Hello,

Thanks for answer.

same subnet of 192.168.1.0. Is that the case?

Yes, it is in the same subnet.

"If you have vlan 1 and vlan 80 then there should be something that routes between those vlans. You have not told us whether that is done on the layer 3 switch or done on the router. Can you clarify this?"

I am doing the routes in layer 3 switch. (I don't have access to router).

So the problem is likely something between vlan 80 and vlan 1

Exactly.

The drawing suggests that the connection between the layer 3 switch and the router is a trunk. Can you confirm this?

Yes, it is trunk in the side of the layer 3 switch.

Here is what you ask.

Switch Layer 3:

Switch#sh ip interface brief

Interface IP-Address OK? Method Status Protocol

FastEthernet0/1 unassigned YES unset up up

FastEthernet0/2 unassigned YES unset up up

FastEthernet0/3 unassigned YES unset up up

FastEthernet0/4 unassigned YES unset down down

FastEthernet0/5 unassigned YES unset down down

FastEthernet0/6 unassigned YES unset down down

FastEthernet0/7 unassigned YES unset down down

FastEthernet0/8 unassigned YES unset down down

GigabitEthernet0/1 unassigned YES unset down down

GigabitEthernet0/2 unassigned YES unset down down

Vlan1 unassigned YES unset administratively down down

Vlan80 190.191.193.2 YES manual up up

Switch#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is 190.191.193.1 to network 0.0.0.0

190.191.0.0/24 is subnetted, 1 subnets

C 190.191.193.0 is directly connected, Vlan80

S* 0.0.0.0/0 [1/0] via 190.191.193.1

Switch#sh interfaces trunk

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1

Fa0/2 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/1 1-1005

Fa0/2 1-1005

Port Vlans allowed and active in management domain

Fa0/1 1,80

Fa0/2 1,80

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,80

Fa0/2 1,80

I appreciate your help. Thank you

Thank you for the additional information. I am a bit confused about the addressing. Your original post indicates that vlan 1 uses subnet 192.168.1.0. This recent output shows that the subnet for vlan 80 is 190.191.193.0. Can you clarify this?

In spite of being confused about the addressing I believe that the output you posted does point to the issue. I believe that you have told us that you are doing the routing between vlans on the switch. But the switch has only one layer 3 interface active. Interface vlan 80 is up and active but interface vlan 1 is shut down. So there is not any routing done between vlans on the switch.

There is another aspect of this issue that is made evident when we look into the routing table for the default route. The next hop for the default route is 190.191.193.1. But is this address reachable from vlan 80? When a device in vlan 80 (like a phone or the server) wants to send traffic to something remote it will arp for the gateway address. When they arp for 190.191.193.1 do they get a response? I am guessing that they do not. You could perhaps clarify this by posting the output of show arp (or perhaps show ip arp) from the layer 3 switch.

HTH

Rick

Thank you for the fast answer.

Ip address I am using is 192.168.1.x. It was an error.

You're right. Vlan 1 is down. But what ip do I need to use in vlan 1, because vlan 80 has 192.168.1.x. So, I can't put the same ip because it will overlap. Or I can charge the IP of my vlan 80 and use the ip 192.168.x.1 with my router (vlan 1) because I can't access to the config of the router.

So, when I put the IP and do the routing in the layer 3 switch, it would work, right?

You know what is going on in your environment and we do not and this complicates our attempt to give you good advice. Without knowing what is set up on the router it is difficult to know what you should do.

Before we go further let me try to deal with one of the questions involved here. A central part of what you tell us is that there are two vlans and that the same subnet is used in both of them. That is a MAJOR problem. Part of the problem you have already described which is that you can not configure two interfaces with IP addresses in the same subnet (IOS would complain about overlapping addresses and would not accept the config commands). But the real problem is deeper than that. If you did manage to get the two vlans working then a phone would attempt to send something to the gateway and would send an arp request. But the arp request is a broadcast and is sent only to the devices in that vlan. So the gateway would never see the arp request and could not respond to it.

So there are some decisions about the design of this network that you or someone who knows the environment need to make.

1) Does the router need to have the 192.168.1.1 gateway as one of its interfaces?

2) Do the phones and server need to be in the 192.168.1.0 subnet?

3) If the 192.168.1.1 gateway needs to be on the router and if the phones and server need to be in that subnet then the vlan needs to be trunked from the switch to the router, the switch does not need a vlan interface in that vlan, and the switch will not do the routing for that vlan.

4) Is it desirable to have the switch do the routing for the vlan (and subnet) that the phones and server are in? If so then you can have vlan 80 on the switch, the switch will have a vlan interface for vlan 80 and for a vlan connecting the switch to the router, the router will not be the gateway for the devices in vlan 80, and the switch will route the traffic from the phones and server no its connection to the router.

HTH

Rick

1) Does the router need to have the 192.168.1.1 gateway as one of its interfaces?

Yes, I can't configure it. For security with the ISP.

2) Do the phones and server need to be in the 192.168.1.0 subnet?

No neccesary. I just do this for the gateway of the router.

3) If the 192.168.1.1 gateway needs to be on the router and if the phones and server need to be in that subnet then the vlan needs to be trunked from the switch to the router, the switch does not need a vlan interface in that vlan, and the switch will not do the routing for that vlan.

If I have vlan 80 for my server and phones and I have vlan 1 in the router. Don't I need intervlan? I dont understand this.

4) Is it desirable to have the switch do the routing for the vlan (and subnet) that the phones and server are in? If so then you can have vlan 80 on the switch, the switch will have a vlan interface for vlan 80 and for a vlan connecting the switch to the router, the router will not be the gateway for the devices in vlan 80, and the switch will route the traffic from the phones and server no its connection to the router.

I am confuse. What ip will have the vlan interface for the vlan 80? ANd what gateway do I need to use? interface vlan ip or gateway ip of the router?

We continue to try to provide answers in an environment where we do not understand how things are really set up and what are the real requirements. So let me try again to get something clarified that will help us develop good suggestions. You have told us that the router has 192.168.1.1 as its address. Can you tell us whether the router has that address on an interface for vlan 1 or for vlan 80?

HTH

Rick

on vlan 1 the router has the ip addrress 192.168.1.1

Thanks,

Thanks for that information. The next question is whether the router has any routes for any networks or subnets reachable through your switch. If the router does not have any routes for networks or subnets through your router would they be able to configure routes on the router for networks or subnets reachable through your router?

HTH

Rick

Hello,

Thanks for your answer.

I have made some change according to my topology. Now I have access to the router.

I attached the real design.

But I can't communicate to the router yet from my PC (IP-PHONE).

Here is my config files.

Switch 2:

hostname Switch

!

!

!

!

!

!

!

ip routing

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode rapid-pvst

!

!

!

!

!

!

interface FastEthernet0/1

no switchport

ip address 190.191.240.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 190.191.240.2

!

ip flow-export version 9

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

Switch 1:

hostname Switch

!

!

!

!

!

!

!

ip routing

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode rapid-pvst

!

!

!

!

!

!

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/2

switchport trunk allowed vlan 199

switchport trunk encapsulation dot1q

!

interface FastEthernet0/3

switchport access vlan 199

switchport mode access

spanning-tree portfast

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan199

mac-address 0001.43ee.9b01

ip address 190.191.199.10 255.255.255.0

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

Router:

hostname Router

!

!

!

!

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO1941/K9 sn FTX15248DN0

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 190.191.240.2 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 190.191.240.1

!

ip flow-export version 9

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

Thanks very much.

I have looked through the changes that you have made and have these comments.

- You have eliminated the problem of trying to have two vlans use the same IP subnet. That is good. Now you have one subnet routed between the router and SW2.

- SW2 has routing enabled and has a default route to send traffic to the router. That is good.

- SW2 is connected to SW1 by a trunk which appears to carry vlans 1 and 199.

- But SW2 has only 1 active layer 3 interface which is the routed port connecting to the router. There is no active vlan interface. This basically prevents it from routing and should be fixed.

- SW1 is connected to SW2 as mentioned above carrying vlans 1 and 199.

- SW1 connects to server and to phone using vlan 199.

- SW1 has a vlan interface for vlan 199. I am not sure why it has this vlan interface since SW1 is really not doing any routing.

My suggestion is to move interface vlan 199 from SW1 to SW2. The phones and server would use this address as their gateway. This would bring traffic from vlan 199 to SW2 and SW2 would then route the traffic to the router. That should allow your PC, phone, etc to access the router.

HTH

Rick

Ok, nice.

It works very good on packet tracer, but when I am doing in real devices I am having problem. For example, I am trying to put an ip in the router but it said : % IP addresses may not be configured on L2 links.

What is wrong?

What model of router are you using? Which interface are you trying to configure with an IP address?

It sounds like the router you are using is one that has some of its interfaces that operate as switch ports. Perhaps you can post the current running config of the router? That might shed some light on the issue. It might also be helpful if you post the output of show interface from the router.

HTH

Rick

I am using Cisco 800:

Current configuration : 1883 bytes
!
! Last configuration change at 18:44:46 UTC Wed Jul 18 2018
!
version 15.5!
!
!
!
!
!
!
!
!
!

!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
cts logging verbose
license udi pid C887VAM-K9 sn FGL194624PQ
!
!
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/100
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3

no ip address
!
interface Vlan1
ip address 190.191.240.1 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface Dialer0
confidencial
!
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 0.0.0.0 0.0.0.0 190.191.240.2

Also I have the following error:

NATIVE_VLAN_MISMATCH: Native VLAN mismatch discovered on FastEthernet3 with SW-ISP-1 GigabitEthernet3ip forward-protocol nd