cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1086
Views
10
Helpful
5
Replies

Problem interVLAN routing Cisco 1941 router and Cisco SG220 switch.

danielsffs
Level 1
Level 1

Hello Everyone,

I'm setting up a lab with intervlan routing. With 2 hosts, Cisco SG220 switch and a Cisco 1941 router. I added the topology. 

On the switch Gi1 is an access port in VLAN 10 and Gi2 is an access port in VLAN20.

 

WS1 is connected to Gi1 and WS2 is connected to Gi2. WS1 is configured with the IP address 192.168.10.10 and a default gateway of 192.168.10.1. WS2 is configured with the IP address 192.168.20.10 and a default gateway of 192.168.20.1. Gi3 is connected to the router and is a trunk port which allows VLAN 10 and 20.

 

The router is connected trough G0/0 with the switch. 2 subinterfaces are configured, G0/0.10 with the IP 192.168.10.1 and G0/0.20 with the IP of 192.168.20.1. Both have encapsulation dotQ configured. The problem is that both hosts can ping their default gateway and even the other default gateway but not the other host. So WS1 can ping 192.168.10.1 and 192.168.20.1 but not 192.168.20.10 and vice versa.

 

I.ve added the results of the pings on WS1. 

 

C:\Users\danielsffs>ping 192.168.10.1

Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255
Reply from 192.168.10.1: bytes=32 time=2ms TTL=255

Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

C:\Users\danielsffs>ping 192.168.20.1

Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255

Ping statistics for 192.168.20.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\danielsffs>ping 192.168.20.10

Pinging 192.168.20.10 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.20.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

These are the show runs of both devices:

 

SG220 Switch

S1#show run

config-file-header

S1

v1.1.3.1

CLI v1.0

@

hostname "S1"

username "cisco" secret encrypted YjU1Zjc5MTcxZDFkZmVhOGNlMDg4MmM5YjAzY2Q5YjY=

vlan 10

 name "Gebruikers"

vlan 20

 name "Flexwerkers"

voice vlan oui-table add 00:E0:BB 3COM

voice vlan oui-table add 00:03:6B Cisco

voice vlan oui-table add 00:E0:75 Veritel

voice vlan oui-table add 00:D0:1E Pingtel

voice vlan oui-table add 00:01:E3 Siemens

voice vlan oui-table add 00:60:B9 NEC/Philips

voice vlan oui-table add 00:0F:E2 H3C

voice vlan oui-table add 00:09:6E Avaya

spanning-tree mst configuration

 name "2C:AB:EB:D6:B4:A6"

ip ssh server

interface gi1

 switchport mode access

 switchport access vlan 10

interface gi2

 switchport mode access

 switchport access vlan 20

 

interface gi3

 switchport trunk allowed vlan add 10,20

interface gi4

interface gi5

interface gi6

interface gi7

interface gi8

interface gi9

interface gi10

interface gi11

interface gi12

interface gi13

interface gi14

interface gi15

interface gi16

interface gi17

interface gi18

interface gi19

interface gi20

interface gi21

interface gi22

interface gi23

interface gi24

interface gi25

interface gi26

 

 

 

 

 

 

 

Cisco1941 Router

R1#show run

Building configuration...

Current configuration : 1186 bytes

! Last configuration change at 18:10:48 UTC Thu Feb 25 2021

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname R1

boot-start-marker

boot-end-marker

no aaa new-model

ip cef

no ipv6 cef

multilink bundle-name authenticated

license udi pid CISCO1941/K9 sn FGL172225Q9

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

interface GigabitEthernet0/0

 ip address 192.168.1.1 255.255.255.0

 duplex auto

 speed auto

interface GigabitEthernet0/0.10

 encapsulation dot1Q 10

 ip address 192.168.10.1 255.255.255.0

interface GigabitEthernet0/0.20

 encapsulation dot1Q 20

 ip address 192.168.20.1 255.255.255.0

!

interface GigabitEthernet0/1

 no ip address

 shutdown

 duplex auto

 speed auto

ip forward-protocol nd

no ip http server

no ip http secure-server

control-plane

 

line con 0

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport input all

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 login

 transport input all

scheduler allocate 20000 1000

end

 

I hope this is enough information i'm willing to provide more if neccesary. I think it has something to do with the new SG220 switch. Since my setup should work on a normal catalyst switch or atleast I would expect that.

 

Thanks in advance, 

 

Daniel

 

 

 
 

 

 

 

 

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

 

If each host can ping the other default gateway but not each other check for a firewall running on the hosts. 

 

Jon

View solution in original post

5 Replies 5

Jon Marshall
Hall of Fame
Hall of Fame

 

If each host can ping the other default gateway but not each other check for a firewall running on the hosts. 

 

Jon

Thanks for the reply, they can ping eachother on the same VLAN though. So you would assume that it's not the firewall or am I wrong?

Spoiler
 

 

That would suggest it is not firewall. 

 

Not used those switches but try adding to gi3 - 

 

"switchport mode trunk" or "switchport mode trunk uplink" 

 

not quite clear on the difference to be honest. 

 

Jon

Thanks, I'll try that tommorow. I already configured it as a trunk link but it doesn't show in the show run for some reason but I'll the up link variant.

The firewall turned out to be the culprit. The tought crossed my mind before but I discarded it because the pings in the same vlan were successful. Thank you for your help! 

 

Greetings Daniël 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco