Solved: Can not ping from vlan A to vlan B (switch/router)

mirnesc92 · ‎09-03-2015

Hey guys,

I have a Cisco Catalyst C3750-24TS Switch and a Cisco 891-W Router, and I am unable to communicate from one VLAN to another.

This is my first time configuring a switch and router so it is more than likely a rookie mistake. I've been stuck on this for two days now trying everything to get it work but just can't seem to wrap my head around whats causing the issue. I downloaded Cisco Packet Tracer and tried to replicate the same scenario below and was able to get HOST-PC-A to ping HOST-PC-B on a different VLAN but when I put it into practice with the equipment I have, it doesn't get the same results.

From what I understand, in order to establish communication between two VLANs on a switch (L2 device), I need a router (L3 device).. or a L3 switch and just enabling ip routing via CLI.

I've set up two VLANs on SW1 and associated two ports to each VLAN. Each VLAN has one HOST-PC connected to it. I have also designated port 23 (Fa1/0/23) to be the trunk port going to the router.

On the router I setup port 8 (fastEthernet 8) as the trunk port going to the switch. I then created two sub-interfaces 8.10 and 8.20. I set up DHCP for each sub-interface and created two excluded ip ranges, which works fine. Both PC receive the appropriate IP's from router, so I know there is communication between the switch and the router.

I posted as much details as I could find on the switch and router below to hopefully help narrow the problem down.

SWITCH: SW1

SW1#show vlan br

http://pastebin.com/pTUKiiXY

SW1#show ip int br

http://pastebin.com/RGvvwRzN

SW1#show run

http://pastebin.com/rQ60jXmA

ROUTER : R1

R1#show vlans

http://pastebin.com/3WkkXwEi

R1#show ip int br

http://pastebin.com/vwfWYRHt

R1#sh ip route

http://pastebin.com/VdiJGVh4

R1#sh run

http://pastebin.com/zat57XXj

Sam Cole · ‎09-11-2015

Actually i would say its more than likely that the machines still have their firewalls on which will not allow ICMP by default.

Try either turning them off or allowing ICMP through

View solution in original post

Martin Hruby · ‎09-03-2015

Hello

Your configuration looks correct for a classical router-on-a-stick setup with two VLANs. Make sure that your host PCs have a default gateway configured and can ping it. Do the PCs have any other network connection currently active? Can you post the output of ipconfig from both PCs?

Can you try to traceroute from one host PC to the other and post the output?

Can you post the output of show spanning-tree from the switch?

Best Regards,
Martin

mirnesc92 · ‎09-08-2015

Hi Martin,

Thanks for the reply, below is the output of the show spanning-tree from the switch.

http://pastebin.com/b7UZS2e1

Sorry about the late reply, I just got access back to the equipment today after the extended labor day weekend.

I was hoping to come in and plug into the switch and have the router assign a DHCP address and gateway but that isn't working anymore either since I last left. I'm positive I've saved though, all the config seems to be the same.

It's happened to me before when I was learning how to set up the dhcp pool. I had it all set up and working then decided to try out the release bindings command to see if it will dish out new IP's to devices connected. It cleared the current bindings and stopped giving out new ones, wasn't able to get it to dish out IP's again. So i just wiped the router and re-did everything. Was going to go back to that after I got PC's talking to each other. Which is my primary goal right now.

R1#show ip dhcp pool

http://pastebin.com/56nH6fJx

R1(config)#do show ip dhcp server statistics

http://pastebin.com/9UCsc1fS

I set a static IP on each device and tried it that way.

VLAN 10: Fa1/0/2

PC-HOST-A

IP:196.1.10.101

SUB:255.255.255.0

GATE: 196.1.10.1

VLAN 20: Fa1/0/4

PC-HOST-B

IP:196.1.20.146

SUB:255.255.255.0

GATE: 196.1.20.1

PC's were unable to ping each other. I also tried the above without adding a gateway with same response.

Martin Hruby · ‎09-08-2015

Hello

Your problem is most probably in the switch if you don't see any DHCP REQUESTS received on the router. Can you ping the default gateway IP from each PC?
The output of show spanning-tree doesn't show an STP instance for VLAN 10 or 20, just for VLAN 1. So either there's no active port in VLANs 10 or 20, or there some kind of misconfiguration of the VLANs or the trunk between the switch and the router.

I recommend that on your Switch you inspect the output of:

show interface FastEthernet1/0/23 trunk
show vlan id 10
show vlan id 20

Best regards,
Martin

mirnesc92 · ‎09-09-2015

Thanks for the replies, I got some progress here. The Ethernet cable going from switch to router was not secured properly, DHCP is dishing out IP's again and working correctly.

I also didn't have spanning-tree protocol enabled. I went to the switch (SW1) and configured it under the trunk-to-router port Fa1/0/23.

SW1#configuration terminal
SW1(config)#interface Fa1/0/23
SW1(config-if)#spanning-tree portfast trunk

SWITCH
Here is current configuration of the switch as of today.
http://pastebin.com/0VBFnVyR

Here is the 'show spanning-tree' from the switch, which now displays both VLAN's 10 and 20.
http://pastebin.com/X9wr2bTe

Here is the 'show interface Fa1/0/23' from the switch, trunk-to-router.
http://pastebin.com/VTnFvdBR

ROUTER
Here is current configuration of the router as of today.
http://pastebin.com/8tvdfGN9

Here is the 'show interfaces' from the router, trunk is on 8, 8.10, 8.20
http://pastebin.com/r6bGxpsf

Next, I plugged in two computers into the switch. One into each VLAN (VLAN10 & VLAN20).

LAPTOP1: (VLAN10)

IPv4 Address. . . . . . . . . . .:196.1.10.201
Subnet Mask. . . . . . . . . . . :255.255.255.0
Default Gateway. . . . . . . . . :196.1.10.1

Here is output when trying to ping VLAN10 and VLAN20 Gateways.

C:\Users\User>ping 196.1.10.1

Pinging 196.1.10.1 with 32 bytes of data:
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.

Ping statistics for 196.1.10.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

C:\Users\User>ping 196.1.20.1

Pinging 196.1.20.1 with 32 bytes of data:
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.

Ping statistics for 196.1.20.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Here is the output when trying to ping LAPTOP2

C:\Users\User>ping 196.1.20.201

Pinging 196.1.20.201 with 32 bytes of data:
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.
Reply from 196.1.10.201: Destination host unreachable.

Ping statistics for 196.1.20.201:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

LAPTOP2: (VLAN20)

IPv4 Address. . . . . . . . . .  :196.1.20.201
Subnet Mask. . . . . . . . . . . :255.255.255.0
Default Gateway. . . . . . . . . :196.1.20.1

Here is output when trying to ping VLAN10 and VLAN20 Gateways.

C:\Users\Owner>ping 196.1.10.1

Pinging 196.1.10.1 with 32 bytes of data:
Reply from 196.1.10.1: bytes=32 time=1ms TTL=255
Reply from 196.1.10.1: bytes=32 time=1ms TTL=255
Reply from 196.1.10.1: bytes=32 time=1ms TTL=255
Reply from 196.1.10.1: bytes=32 time=1ms TTL=255

Ping statistics for 196.1.10.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\Owner>ping 196.1.20.1

Pinging 196.1.20.1 with 32 bytes of data:
Reply from 196.1.20.1: bytes=32 time<1ms TTL=255
Reply from 196.1.20.1: bytes=32 time=1ms TTL=255
Reply from 196.1.20.1: bytes=32 time=1ms TTL=255
Reply from 196.1.20.1: bytes=32 time=1ms TTL=255

Ping statistics for 196.1.20.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

Here is the output when trying to ping LAPTOP1

C:\Users\Owner>ping 196.1.10.201

Pinging 196.1.10.201 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 196.1.10.201:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

The output of the ping was different on each vlan for some reason. LAPTOP1 returned "Unreachable" were as LAPTOP2 returned a successful ping.

Also after doing the ping tests, VLAN10 was unable to obtain DHCP and defaulted back to the 169.blah.blah ip that it gives by default on VLAN1. I restarted the switch and router and it went back to normal. Was there a broadcast storm or something?

So many problems..

Raja_D · ‎09-09-2015

Ensure that the physical interface Fastethernet8 is not admin down, and if it looks okay then you need to remove the native command at the end of the trunking encapsulation on the sub-interface of interface FastEthernet8.10 from router and just configure it as given below:

interface FastEthernet8.10

encapsulation dot1Q 10

ip address 196.1.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

save it .. and then have the laptop 1 which is in vlan 10 to get the ip address automatically through dhcp so with the laptop 2 that is in vlan20..

this should make difference and the ping should be successful between 2 vlans..

try it and check...

Good luck!

mirnesc92 · ‎09-09-2015

It's already set to no shutdown I believe, it doesn't seem to show under 'show run' so I tried to set it again.

SW1(config)#interface fastEthernet 8

SW1(config-if)#no shutdown

SW1(config-if)#exit

... and it still doesn't show 'no shutdown' under the the interface when you do 'show run'.

R1#show interfaces

http://pastebin.com/r6bGxpsf

But if I'm not mistaking, shutting down an interface disables all functions on the specified interface. By default the interfaces turn on/off when something is connected to it. Doing 'no shutdown' just keeps it from going down when nothing is connected.

The 'native' at the end of the 8.10 interface is just a result of me trying different guides online, hoping to get it to work. I tried it without it as well, didn't work. It's off now too, still doesn't work.

Raja_D · ‎09-09-2015

please share the ip routing table from the router and the arp table entries...

show ip route

show ip arp

mirnesc92 · ‎09-11-2015

show ip route

R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      196.1.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        196.1.10.0/24 is directly connected, FastEthernet8.10
L        196.1.10.1/32 is directly connected, FastEthernet8.10
      196.1.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        196.1.20.0/24 is directly connected, FastEthernet8.20
L        196.1.20.1/32 is directly connected, FastEthernet8.20

show ip arp

R1#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  196.1.10.1              -   44d3.ca1e.7cfa  ARPA   FastEthernet8.10
Internet  196.1.20.1              -   44d3.ca1e.7cfa  ARPA   FastEthernet8.20

Raja_D · ‎09-11-2015

Mirnesc92,

I am available online, if possible for you please get online to me so that I can try to take remote of your pc and look into this.

mirnesc92 · ‎09-11-2015

Yeah, if you can, that would be awesome.

I don't have access to the equipment anymore for today. Are you available tomorrow around the same time you posted you today?

We can use TeamViewer, it's a free software that allows you to remote desktop and it has a 'run' option which allows you to just run the software without installing anything on your computer. Or if you prefer something else we can use that.

All we would need is means of private communication, so we can send remote desktop login credentials. I don't think this forum has a private messaging system.

And the above outputs don't reflect any host devices (the two laptops plugged into vlan).

Here is DHCP bindings, reflecting the laptops plugged into each VLAN.

R1#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
196.1.10.201        0138.2c4a.8568.00       Sep 12 2015 03:03 PM    Automatic
196.1.20.201        0120.1a06.d834.eb       Sep 12 2015 03:04 PM    Automatic

Raja_D · ‎09-11-2015

Sure Mirnesc92, we will plan it tonight at 10.00 PM IST. I have team viewer in my pc already, will take remote and look into this.

Raja_D · ‎09-12-2015

i am online now , are you available now Mirnesc ? if so get online to me

Raja_D · ‎09-12-2015

Mirnesc92, let me know when you can get online to me 2maro as per your timezone...I am going to logout for today...

mirnesc92 · ‎09-16-2015

Hey Raj thanks for all the help man, it turns out it was the firewall. Didn't see Sam's comment up at the top.

The forums default topic view is a bit everywhere. Thank you everyone!