cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2198
Views
25
Helpful
13
Replies

Questions about VLANS and EtherChannel, Problem configuring it.

Benjamin_N
Level 1
Level 1

Hello,

I'm a student and I'm currently trying to understand EtherChannel and Vlans. You'll find a screenshot below to understand what I'm trying to do.

I want to make 2 Vlans, MGMT and Guests so they can't ping each other. I also have 2 Multilayer Switches in EtherChannel and finally one router.

 

My problem is : I can't ping the router (R3) from MGMT nor ping the MGMT from the router.

Last question, how can I test/see if EtherChannel is correctly configured ? Because I don't know where the problem is.

 

Thanks in advance. And I hope you have a wonderful day and end of 2020 ! (can't be worse than what we have seen so far.)


Here are my configs : 

R3 :

R3(config)#interface G0/0
R3(config-if)#ip address 172.16.0.1 255.255.255.0
R3(config-if)#no shut

SW2 :

Switch(config)#hostname S2
S2(config)#vlan 10
S2(config-vlan)#name MGMT
S2(config)#vlan 20
S2(config-vlan)#name GUESTS

S2(config)#interface G1/0/1
S2(config-if)#switchport mode access
S2(config-if)#switchport access vlan 10

S2(config)#interface range G1/0/23-24
S2(config-if-range)#shutdown
S2(config-if-range)#switchport trunk encapsulation dot1q
S2(config-if-range)#switchport mode trunk
S2(config-if-range)#channel-group 1 mode desirable
S2(config-if-range)#no shutdown
S2(config-if-range)#exit
S2(config)#interface Po1
S2(config-if)#switchport trunk encapsulation dot1q
S2(config-if)#switchport mode trunk
S2(config-if)#exit

 

S3 :

Switch(config)#hostname S3
S3(config)#interface G1/0/1
S3(config-if)#switchport mode access
S3(config-if)#switchport access vlan 10

S3(config)#interface range G1/0/23-24
S3(config-if-range)#shutdown
S3(config-if-range)#switchport trunk encapsulation dot1q
S3(config-if-range)#switchport mode trunk
S3(config-if-range)#channel-group 1 mode desirable
S3(config-if-range)#no shutdown
S3(config-if-range)#exit
S3(config)#interface Po1
S3(config-if)#switchport trunk encapsulation dot1q
S3(config-if)#switchport mode trunk
S3(config-if)#exit

 

1 Accepted Solution

Accepted Solutions

Hello,

 

configure the below. You might have to manually create Vlan 10 and Vlan 20 on both switches:

 

S2/3

 

Switch#conf t

Switch(config)#vlan 10

Switch(config)#vlan 20

 

R3

interface GigabitEthernet0/0
description Link to Gi1/0/5 S3
ip address 172.16.0.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0.0.10
encapsulation dot1q 10
ip address 172.16.1.254 255.255.255.0
!
interface GigabitEthernet0.0.20
encapsulation dot1q 20
ip address 172.16.2.254 255.255.255.0

!

interface Vlan1

--> no shut

 

S3

interface GigabitEthernet1/0/5
description Trunk Link to Gi0/0 R3
switchport mode trunk
switchport trunk encapsulation dot1q

 

S2

interface GigabitEthernet1/0/1
description Link to PC1
switchport mode access
switchport access vlan 10
!
interface GigabitEthernet1/0/2
description Link to PC2
switchport mode access
switchport access vlan 20

 

PC1
IP Address 172.16.1.1 255.255.255.0
Default Gateway 172.16.1.254

 

PC2
IP Address 172.16.2.1 255.255.255.0
Default Gateway 172.16.2.254

View solution in original post

13 Replies 13

balaji.bandi
Hall of Fame
Hall of Fame

From R3 for the subnet 172.16.1.x/24 route towards your S3 P address, from S3 you need to have route point to R3

 

If switch 2 acting Layer 2 all the VLAN allowed in the Trunk so S3 should have gateway for the SVI for VLAN 10 /20 /30 ?

 

Also is the mask is correct here /22 on 172.16.1.x/22 ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

 


@balaji.bandi wrote:

From R3 for the subnet 172.16.1.x/24 route towards your S3 P address, from S3 you need to have route point to R3


I didn't put any routing yet. Maybe that's a part of the solution, I'm unsure how to do that. Can you explain a bit more please ?

 


@balaji.bandi wrote:

If switch 2 acting Layer 2 all the VLAN allowed in the Trunk so S3 should have gateway for the SVI for VLAN 10 /20 /30 ?


I also didn't configure any gateway for S3 for the SVI. What command should I use ?


@balaji.bandi wrote:

Also is the mask is correct here /22 on 172.16.1.x/22 ?


Finally, I've checked the mask it's pre-configured when hitting enter after entering the Static Ipv4. It's 255.255.0.0 but shouldn't it be 255.255.252.0 ? 

 

Thank you for your prompt answer @balaji.bandi 

Thank you for the input, I see lot more recommendations already made here, and you might have solve the issue by now.

 

if not please let me know i will offer more tweaked config to fix the issue.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you, I have answered the last post with the solution. @Georg Pauwen helped me a lot for that. My understanding of vlans is increasing

But I'm still wondering if it's normal if I can Ping the vlan 10 to 20 and vice-versa. Or should I use ACL's to avoid that. Because I don't want the Guests to be able to enter the Vlan 10 for exemple. 

And finally when I entered @Georg Pauwen config. He made me create 3 sub interfaces. Why are these for ? And I can still ping the gateway of 172.16.0.1 from each Vlans. Do I really need to use the sub-interfaces for each vlans as gateways ? 

Thank you very much for your time and knowledge.

Hello,

 

it is hard to tell what you are missing without seeing the full configs of all devices (sh run), can you post these ?

 

What are the default gateways your PCs are using, and where are they configured ? 

 

Typically, what you would configure on the router are subinterfaces, with the IP addresses the PCs use as gateways:

 

R3

interface GigabitEthernet0/0.10
encapsulation dot1q 10
ip address 172.16.1.254 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1q 20
ip address 172.16.2.254 255.255.255.0

Yes good idea for the running config sorry about that should have included already. I've read the answers but didn't change anything yet.

 

Here's my config :


 

Spoiler

hostname R3

!

!

!

!

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO1941/K9 sn FTX1524YUY3-

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 172.16.0.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/0/0

no ip address

!

interface GigabitEthernet0/1/0

no ip address

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

!

banner login ^C Unauthorized use is prohibited ^C

banner motd ^C** Authorized Access Only **^C

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

 

 


 

hostname S1

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

!

interface GigabitEthernet1/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

!

end




 

 


hostname S2

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/1

switchport access vlan 10

switchport mode access

switchport nonegotiate

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

!

interface GigabitEthernet1/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

!

end

 

 

Hello,

 

thanks for the configs. What I suggested should work, Make sure the PCs use the IP addresses of their respective Vlan subinterfaces as default gateways, and that the interface connecting the switch to the router is a trunk.

 

R3

interface GigabitEthernet0/0.10
encapsulation dot1q 10
ip address 172.16.1.254 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1q 20
ip address 172.16.2.254 255.255.255.0

It's sadly not pinging, what I've done so far is : 

 

  • Adding your config to R3 : 
Spoiler
interface GigabitEthernet0/0.10
encapsulation dot1q 10
ip address 172.16.1.254 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1q 20
ip address 172.16.2.254 255.255.255.0

I still can't ping R3 from the Vlan 10 using either 172.16.1.254 or 172.16.0.1 . 

 

  • I've also tried to add the interface G1/0/5 from S3 to be in trunk mode, but i get an error : 

Command rejected: An interface whose trunk encapsulation is "Auto" can not be configured to "trunk" mode.
I guess my encapsulation is not well configured then. Or could it be the EtherChannel ?

 

  • I changed the IP config on PC2 (Vlan 10) : IPv4 : 172.16.1.1, SM : 255.255.0.0, Default Gateway : 172.16.1.254.

But to no avail.

I will focus on Vlan 10 if it's working then I'll configure my vlan 20.

Thank you for trying with me. As said before I'm still a student and I struggle a lot with Vlan configurations. Hope to solve the problem and understand Vlans and trunking better

I don't see my answer anymore so I'm reposting it again with a Spoiler sorry if there is a double reply.

Yes good idea for the running config sorry about that should have included already. I've read the answers but didn't change anything yet.

 

Here's my config :


 

Spoiler

hostname R3

!

!

!

!

!

!

!

!

ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO1941/K9 sn FTX1524YUY3-

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface GigabitEthernet0/0

ip address 172.16.0.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface GigabitEthernet0/0/0

no ip address

!

interface GigabitEthernet0/1/0

no ip address

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

!

banner login ^C Unauthorized use is prohibited ^C

banner motd ^C** Authorized Access Only **^C

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

 

 


 

hostname S1

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

!

interface GigabitEthernet1/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

!

end




 

 


hostname S2

!

!

!

!

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/1

switchport access vlan 10

switchport mode access

switchport nonegotiate

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

!

interface GigabitEthernet1/0/7

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

!

interface GigabitEthernet1/0/24

switchport trunk encapsulation dot1q

switchport mode trunk

channel-group 1 mode desirable

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface Vlan1

no ip address

shutdown

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

!

end

 

Hello,

 

configure the below. You might have to manually create Vlan 10 and Vlan 20 on both switches:

 

S2/3

 

Switch#conf t

Switch(config)#vlan 10

Switch(config)#vlan 20

 

R3

interface GigabitEthernet0/0
description Link to Gi1/0/5 S3
ip address 172.16.0.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0.0.10
encapsulation dot1q 10
ip address 172.16.1.254 255.255.255.0
!
interface GigabitEthernet0.0.20
encapsulation dot1q 20
ip address 172.16.2.254 255.255.255.0

!

interface Vlan1

--> no shut

 

S3

interface GigabitEthernet1/0/5
description Trunk Link to Gi0/0 R3
switchport mode trunk
switchport trunk encapsulation dot1q

 

S2

interface GigabitEthernet1/0/1
description Link to PC1
switchport mode access
switchport access vlan 10
!
interface GigabitEthernet1/0/2
description Link to PC2
switchport mode access
switchport access vlan 20

 

PC1
IP Address 172.16.1.1 255.255.255.0
Default Gateway 172.16.1.254

 

PC2
IP Address 172.16.2.1 255.255.255.0
Default Gateway 172.16.2.254

Great it worked flawlessly. Thanks for that @Georg Pauwen 

I had all the configurations going everywhere in my mind so it helped me a lot. Thanks a bunch.


And last question, now i have configured my 2 vlans and they are able to ping each other, isn't it supposed to show destination host unreacheable ?  Or do I need to use ACL's to remove the right to ping or access the other vlan ? I still need to figure how to properly set-up ACL's . But whenever I'll get stuck I'll be sure to give it a try here again. I also see that I can use the gateway of 172.16.0.1 on both my Pc's. Is it an issue if I do so ?

You guys were so helpful. Thanks again.

As said before have a wonderful end of 2020 !

Hello,

 

if you just want to disable PING between these networks, one access list would be sufficient:

 

--> access-list 101 deny icmp 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255 echo-reply
--> access-list 101 permit ip 172.16.1.0 0.0.0.255 172.16.2.0 0.0.0.255
!
interface GigabitEthernet0.0.10
encapsulation dot1q 10
ip address 172.16.1.254 255.255.255.0
--> ip access-group 101 in

Perfect,


So this will not allow any vlan to comunicate with each other.

 

I keep this config aside as I'm not understanding ACL's well yet. I'll read more about it first.

Thank you for your time and patience @Georg Pauwen.