Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4350
Views
8
Helpful
22
Replies

Router on a stick config cannot ping

andrewsmith7783
Level 1
Level 1

‎09-11-2016 04:21 AM - edited ‎03-08-2019 07:22 AM

Hi Inter Webers,

I am greatly in need of your assistance and would be greatly for any help.  I am in the process of setting up a voice lab and I am having issues with my router on a stick setup.    It seems I cannot ping the hosts. 

PCs:

192.168.15.4 ping 192.168.77.2

request timed out...

I can ping the 192.168.X.1  and 192.168.X.254 for all the subnets.    

SW Config:

_________________________________________________________
Current configuration : 3514 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable password password@
!
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
crypto pki trustpoint TP-self-signed-2546737920
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2546737920
revocation-check none
rsakeypair TP-self-signed-2546737920
!
!
crypto pki certificate chain TP-self-signed-2546737920
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353436 37333739 3230301E 170D3933 30333031 30303031
30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35343637
33373932 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009BB9 F550144E 428E4152 49B60749 6C510DEC 77C83AE8 50503375 7819E677
A3A7B237 15815FC6 F1CC7BB4 14D99CE6 F9EA49F1 08A8721D 5666A583 5D8E53B7
0AB19360 C4BEFBBE B7A02467 104A4C86 F5F9AFA6 C8912289 B5A7F54E ED1B7A32
53313CCA F39B056A 2D0B6D21 4FDAA85A EDF9D491 1E951349 1C3995DC 22621AD3
6EA30203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1417E235
6FFE5431 57D71B80 FD65DF22 959F37FC 01301D06 03551D0E 04160414 17E2356F
FE543157 D71B80FD 65DF2295 9F37FC01 300D0609 2A864886 F70D0101 04050003
8181001F 07D5ACCC 0BE459B6 9055F345 3E35BF59 F1E2C3BA AEB6876F 2C6B6195
FCF4B049 BAE67D56 C0E42AC7 1014A52C 5034D29D 3070F444 B8DFCBD3 25AEB49D
8983A0C2 39A1A605 50EBBF11 5B1FF5F9 DC47EADE C7467863 B7852AAC 719C9301
0A1BA054 152B9F7F 81A9DA15 E25724F5 5E68273D 59BB17F9 77F3B143 45258A83 25FBF8
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 15
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 77
switchport mode access
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport access vlan 77
spanning-tree portfast
!
interface FastEthernet0/24
description TRUNK-to-ROUTER
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan15
ip address 192.168.15.254 255.255.255.0
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0
!
interface Vlan77
ip address 192.168.77.254 255.255.255.0
!
ip default-gateway 192.168.20.1
ip classless
ip http server
ip http secure-server
!
!
!
line con 0
line vty 0 4
password password@
login
line vty 5
password password@
login
line vty 6 15
login
!
end

_________________________________________________________

Router 

Building configuration...

Current configuration : 1427 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password password@
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip dhcp pool VLAN15_VOICE
network 192.168.15.0 255.255.255.0
default-router 192.168.20.1
!
ip dhcp pool VLAN20_DATA
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
!
ip dhcp pool VLAN77_MANAGE
network 192.168.77.0 255.255.255.0
default-router 192.168.20.1
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description TRUNK-to-SWITCH
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.15
description VOICE
encapsulation dot1Q 15
ip address 192.168.15.1 255.255.255.0
!
interface FastEthernet0/0.20
description DATA
encapsulation dot1Q 20 native
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0.77
description MANAGEMENT
encapsulation dot1Q 77
ip address 192.168.77.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
voice-port 1/0/0
!
voice-port 1/0/1
!
voice-port 1/1/0
!
voice-port 1/1/1
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password password@
login
!
!
end

Labels:
0 Helpful
22 Replies 22

Luke Oxley
Level 1
Level 1

‎09-11-2016 06:23 AM

andrewsmith7783,

Thanks for your post. Just to get this straight, the PCs you have connected to the switch are able to ping the .254 addresses, but not the .1 addresses over the trunk - is this correct? Also, please confirm what the PCs are using as their default gateway.
Your configuration looks good, however I see two missing links. They are as follows.
1. There is a native VLAN assignment missing on the trunk on Fa0/24 on the switch :-). That will be causing a native VLAN mismatch over the trunk as the router is set to VLAN20. Amend this on the switch with the below commands from global configuration mode.
interface fa0/24 
 switchport trunk native vlan 20 
 shut 
 no shut 
 end
2. This will be the reason you cannot ping between hosts on their separate networks - all three of your DHCP pools have 192.168.20.1 as the default router. Bare in mind that hosts on anything other than 192.168.20.0/24 will not be able to use this IP as their default gateway and as such will mean that they can only communicate at layer 2 (within their own subnet). You should amend the DHCP pools to use the .1 address of each respective sub interface for their VLAN as their default gateway. For example, the default gateway for the 192.168.77.0/24 pool should be 192.168.77.1. Think about it - the use of a default gateway is to allow traffic to get to another subnet. So how can this work when its default gateway is set to something in another subnet?
Have a go and let me know how you get along!

All the best,
Luke

Please rate helpful answers and mark correct answers.

0 Helpful

andrewsmith7783
Level 1
Level 1
In response to Luke Oxley

‎09-11-2016 06:40 AM

Woot!

Thanks for the rapid response to my conundrum. I added the native vlan to the trunk port on the SW.


PC 1 connected to port FA 0/2        <----- native vlan

IPv4 Address. . . . . . . . . . . : 192.168.20.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1


PC 2 connected to port FA 0/3


IPv4 Address. . . . . . . . . . . : 192.168.77.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1


The default GW for both machine is the Data VLAN subinterface: 192.168.20.1

Is this not correct?


dhcp pools VLAN15,VLAN20, VLAN77 are set to provide this address.
Should it be the 192.168.X.1 for the subnet?

FROM THE SW -- I cannot ping the data vlan:

Switch#sho ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up up
Vlan15 192.168.15.254 YES NVRAM up up
Vlan20 192.168.20.254 YES NVRAM up up
Vlan77 192.168.77.254 YES NVRAM up up
FastEthernet0/1 unassigned YES unset down down
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset up up
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset down down
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down

Switch#ping 192.168.77.2 source 192.168.20.254

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.77.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.254
.....
Success rate is 0 percent (0/5)

_______________________________________

Switch#ping 192.168.20.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Switch#ping 192.168.77.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.77.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
Switch#

_______________________________________
pc:


C:\Users\asmith>ping 192.168.20.2

Pinging 192.168.20.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.20.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\asmith>ping 192.168.20.1

Pinging 192.168.20.1 with 32 bytes of data:
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255

Ping statistics for 192.168.20.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\asmith>ping 192.168.20.254

Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255
Reply from 192.168.20.1: bytes=32 time=1ms TTL=255

Thanks!

0 Helpful

andrewsmith7783
Level 1
Level 1
In response to andrewsmith7783

‎09-11-2016 07:00 AM

sorry, I didn't see step 2. Let me do these changes... I'll let you know.  thanks!

andrewsmith7783
Level 1
Level 1
In response to andrewsmith7783

‎09-11-2016 07:16 AM

Pings are still failing :0(

ping 192.168.15.2

Pinging 192.168.15.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

IPv4 Address. . . . . . . . . . . : 192.168.77.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.77.1

IPv4 Address. . . . . . . . . . . : 192.168.15.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.15.1


interface FastEthernet0/24
description TRUNK-to-ROUTER
switchport trunk encapsulation dot1q
switchport trunk native vlan 20
switchport mode trunk
spanning-tree portfast trunk

!

0 Helpful

Luke Oxley
Level 1
Level 1
In response to andrewsmith7783

‎09-11-2016 07:30 AM

Hey andrewsmith7783,

Ok. We are a step in the right direction at least. Can we remove the native VLAN command from the trunk and try again please?

Kind regards,
Luke

Please rate helpful posts and mark correct answers.
0 Helpful

andrewsmith7783
Level 1
Level 1
In response to Luke Oxley

‎09-11-2016 08:02 AM

Done.  No change.  I also did a shut and no shut.  Does it matter that it only show 2-vlans going down (1 & 20)?


Switch(config-if)#shut
*Mar 1 00:56:08.395: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to down
*Mar 1 00:56:08.395: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to down

I see all VLANs listed here:


Switch#sho interfaces trunk

Port Mode Encapsulation Status Native vlan
Fa0/24 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/24 1-4094

Port Vlans allowed and active in management domain
Fa0/24 1,15,20,77

Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1,15,20,77

thanks

0 Helpful

Luke Oxley
Level 1
Level 1
In response to andrewsmith7783

‎09-11-2016 08:06 AM

andrewsmith7783,

Awesome, good work. A few more jobs for you so we can move forward.
  1. Please post a sanitised running configuration from the switch and the router. If possible, attach these as text files. It is easier on the eye.
  2. Does a ping from 192.168.20.2 to 192.168.20.1 work?
  3. Does a ping from 192.168.77.2 to 192.168.77.1 work?

I look forward to hearing back.

Kind regards,

Luke

Please rate helpful posts and mark correct answers.
0 Helpful

andrewsmith7783
Level 1
Level 1
In response to Luke Oxley

‎09-11-2016 01:24 PM

Yes 192.168.X.1 and 192.168.X.254 are pingable from their subnets.  configs attached.  thanks

Preview file
2 KB
Preview file
5 KB
0 Helpful

Luke Oxley
Level 1
Level 1
In response to andrewsmith7783

‎09-12-2016 02:38 AM

andrewsmith7783,

Thank you. Can you ping another sub interface from a different subnet? I.E, can you ping 192.168.77.1 from 192.168.20.2?

Regards,
Luke

Please rate helpful posts and mark correct answers.
0 Helpful

andrewsmith7783
Level 1
Level 1
In response to Luke Oxley

‎09-12-2016 06:20 PM

@Luke Oxley

@ahmedshoaib

Thank you both for the help!  The status has not changed....

IPv4 Address. . . . . . . . . . . : 192.168.77.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.77.1


IPv4 Address. . . . . . . . . . . : 192.168.15.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.15.1


(from 192.168.77.2)
Pinging 192.168.15.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Completes from SW (192.168.X.254)
ping 192.168.77.2 source 192.168.77.254


Fails from SW (192.168.X.254)
ping 192.168.77.2 source 192.168.20.254
ping 192.168.77.2 source 192.168.15.254


Also Fails from the SW:
ping 192.168.15.2 source 192.168.15.254
ping 192.168.15.2 source 192.168.77.254
ping 192.168.15.2 source 192.168.20.254


Completes from the router (192.168.X.1):
ping 192.168.77.2 source 192.168.77.1

Fails from the router (192.168.X.1):
ping 192.168.15.2 source 192.168.15.1
ping 192.168.15.2 source 192.168.20.1
ping 192.168.15.2 source 192.168.77.1

Router#sho ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/0.15 192.168.15.1 YES NVRAM up up
FastEthernet0/0.20 192.168.20.1 YES manual up up
FastEthernet0/0.77 192.168.77.1 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down


Switch#sho ip int brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up up
Vlan15 192.168.15.254 YES NVRAM up up
Vlan20 192.168.20.254 YES NVRAM up up
Vlan77 192.168.77.254 YES NVRAM up up
FastEthernet0/1 unassigned YES unset up up
FastEthernet0/2 unassigned YES unset down down
FastEthernet0/3 unassigned YES unset up up
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset down down
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down
FastEthernet0/19 unassigned YES unset down down
FastEthernet0/20 unassigned YES unset down down
FastEthernet0/21 unassigned YES unset down down
FastEthernet0/22 unassigned YES unset down down
FastEthernet0/23 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset up up
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down

Preview file
4 KB
Preview file
2 KB
0 Helpful

ahmedshoaib
Level 4
Level 4
In response to andrewsmith7783

‎09-13-2016 12:46 AM

Hi;

The issue is not with Router & Switch configuration:

As per result you share 192.168.77.2 (PC) can ping it's gateway (192.168.77.1) while 192.168.15.2 can not ping even Switch (192.168.15.254) or it's gateway (192.168.15.1). 

Either the issue is a device LAN card (hardware issue) or device is not connected on Switch port Fastethernet0/1 which you configure for voice vlan.

Thanks & Best regards;

0 Helpful

andrewsmith7783
Level 1
Level 1
In response to ahmedshoaib

‎09-13-2016 02:08 AM

Thanks for responding.  I do not believe this is the case as all of the X.X.X.2 address for the 3 subnets can ping all the RT (X.X.X.1) and SW (X.X.X.254) interfaces.  It was failing when I was pinging from the SW and RT. 

Question: Should I be able to ping this PC from all subnets on the SW from these interfaces?  


ping 192.168.20.2 source 192.168.15.254 Fail
ping 192.168.20.2 source 192.168.20.254 Good
ping 192.168.20.2 source 192.168.77.254 Fail

ping 192.168.77.2 source 192.168.15.254 Good
ping 192.168.77.2 source 192.168.20.254 Fail
ping 192.168.77.2 source 192.168.77.254 Good

0 Helpful

ahmedshoaib
Level 4
Level 4
In response to andrewsmith7783

‎09-13-2016 07:48 AM

Hi;

My Question is why you create multiple SVI on Layer 2 switch. 

Normally we are creating multiple SVI on Switch if it's treat as a Layers 3 switch, all the users gateway is Switch SVI & doing Routing b/w switch & router.  We required only 1 SVI on L2 Switch for remote management.

Either you need to remove SVI 15 & SVI 77 from switch or change the gateway to switch SVI & enable routing on switch.

Thanks & Best regards;

andrewsmith7783
Level 1
Level 1
In response to ahmedshoaib

‎09-13-2016 08:38 AM

Can you recommend a better config for a 2621XM & C3560-24PS-S? 

I was attempting to follow this tutorial for the router on the stick with the addition of another VLAN:

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/336-cisco-router-8021q-router-stick.html

In the long run, I would like to setup my voice lab with a virtual Site A and Site B.     

Please excuse the poor asci art!  

             

                ______________

             [   ()  ()                     ]        - Router

   / - VLAN A                \ - VLAN B

[()()()()()()()()()()()()()()()()()()()()()()()()] - Site A

[()()()()()()()()()()()()()()()()()()()()()()()()] - Site B

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card