CANNOT PING OR TELNET VLAN1

rivanfrank · ‎02-29-2016

Hello Everyone,

I have this two switch and one router configured as router on stick.

---Switch1---

int gi0/1 is connected to Router1

int gi0/1 switchport mode trunk, switchport trunk allowed vlan 1,10,20

int fa0/1 is connected to Switch2

int fa0/1 switchport mode trunk, switchport trunk allowed vlan 1,10,20

int fa0/2 switchport mode access, switchport access vlan 1 (PC ip address 192.168.10.2 255.255.255.0 192.168.10.1)
int fa0/3 switchport mode access, switchport access vlan 10 (PC ip address 192.168.10.5 255.255.255.0 192.168.10.1)

vlan 1 ip address 192.168.10.10 x.x.x.x

ip default-gateway 192.168.10.1

PROBLEM: - int fa 0/3 PC Cannot ping or telnet VLAN1 but can ping default-gateway, cannot ping int fa0/2 PC also

- while int fa0/2 PC can ping or telnet VLAN1 but cannot ping int fa0/5 PC & default-gateway

---Switch2---

int fa0/1 is connected to Switch1

int fa0/1 switchport mode trunk, switchport trunk allowed vlan 1,10,20

int fa0/2 switchport mode access, switchport access vlan 1 (PC ip address 192.168.20.2 255.255.255.0 192.168.20.1)
int fa0/3 switchport mode access, switchport access vlan 20 (PC ip address 192.168.20.5 255.255.255.0 192.168.20.1)

vlan 1 ip address 192.168.20.10 x.x.x.x

ip default-gateway 192.168.20.1

PROBLEM: - int fa 0/3 PC Cannot ping or telnet VLAN1 but can ping default-gateway, cannot ping int fa0/2 PC also

- while int fa0/2 PC can ping or telnet VLAN1 but cannot ping int fa0/5 PC & default-gateway

---Router1---

int gi0/1.10

encapsulation dot1q 10

192.168.10.1 255.255.255.0

int gi0/1.20

encapsulation dot1q 20

192.168.20.1 255.255.255.0

Anyone can help me? THANKS

Kelvin Willacey · ‎02-29-2016

VLAN 1 and VLAN 10 is in the same subnet, 192.168.10.0, is that correct or a typo?

rivanfrank · ‎02-29-2016

What do you mean?

Joel · ‎02-29-2016

Hi,

I am not sure if there are typos but these are incorrect.

SWITCH1 - SAME SUBNET IN USE DIFFERENT VLANs

int fa0/2 switchport mode access, switchport access vlan 1 (PC ip address 192.168.10.2 x.x.x.x 192.168.10.1)
int fa0/3 switchport mode access, switchport access vlan 10 (PC ip address 192.168.10.5 x.x.x.x 192.168.10.1)

SWITCH2 - SAME AS ABOVE BUT DIFFERENT NETWORK ADDRESS

int fa0/2 switchport mode access, switchport access vlan 1 (PC ip address 192.168.20.2 x.x.x.x 192.168.20.1)
int fa0/3 switchport mode access, switchport access vlan 20 (PC ip address 192.168.20.5 x.x.x.x 192.168.20.1)

ROUTER - VLAN1 not listed

int gi0/1.10

encapsulation dot1q 10

192.168.10.1 x.x.x.x

int gi0/1.10 - should this read int gi0/1.20?

encapsulation dot1q 20

192.168.20.1 x.x.x.x

Joel

rivanfrank · ‎02-29-2016

Typo on int gi0/1.20 sorry.

I'm a little bit confused now, should the VLAN1 and VLAN10 configured with different network? I just use the VLAN1 as management VLAN (to telnet).

Jon Marshall · ‎02-29-2016

You can't use the same IP subnet for vlan 1 and vlan 10.

Which vlan is 192.168.10.x meant to used for ?

Jon

rivanfrank · ‎03-01-2016

Hi Jon,

Can you please help me understand the term default-vlan, native vlan and management vlan?

So for example I have a switch, then i have to create VLAN 2 (to be used as native vlan), VLAN 3 as management vlan (for telnet/ssh purposes), VLAN 4 for accounts department.

But I think if I configure the router as Router on a Stick (subinterfaces) I can telnet each VLAN so what is the purpose of Management Vlan?

And, lastly should my ip default-gateway will be as the same subnet as the management or native vlan?

Thanks

Jon Marshall · ‎03-01-2016

The management vlan is for connecting to your network devices.

So in your example the switch will have a L3 interface (SVI) in the management vlan and a default gateway of the subinterface IP on the router for the management vlan.

Note if you are routing between vlans on the router your switch only has one SVI and that would be for the management vlan.

Does this make sense ?

If not please feel free to ask further.

Jon

rivanfrank · ‎03-01-2016

Hi Jon,

I re-modeled my network using packet tracer. Please see below screenshot.

My question is what ip-default gateway should I put in switch1? And how come I can telnet from vlan2 and vlan3 PC at the same time? That what bothers me that it should only the management vlan can telnet the switch1? And how come I cannot telnet from vlan 4?

Jon Marshall · ‎03-01-2016

Firstly switches that are L2 or L3 switches that are not routing between vlans only need a L3 vlan interface for the management vlan so you only need a L3 vlan interface for vlan 3 on your switches.

The default gateway will be 192.168.3.254 which is the router subinterface IP for that vlan because the router is responsible for routing between vlans.

You only need multiple L3 vlan interfaces on a L3 switch if it is routing between vlans and in your setup it isn't.

Just creating a management vlan does not mean you cannot access it from other vlans/IP subnets but you can apply acls to the router subinterfaces to control which IPs are allowed to access the switches.

Jon

rivanfrank · ‎03-02-2016

Thanks for your help, I get it now.