cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2103
Views
0
Helpful
9
Replies

Can't "see" switch from router once sub-interfaces implemented

cyborgltd
Level 1
Level 1

Thanks to all those that have inched me along my CISCO® path in my new job as network administrator. I still have a long way to go as shown by my first foray into sub-interfaces. 

We have a need to route through two different paths from core to another location.

I set up a lab and tested it with standard routing, vlans, and switches (all cisco devices)

Next I modified the .cfg files for dot1q and sub-interfaces. The switches simulate the service providers Q in Q tunneling.

Everything could see everything through pings and ssh. Once I changed to the sub-interfaces none of the routers can get to or through the switches.

I have included one side, to keep it simple, of the lab. One router and one switch. I figure that if I can understand one side the others should be easy. 

Is it better to include inline or as an attachment?

 

The "CLOUD-IN" is the switch and the WAN-IN is the router.

 

SWITCH


CLOUD-IN#sh run
Building configuration...
Current configuration : 3693 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname CLOUD-IN
boot-start-marker
boot-end-marker
enable secret 5 $1$fWLX$BqhScRW4osoZx8vug7eOw0
username cisco secret 5 $1$tOOi$bqvoksOdeuAThzkxzr48O1
no aaa new-model
switch 1 provision ws-c3750g-24t
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
no ip domain-lookup
ip domain-name cisco.com
no ip igmp snooping
crypto pki trustpoint TP-self-signed-2982579328
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2982579328
 revocation-check none
 spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
vlan internal allocation policy ascending
interface GigabitEthernet1/0/1
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel lldp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 no cdp enable
interface GigabitEthernet1/0/2
 switchport mode dot1q-tunnel
 l2protocol-tunnel cdp
 l2protocol-tunnel lldp
 l2protocol-tunnel stp
 l2protocol-tunnel vtp
 no cdp enable
interface Vlan1
 ip address 10.24.1.9 255.255.255.224
ip classless
ip http server
ip http secure-server
ip sla enable reaction-alerts
line con 0
 logging synchronous
line vty 0 4
 password cisco
 login local
 transport input ssh
line vty 5 15
 password cisco
 login local
 transport input ssh
end

 

ROUTER

 

Current configuration : 1936 bytes
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname WAN-IN
boot-start-marker
boot-end-marker
enable secret 5 $1$hKU3$UOeDU2WbxmgGiU4WHD9LU.
no aaa new-model
resource policy
no network-clock-participate wic 1
no network-clock-participate aim 0
ip cef
ip domain name cisco.com
voice-card 0
 no dspfarm
username cisco privilege 15 secret 5 $1$4Lcu$SLtQQMu46CpirCfme/0Xq/
controller T1 0/1/0
 framing esf
 linecode b8zs
interface Loopback0
 ip address 10.6.1.3 255.255.255.255
interface GigabitEthernet0/0
 no ip address
 ip ospf priority 255
 duplex auto
 speed auto
 media-type rj45
 negotiation auto
interface GigabitEthernet0/0.6
 ip address 10.24.1.1 255.255.255.224
 ip ospf priority 255
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed 100
 media-type rj45
 negotiation auto
interface Vlan1
 no ip address
router ospf 1
 router-id 10.6.1.3
 log-adjacency-changes
 redistribute connected
 network 10.6.1.0 0.0.0.0 area 0
 network 10.6.1.3 0.0.0.0 area 0
 network 10.24.1.0 0.0.0.0 area 50
 network 10.24.1.0 0.0.0.31 area 50
ip default-gateway 10.6.1.3
ip http server
control-plane
gatekeeper
line con 0
 logging synchronous
 history size 50
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login local
 transport input ssh
 transport output ssh
line vty 5 15
 login local
 transport input ssh
 transport output ssh
scheduler allocate 20000 1000
webvpn context Default_context
 ssl authenticate verify all
 no inservice
end

 

9 Replies 9

jhager001
Level 1
Level 1

I guess I didn't read through your whole question and more or less just the title. Give me a minute to review and i'll have an answer 

 

You need to add encapsulation onto your subinterface, so your Gig0/0.6 needs to have 'encapsulation dot1q 6'

then change your vlan on your switch from vlan 1 to vlan 6. give that a shot.

The CDP run on the switch shows the neighbors now but still won't ping from the router (10.24.1.1 or the loopback (10.6.1.3) to the switch (10.24.1.9)

make sure vlan 6 (or whatever your switch vlan is in the 10.24.1.0/27 network) is added to your vlan.dat on your switch.

Also add 'ip default-gateway 10.24.1.1' to your switch configuration.

These are very minimalist configurations but you can compare with whats here. And this worked. It wouldn't allow me to SSH between the devices until I added crypto keys to the devices. 'crypto key gen rsa'

 

SWITCH:

LAN-IN#show run

Building configuration...

 

Current configuration : 1306 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname LAN-IN

!

!

!

ip ssh version 2

ip domain-name cisco.com

!

username cisco secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!

!

spanning-tree mode pvst

!

interface FastEthernet0/1

switchport mode trunk

!

interface Vlan1

no ip address

shutdown

!

interface Vlan6

ip address 10.24.1.9 255.255.255.224

!

ip default-gateway 10.24.1.1

!

!

!

!

line con 0

!

line vty 0 4

login local

transport input ssh

line vty 5 15

login local

transport input ssh

!

!

end

 

 

ROUTER: 

WAN-IN#show run

Building configuration...

 

Current configuration : 1958 bytes

!

version 12.4

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname WAN-IN

!

no ip cef

no ipv6 cef

!

username cisco privilege 15 secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

!

ip ssh version 2

ip domain-name cisco.com

!

spanning-tree mode pvst

!

interface Loopback0

ip address 10.6.1.3 255.255.255.255

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.6

encapsulation dot1Q 6

ip address 10.24.1.1 255.255.255.224

ip ospf priority 255

!

router ospf 1

router-id 10.6.1.3

log-adjacency-changes

redistribute connected

network 10.24.1.0 0.0.0.31 area 50

network 10.6.1.3 0.0.0.0 area 0

!

ip classless

!

line vty 0 4

login local

transport input ssh

line vty 5 15

login local

transport input ssh

!

end

Thanks. I finally did get it to work and now I am trying to do load balancing by using a trunk from one line to two lines the run two links into each then block VLAN 6 on on port and VLAN7 on the other port. This is very brain-racking but lots of fun too. I'm just VERY lucky that my boss let's me play this much in order to learn. I want to thank you for all the help also!

that all sounds like you're about to implement some port-channels and VLAN priorities based on specific links. Shouldn't be too hard!

Yeah! maybe for someone smarter than me, like you! LOL

If you're interested I'll post the configs. when it's working.

It currently has 5 routers. Two of which are sub-interfaced using VLAN6 & 7

The two switches are simulating a Q in Q provider "cloud."

The other three routers simulate our existing 23 routers that will have to be setup from our central area (to include the sub-interfaces) because they are so far apart they would take four people five hours of driving each if we had to be on site!

Scary for my first "real" project!

We are doing a reload in xx command and I found out that if the register is set to other than 0x2102 (which it turns out a lot of the default configs are set to something like 0x2142) the reload does not load the startup-configuration.

The testing has allowed me to find little glitches that could cause BIG headaches during live implementation.

Yes, that is correct, by having the config register set to 0x2142 it will bypass the startup config and boot like a fresh device... that's when you say "Hello!!!" to those 5 hour drives! As long as everything is up and running just reset the config register back to 0x2102 and it will boot up exactly how it was before the restart/power down.

Is there something that just is blocking the ping through the switch? I did not change the switches form the original working config. because the two switches were to simulate both ends of a service provider and they won't change the "Cloud." At least I don't believe they would. Also, even though all routers are now visible using sh cdp ne, I can no longer SSH through like before either.

So it looks like the CDP is talking but nothing else.