07-12-2005 05:15 AM - edited 03-05-2019 11:34 AM
I have a C2600 (IOS 12.1(16)) with several FastEthernet subinterfaces that outlines the different VLAN i have.
Int F0/0 is directly connected to my physical network, consisting of serveral switches (2924 and 4006).
eg. int fa0/0.2 & int fa0/0.4 are created for VLAN 2 and 4.
I created now VLAN 71 and VLAN 72, which need to talk to eachother.
I configured it like this;
interface Fastethernet 0/0.71
encapsulation dot1Q 71
ip address 10.10.10.1 255.255.255.0
interface Fastethernet 0/0.72
encapsulation dot1Q 72
ip address 10.10.20.1 255.255.255.0
Command sh ip route;
C 10.10.10.0/24 is directly connected, FastEthernet 0/0.71
C 10.10.20.0/24 is directly connected, FastEthernet 0/0.72
People at VLAN 71 can ping 10.10.20.1,but no other host on VLAN 72.
And also visa versa.
Can ANYBODY HELP????
07-12-2005 05:50 AM
It certainly looks like the router is properly configured to do intervlan routing. I am guessing that the issue has to do with how the PCs are configured. Can you provide information from the PCs, especially what IP addresses are used, what subnet mask, and what default gateway.
It would also be helpful to know if users in VLAN 71 and 72 can communicate with VLANs 2 and 4?
HTH
Rick
07-12-2005 05:08 PM
Also helpful would be the knowledge that the switch has an established trunk on the ethernet connection where the router is attached.... not just placed in VLAN 71.
There is a command useful for performance here as well:
ip route-cache same-interface
Thanks
Dan
07-12-2005 11:04 PM
Also the clients in VLAN 2 and 4 cannot reach/ping users in VLAN 71/72.
See below some outputs:
C:\Documents and Settings\BC2SCX92>ping 10.10.10.1
Pinging 10.10.10.1 with 32 bytes of data:
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255
Reply from 10.10.10.1: bytes=32 time=1ms TTL=255
Ping statistics for 10.10.10.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\Documents and Settings\BC2SCX92>ping 10.10.10.216
Pinging 10.10.10.216 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.10.10.216:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
C:\Documents and Settings\BC2SCX92>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 a0 d1 da ce 00 ...... Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
0x3 ...00 0e 35 2d 33 04 ...... Intel(R) PRO/Wireless 2200BG Network Connection - Packet Scheduler
iniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.205.0.1 10.205.1.52 20
10.10.10.0 255.255.255.0 10.205.0.2 10.205.1.52 1
10.205.0.0 255.255.240.0 10.205.1.52 10.205.1.52 20
10.205.1.52 255.255.255.255 127.0.0.1 127.0.0.1 20
10.255.255.255 255.255.255.255 10.205.1.52 10.205.1.52 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.200.0 255.255.248.0 10.205.0.2 10.205.1.52 1
224.0.0.0 240.0.0.0 10.205.1.52 10.205.1.52 20
255.255.255.255 255.255.255.255 10.205.1.52 10.205.1.52 1
255.255.255.255 255.255.255.255 10.205.1.52 3 1
Default Gateway: 10.205.0.1
===========================================================================
Persistent Routes:
None
C:\Documents and Settings\BC2SCX92>
This is the condig of my C2600... Any ideas???
!
interface FastEthernet0/0
description connected to vlan 1 management
ip address 192.168.200.1 255.255.254.0
ip access-group 10 out
ip helper-address 10.205.14.211
speed 100
full-duplex
!
interface FastEthernet0/0.2
description connected to vlan2 kantoor
encapsulation dot1Q 2
ip address 10.205.0.2 255.255.240.0
ip access-group 10 out
!
interface FastEthernet0/0.4
encapsulation dot1Q 4
ip address 192.168.203.1 255.255.255.0
ip access-group 100 out
ip directed-broadcast
!
interface FastEthernet0/0.5
!
interface FastEthernet0/0.6
encapsulation dot1Q 6
ip address 192.168.202.1 255.255.255.0
!
interface FastEthernet0/0.50
description connected to vlan50 OT0 (Train-Vlan)
encapsulation dot1Q 50
ip address 10.21.0.1 255.255.240.0
ip access-group 10 out
!
interface FastEthernet0/0.71
encapsulation dot1Q 71
ip address 10.10.10.1 255.255.255.0
!
interface FastEthernet0/0.72
encapsulation dot1Q 72
ip address 10.10.20.1 255.255.255.0
!
interface FastEthernet0/0.902
encapsulation dot1Q 902
ip address 192.168.210.10 255.255.255.192
ip access-group 20 out
!
interface FastEthernet0/0.999
description connected to vlan 999 logonvlan
encapsulation dot1Q 999
ip address 11.0.0.1 255.255.240.0
ip access-group 10 out
ip helper-address 10.205.14.211
!
ip default-gateway 192.168.211.2
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.211.2
no ip http server
!
07-12-2005 11:25 PM
Hello,
can you also post the access lists you have configured on your router ? What happens when you remove the access lists from the interfaces for VLAN 2 and 4 ?
Regards,
GP
07-12-2005 11:29 PM
ACL configs
logging history warnings
access-list 10 deny 192.168.210.0 0.0.0.255 log
access-list 10 permit any
access-list 100 remark ** Allow WOL traffic from SAN management segment
access-list 100 permit ip 192.168.202.0 0.0.0.255 any
access-list 100 deny ip any host 10.205.15.255
access-list 100 permit ip any any
access-list 102 remark ** TMS filter to C2SC domain
access-list 102 deny ip 192.168.210.0 0.0.0.255 any log
access-list 102 deny ip 10.10.0.0 0.0.255.255 224.0.0.0 0.255.255.255 log
access-list 102 permit ip any any
access-list 110 remark ** TMS filter to C2SC domain
access-list 110 deny 137 any 10.205.0.0 0.0.255.255 log
access-list 110 deny ip host 10.10.10.255 10.205.0.0 0.0.255.255 log
access-list 110 deny ip host 10.10.20.255 10.205.0.0 0.0.255.255 log
access-list 110 permit ip any any
snmp-server community public RO
snmp-server community mindef RW
snmp-server host 192.168.200.110 all
Ignore ACL 102 and 110. These are acl's for the future.
07-13-2005 05:33 AM
What is the default gateway set on the clients on Vlan 71 and 72.
Does routing between Vlan 2, 4 or any other vlan except Vlan 71 and 72 works fine ?
Do you have the same issue in any other Vlan.
regards,
-amit singh
07-13-2005 05:40 AM
Hi,
Do three things first before retrying again:
1. Disable firewalls of any sort on PCs( restart them too)
2. Make sure of PC default gateway and ip masks proper on PCs.
3. Also double check Switch LEDs.
regards.
07-13-2005 06:03 AM
Hi,
Please refer to the points below they may solve your problem
1.If you have followed the configuration steps listed in the above sections, and are still not
able to ping across the VLANs (between workstation1 and workstation2), then there is a
possibility that you have come across Caveat CSCds42715, in which the 802.1Q native VLAN
keyword does not function properly when fast switching is enabled. The bug fix was integrated in
the following code versions: 12.2(0.5), 12.2(0.5)T, 12.1(5)DC, 12.1(5)YB, 12.2(0.18)S,
12.1(5)YD02, 12.2(2)B, 12.2(15)ZN. You can check the status and a brief description of the bug
by using the Bug Toolkit ( registered customers only) and entering the bug ID CSCds42715.
2.As described earlier in this document, while configuring 802.1Q trunking it is very
important to match the native VLAN across the link. In the Cisco IOS software versions
earlier than 12.1(3)T, you cannot define the native VLAN explicitly, as the encapsulation
dot1Q 1 native command under the sub−interface is not available. In the earlier Cisco IOS
versions, it is important to configure the native VLAN−Interface not as a sub−interface,
which is in our example VLAN1. If configured wrong, the router would expect a tag dot1q
frame on VLAN1 and the switch is not expecting a tag on VLAN1. As a result, no traffic
will pass between VLAN1 on the switch and the router.
3.switchport trunk allowed vlan all
4.Refer to the link below for further details
07-13-2005 07:37 AM
The output that was posted is very interesting. I assume that it is from one of the end stations in VLAN 71. In particular I notice this:
Default Gateway: 10.205.0.1
If the default gateway is 10.205.0.1 what device is this and where is it located, and does it have connectivity to the router with vlans 2 and 4?
If devices in these VLANs are attempting to get to 10.205.0.1 to get to any "remote" destination and 10.205.0.1 is not on this router it explains a lot about the issue.
I believe that your problem is a misconfigured gateway.
HTH
Rick
07-13-2005 11:10 PM
All, thanks for your support/advise.
After asking thousand times to my end users, they suddently discovered an active firewall on one of there workstations..!?!?
And yes, after shutting it down everything is worked fine.!
So again it's shows; never trust your end-users...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide