Solved: VLAN problem with ROAS

ARPhillips · ‎10-18-2018

Hi all,

I'm currently studying for my CCNA and have set up a home lab up till now been using packet tracer. On the sim I have no problem as all setting up a ROAS. Translate it to real life and I can't get it to work. I have a real basic running-config on both switch and router. Nothing can ping anything.

I've followed CBTnuggets videos and checked my configs against the ones in the lab to no avail. On a debug the only thing I saw out the ordinary was the trunk port going down and then back up every time the PC was trying to ping.

I've attached both running configs, any help would be much appreciated.

PS: I did disable the windows firewall as well, just in case

ARPhillips · ‎10-23-2018

Hi Paul,

Thanks for your reply. Apologies I took so long to respond. My configuration was correct, I had another router arrive today and I plugged in the exact same config and worked straight away.

It would appear I just had a faulty router is all.

View solution in original post

paul driver · ‎10-18-2018

Hello

Can you explain what ROAS is?

I am assuming the trunk is connected to the router and fa0/2 is connected to you client?
If so your config of the router and switch is okay, it shouldn't negate access, does the client have the correct ip addressing?

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ARPhillips · ‎10-19-2018

Hi Paul,

Means Router On A Stick.

So yeah, trunk is 0/1 and client 0/2. Client is configured correctly. I did have a VLSM as I wanted to try those out but bought it to a /24 bit mask in case my maths was wrong but to no avile.

Kind regards,
Ross

paul driver · ‎10-19-2018

Hello

This then should work as it its, no need to change anything, Have you changed the cabling?

sh ip arp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ARPhillips · ‎10-19-2018

Hi Paul

Yeah, tried new cables, I've replaced them all with ones I know to work.

This is the output for sh ip arp on the switch

Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.1.50 1 c860.00a2.f262 ARPA Vlan50 <---- initial pc

Internet 10.1.1.100 - 000d.296a.e580 ARPA Vlan50 <---- Vlan ip for telnet
Internet 10.1.1.200 3 c860.00a2.f262 ARPA Vlan50 <---- PC I'm using to telnet with

both PC's can ping the IP address for the VLAN, cant get to the router.

and the router

Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.50.1 - 000b.5faa.51c0 ARPA FastEthernet0/0.50

Another odd thing I wasn't expecting, I set up telnet on the switch so I could run both terminal windows. I initially had it in vlan 1 issued the no sh command and it shutdown vlan 50. I have turned it back on now.

king regards,

Ross

Richard Burts · ‎10-19-2018

As originally configured vlan 50 from the switch would be operating with tagged frames and the router should have correctly processed those tagged frames. If you change one device to treat vlan 50 as the native vlan then both devices must be changed that way. And I do not believe that tagging or not tagging is the issue. So I suggest leaving it the way that it was originally configured.

The output of show arp is helpful

Internet 10.1.1.50 1 c860.00a2.f262 ARPA Vlan50 <---- initial pc

Internet 10.1.1.100 - 000d.296a.e580 ARPA Vlan50 <---- Vlan ip for telnet
Internet 10.1.1.200 3 c860.00a2.f262 ARPA Vlan50 <---- PC I'm using to telnet with

Internet 10.1.50.1 - 000b.5faa.51c0 ARPA FastEthernet0/0.50

notice the mismatch between the router address and the switch/PC addresses. If they are both in the same vlan then they should both be in the same subnet.

If you turn on debug arp on the router I suspect that you will see arp requests coming from the PC and an error message on the router about wrong cable. Change the router IP to be in 10.1.1 or change multiple 10.1.1 addresses to be in 10.1.50.

HTH

Rick

HTH

Rick

Richard Burts · ‎10-19-2018

Ross

In response to your statement " I initially had it in vlan 1 issued the no sh command and it shutdown vlan 50. I have turned it back on now." Many layer 2 switches are restricted to having only a single active vlan interface. If interface vlan 50 was active and you brought up interface vlan 1 then 50 does get shut down. Be aware that we are talking about operation of the layer 3 vlan interface. It did not shut down the layer 2 vlan 50. vlan 50 continued to operate just fine forwarding layer 2 Ethernet frames. What was impacted was how the switch would process IP packets to or from the switch.

HTH

Rick

HTH

Rick

ARPhillips · ‎10-19-2018

Hi Rick,

I can't believe I missed that! I have changed the subint ip address to 10.1.1.1/24 (same subnet across the board) trying to ping 10.1.1.50 from 10.1.1.1 with debug arp gives me;

*Mar 1 00:12:04.995: IP ARP: creating incomplete entry for IP address: 10.1.1.50 interface FastEthernet0/0.50
*Mar 1 00:12:04.995: IP ARP: sent req src 10.1.1.1 000b.5faa.51c0,
                 dst 10.1.1.50 0000.0000.0000 FastEthernet0/0.50.
*Mar 1 00:12:06.995: IP ARP: sent req src 10.1.1.1 000b.5faa.51c0,
                 dst 10.1.1.50 0000.0000.0000 FastEthernet0/0.50.
*Mar 1 00:12:08.995: IP ARP: sent req src 10.1.1.1 000b.5faa.51c0,
                 dst 10.1.1.50 0000.0000.0000 FastEthernet0/0.50.
*Mar 1 00:12:10.995: IP ARP: sent req src 10.1.1.1 000b.5faa.51c0,
                 dst 10.1.1.50 0000.0000.0000 FastEthernet0/0.50.
*Mar 1 00:12:12.995: IP ARP: sent req src 10.1.1.1 000b.5faa.51c0,
                 dst 10.1.1.50 0000.0000.0000 FastEthernet0/0.50.
Success rate is 0 percent (0/5)

Followed by a lot of;

*Mar 1 00:13:01.431: IP ARP rep filtered src 10.1.50.1 000b.5faa.51c0, dst 10.1.50.1 ffff.ffff.ffff it's our address

I've not seen these messages in any sims I've run.

Kind regards,

Ross

PS: Many thanks for your second message about the up/down state at L2 and 3. Helps a lot!

paul driver · ‎10-20-2018

Hello

Just to confirm this is what you have and it still doesn't work?

RTR
interface FastEthernet0/0
no shut

interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 10.1.1.1 255.255.255.0

ip routing

SW

interface FastEthernet0/1
description link to RTR
switchport mode trunk

interface FastEthernet0/2
description link to end host
switchport access vlan 50
switchport mode access
spanning-tree portfast

no ip routing

end host
ip 10.1.1.50
s/m 255.255.255.0

d/g 10.1.1.1

if this is still isn’t working suggest write erase the switch- delete it’s vlan.date file from flash: - reload and reconfigure then test again

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

ARPhillips · ‎10-23-2018

Hi Paul,

Thanks for your reply. Apologies I took so long to respond. My configuration was correct, I had another router arrive today and I plugged in the exact same config and worked straight away.

It would appear I just had a faulty router is all.

Richard Burts · ‎10-24-2018

Ross

Thanks for the update. Glad to know that you have solved the problem and that it turned out to be faulty equipment. When faced with a problem we frequently tend to start looking for more complex causes, such as configuration mistakes. We do occasionally need to be reminded that sometimes out issues are more simple such as faulty hardware. Thanks for reminding us of this lesson.

HTH

Rick

HTH

Rick

Alan Ng'ethe · ‎10-18-2018

As mentioned by Paul, the router on a stick configuration seems okay.

Maybe, for good measure, you can try hard code the encapsulation to dot1q on the switch Fa0/1 interface. I presume its the default though

interface FastEthernet0/1
switchport mode trunk

switchport trunk encapsulation dot1q

You can also paste the output of the following commands on the switch:

show vlan

show interfaces trunk

Remember to rate helpful posts and/or mark as a solution if your issue is resolved.

ARPhillips · ‎10-19-2018

Hi Alan,

I believe it is the default, I'm using a 2950 switch and it doesn't have the option for the trunk to use any other protocol.

show vlan:

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
50 VLAN0050 active Fa0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

show int trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1,50

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,50

Is there something I'm missing?

Kind regards,
Ross

chrihussey · ‎10-19-2018

I could be wrong, but I always define the native VLAN on the router's connection to the switch. Not exactly sure if it will do it by default. Two choices to try, make VLAN 50 the native VLAN on both:

!

R1

interface FastEthernet0/0.50
encapsulation dot1Q 50 native

!

SW1

!
interface FastEthernet0/1
switchport trunk native vlan 50

!

Or add a native VLAN1 interface to R1:

!

interface FastEthernet0/0.1
encapsulation dot1Q 1 native

!

Georg Pauwen · ‎10-19-2018

Hello,

I have made some changes to your config, implement those and check if it makes a difference. Set your PC to DHCP, it should get an IP address from the router.

You are running a very old software on a very old switch, I am not sure about the defaults, but on the 2950, make sure that ip routing is disabled. Also, you might need to manually create Vlan 50 on SW1:

SW1#conf t

SW1(config)#no ip routing

SW1(config)#exit

SW1#vlan database

SW1(vlan)#vlan 50

SW1(vlan)#exit

Current configuration : 870 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
ip dhcp excluded-address 10.1.50.1
!
ip dhcp pool LAN
network 10.1.50.0 255.255.255.0
default-router 10.1.50.1
!
ip audit po max-events 100
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 10.1.50.1 255.255.255.0
no snmp trap link-status
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
no ip http server
no ip http secure-server
ip classless
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
end

Current configuration : 1358 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW1
!
ip subnet-zero
!
no ip domain-lookup
--> no ip routing
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 50
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
--> no interface Vlan1
no ip address
no ip route-cache
!
--> no interface Vlan50
description TEST1
no ip address
no ip route-cache
!
ip http server
!
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end