193.2.66 8.8.8.8 8.8.4.4
!
ip cef
mpls ldp logging neighbor-changes
!
interface FastEthernet0/0
 description WAN
 ip address 120.189.31.134 255.255.255.252
 ip nat outside
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description LAN
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.10
 description to public lan
 encapsulation dot1Q 10
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/1.20
 description to LOCAL LAN
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/1.30
 description to WIFI
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
!
ip nat inside source list NAT_ADD interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 120.189.31.133
no ip http server
!
!
!
ip access-list extended NAT_ADD
 permit ip 192.168.20.0 0.0.0.255 any
 permit ip 192.168.30.0 0.0.0.255 any
 permit ip 192.168.1.0 0.0.0.255 any
!
end

Switch Config

Building configuration...
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 10,20,30
!
interface FastEthernet0/1
 switchport access vlan 30
 switchport mode access
!
interface FastEthernet0/20
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet0/24
 switchport trunk allowed vlan 10,20,30
 switchport mode trunk
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan10
 ip address 192.168.1.2 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan20
 description lan
 ip address 192.168.20.2 255.255.255.0
 no ip route-cache
!
interface Vlan30
 description Wifi
 ip address 192.168.30.2 255.255.255.0
 no ip route-cache
 shutdown
!
ip http server
!
end

Tracert -d

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\Users\ets>tracert -d 120.189.31.133

Tracing route to 120.189.31.133 over a maximum of 30 hops

  1  Transmit error: code 1231.

Trace complete.

Route Print

route print
===========================================================================
Interface List
  5...f4 4d 30 90 e3 45 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.210     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.210    291
    192.168.1.210  255.255.255.255         On-link     192.168.1.210    291
    192.168.1.255  255.255.255.255         On-link     192.168.1.210    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.210    291
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link     192.168.1.210    291
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  5    291 fe80::/64                On-link
  5    291 fe80::e8e6:219b:b69b:7acb/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Thanks and regards,

Adrian

Hi, adrian_tiamson1.

The configuration of the swithc and the router should work. I see an error at the traceroute. The error code is referring to the problem with TCP/IP stack at the windows and to this solution: https://kb.datto.com/hc/en-us/articles/200555675-PING-transmit-failed-error-code-1231

Could you try it?

Also, could you do this 2 lines at the windows cmd?

ping 192.168.1.1
arp -a

Best Regards, Aleksander.

Hello

Apply nat to you subinterfaces on the rtr
Disable ip routing on the switch remove and two of the SVI interfaces for vlan 10/30 ( chose these two as they were in shutdown state)

RTR
interface FastEthernet0/1.10
ip nat inside

interface FastEthernet0/1.20
ip nat inside

interface FastEthernet0/1.30
ip nat inside


Switch
no interface Vlan10
no interface Vlan30
no ip routing
ip default-gateway 192.168.20.1

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul