05-16-2022 09:31 AM
I've been trying for a few hours now to get a trunked VLAN to work on my topology. I'll attach a photo of what I'm working with. So to break it down, I want to set three vlan levels: 50, 60, and 75. If looking at the photo I posted, I only began working on the right side (SD - F1). Everything is dual-stacked outside of anything labeled "unused". Without the VLANs, I can get a ping from F1:SD Laptops to anywhere in the current San Diego network and everything else in the overall domain via OSPF+OSPFv3.
When I start assigning vlan interfaces and split the switch, it breaks my whole network and I can't even get a ping from F1:SD Laptops to the San Diego Main router let alone anywhere else in the San Diego network. I've tried doing RoaST with just one gi connection, tried two switches, tried the current setup with making the second line an encapped sub-interface, nothing works. I'm going post below the show runs for the router and switch below.
SD-F1 Switch
version 15.0
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname LAF1switchDB
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
enable password cisco
!
!
!
no ip domain-lookup
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 75
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 75
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 75
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 75
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 75
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 75
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 75
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 75
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 75
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
switchport trunk allowed vlan 1-49,51-59,61-74,76-1005
switchport mode trunk
switchport port-security mac-address sticky
!
interface Vlan1
no ip address
shutdown
!
banner motd ^CNetwork maintenance Fri-Sun^C
!
!
!
line con 0
password enter
logging synchronous
login
exec-timeout 0 0
!
line vty 0 4
password telnet
login
line vty 5 15
login
!
!
!
!
end
San Diego Main Router
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname SDmainDB
!
!
!
enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1
enable password cisco
!
!
!
!
!
!
no ip cef
ipv6 unicast-routing
!
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1524RA0P-
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
description Cnx to F1 only
ip address 193.169.30.126 255.255.255.128
duplex auto
speed auto
ipv6 address FE80::2 link-local
ipv6 address 2001:DB8:A:3A::1/64
ipv6 ospf 10 area 0
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description manage native vlan 1
encapsulation dot1Q 1 native
ip address 193.169.1.1 255.255.255.0
!
interface GigabitEthernet0/1.50
description Legal
encapsulation dot1Q 50
ip address 193.169.50.1 255.255.255.0
!
interface GigabitEthernet0/1.60
encapsulation dot1Q 60
ip address 193.169.60.1 255.255.255.0
!
interface GigabitEthernet0/1.75
description staff
encapsulation dot1Q 75
ip address 193.169.75.1 255.255.255.0
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
description Cnx to R2R SD Aux only
ip address 193.169.30.210 255.255.255.252
ipv6 address 2001:DB8:A:3D::2/64
ipv6 ospf 10 area 0
!
interface Serial0/3/0
description Cnx to New York
ip address 173.18.0.214 255.255.255.252
ipv6 address 2001:DB8:A:4B::2/64
ipv6 ospf 10 area 0
clock rate 2000000
!
interface Serial0/3/1
description Cnx to Chicago
ip address 193.169.30.213 255.255.255.252
ipv6 address 2001:DB8:A:4C::1/64
ipv6 ospf 10 area 0
!
interface Vlan1
no ip address
shutdown
!
router ospf 10
router-id 2.2.2.2
log-adjacency-changes
auto-cost reference-bandwidth 1000
network 193.169.30.212 0.0.0.3 area 0
network 173.18.0.212 0.0.0.3 area 0
network 193.169.30.0 0.0.0.127 area 0
network 193.169.30.208 0.0.0.3 area 0
!
ipv6 router ospf 10
router-id 2.2.2.2
log-adjacency-changes
!
ip classless
!
ip flow-export version 9
!
!
!
banner motd ^CNetwork Maintenance Fri-Sun^C
!
!
!
!
!
line con 0
exec-timeout 0 0
password enter
logging synchronous
login
!
line aux 0
!
line vty 0 4
password telnet
login
!
!
!
end
If any other show is needed, please let me know. I'm going on hour 3 right now trying to get this to work. Thank you!
05-16-2022 12:39 PM
To help us understand the issue would you post the output of these commands on the router:
show ip interface brief
show ip route
show arp
show cdp neighbor
and the output of these commands on the switch
show cdp neighbor
show interface status
show interface trunk
And please give us some information about a specific instance of where it is not working:
what device is the source of the ping? what is its IP address, what is its mask, what is its default gateway? what interface is it connected to? What IP address is the destination of the ping?
05-16-2022 01:01 PM
This is from the original configurations before I did David's suggestions:
Router:
SDmainDB#show ip int br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 193.169.30.126 YES manual up up
GigabitEthernet0/0.50 193.169.50.254 YES manual up up
GigabitEthernet0/0.60 193.169.60.254 YES manual up up
GigabitEthernet0/0.75 193.169.75.254 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down down
GigabitEthernet0/2/0 193.169.30.210 YES manual up up
Serial0/3/0 173.18.0.214 YES manual up up
Serial0/3/1 193.169.30.213 YES manual up up
Vlan1 unassigned YES unset administratively down down
--ip route
SDmainDB#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
11.0.0.0/8 is variably subnetted, 5 subnets, 4 masks
O 11.0.0.0/25 [110/649] via 193.169.30.214, 00:00:59, Serial0/3/1
O 11.0.0.128/26 [110/649] via 193.169.30.214, 00:00:59, Serial0/3/1
O 11.0.0.192/28 [110/648] via 193.169.30.214, 00:01:34, Serial0/3/1
O 11.0.0.208/30 [110/648] via 193.169.30.214, 00:00:59, Serial0/3/1
O 11.0.0.212/30 [110/1294] via 173.18.0.213, 00:01:24, Serial0/3/0
[110/1294] via 193.169.30.214, 00:01:24, Serial0/3/1
173.18.0.0/16 is variably subnetted, 6 subnets, 5 masks
O 173.18.0.0/25 [110/648] via 173.18.0.213, 00:01:24, Serial0/3/0
O 173.18.0.128/26 [110/658] via 173.18.0.213, 00:00:59, Serial0/3/0
O 173.18.0.192/28 [110/648] via 173.18.0.213, 00:01:24, Serial0/3/0
O 173.18.0.208/30 [110/648] via 173.18.0.213, 00:00:59, Serial0/3/0
C 173.18.0.212/30 is directly connected, Serial0/3/0
L 173.18.0.214/32 is directly connected, Serial0/3/0
193.169.30.0/24 is variably subnetted, 8 subnets, 5 masks
C 193.169.30.0/25 is directly connected, GigabitEthernet0/0
L 193.169.30.126/32 is directly connected, GigabitEthernet0/0
O 193.169.30.128/26 [110/2] via 193.169.30.209, 00:00:59, GigabitEthernet0/2/0
O 193.169.30.192/28 [110/2] via 193.169.30.209, 00:00:59, GigabitEthernet0/2/0
C 193.169.30.208/30 is directly connected, GigabitEthernet0/2/0
L 193.169.30.210/32 is directly connected, GigabitEthernet0/2/0
C 193.169.30.212/30 is directly connected, Serial0/3/1
L 193.169.30.213/32 is directly connected, Serial0/3/1
193.169.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 193.169.50.0/24 is directly connected, GigabitEthernet0/0.50
L 193.169.50.254/32 is directly connected, GigabitEthernet0/0.50
193.169.60.0/24 is variably subnetted, 2 subnets, 2 masks
C 193.169.60.0/24 is directly connected, GigabitEthernet0/0.60
L 193.169.60.254/32 is directly connected, GigabitEthernet0/0.60
193.169.75.0/24 is variably subnetted, 2 subnets, 2 masks
C 193.169.75.0/24 is directly connected, GigabitEthernet0/0.75
L 193.169.75.254/32 is directly connected, GigabitEthernet0/0.75
arp
SDmainDB#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 193.169.30.126 - 0007.EC53.3E01 ARPA GigabitEthernet0/0
Internet 193.169.30.209 2 0004.9AD1.127E ARPA GigabitEthernet0/2/0
Internet 193.169.30.210 - 0009.7CDE.9965 ARPA GigabitEthernet0/2/0
cdp neighbor
SDmainDB#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 193.169.30.126 - 0007.EC53.3E01 ARPA GigabitEthernet0/0
Internet 193.169.30.209 2 0004.9AD1.127E ARPA GigabitEthernet0/2/0
Internet 193.169.30.210 - 0009.7CDE.9965 ARPA GigabitEthernet0/2/0
Switch
LAF1switchDB#show cdp neighbor
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
SDmainDB Gig 0/1 156 R C2900 Gig 0/0
SDmainDB Gig 0/1 156 R C2900 Gig 0/0.50
SDmainDB Gig 0/1 156 R C2900 Gig 0/0.60
SDmainDB Gig 0/1 156 R C2900 Gig 0/0.75
LAF1switchDB#show interface status
Port Name Status Vlan Duplex Speed Type
Fa0/1 connected 50 auto auto 10/100BaseTX
Fa0/2 notconnect 50 auto auto 10/100BaseTX
Fa0/3 connected 50 auto auto 10/100BaseTX
Fa0/4 notconnect 50 auto auto 10/100BaseTX
Fa0/5 notconnect 50 auto auto 10/100BaseTX
Fa0/6 notconnect 50 auto auto 10/100BaseTX
Fa0/7 notconnect 50 auto auto 10/100BaseTX
Fa0/8 notconnect 60 auto auto 10/100BaseTX
Fa0/9 notconnect 60 auto auto 10/100BaseTX
Fa0/10 notconnect 60 auto auto 10/100BaseTX
Fa0/11 notconnect 60 auto auto 10/100BaseTX
Fa0/12 notconnect 60 auto auto 10/100BaseTX
Fa0/13 notconnect 60 auto auto 10/100BaseTX
Fa0/14 notconnect 60 auto auto 10/100BaseTX
Fa0/15 notconnect 60 auto auto 10/100BaseTX
Fa0/16 notconnect 75 auto auto 10/100BaseTX
Fa0/17 notconnect 75 auto auto 10/100BaseTX
Fa0/18 notconnect 75 auto auto 10/100BaseTX
Fa0/19 notconnect 75 auto auto 10/100BaseTX
Fa0/20 notconnect 75 auto auto 10/100BaseTX
Fa0/21 notconnect 75 auto auto 10/100BaseTX
Fa0/22 notconnect 75 auto auto 10/100BaseTX
Fa0/23 notconnect 75 auto auto 10/100BaseTX
Fa0/24 notconnect 75 auto auto 10/100BaseTX
Gig0/1 connected trunk auto auto 10/100BaseTX
Gig0/2 notconnect 1 auto auto 10/100BaseTX
LAF1switchDB#
LAF1switchDB#
LAF1switchDB#
LAF1switchDB#
LAF1switchDB#
LAF1switchDB#
LAF1switchDB#
LAF1switchDB#
LAF1switchDB#show interface trunk
Port Mode Encapsulation Status Native vlan
Gig0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Gig0/1 1-1005
Port Vlans allowed and active in management domain
Gig0/1 1,50,60,75
Port Vlans in spanning tree forwarding state and not pruned
Gig0/1 1,50,60,75
Device is an end device laptop pinging through cmd prompt.
Its IP address is 193.169.30.3 with mask 255.255.255.128 at default gateway 193.169.30.126 connected at FA0/0 to the switch's FA0/1 port. IP address of destination is 193.169.30.126 at 255.255.255.128 mask.
05-16-2022 01:39 PM
If these outputs were generated before you made the changes suggested by David then these outputs are no longer useful.
I am glad to know that when you made the changes suggested by David that things are now working.
You asked
If I wanted to keep the class C I'm currently using: 193.169.30.x, could I create sub-interfaces at
193.169.30.50 - vlan 50
193.169.30.60 - vlan 60
193.169.30.75 - vlan 75
No this would not work. What you have here are 3 host addresses. What you need is a subnet for each of the 3 vlans. How big the subnets need to be depends on how many devices might be connected in each vlan.
05-16-2022 01:45 PM
Thank you for answering the subnet question.
I replied with those outputs because it was before I took off the IP address on the physical interface as you said in your reply to David that I wouldn't need to take a physical address off of gi0/0. I wanted to see if what I had before implementing those changes could work without taking off the physical interface.
Another question I had regarding David's suggestion and IPv6 is if I'm to go with taking the physical interface IPv4 address off of gi0/0 and subnetting/routing through the sub-interfaces, would I need to set an IPv6 for each sub-interface or only the devices using the specific VLAN.
In the project's example, the laptop is the only device using the VLAN 50 as there are no other devices on that side of the router that uses 60 or 75. So could I just set the IPv6 address on the gi0/0.50 without setting any IPv6 on gi0/0.60 and gi0/0.75?
05-16-2022 02:01 PM
So I was able to figure something out.
I kept the physical address and all the config for the switch and router the same WHILE keeping my physical address intact. All I did was change the end device's default gateway to the sub-interface and changed the device's IPv4 to the sub-interfaces subnet (193.169.50.x). This allowed me to ping the router through the VLAN switch AND to the other side of my OSPF.
I also set the ipv6 to the sub-interface so that was able to ping across the whole domain to every end device.
I think my question is officially solved.
Thank you everyone that helped and offered input.
05-16-2022 10:56 PM
Thanks for the update. Glad to know that you have it working and consider the issue solved.
David - I agree that many of the discussions focus in configuring the native vlan on a subinterface and using the native parameter on the encapsulation command. But it is quite possible to configure the native vlan by configuring an IP address on the physical interface and then using subinterfaces for additional vlans. I have configured this and attest that it does work. Here is an example from Cisco documentation that does show configuring the native vlan on the physical interface and then configuring a vlan subinterface for a second vlan on the trunk.
05-16-2022 12:46 PM
It worked!
I had to change the IP and default gateways of the end devices so I took off the gi0/0 interface IP and routed straight to the sub-interfaces as you said. Laptop on F1: SD was able to ping the San Diego Main router via SD-F1 switch with the VLANs. I haven't tested it across the second router and other floors on this network yet because I had a few questions first.
If I wanted to keep the class C I'm currently using: 193.169.30.x, could I create sub-interfaces at
193.169.30.50 - vlan 50
193.169.30.60 - vlan 60
193.169.30.75 - vlan 75
and use those for my subnet dedicated for floor one (range .1-.126) and then for the other two subnets make it something like
Subnet 2 (.129-.190)
193.169.30.130 - vlan 50
193.169.30.140 - vlan 60
193.169.30.150 - vlan 75
Subnet 3 (.193-.206)
193.169.30.190 - vlan 50
193.169.30.195 - vlan 60
193.169.30.200 - vlan 75
Or do I need that 3rd field to designate the sub-interface?
If this is possible, would it be possible to also maintain the current OSPF ipv4 parameters per router?
05-16-2022 12:52 PM
David
I am not clear why you think that the original poster needs to remove the configuration on interface G0/0? Having IP address on the physical interface is one of the ways to process for the native vlan on the trunk.
I think your observation that the vlan subintefaces are not configured in OSPF is a valid point. And depending on where devices in the vlans are trying to reach that may be the essential problem. That is why I asked for specifics about what is not working. A device connected to one of the switch vlans should be able to reach any of the router interface addresses. But if it is trying to reach some address that is remote to the router then there is a problem.
05-16-2022 01:59 PM
Richard,
The way I learned it (a while ago) was you cannot have an IP address on the physical interface when you have sub interfaces configured. Or maybe all the examples and demonstrations Ive seen were just created that way. I tried to find some references but it seemed like nothing was popping up. I may have mistaken that to be fact when in fact it may not be. That is usually one of my Go-To's for a router on a stick configuration to check to make sure the physical interface is clear of configuration and the sub interfaces have all the commands. I could also be confusing that and overlapping it with Etherchannel and bundled ports.
If you know of any documents that can help me understand it I would appreciate it. Thank you for the correction as well.
-David
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide