02-25-2021 01:22 PM - edited 02-25-2021 01:56 PM
Hello Everyone,
I'm setting up a lab with intervlan routing. With 2 hosts, Cisco SG220 switch and a Cisco 1941 router. I added the topology.
On the switch Gi1 is an access port in VLAN 10 and Gi2 is an access port in VLAN20.
WS1 is connected to Gi1 and WS2 is connected to Gi2. WS1 is configured with the IP address 192.168.10.10 and a default gateway of 192.168.10.1. WS2 is configured with the IP address 192.168.20.10 and a default gateway of 192.168.20.1. Gi3 is connected to the router and is a trunk port which allows VLAN 10 and 20.
The router is connected trough G0/0 with the switch. 2 subinterfaces are configured, G0/0.10 with the IP 192.168.10.1 and G0/0.20 with the IP of 192.168.20.1. Both have encapsulation dotQ configured. The problem is that both hosts can ping their default gateway and even the other default gateway but not the other host. So WS1 can ping 192.168.10.1 and 192.168.20.1 but not 192.168.20.10 and vice versa.
I.ve added the results of the pings on WS1.
C:\Users\danielsffs>ping 192.168.10.1
Pinging 192.168.10.1 with 32 bytes of data:
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255
Reply from 192.168.10.1: bytes=32 time=1ms TTL=255
Reply from 192.168.10.1: bytes=32 time=2ms TTL=255
Ping statistics for 192.168.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms
C:\Users\danielsffs>ping 192.168.20.1
Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Ping statistics for 192.168.20.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\Users\danielsffs>ping 192.168.20.10
Pinging 192.168.20.10 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.20.10:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
These are the show runs of both devices:
SG220 Switch
S1#show run
config-file-header
S1
v1.1.3.1
CLI v1.0
@
hostname "S1"
username "cisco" secret encrypted YjU1Zjc5MTcxZDFkZmVhOGNlMDg4MmM5YjAzY2Q5YjY=
vlan 10
name "Gebruikers"
vlan 20
name "Flexwerkers"
voice vlan oui-table add 00:E0:BB 3COM
voice vlan oui-table add 00:03:6B Cisco
voice vlan oui-table add 00:E0:75 Veritel
voice vlan oui-table add 00:D0:1E Pingtel
voice vlan oui-table add 00:01:E3 Siemens
voice vlan oui-table add 00:60:B9 NEC/Philips
voice vlan oui-table add 00:0F:E2 H3C
voice vlan oui-table add 00:09:6E Avaya
spanning-tree mst configuration
name "2C:AB:EB:D6:B4:A6"
ip ssh server
interface gi1
switchport mode access
switchport access vlan 10
interface gi2
switchport mode access
switchport access vlan 20
interface gi3
switchport trunk allowed vlan add 10,20
interface gi4
interface gi5
interface gi6
interface gi7
interface gi8
interface gi9
interface gi10
interface gi11
interface gi12
interface gi13
interface gi14
interface gi15
interface gi16
interface gi17
interface gi18
interface gi19
interface gi20
interface gi21
interface gi22
interface gi23
interface gi24
interface gi25
interface gi26
Cisco1941 Router
R1#show run
Building configuration...
Current configuration : 1186 bytes
! Last configuration change at 18:10:48 UTC Thu Feb 25 2021
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname R1
boot-start-marker
boot-end-marker
no aaa new-model
ip cef
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO1941/K9 sn FGL172225Q9
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
control-plane
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
scheduler allocate 20000 1000
end
I hope this is enough information i'm willing to provide more if neccesary. I think it has something to do with the new SG220 switch. Since my setup should work on a normal catalyst switch or atleast I would expect that.
Thanks in advance,
Daniel
Solved! Go to Solution.
02-25-2021 01:24 PM
If each host can ping the other default gateway but not each other check for a firewall running on the hosts.
Jon
02-25-2021 01:24 PM
If each host can ping the other default gateway but not each other check for a firewall running on the hosts.
Jon
02-25-2021 01:39 PM
Thanks for the reply, they can ping eachother on the same VLAN though. So you would assume that it's not the firewall or am I wrong?
02-25-2021 01:48 PM
That would suggest it is not firewall.
Not used those switches but try adding to gi3 -
"switchport mode trunk" or "switchport mode trunk uplink"
not quite clear on the difference to be honest.
Jon
02-25-2021 01:51 PM
Thanks, I'll try that tommorow. I already configured it as a trunk link but it doesn't show in the show run for some reason but I'll the up link variant.
02-25-2021 11:45 PM
The firewall turned out to be the culprit. The tought crossed my mind before but I discarded it because the pings in the same vlan were successful. Thank you for your help!
Greetings Daniël
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide