ROAS, Couldnt ping between VLANS help

givencodes · ‎03-06-2014

im trying to set up a new network back at the office but im having problems communicating between vlans.

i hav one router(cisco 1941) and a switch (cisco catalyst 2960g). im using the router on a stick method.

i have two vlans on the switch and i have done everything according to instructions but i still cant ping from one vlan to another. the hosts in the vlan can ping the switch, router and a;; gateways but just not other hosts.

the weird part is that the same configurations works fine in packet tracer.

here are my configurations. just check them and lemme knw where i went wrong.

FROM THE SWITCH

Current configuration : 2180 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1-1005 priority 4096
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/1
switchport trunk allowed vlan 1,10,20
switchport mode trunk
!
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/4
switchport mode access
!
interface GigabitEthernet0/5
switchport mode access
!
interface GigabitEthernet0/6
switchport mode access
!
interface GigabitEthernet0/7
switchport mode access
!
interface GigabitEthernet0/8
switchport mode access
!
interface GigabitEthernet0/9
switchport mode access
!
interface GigabitEthernet0/10
switchport mode access
!
interface GigabitEthernet0/11
switchport mode access
!
interface GigabitEthernet0/12
switchport mode access
!
interface GigabitEthernet0/13
switchport mode access
!
interface GigabitEthernet0/14
switchport mode access
!
interface GigabitEthernet0/15
switchport mode access
!
interface GigabitEthernet0/16
switchport mode access
!
interface GigabitEthernet0/17
switchport mode access
!
interface GigabitEthernet0/18
switchport mode access
!
interface GigabitEthernet0/19
switchport mode access
!
interface GigabitEthernet0/20
switchport mode access
!
interface GigabitEthernet0/21
switchport mode access
!
interface GigabitEthernet0/22
switchport mode access
!
interface GigabitEthernet0/23
switchport mode access
!
interface GigabitEthernet0/24
switchport mode access
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 192.168.10.2 255.255.255.0
no ip route-cache
!
interface Vlan20
ip address 192.168.20.2 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.10.1
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 5 15
!
end

FROM THE ROUTER:
Router#show run
Building configuration...

Current configuration : 1251 bytes
!
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn FGL17152230
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

Jon Marshall · ‎03-06-2014

Couple of things to check -

1) the clients have their default gateways set to the router subinterface IP addresses and not the vlan interface IPs on the switch

2) if 1) is correct check for firewalls on the PCs and either allow ICMP or temporarily disable to test

Jon

givencodes · ‎03-06-2014

hi mr jon.marshal

firstly i hav set the clients with the corresponding default getway on the router subinterface. for example if a client is in vlan 10 and on the subinterface the address is 198.162.10.1, that is the one i assigned to the client

secondly i have disabled firewall on my clients. but its still not worning.

lastly it seems that from any vlan i can ping the switch and the router subinterfaces, also any client in other vlans can successfully ping the management vlan, but a client in the management vlan or any other vlan can not ping other vlans.

help

Jon Marshall · ‎03-06-2014

If from a PC in vlan 10 you can ping -

1) the vlan 10 subinterface on the router

and

2) the vlan 20 subinterface on the router

then it suggests routing is fine.

So can you -

1) from the router try pinging a client in any vlan and see what happens.

Also you mention a management vlan, which vlan is that ?

Jon

givencodes · ‎03-06-2014

the management vlan is vlan 10. okay let me try do that

givencodes · ‎03-06-2014

well, im back...

from the router i have chekced, i can ping the switch, all clients from both vlans succesfully... i just cant figure out why i cant ping from one host in a vlan to another...also how comes in PT the very same configurations and router types works just fine??

Jon Marshall · ‎03-06-2014

PT does not always emulate real equipment properly.

Can you -

1) remove vlan 1 off the trunk link on the switch

2) on the switch remove the vlan 20 SVI

3) post the following -

"sh int trunk" from the switch

"sh ip route" from the router

Jon

givencodes · ‎03-06-2014

done,

here is the output

Switch#show int trunk

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 30

Port Vlans allowed on trunk

Gi0/1 10,20

Port Vlans allowed and active in management domain

Gi0/1 10,20

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 10,20

Router#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.10.0/24 is directly connected, GigabitEthernet0/1.10

L 192.168.10.1/32 is directly connected, GigabitEthernet0/1.10

192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.20.0/24 is directly connected, GigabitEthernet0/1.20

L 192.168.20.1/32 is directly connected, GigabitEthernet0/1.20

192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks

C 192.168.30.0/24 is directly connected, GigabitEthernet0/1.30

L 192.168.30.1/32 is directly connected, GigabitEthernet0/1.30

Router#

Jon Marshall · ‎03-06-2014

Why is the router showing a gi0/1.30 when that is not in the config ?

Jon

givencodes · ‎03-06-2014

hello,

i just added a vlan 30 as a native vlan

Jon Marshall · ‎03-06-2014

You don't need the native vlan on the trunk (which you don't have so that is good) but you also don't need a subinterface for it.

So after those changes you still cannot between vlans ?

Jon

givencodes · ‎03-06-2014

yes i still cant, could there be a problem with the router?? or switch maybe

Jon Marshall · ‎03-06-2014

To be honest i don't know.

Like i say if from a PC in vlan 10 you can ping both the vlan 10 subinterface and the vlan 20 subinterface on the router then it suggests routing is working.

And you can ping from the router to each PC in both vlans so that rules out firewalls.

So the only thing i can think is default gateways but you say you have set these to be the correct router subinterfaces.

Can you post a "sh vlan brief" from the switch ?

Jon

givencodes · ‎03-06-2014

Switch#show vlan brief

Here you go

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/5, Gi0/6, Gi0/7, Gi0/8

Gi0/9, Gi0/10, Gi0/11, Gi0/12

Gi0/13, Gi0/14, Gi0/15, Gi0/16

Gi0/17, Gi0/18, Gi0/19, Gi0/20

Gi0/21, Gi0/22, Gi0/23, Gi0/24

10 Zimbra active Gi0/2

20 Samba active Gi0/3

30 native active Gi0/4

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

Jon Marshall · ‎03-06-2014

I can't see anything wrong with your config.

When you said in one of your posts -

also any client in other vlans can successfully ping the management vlan,

what did you mean by this ?

Jon