Inter Vlan Routing is not working

randhawaharinderpal · ‎10-05-2018

Hello everyone. I am trying to get two vlans talk to each other and despite so much effort and time I have put into this, it's not working. The scenario is very simple. I have created two vlans on my Cisco 3550 Catalyst switch and using one Cisco 2811 router. Created two sub-interfaces off one fast Eth 0/0 on my Router. I am also posting my configuration below. Please help me guys. Thanks in advance.

Switch:

Switch#sh run
Building configuration...

Current configuration : 2254 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan 10
name DATA
!
vlan 20
name VOICE
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20
switchport mode trunk
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
ip classless
ip http server
!
!
line con 0
line vty 5 15
!
!
end

Router:

interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 10.10.10.254 255.255.255.0
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 10.10.20.254 255.255.255.0

........

Richard Burts · ‎10-05-2018

I have looked through the posted configs and do not see any obvious issues. Can you verify that switch port Fast0/1 connects to router interface Fast0/1? Can you verify that PCs are connected to switch ports Fast0/3 and Fast0/5? Can you post for both PCs the interface IP, mask, and gateway? Can you post the output of show interface status from the switch? Can you post the output of the commands show ip interface brief, show ip route, and show arp from the router?

HTH

Rick

HTH

Rick

randhawaharinderpal · ‎10-05-2018

Hello rick. thanks for your quick response. Yes the Fa 0/1 from switch is connected to Fa 0/1 on router. Yes PCs are connected to Fa 0/3 and 0/5 on Switch. Pc1:

IP 10.10.10.11, mask 255.255.255.0, DG 10.10.10.254.

PC2: IP 10.10.20.30. SM 255.255.255.0 DG 10.10.20.254.

Show Interface Status:

Name: Fa0/1
Switchport: Enabled
Administrative Mode: trunk
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: 10,20
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Fa0/3
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (DATA)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Name: Fa0/5
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 20 (VOICE)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none

Router1#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES manual up down
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/1.10 10.10.10.254 YES manual up up
FastEthernet0/1.20 10.10.20.254 YES manual up up
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1

Router1#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets
C 10.10.10.0 is directly connected, FastEthernet0/1.10
C 10.10.20.0 is directly connected, FastEthernet0/1.20

Router1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.11 17 3c97.0ee9.165b ARPA FastEthernet0/1.10
Internet 10.10.10.254 - 0026.cbdb.14e1 ARPA FastEthernet0/1.10
Internet 10.10.20.30 3 685b.35c8.e67d ARPA FastEthernet0/1.20
Internet 10.10.20.254 - 0026.cbdb.14e1 ARPA FastEthernet0/1.20

randhawaharinderpal · ‎10-05-2018

My other PC is MAC and it can ping 10.10.10.11 which is a Win 10 PC.......could that be the issue???

Richard Burts · ‎10-05-2018

With symptoms like this I would look at the possibility of a firewall on the PC that is denying ping.

HTH

Rick

HTH

Rick

randhawaharinderpal · ‎10-05-2018

I have Norton Internet security installed on my Pc and I have already disabled the firewall..but the ping is still not going through....However my MAC can ping through.

Richard Burts · ‎10-05-2018

Of the output that you posted I find this one particularly helpful

Router1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.10.11 17 3c97.0ee9.165b ARPA FastEthernet0/1.10
Internet 10.10.10.254 - 0026.cbdb.14e1 ARPA FastEthernet0/1.10
Internet 10.10.20.30 3 685b.35c8.e67d ARPA FastEthernet0/1.20
Internet 10.10.20.254 - 0026.cbdb.14e1 ARPA FastEthernet0/1.20

It clearly shows that the router is successfully communicating with both devices. If ping works one way and not the other way it is not a routing issue. I am convinced that there is something on the host that is impacting ping. There might be one way traffic if there were access lists on interfaces evaluating traffic, or if there were some device doing stateful inspection (like a firewall). But the description of the situation does not indicate either of these possibilities. I say check more carefully on the PC.

HTH

Rick

HTH

Rick

Georg Pauwen · ‎10-05-2018

Hello,

I agree with Rick, the config looks by the book. Is this a live network or a simulator ? You might want to try and change the native VLAN as below:

Switch

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk

Router

interface FastEthernet0/1.10
encapsulation dot1Q 10 native
ip address 10.10.10.254 255.255.255.0

randhawaharinderpal · ‎10-05-2018

Hello Georg. I tried that but no change in output. My Pc's are pinging the gateway but not the other pc in different vlan or another another gateway.

Georg Pauwen · ‎10-05-2018

Hello,

are you doing this in Packet Tracer ? If so, post the project file (you need to zip it first)...

randhawaharinderpal · ‎10-05-2018

No I am doing this on a live Cisco router and a Cisco Switch.