cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3353
Views
5
Helpful
10
Replies

Primary and Secondary VLAN

Vinayaka Raman
Level 1
Level 1

Issue is on BOLD.

CR1#show run int gi 0/0.10
Building configuration...

Current configuration : 478 bytes
!
interface GigabitEthernet0/0.10
description Manufacturing VLAN
encapsulation dot1Q 10
ip address 10.42.17.253 255.255.255.0 secondary
ip address 100.172.5.252 255.255.255.0
ip access-group 190 in
ip flow egress
ip tcp adjust-mss 1452
no ip mroute-cache
standby 10 ip 100.172.5.254
standby 10 ip 10.42.17.254 secondary
standby 10 timers 1 3
standby 10 priority 200
standby 10 preempt
standby 10 name hsrp_mftg_vlan_gw
standby 10 track Serial0/0/0:1.457 105
end

CR1#ping 10.42.17.45 source 10.42.17.253

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.42.17.45, timeout is 2 seconds:
Packet sent with a source address of 10.42.17.253
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms


CR1#ping 10.42.17.45 source GigabitEthernet0/0.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.42.17.45, timeout is 2 seconds:
Packet sent with a source address of 100.172.5.252
.....
Success rate is 0 percent (0/5)

Regards Vinayak
10 Replies 10

mlund
Level 7
Level 7

Hi

If  the default-gateway configured for the client 10.42.17.45 is wrong or missing, then the client can respond to ping if the sender is on the same subnet, but not if the sender is on a different subnet, as with the second try.

I also see You have an access-group configured, maybe the access-list have to be modified.

/Mikael

rsavena14
Level 1
Level 1
  points

Hi Raman,

By default, if you use "source GigabitEthernet0/0"  or any interface, the ip address it will use if the primary interface. You can see this from your ping output  "source address of 100.172.5.252".

This is like pinging 10.0.0.1 from 192.168.0.1 which will not work.

without the default gateway set on 10.42.17.45, will this host be able to ping the secondary VLAN 100.172.5.x series ?

Regards Vinayak

No it wouldn't.

It could only ping host on the own network (10.42.17.x), to reach hosts on other networks than the own, a default-gateway needs to be´configured.

/Mikael

NEED A CLARIFICATION:

I thought the broadcast domain100.172.5.X and 10.42.17.X would get merged as we configure it as primary and secondary under the sub-interface. correct me if I am wrong.. Then, what would be the logic behind having multiple subnets configured under same VLAN inerface? Can you refer me to some documentation which will help me understand primary and secondary VLAN concept. We are having such set up as part of address translation from 100.X to 10.X.. Thanks a lot.

Regards Vinayak

You are correct in that the broadcast domain in layer 2 is the same. But as for layer 3 it's not the same subnet.

When a host will send data to another host it will compare the detination ip address with it's own ip address using the subnetmask as help. If the host find out that the destination is within it's own ip subnet, then the host will arp for the destination. If the host finds out that the destination is not in it's own ip subnet, the host will send it to the default-gateway. If default-gateway is not configured the packet will be dropped by the host

There are a situation when the router can act as a proxy for arp requests. It's when a host has such a subnetmask that it beleives the destination is in the same ip subnet, and therefor arp:s for the destination directly. see this link for proxy arp.

http://www.cisco.com/en/US/partner/tech/tk648/tk361/technologies_tech_note09186a0080094adb.shtml

/Mikael

the link you posted is forbidden for my CCO ID. would you mind mailing it ? thank you very much

Regards Vinayak

I believe this should work. I tested this it worked. I see that its picking the primary IP when we reference the Interface instead if IP.  What is the IOS on the router that you have ?

Also are debugs possible? if yes please paste those as well.

IRVEXTCR1#show ver
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T
1, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Fri 19-Jun-09 15:13 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T7, RELEASE SOFTWARE (fc1)

Regards Vinayak

Yes it will work if  you have a default gateway set on the ip you are pinging.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: