Try adding a default gateway

kb1ojr001 · ‎03-29-2017

I will do my best to explain this. As I am really just starting to dive into my CCNA studies.

I have a cisco 3550 24port switch connected to a 2801 router, which is connected to my pfsense box handing the cisco 2801 router a DHCP ip address. I have a static route on my pfsense box to get me access to the cisco ip ranges I add to the inside IP address for example.

on the router I have the following.

PfSense gateway is 10.1.200.254 and is going to cisco router on fa0/0 is ip 10.1.200.1 255.255.255.0

cisco router fa0/1 is 172.24.1.254 which is going to my cisco 3550 switch on fa0/1 172.24.1.1

On the switch I have vlan 1 setup as 172.24.1.1 and from any ip address added to that range on any port I can ping to my gateway and the internet (e.g 8.8.8.8 and cisco.com for example)

When I create a sub interface I can ping as far as my pfsense box which is at 10.1.200.254

From the cisco router I can ping dns names and direct IP with no problems, it is from the switch I am having difficulty pinging from.

Below is my router and switch configs.

Please note the following port descriptions.

Port 1 on the switch is the trunk to the cisco 2801 router

port 13 is to a local physical PC

port 24 is a trunk to a Esxi server running in particular vlan 200 and 201 for my cisco lab.

Any help would be appreciated. As I have hit a virtual wall :) Thank you kindly in advance.

####Router Configuration

Current configuration : 1593 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1-2801
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip domain lookup
no ip ips deny-action ips-interface
!
!
!
!
!
!
!
!
!
!
!
!
!
!

R1-2801#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1-2801(config)#ip dom
R1-2801(config)#ip domain l
R1-2801(config)#ip domain loo
R1-2801(config)#ip domain lookup
R1-2801(config)#do show run
Building configuration...

Current configuration : 1573 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1-2801
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
no ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 172.24.1.254 255.255.255.0
ip nat inside
no ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1.200
encapsulation dot1Q 200
ip address 172.200.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
interface FastEthernet0/1.201
encapsulation dot1Q 201
ip address 172.201.1.254 255.255.255.0
no snmp trap link-status
!
interface Serial0/3/0
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 172.24.0.0
network 172.200.0.0
network 172.201.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.200.254
!
!
ip http server
no ip http secure-server
ip nat inside source list NAT_ADDRESSES interface FastEthernet0/0 overload
!
ip access-list standard NAT_ADDRESSES
permit 172.201.1.0 0.0.0.255
permit 172.200.1.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
password cisco
logging synchronous
login
line aux 0
line vty 0 4
password cisco
logging synchronous
login
!
end

R1-2801(config)#

#########################SWITCH Configuration#################################################################

############################################################################################################

SW1-3550-24poe#show run
Building configuration...

Current configuration : 2436 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1-3550-24poe
!
!
no aaa new-model
ip subnet-zero
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport mode dynamic desirable
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport access vlan 201
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 172.24.1.1 255.255.255.0
!
interface Vlan201
ip address 172.201.1.1 255.255.255.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
password cisco
logging synchronous
login
line vty 0 4
password cisco
logging synchronous
login
line vty 5 15
login
!
end

SW1-3550-24poe#

kb1ojr001 · ‎03-29-2017

Also forgot to add, I setup rip v2 on the router and my pfsense has an addon for it, seems to be working as far as I can tell. Also added domain lookup on the switch to be able to ping easier.

Below is some pings from the switch and a "show ip route" of the router

Success rate is 0 percent (0/5)
SW1-3550-24poe#ping 172.24.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.24.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
SW1-3550-24poe#ping 172.24.1.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.24.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
SW1-3550-24poe#ping 172.201.1.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.201.1.254, timeout is 2 seconds:
!!!!!

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/32/40 ms

SW1-3550-24poe#ping google.com
Translating "google.com"...domain server (10.1.1.1) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.217.10.46, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW1-3550-24poe#ping cisco.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.161, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW1-3550-24poe#

And here are some DNS pings from the router which are successful.

R1-2801#ping google.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.217.10.46, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/31/36 ms
R1-2801#ping cisco.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 72.163.4.161, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/76/80 ms
R1-2801#

R1-2801#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.200.254 to network 0.0.0.0

172.200.0.0/24 is subnetted, 1 subnets
C 172.200.1.0 is directly connected, FastEthernet0/1.200
172.201.0.0/24 is subnetted, 1 subnets
C 172.201.1.0 is directly connected, FastEthernet0/1.201
172.20.0.0/32 is subnetted, 2 subnets
R 172.20.1.1 [120/1] via 10.1.200.254, 00:00:21, FastEthernet0/0
R 172.20.1.2 [120/1] via 10.1.200.254, 00:00:21, FastEthernet0/0
172.24.0.0/24 is subnetted, 1 subnets
C 172.24.1.0 is directly connected, FastEthernet0/1
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
R 10.1.3.0/24 [120/1] via 10.1.200.254, 00:00:21, FastEthernet0/0
R 10.0.2.1/32 [120/1] via 10.1.200.254, 00:00:21, FastEthernet0/0
R 10.1.1.0/24 [120/1] via 10.1.200.254, 00:00:21, FastEthernet0/0
R 10.0.2.2/32 [120/1] via 10.1.200.254, 00:00:23, FastEthernet0/0
R 10.1.4.0/24 [120/1] via 10.1.200.254, 00:00:23, FastEthernet0/0
R 10.1.30.0/24 [120/1] via 10.1.200.254, 00:00:23, FastEthernet0/0
C 10.1.200.0/24 is directly connected, FastEthernet0/0
R 192.168.0.0/24 [120/1] via 10.1.200.254, 00:00:23, FastEthernet0/0
S* 0.0.0.0/0 [1/0] via 10.1.200.254
R1-2801#
R1-2801#
R1-2801#

chrihussey · ‎03-30-2017

Try adding a default gateway to the switch:

!

ip default-gateway 172.24.1.254

!

Just to clean things up a bit, you could re-arrange the 2801 config to the switch to look like this:

!
interface FastEthernet0/1
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 172.24.1.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.200
encapsulation dot1Q 200
ip address 172.200.1.254 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.201
encapsulation dot1Q 201
ip address 172.201.1.254 255.255.255.0

ip nat inside (I assume you also want to NAT this)
!
!

This way you are not using the major interface in addition to sub-interfaces. Like i said, it is just cleaner. May or may not make a huge difference.

Lab setup Sub Vlan Routing Help.