Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1412
Views
0
Helpful
3
Replies

Cisco 887VA vlan routing

robjdarby1
Level 1
Level 1

‎07-02-2014 12:44 PM - edited ‎03-07-2019 07:54 PM

I am hitting a blank here ... help would be appreciated.

 

Our config is:

887VA router > 2960S switch

 

I have setup 4 VLANs and was hoping to use the router for interVlan routing.

VLan 1 > 10.23.1.1 255.255.255.0

VLan 20 > 10.23.2.1 255.255.255.0

VLan 30 > 10.23.3.1 255.255.255.0

VLan 40 > 10.23.4.1 255.255.255.0

The switch and router connected by a single VLan trunk allowing all Vlans, the native VLan is 1. I have not assigned each VLan to separate interfaces on the router.

From the router I can ping everything in the internal network.

However from any PCs connected within those VLans I can only ping the device within the current VLan and the VLan base IP addresses (i.e. 10.23.1.1, 10.23.2.1, 10.23.3.1, 10.23.4.1)

No ACLs are implemented. Should I be able to ping across all of these VLan subnets ?

E.g. A PC is connected to VLan 4 (IP - 10.23.4.44) i can ping this from the router. From the PC i can ping everything in the 10.23.4.X subnet, and 10.23.1.1, 10.23.2.1, 10.23.3.1, 10.23.4.1 ... but if I add a PC on the 10.23.1.X subnet they can not ping each other.

 

Thanks!

RJD

1 person had this problem
Labels:
0 Helpful
3 Replies 3

robjdarby1
Level 1
Level 1

‎07-02-2014 12:52 PM

Switch config >


! Last configuration change at 02:24:14 UTC Wed Mar 30 2011
! NVRAM config last updated at 02:24:26 UTC Wed Mar 30 2011
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1_DATA
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$UV72$ldx3WEE4/B2vrC2YUj0vk/
enable password XXXX
!
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
ip device tracking
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue output cos-map queue 1 threshold 3 4 5
mls qos srr-queue output cos-map queue 2 threshold 1 2
mls qos srr-queue output cos-map queue 2 threshold 2 3
mls qos srr-queue output cos-map queue 2 threshold 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 0
mls qos srr-queue output cos-map queue 4 threshold 3 1
mls qos srr-queue output dscp-map queue 1 threshold 3 32 33 40 41 42 43 44 45
mls qos srr-queue output dscp-map queue 1 threshold 3 46 47
mls qos srr-queue output dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 2 threshold 1 26 27 28 29 30 31 34 35
mls qos srr-queue output dscp-map queue 2 threshold 1 36 37 38 39
mls qos srr-queue output dscp-map queue 2 threshold 2 24
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue output dscp-map queue 4 threshold 1 8 9 11 13 15
mls qos srr-queue output dscp-map queue 4 threshold 2 10 12 14
mls qos queue-set output 1 threshold 1 100 100 50 200
mls qos queue-set output 1 threshold 2 125 125 100 400
mls qos queue-set output 1 threshold 3 100 100 100 400
mls qos queue-set output 1 threshold 4 60 150 50 200
mls qos queue-set output 1 buffers 15 25 40 20
mls qos
!
crypto pki trustpoint TP-self-signed-602050176
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-602050176
 revocation-check none
 rsakeypair TP-self-signed-602050176
!
!
crypto pki certificate chain TP-self-signed-602050176
 certificate self-signed 01
  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 36303230 35303137 36301E17 0D393330 33303130 30303233
  355A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3630 32303530
  31373630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  C90AC434 51B72843 3A3EB623 85345015 F4718A9D E4C745F8 3466D9F0 D050C19A
  860D2355 BFF07498 BCC96C3D 57DCFF92 CF6FC817 95DA94AE A7C7BF89 0377CD11
  C120B605 58054382 768308C3 F5018B49 17E374D0 5F0F6E6B 3127C261 251AFA18
  6F4396BE 2A806607 D1ABBEA2 E714D8F3 4F8977A7 007A8C15 A7AA513F 5CF1494D
  02030100 01A36930 67300F06 03551D13 0101FF04 05300301 01FF3014 0603551D
  11040D30 0B820953 57325F44 4154412E 301F0603 551D2304 18301680 144F6DDC
  DEBB4BBF 97557CFA 8969FA85 21628EE5 24301D06 03551D0E 04160414 4F6DDCDE
  BB4BBF97 557CFA89 69FA8521 628EE524 300D0609 2A864886 F70D0101 04050003
  81810041 0BB08151 BE5EED44 DBE2B535 1837B2D1 F08E9927 DE1D65F3 910601B6
  4B7F05A9 0C67C595 FA5E3924 96FF24E5 EF19078F 2516BC50 35ADD149 93677F90
  A38B3393 07838B33 749F8F8F 0CA33289 09A2F8EE 1F998C2B FC9A206D 000B1160
  15662ADF 59C45EC4 281FAB99 2E4F9FAC 3F9FAEB8 BEF3B96F 9026DFB1 9A9853CF F6A157
        quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 switchport mode trunk
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
 switchport access vlan 40
!
interface GigabitEthernet1/0/5
 switchport access vlan 40
!
interface GigabitEthernet1/0/6
 switchport access vlan 40
!
interface GigabitEthernet1/0/7
 switchport access vlan 40
!
interface GigabitEthernet1/0/8
 switchport access vlan 40
!
interface GigabitEthernet1/0/9
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/10
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/11
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/12
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/13
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/14
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/15
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/16
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/17
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/18
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/19
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/20
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/21
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/22
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet1/0/23
 switchport mode trunk
 switchport nonegotiate
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 switchport access vlan 40
 switchport mode trunk
 switchport nonegotiate
 srr-queue bandwidth share 1 30 35 5
 priority-queue out
 mls qos trust cos
 macro description cisco-wireless
 auto qos trust
 spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 ip address 10.23.1.2 255.255.255.0
!
interface Vlan20
 description CCTV
 no ip address
!
interface Vlan30
 description USERS
 no ip address
 ip helper-address 10.23.3.1
!
interface Vlan40
 no ip address
 ip helper-address 10.23.4.1
!
ip default-gateway 10.23.1.1
ip http server
ip http secure-server
!
!
!
!
!
line con 0
line vty 0 4
 password xxxx
 login
 length 0
line vty 5 15
 password XXXX
 login
!
end
 

0 Helpful

robjdarby1
Level 1
Level 1
In response to robjdarby1

‎07-02-2014 12:54 PM

Router config >

 

Using 3191 out of 262136 bytes
!
! Last configuration change at 07:44:22 UTC Wed May 14 2014 by cisco
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RT1_CORE
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$y9m9$Sn9g4Cu1FZJgrHClhXu44.
enable password XXXX
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-1087828175
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1087828175
 revocation-check none
 rsakeypair TP-self-signed-1087828175
!
!
crypto pki certificate chain TP-self-signed-1087828175
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
no ip routing
!
!
!
ip dhcp excluded-address 10.23.3.1 10.23.3.39
ip dhcp excluded-address 10.23.4.1 10.23.4.39
ip dhcp excluded-address 10.23.1.1 10.23.1.150
ip dhcp excluded-address 10.23.2.1 10.23.2.39
!
ip dhcp pool USERS
 import all
 network 10.23.3.0 255.255.255.0
 default-router 10.23.3.1
!
ip dhcp pool DATA
 import all
 network 10.23.4.0 255.255.255.0
 default-router 10.23.4.1
!
ip dhcp pool mgmt
 network 10.23.1.0 255.255.255.0
 default-router 10.23.1.1
!
ip dhcp pool CCTV
 network 10.23.2.0 255.255.255.0
 default-router 10.23.2.1
!
!
!
ip domain name DATA
no ip cef
no ipv6 cef
!
!
license udi pid CISCO887VA-K9 sn FCZ1747921V
!
!
username ciscoweb privilege 15 secret 4 9thCdSOL5HCn/4kZgaV2zfQjhT83LfybyY54NhD9x4E
username cisco privilege 15 secret 4 di7S2ARrbqKXPOEUURboCIB/JixqkMovpMuLQfowQSg
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
interface Ethernet0
 no ip address
 no ip route-cache
 shutdown
!
interface ATM0
 no ip address
 no ip route-cache
 shutdown
 no atm ilmi-keepalive
!
interface FastEthernet0
 switchport mode trunk
 no ip address
!
interface FastEthernet1
 switchport mode trunk
 no ip address
!
interface FastEthernet2
 switchport mode trunk
 no ip address
!
interface FastEthernet3
 switchport access vlan 40
 switchport trunk native vlan 40
 no ip address
!
interface Vlan1
 description Management
 ip address 10.23.1.1 255.255.255.0
 no ip route-cache
!
interface Vlan20
 description CCTV
 ip address 10.23.2.1 255.255.255.0
 no ip route-cache
!
interface Vlan30
 description Phones
 ip address 10.23.3.1 255.255.255.0
 no ip route-cache
!
interface Vlan40
 description Data and users
 ip address 10.23.4.1 255.255.255.0

 no ip route-cache
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
access-list 120 deny   ip 10.23.2.0 0.0.0.255 10.23.1.0 0.0.0.255
access-list 120 permit ip any any
access-list 120 remark deny VLan20 to VLan1
access-list 130 deny   ip 10.23.3.0 0.0.0.255 10.23.1.0 0.0.0.255
access-list 130 permit ip any any
access-list 130 remark deny VLan30 to VLan1
access-list 140 deny   ip 10.23.4.0 0.0.0.255 10.23.1.0 0.0.0.255
access-list 140 permit ip any any
access-list 140 remark deny VLan40 to VLan1
!
!
!
!
!
line con 0
 exec-timeout 60 0
 no modem enable
 autohangup
line aux 0
line vty 0 4
 password XXXX
 transport input all
!
!
end
 

0 Helpful

johnd2310
Level 8
Level 8
In response to robjdarby1

‎07-03-2014 04:32 PM

Hi,

 

You have "no ip routing" in the router config. I think the router should have "ip routing" enabled

 

John

**Please rate posts you find helpful**
0 Helpful
Customers Also Viewed These Support Documents