05-28-2013 02:31 PM - edited 03-07-2019 01:36 PM
Hi,
We have a Cisco 1941 with the 8 port EHWIC (with 8 layer 2 gig ports). We are trying to do something very basic and need help.
We need to set up 2 VLANs (vlan 10 & vlan 20) to connect to 2 networks - Server & Users.
The Internet connection (via a comcast modem) is connected to the G0/0 port of the 1941 and it just gets a DHCP address.
Here's what we've done so far:
on G0/0:
ip address dhcp
(The comcast modem gives this interface a DHCP address of 192.168.0.162)
ip routing
for the 2 VLANs:
conf t
vlan 10
vlan 20
exit
for the 2 SVI:
int vlan 10
ip address 10.64.8.1 255.255.255.255.0
no shut
int vlan 20
ip address 10.64.16.1 255.255.255.0
no shut
then set up the 2 Gig ports on EHWIC:
int g0/1/1
sw mode access
sw acc vlan 10
int g0/1/2
sw mode access
sw acc vlan 20
Then test ping from the 2 Vlans from the 1941 router works fine!
- a user PC (10.64.8.2) connected to g0/1/1 with default gw (10.64.8.1) ---> PING works & can reach 10.64.8.1
- a server (10.64.16.3) connected to g0/1/2 with default gw (10.64.16.1) --> PING works & can reach 10.64.16.1
However, the user & server can't ping each other & they also can't ping the G0/0 on the 1941 - (i.e. 192.168.0.162).
i.e. The user (10.64.8.2) can't ping to 192.168.0.162 and can't ping to 10.64.16.3 & vice versa.
What do I need to do to make the inter-vlan routing work so that the user & server can ping each other and the G0/0 interface?
Thanks in advance
Here's the sh ip int & ping:
test#sh ip int bri
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 192.168.0.162 YES DHCP up up
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/1/0 unassigned YES unset down down
GigabitEthernet0/1/1 unassigned YES unset up up
GigabitEthernet0/1/2 unassigned YES unset up up
GigabitEthernet0/1/3 unassigned YES unset down down
GigabitEthernet0/1/4 unassigned YES unset down down
GigabitEthernet0/1/5 unassigned YES unset down down
GigabitEthernet0/1/6 unassigned YES unset down down
GigabitEthernet0/1/7 unassigned YES unset down down
Vlan1 unassigned YES unset down down
Vlan10 10.64.8.1 YES manual up up
Vlan20 10.64.16.1 YES manual up up
test#ping 10.64.8.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.64.8.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
test#ping 10.64.8.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.64.8.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
test#ping 10.64.16.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.64.16.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
test#ping 10.64.16.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.64.16.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
test#ping 192.168.0.162
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.162, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
test#
Here's the sh ip route:
test#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 192.168.0.1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.64.8.0/24 is directly connected, Vlan10
L 10.64.8.1/32 is directly connected, Vlan10
C 10.64.16.0/24 is directly connected, Vlan20
L 10.64.16.1/32 is directly connected, Vlan20
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, GigabitEthernet0/0
L 192.168.0.162/32 is directly connected, GigabitEthernet0/0
see attached file for the entire config file
05-28-2013 02:44 PM
Hello Wei
Check PC firewall if its blocking icmp.
Lek
Sent from Cisco Technical Support iPhone App
05-28-2013 04:17 PM
Checked PC firewall - not blocking icmp.
In fact, it's been turned off completely.
05-28-2013 11:34 PM
Hi,
from a pc in vlan 10 can you ping the gateway of vlan 20 ? if so this is not a routing problem.
which OSes are the hosts ?
Regards
Alain
Don't forget to rate helpful posts.
05-29-2013 08:22 AM
The PC10 in vlan 10 can not ping the gateway (10.64.16.1) of vlan 20. It can only ping its own gateway 10.64.8.1
Both hosts are running Windows 7 professional with firewall turned off.
The same for the PC20 in vlan 20. It can only ping its own gateway (10.64.16.1) but not vlan10's gateway (10.64.8.1)
In fact, just for testing purposes.
I temporarily assign g0/1/2 (which was on vlan20) to vlan10 now. Changed the host (PC20) IP to 10.64.8.3.
After this change, the 2 hosts can ping each other (in the same vlan 10)....that's expected. So, the OSes and firewalls issues on the hosts are not the issue. They can ping each other when they are in the same vlan.
However, now that they are in the same vlan, they still can't ping out to G0/0 192.168.0.162.
So, the problem is how to ping from the layer 2 EHWIC to the built-in G0/0 and G0/1 router ports?
05-29-2013 05:54 AM
Why are you using 32 bit mask for vlans, can u use 24 bit mask in both router and pc and see if it a works.
Lek
Sent from Cisco Technical Support iPhone App
05-29-2013 06:08 AM
He isn't using a /32 mask, he is using a /24 mask.
I would echo cadet alain's suggestion of trying to ping the gateway address from the other VLAN.
Also verify that ip routing is enabled globally (I know this sounds obvious but if you do a write erase and flatten a router and then add config it will not enable IP routing until you tell it to).
05-29-2013 08:33 AM
I also did a little bit more research about this.
It looks like I need to create a BVI interface and a Bridge Group for the VLANs to be bridged to each other and to other Gig ports on the router.
I imagine that someone must have tried configuring separate VLANs on the EHWIC and try to route that traffic up & down the G0/0 or G0/1 ports on the 1941.
Any one has a sample configuration using the BVI interface & Bridge Group? What IP address should I give it?
Still looking for documentation & samples in this particular topic of inter-vlan routing. Any help will be appreciated.
05-29-2013 01:00 PM
There no point in bridiging VLANs.
If you need devices to communitate at layer 2, place them in the same VLAN.
05-29-2013 03:08 PM
OK, based on this link:
http://www.cisco.com/en/US/prod/collateral/modules/ps5949/qa_c67-612908.pdf
Q. Do the Cisco EtherSwitch EHWICs support inter-VLAN routing through the router CPU?
A. Yes, the Cisco EtherSwitch EHWICs support inter-VLAN routing through the SVI interface. All Layer 2 traffic
destined for another VLAN or to a WAN interface on the router is routed through CPU via the SVI interface.
The 8-port EHWIC should be able to support inter-VLAN routing using the CPU and SVI interface.
However, I can't find any more doc or configuration examples showing how this can be done.
If you have pointers, please let me know. Thanks.
05-29-2013 03:29 PM
Hi,
What version of IOS are you using?
According to this link, table-11 you need:
15.1(2)T: IP Base License of the Universal Image
Link:
http://www.cisco.com/en/US/prod/collateral/routers/ps10536/data_sheet_c78-612808.html
HTH
05-29-2013 05:56 PM
Yes, I have the latest IOS version.
test#sh version
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)
08-13-2014 02:38 AM
Hello,
I have the same problem as yours. Did you get solution of your problem ? Could you share the solution of your problem ?
Thanks,
Rudy
01-10-2017 05:45 PM
Four years later, I've recreated this in Packet Tracer and found no issue.
I made the router a DHCP server just because.
Router#sho runn
Building configuration...
Current configuration : 1316 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
ip dhcp excluded-address 10.64.16.1 10.64.16.20
ip dhcp excluded-address 10.64.8.1 10.64.8.20
!
ip dhcp pool VLAN10
network 10.64.8.0 255.255.255.0
default-router 10.64.8.1
ip dhcp pool VLAN20
network 10.64.16.0 255.255.255.0
default-router 10.64.16.1
!
no ip cef
no ipv6 cef
!
license udi pid CISCO1941/K9 sn FTX15243R0U
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0
ip address 192.168.0.162 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface FastEthernet0/0/0
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/0/1
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/0/2
switchport mode access
!
interface FastEthernet0/0/3
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
mac-address 0060.4722.c101
ip address 10.64.8.1 255.255.255.0
!
interface Vlan20
mac-address 0060.4722.c102
ip address 10.64.16.1 255.255.255.0
!
ip classless
!
ip flow-export version 9
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide