yea, GigabitEthernet0/2.250

Sahir Algharibih · ‎05-07-2014

Hi all,

i have replaced a gateway router model 7206 running as a router on a stick that is using ISL encapsulation with a newer model router 3925e, the new router has a vlan250 encapsulated on a sub interface, i use that sub interface as source for authentication for tacacs+, the problem is with the new router i can't ping vlan250 ip address on the distro switch, at the same time i can't see the ip address of f the gateway router for vlan 250 in the arp table of the distro switch, mean while same configurations work with no issue with the old router model 7206.

any idea about what is causing this issue ?

Thanks

Sahir

cadet alain · ‎05-07-2014

Hi,

Can you post config of the 3925 as well as the one for switchport on the distro switch where the 3925 is linked.

Regards

Alain

Don't forget to rate helpful posts.

Sahir Algharibih · ‎05-07-2014

here is the configs:

1-

3925e:

!
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname gateway-is1
!
boot-start-marker
boot-end-marker
!
!
!card type command needed for slot 1
logging buffered informational
!
aaa new-model
!
!
aaa authentication login default group tacacs+ line enable none
aaa authorization exec default group tacacs+ none
aaa authorization commands 15 default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting connection default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
!
!
!
aaa session-id common
clock timezone CST -6 0
clock summer-time CDT recurring
!
no ipv6 cef
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip domain name wan.er.com
multilink bundle-name authenticated
!
!
!
redundancy
!
!
ip ssh time-out 60
ip ssh version 2
!
!
!
!
interface Loopback0
ip address 10.26.5.13 255.255.255.255
no ip mfib cef input
no ip mfib cef output
!
interface GigabitEthernet0/0
description distro-2.4/41.x.x
ip address 10.26.255.238 255.255.255.248
no ip mfib cef input
no ip mfib cef output
duplex full
speed auto
!
interface GigabitEthernet0/1
description distro-1.4/41.x.x
ip address 10.26.255.246 255.255.255.248
no ip mfib cef input
no ip mfib cef output
duplex full
speed auto
!
interface GigabitEthernet0/2
description distro-1.4/38.x.x
no ip address
no ip mfib cef input
no ip mfib cef output
duplex full
speed auto
!
interface GigabitEthernet0/2.150
description iSIT A Public Zone
encapsulation isl 150
ip address 10.26.150.1 255.255.255.0
no ip redirects
no ip mfib cef input
no ip mfib cef output
!
interface GigabitEthernet0/2.218
description iSIT A Public Zone
encapsulation isl 218
ip address 10.26.218.1 255.255.255.0
no ip redirects
no ip mfib cef input
no ip mfib cef output
!
interface GigabitEthernet0/2.236
encapsulation isl 236
ip address 10.26.236.6 255.255.255.0
no ip redirects
no ip mfib cef input
no ip mfib cef output
standby 236 preempt
bridge-group 1
!
interface GigabitEthernet0/2.250
encapsulation isl 250
ip address 10.26.250.201 255.255.255.0
no ip redirects
no ip mfib cef input
no ip mfib cef output
!
interface GigabitEthernet0/2.550
no ip redirects
no ip mfib cef input
no ip mfib cef output
!
interface GigabitEthernet0/2.570
description iSIT C Public Zone
encapsulation isl 570
ip address 10.26.70.1 255.255.255.0
no ip redirects
no ip mfib cef input
no ip mfib cef output

!
interface GigabitEthernet0/2.590
description iSIT E Public Zone
encapsulation isl 590
ip address 10.26.90.1 255.255.255.0
no ip redirects
no ip mfib cef input
no ip mfib cef output
!
interface GigabitEthernet0/3
description etc-sitdistro-2.4/38.x.x
no ip address
no ip mfib cef input
no ip mfib cef output
duplex full
speed auto
!
interface GigabitEthernet0/3.160
description iSIT B Public Zone
encapsulation dot1Q 160
ip address 10.26.160.1 255.255.255.0
no ip redirects
no ip mfib cef input
no ip mfib cef output
!
interface GigabitEthernet0/3.228
description iSIT B Public Zone
encapsulation dot1Q 228
ip address 10.26.228.1 255.255.255.0
no ip mfib cef input
no ip mfib cef output
!
interface GigabitEthernet0/3.580
description iSIT D Public Zone
encapsulation dot1Q 580
ip address 10.26.80.1 255.255.255.0
no ip mfib cef input
no ip mfib cef output
!
ip forward-protocol nd
!
ip pim bidir-enable
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.26.255.241
ip route 0.0.0.0 0.0.0.0 10.26.255.233
ip route 10.19.189.0 255.255.255.0 192.168.100.86
ip route 12.34.246.16 255.255.255.248 192.168.100.86
ip tacacs source-interface GigabitEthernet0/2.250
!
!
logging source-interface GigabitEthernet0/2.250
logging 10.20.250.59
!

2- 7206

distro-1#show run int gig1/1/18
Building configuration...

Current configuration : 308 bytes
!
interface GigabitEthernet1/1/18
description gateway-is1.f3/0.x.x
switchport
switchport trunk encapsulation isl
switchport trunk allowed vlan 150,218,236,250,570,590
switchport mode trunk
speed 100
duplex full
storm-control broadcast level 1.00
rmon collection stats 1118 owner monitor
end

cadet alain · ‎05-08-2014

Hi,

the posted configs look correct.

Can you post sh ip int br | i Vlan250 on Distro switch

I suppose the default gw for vlan 250 is GigabitEthernet0/2.250 IP ?,

if not post a diagram and note the IP of this default gw.

Regards

Alain

Don't forget to rate helpful posts.

Sahir Algharibih · ‎05-08-2014

yea, GigabitEthernet0/2.250 is the GW for that vlan

here is the show show command on the distro switch.

show ip int br | i Vlan250
Vlan250 10.26.250.5 YES NVRAM up up

Sahir Algharibih · ‎05-08-2014

Any idea about what might be causing the issue ?

Encapsulated vlan from distro not seen by Gateway border router.