Absolutely lost on how to make this VLAN work - Page 2

sicjp0 · ‎05-16-2022

I've been trying for a few hours now to get a trunked VLAN to work on my topology. I'll attach a photo of what I'm working with. So to break it down, I want to set three vlan levels: 50, 60, and 75. If looking at the photo I posted, I only began working on the right side (SD - F1). Everything is dual-stacked outside of anything labeled "unused". Without the VLANs, I can get a ping from F1:SD Laptops to anywhere in the current San Diego network and everything else in the overall domain via OSPF+OSPFv3.

When I start assigning vlan interfaces and split the switch, it breaks my whole network and I can't even get a ping from F1:SD Laptops to the San Diego Main router let alone anywhere else in the San Diego network. I've tried doing RoaST with just one gi connection, tried two switches, tried the current setup with making the second line an encapped sub-interface, nothing works. I'm going post below the show runs for the router and switch below.

SD-F1 Switch

version 15.0

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname LAF1switchDB

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

no ip domain-lookup

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 50

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 60

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/23

switchport access vlan 75

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 75

switchport mode access

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

switchport trunk allowed vlan 1-49,51-59,61-74,76-1005

switchport mode trunk

switchport port-security mac-address sticky

!

interface Vlan1

no ip address

shutdown

!

banner motd ^CNetwork maintenance Fri-Sun^C

!

line con 0

password enter

logging synchronous

login

exec-timeout 0 0

!

line vty 0 4

password telnet

login

line vty 5 15

login

!

end

San Diego Main Router

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname SDmainDB

!

enable secret 5 $1$mERr$9cTjUIEqNGurQiFU.ZeCi1

enable password cisco

!

no ip cef

ipv6 unicast-routing

!

no ipv6 cef

!

license udi pid CISCO2911/K9 sn FTX1524RA0P-

!

spanning-tree mode pvst

!

interface GigabitEthernet0/0

description Cnx to F1 only

ip address 193.169.30.126 255.255.255.128

duplex auto

speed auto

ipv6 address FE80::2 link-local

ipv6 address 2001:DB8:A:3A::1/64

ipv6 ospf 10 area 0

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.1

description manage native vlan 1

encapsulation dot1Q 1 native

ip address 193.169.1.1 255.255.255.0

!

interface GigabitEthernet0/1.50

description Legal

encapsulation dot1Q 50

ip address 193.169.50.1 255.255.255.0

!

interface GigabitEthernet0/1.60

encapsulation dot1Q 60

ip address 193.169.60.1 255.255.255.0

!

interface GigabitEthernet0/1.75

description staff

encapsulation dot1Q 75

ip address 193.169.75.1 255.255.255.0

!

interface GigabitEthernet0/2

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/2/0

description Cnx to R2R SD Aux only

ip address 193.169.30.210 255.255.255.252

ipv6 address 2001:DB8:A:3D::2/64

ipv6 ospf 10 area 0

!

interface Serial0/3/0

description Cnx to New York

ip address 173.18.0.214 255.255.255.252

ipv6 address 2001:DB8:A:4B::2/64

ipv6 ospf 10 area 0

clock rate 2000000

!

interface Serial0/3/1

description Cnx to Chicago

ip address 193.169.30.213 255.255.255.252

ipv6 address 2001:DB8:A:4C::1/64

ipv6 ospf 10 area 0

!

interface Vlan1

no ip address

shutdown

!

router ospf 10

router-id 2.2.2.2

log-adjacency-changes

auto-cost reference-bandwidth 1000

network 193.169.30.212 0.0.0.3 area 0

network 173.18.0.212 0.0.0.3 area 0

network 193.169.30.0 0.0.0.127 area 0

network 193.169.30.208 0.0.0.3 area 0

!

ipv6 router ospf 10

router-id 2.2.2.2

log-adjacency-changes

!

ip classless

!

ip flow-export version 9

!

banner motd ^CNetwork Maintenance Fri-Sun^C

!

line con 0

exec-timeout 0 0

password enter

logging synchronous

login

!

line aux 0

!

line vty 0 4

password telnet

login

!

end

If any other show is needed, please let me know. I'm going on hour 3 right now trying to get this to work. Thank you!

Richard Burts · ‎05-16-2022

To help us understand the issue would you post the output of these commands on the router:

show ip interface brief

show ip route

show arp

show cdp neighbor

and the output of these commands on the switch

show cdp neighbor

show interface status

show interface trunk

And please give us some information about a specific instance of where it is not working:

what device is the source of the ping? what is its IP address, what is its mask, what is its default gateway? what interface is it connected to? What IP address is the destination of the ping?

HTH

Rick

sicjp0 · ‎05-16-2022

This is from the original configurations before I did David's suggestions:

Router:

SDmainDB#show ip int br

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 193.169.30.126 YES manual up up

GigabitEthernet0/0.50 193.169.50.254 YES manual up up

GigabitEthernet0/0.60 193.169.60.254 YES manual up up

GigabitEthernet0/0.75 193.169.75.254 YES manual up up

GigabitEthernet0/1 unassigned YES unset administratively down down

GigabitEthernet0/2 unassigned YES unset administratively down down

GigabitEthernet0/2/0 193.169.30.210 YES manual up up

Serial0/3/0 173.18.0.214 YES manual up up

Serial0/3/1 193.169.30.213 YES manual up up

Vlan1 unassigned YES unset administratively down down

--ip route

SDmainDB#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route




Gateway of last resort is not set




11.0.0.0/8 is variably subnetted, 5 subnets, 4 masks

O 11.0.0.0/25 [110/649] via 193.169.30.214, 00:00:59, Serial0/3/1

O 11.0.0.128/26 [110/649] via 193.169.30.214, 00:00:59, Serial0/3/1

O 11.0.0.192/28 [110/648] via 193.169.30.214, 00:01:34, Serial0/3/1

O 11.0.0.208/30 [110/648] via 193.169.30.214, 00:00:59, Serial0/3/1

O 11.0.0.212/30 [110/1294] via 173.18.0.213, 00:01:24, Serial0/3/0

[110/1294] via 193.169.30.214, 00:01:24, Serial0/3/1

173.18.0.0/16 is variably subnetted, 6 subnets, 5 masks

O 173.18.0.0/25 [110/648] via 173.18.0.213, 00:01:24, Serial0/3/0

O 173.18.0.128/26 [110/658] via 173.18.0.213, 00:00:59, Serial0/3/0

O 173.18.0.192/28 [110/648] via 173.18.0.213, 00:01:24, Serial0/3/0

O 173.18.0.208/30 [110/648] via 173.18.0.213, 00:00:59, Serial0/3/0

C 173.18.0.212/30 is directly connected, Serial0/3/0

L 173.18.0.214/32 is directly connected, Serial0/3/0

193.169.30.0/24 is variably subnetted, 8 subnets, 5 masks

C 193.169.30.0/25 is directly connected, GigabitEthernet0/0

L 193.169.30.126/32 is directly connected, GigabitEthernet0/0

O 193.169.30.128/26 [110/2] via 193.169.30.209, 00:00:59, GigabitEthernet0/2/0

O 193.169.30.192/28 [110/2] via 193.169.30.209, 00:00:59, GigabitEthernet0/2/0

C 193.169.30.208/30 is directly connected, GigabitEthernet0/2/0

L 193.169.30.210/32 is directly connected, GigabitEthernet0/2/0

C 193.169.30.212/30 is directly connected, Serial0/3/1

L 193.169.30.213/32 is directly connected, Serial0/3/1

193.169.50.0/24 is variably subnetted, 2 subnets, 2 masks

C 193.169.50.0/24 is directly connected, GigabitEthernet0/0.50

L 193.169.50.254/32 is directly connected, GigabitEthernet0/0.50

193.169.60.0/24 is variably subnetted, 2 subnets, 2 masks

C 193.169.60.0/24 is directly connected, GigabitEthernet0/0.60

L 193.169.60.254/32 is directly connected, GigabitEthernet0/0.60

193.169.75.0/24 is variably subnetted, 2 subnets, 2 masks

C 193.169.75.0/24 is directly connected, GigabitEthernet0/0.75

L 193.169.75.254/32 is directly connected, GigabitEthernet0/0.75

arp

SDmainDB#show arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 193.169.30.126 - 0007.EC53.3E01 ARPA GigabitEthernet0/0

Internet 193.169.30.209 2 0004.9AD1.127E ARPA GigabitEthernet0/2/0

Internet 193.169.30.210 - 0009.7CDE.9965 ARPA GigabitEthernet0/2/0

cdp neighbor

SDmainDB#show arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 193.169.30.126 - 0007.EC53.3E01 ARPA GigabitEthernet0/0

Internet 193.169.30.209 2 0004.9AD1.127E ARPA GigabitEthernet0/2/0

Internet 193.169.30.210 - 0009.7CDE.9965 ARPA GigabitEthernet0/2/0

Switch

LAF1switchDB#show cdp neighbor

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

SDmainDB Gig 0/1 156 R C2900 Gig 0/0

SDmainDB Gig 0/1 156 R C2900 Gig 0/0.50

SDmainDB Gig 0/1 156 R C2900 Gig 0/0.60

SDmainDB Gig 0/1 156 R C2900 Gig 0/0.75

LAF1switchDB#show interface status

Port Name Status Vlan Duplex Speed Type

Fa0/1 connected 50 auto auto 10/100BaseTX

Fa0/2 notconnect 50 auto auto 10/100BaseTX

Fa0/3 connected 50 auto auto 10/100BaseTX

Fa0/4 notconnect 50 auto auto 10/100BaseTX

Fa0/5 notconnect 50 auto auto 10/100BaseTX

Fa0/6 notconnect 50 auto auto 10/100BaseTX

Fa0/7 notconnect 50 auto auto 10/100BaseTX

Fa0/8 notconnect 60 auto auto 10/100BaseTX

Fa0/9 notconnect 60 auto auto 10/100BaseTX

Fa0/10 notconnect 60 auto auto 10/100BaseTX

Fa0/11 notconnect 60 auto auto 10/100BaseTX

Fa0/12 notconnect 60 auto auto 10/100BaseTX

Fa0/13 notconnect 60 auto auto 10/100BaseTX

Fa0/14 notconnect 60 auto auto 10/100BaseTX

Fa0/15 notconnect 60 auto auto 10/100BaseTX

Fa0/16 notconnect 75 auto auto 10/100BaseTX

Fa0/17 notconnect 75 auto auto 10/100BaseTX

Fa0/18 notconnect 75 auto auto 10/100BaseTX

Fa0/19 notconnect 75 auto auto 10/100BaseTX

Fa0/20 notconnect 75 auto auto 10/100BaseTX

Fa0/21 notconnect 75 auto auto 10/100BaseTX

Fa0/22 notconnect 75 auto auto 10/100BaseTX

Fa0/23 notconnect 75 auto auto 10/100BaseTX

Fa0/24 notconnect 75 auto auto 10/100BaseTX

Gig0/1 connected trunk auto auto 10/100BaseTX

Gig0/2 notconnect 1 auto auto 10/100BaseTX




LAF1switchDB#

LAF1switchDB#

LAF1switchDB#

LAF1switchDB#

LAF1switchDB#

LAF1switchDB#

LAF1switchDB#

LAF1switchDB#

LAF1switchDB#show interface trunk

Port Mode Encapsulation Status Native vlan

Gig0/1 on 802.1q trunking 1




Port Vlans allowed on trunk

Gig0/1 1-1005




Port Vlans allowed and active in management domain

Gig0/1 1,50,60,75




Port Vlans in spanning tree forwarding state and not pruned

Gig0/1 1,50,60,75

Device is an end device laptop pinging through cmd prompt.

Its IP address is 193.169.30.3 with mask 255.255.255.128 at default gateway 193.169.30.126 connected at FA0/0 to the switch's FA0/1 port. IP address of destination is 193.169.30.126 at 255.255.255.128 mask.

Richard Burts · ‎05-16-2022

If these outputs were generated before you made the changes suggested by David then these outputs are no longer useful.

I am glad to know that when you made the changes suggested by David that things are now working.

You asked

If I wanted to keep the class C I'm currently using: 193.169.30.x, could I create sub-interfaces at

193.169.30.50 - vlan 50
193.169.30.60 - vlan 60
193.169.30.75 - vlan 75

No this would not work. What you have here are 3 host addresses. What you need is a subnet for each of the 3 vlans. How big the subnets need to be depends on how many devices might be connected in each vlan.

HTH

Rick

sicjp0 · ‎05-16-2022

Thank you for answering the subnet question.

I replied with those outputs because it was before I took off the IP address on the physical interface as you said in your reply to David that I wouldn't need to take a physical address off of gi0/0. I wanted to see if what I had before implementing those changes could work without taking off the physical interface.

Another question I had regarding David's suggestion and IPv6 is if I'm to go with taking the physical interface IPv4 address off of gi0/0 and subnetting/routing through the sub-interfaces, would I need to set an IPv6 for each sub-interface or only the devices using the specific VLAN.

In the project's example, the laptop is the only device using the VLAN 50 as there are no other devices on that side of the router that uses 60 or 75. So could I just set the IPv6 address on the gi0/0.50 without setting any IPv6 on gi0/0.60 and gi0/0.75?

sicjp0 · ‎05-16-2022

So I was able to figure something out.

I kept the physical address and all the config for the switch and router the same WHILE keeping my physical address intact. All I did was change the end device's default gateway to the sub-interface and changed the device's IPv4 to the sub-interfaces subnet (193.169.50.x). This allowed me to ping the router through the VLAN switch AND to the other side of my OSPF.

I also set the ipv6 to the sub-interface so that was able to ping across the whole domain to every end device.

I think my question is officially solved.

Thank you everyone that helped and offered input.

Richard Burts · ‎05-16-2022

Thanks for the update. Glad to know that you have it working and consider the issue solved.

David - I agree that many of the discussions focus in configuring the native vlan on a subinterface and using the native parameter on the encapsulation command. But it is quite possible to configure the native vlan by configuring an IP address on the physical interface and then using subinterfaces for additional vlans. I have configured this and attest that it does work. Here is an example from Cisco documentation that does show configuring the native vlan on the physical interface and then configuring a vlan subinterface for a second vlan on the trunk.

https://www.cisco.com/c/en/us/support/docs/switches/catalyst-4000-series-switches/24064-171.html?dtid=osscdc000283#earlier

HTH

Rick

sicjp0 · ‎05-16-2022

It worked!

I had to change the IP and default gateways of the end devices so I took off the gi0/0 interface IP and routed straight to the sub-interfaces as you said. Laptop on F1: SD was able to ping the San Diego Main router via SD-F1 switch with the VLANs. I haven't tested it across the second router and other floors on this network yet because I had a few questions first.

If I wanted to keep the class C I'm currently using: 193.169.30.x, could I create sub-interfaces at

193.169.30.50 - vlan 50
193.169.30.60 - vlan 60
193.169.30.75 - vlan 75

and use those for my subnet dedicated for floor one (range .1-.126) and then for the other two subnets make it something like

Subnet 2 (.129-.190)
193.169.30.130 - vlan 50
193.169.30.140 - vlan 60
193.169.30.150 - vlan 75
Subnet 3 (.193-.206)
193.169.30.190 - vlan 50
193.169.30.195 - vlan 60
193.169.30.200 - vlan 75

Or do I need that 3rd field to designate the sub-interface?

If this is possible, would it be possible to also maintain the current OSPF ipv4 parameters per router?

Richard Burts · ‎05-16-2022

David

I am not clear why you think that the original poster needs to remove the configuration on interface G0/0? Having IP address on the physical interface is one of the ways to process for the native vlan on the trunk.

I think your observation that the vlan subintefaces are not configured in OSPF is a valid point. And depending on where devices in the vlans are trying to reach that may be the essential problem. That is why I asked for specifics about what is not working. A device connected to one of the switch vlans should be able to reach any of the router interface addresses. But if it is trying to reach some address that is remote to the router then there is a problem.

HTH

Rick

David Ruess · ‎05-16-2022

Richard,

The way I learned it (a while ago) was you cannot have an IP address on the physical interface when you have sub interfaces configured. Or maybe all the examples and demonstrations Ive seen were just created that way. I tried to find some references but it seemed like nothing was popping up. I may have mistaken that to be fact when in fact it may not be. That is usually one of my Go-To's for a router on a stick configuration to check to make sure the physical interface is clear of configuration and the sub interfaces have all the commands. I could also be confusing that and overlapping it with Etherchannel and bundled ports.

If you know of any documents that can help me understand it I would appreciate it. Thank you for the correction as well.

-David