cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8511
Views
0
Helpful
13
Replies

How to do inter-vlan routing on 1941 with 8 port EHWIC?

waikk2003
Level 1
Level 1

Hi,

We have a Cisco 1941 with the 8 port EHWIC (with 8 layer 2 gig ports). We are trying to do something very basic and need help.

We need to set up 2 VLANs (vlan 10 & vlan 20) to connect to 2 networks - Server & Users.

The Internet connection (via a comcast modem) is connected to the G0/0 port of the 1941 and it just gets a DHCP address.

Here's what we've done so far:

on G0/0:

ip address dhcp

(The comcast modem gives this interface a DHCP address of 192.168.0.162)

ip routing

for the 2 VLANs:

conf t

vlan 10

vlan 20

exit

for the 2 SVI:

int vlan 10

ip address 10.64.8.1 255.255.255.255.0

no shut

int vlan 20

ip address 10.64.16.1 255.255.255.0

no shut

then set up the 2 Gig ports on EHWIC:

int g0/1/1

sw mode access

sw acc vlan 10

int g0/1/2

sw mode access

sw acc vlan 20

Then test ping from the 2 Vlans from the 1941 router works fine!

- a user PC (10.64.8.2) connected to g0/1/1 with default gw (10.64.8.1) ---> PING works & can reach 10.64.8.1

- a server    (10.64.16.3) connected to g0/1/2 with default gw (10.64.16.1) --> PING works & can reach 10.64.16.1

However, the user & server can't ping each other & they also can't ping the G0/0 on the 1941 - (i.e. 192.168.0.162).

i.e. The user (10.64.8.2) can't ping to 192.168.0.162 and can't ping to 10.64.16.3 & vice versa.

What do I need to do to make the inter-vlan routing work so that the user & server can ping each other and the G0/0 interface?

Thanks in advance

Here's the sh ip int & ping:

test#sh ip int bri

Interface                  IP-Address      OK? Method Status                Protocol

Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down

GigabitEthernet0/0         192.168.0.162   YES DHCP   up                    up 

GigabitEthernet0/1         unassigned      YES unset  administratively down down

GigabitEthernet0/1/0       unassigned      YES unset  down                  down

GigabitEthernet0/1/1       unassigned      YES unset  up                    up 

GigabitEthernet0/1/2       unassigned      YES unset  up                    up 

GigabitEthernet0/1/3       unassigned      YES unset  down                  down

GigabitEthernet0/1/4       unassigned      YES unset  down                  down

GigabitEthernet0/1/5       unassigned      YES unset  down                  down

GigabitEthernet0/1/6       unassigned      YES unset  down                  down

GigabitEthernet0/1/7       unassigned      YES unset  down                  down

Vlan1                      unassigned      YES unset  down                  down

Vlan10                     10.64.8.1       YES manual up                    up 

Vlan20                     10.64.16.1      YES manual up                    up 

test#ping 10.64.8.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.64.8.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

test#ping 10.64.8.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.64.8.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

test#ping 10.64.16.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.64.16.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

test#ping 10.64.16.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.64.16.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

test#ping 192.168.0.162

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.162, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

test#

Here's the sh ip route:

test#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 192.168.0.1
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.64.8.0/24 is directly connected, Vlan10
L        10.64.8.1/32 is directly connected, Vlan10
C        10.64.16.0/24 is directly connected, Vlan20
L        10.64.16.1/32 is directly connected, Vlan20
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, GigabitEthernet0/0
L        192.168.0.162/32 is directly connected, GigabitEthernet0/0

see attached file for the entire config file

13 Replies 13

get_rthym
Level 1
Level 1

Hello Wei

Check PC firewall if its blocking icmp.

Lek

Sent from Cisco Technical Support iPhone App

Checked PC firewall - not blocking icmp.

In fact, it's been turned off completely.

Hi,

from a pc in vlan 10 can you ping the gateway of vlan 20 ? if so this is not a routing problem.

which OSes are the hosts ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

The PC10 in vlan 10 can not ping the gateway (10.64.16.1) of vlan 20. It can only ping its own gateway 10.64.8.1

Both hosts are running Windows 7 professional with firewall turned off.

The same for the PC20 in vlan 20. It can only ping its own gateway (10.64.16.1) but not vlan10's gateway (10.64.8.1)

In fact, just for testing purposes.

I temporarily assign g0/1/2 (which was on vlan20) to vlan10 now. Changed the host (PC20) IP to 10.64.8.3.

After this change, the 2 hosts can ping each other (in the same vlan 10)....that's expected. So, the OSes and firewalls issues on the hosts are not the issue. They can ping each other when they are in the same vlan.

However, now that they are in the same vlan, they still can't ping out to G0/0 192.168.0.162.

So, the problem is how to ping from the layer 2 EHWIC to the built-in G0/0 and G0/1 router ports?

get_rthym
Level 1
Level 1

Why are you using 32 bit mask for vlans, can u use 24 bit mask in both router and pc and see if it a works.

Lek

Sent from Cisco Technical Support iPhone App

He isn't using a /32 mask, he is using a /24 mask.

I would echo cadet alain's suggestion of trying to ping the gateway address from the other VLAN.

Also verify that ip routing is enabled globally (I know this sounds obvious but if you do a write erase and flatten a router and then add config it will not enable IP routing until you tell it to).

I also did a little bit more research about this.

It looks like I need to create a BVI interface and a Bridge Group for the VLANs to be bridged to each other and to other Gig ports on the router.

I imagine that someone must have tried configuring separate VLANs on the EHWIC  and try to route that traffic up & down the G0/0 or G0/1 ports on the 1941.

Any one has a sample configuration using the BVI interface & Bridge Group? What IP address should I give it?

Still looking for documentation & samples in this particular topic of inter-vlan routing. Any help will be appreciated.

There no point in bridiging VLANs.

If you need devices to communitate at layer 2, place them in the same VLAN.

OK, based on this link:

http://www.cisco.com/en/US/prod/collateral/modules/ps5949/qa_c67-612908.pdf

Q. Do the Cisco EtherSwitch EHWICs support inter-VLAN routing through the router CPU?

A. Yes, the Cisco EtherSwitch EHWICs support inter-VLAN routing through the SVI interface. All Layer 2 traffic

destined for another VLAN or to a WAN interface on the router is routed through CPU via the SVI interface.

The 8-port EHWIC should be able to support inter-VLAN routing using the CPU and SVI interface.

However, I can't find any more doc or configuration examples showing how this can be done.

If you have pointers, please let me know. Thanks.

Hi,

What version of IOS are you using?

According to this link, table-11 you need:

15.1(2)T: IP Base License of the Universal Image

Link:

http://www.cisco.com/en/US/prod/collateral/routers/ps10536/data_sheet_c78-612808.html

HTH

Yes, I have the latest IOS version.

test#sh version

Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)

rudyadipranata
Level 1
Level 1

Hello, 

I have the same problem as yours. Did you get solution of your problem ? Could you share the solution of your problem ?

 

Thanks,

Rudy

ksbolton1
Level 1
Level 1

Four years later, I've recreated this in Packet Tracer and found no issue. 

I made the router a DHCP server just because. 

Router#sho runn

Building configuration...

Current configuration : 1316 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

ip dhcp excluded-address 10.64.16.1 10.64.16.20

ip dhcp excluded-address 10.64.8.1 10.64.8.20

!

ip dhcp pool VLAN10

network 10.64.8.0 255.255.255.0

default-router 10.64.8.1

ip dhcp pool VLAN20

network 10.64.16.0 255.255.255.0

default-router 10.64.16.1

!

no ip cef

no ipv6 cef

!

license udi pid CISCO1941/K9 sn FTX15243R0U

!

spanning-tree mode pvst

!

interface GigabitEthernet0/0

ip address 192.168.0.162 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface FastEthernet0/0/0

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/0/1

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/0/2

switchport mode access

!

interface FastEthernet0/0/3

switchport mode access

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

mac-address 0060.4722.c101

ip address 10.64.8.1 255.255.255.0

!

interface Vlan20

mac-address 0060.4722.c102

ip address 10.64.16.1 255.255.255.0

!

ip classless

!

ip flow-export version 9

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

end

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: