Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4465
Views
8
Helpful
22
Replies

Router on a stick config cannot ping

andrewsmith7783
Level 1
Level 1

‎09-11-2016 04:21 AM - edited ‎03-08-2019 07:22 AM

Hi Inter Webers,

I am greatly in need of your assistance and would be greatly for any help.  I am in the process of setting up a voice lab and I am having issues with my router on a stick setup.    It seems I cannot ping the hosts. 

PCs:

192.168.15.4 ping 192.168.77.2

request timed out...

I can ping the 192.168.X.1  and 192.168.X.254 for all the subnets.    

SW Config:

_________________________________________________________
Current configuration : 3514 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable password password@
!
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
crypto pki trustpoint TP-self-signed-2546737920
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2546737920
revocation-check none
rsakeypair TP-self-signed-2546737920
!
!
crypto pki certificate chain TP-self-signed-2546737920
certificate self-signed 01
3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32353436 37333739 3230301E 170D3933 30333031 30303031
30325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 35343637
33373932 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81009BB9 F550144E 428E4152 49B60749 6C510DEC 77C83AE8 50503375 7819E677
A3A7B237 15815FC6 F1CC7BB4 14D99CE6 F9EA49F1 08A8721D 5666A583 5D8E53B7
0AB19360 C4BEFBBE B7A02467 104A4C86 F5F9AFA6 C8912289 B5A7F54E ED1B7A32
53313CCA F39B056A 2D0B6D21 4FDAA85A EDF9D491 1E951349 1C3995DC 22621AD3
6EA30203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 1417E235
6FFE5431 57D71B80 FD65DF22 959F37FC 01301D06 03551D0E 04160414 17E2356F
FE543157 D71B80FD 65DF2295 9F37FC01 300D0609 2A864886 F70D0101 04050003
8181001F 07D5ACCC 0BE459B6 9055F345 3E35BF59 F1E2C3BA AEB6876F 2C6B6195
FCF4B049 BAE67D56 C0E42AC7 1014A52C 5034D29D 3070F444 B8DFCBD3 25AEB49D
8983A0C2 39A1A605 50EBBF11 5B1FF5F9 DC47EADE C7467863 B7852AAC 719C9301
0A1BA054 152B9F7F 81A9DA15 E25724F5 5E68273D 59BB17F9 77F3B143 45258A83 25FBF8
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport access vlan 15
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 77
switchport mode access
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
switchport access vlan 77
spanning-tree portfast
!
interface FastEthernet0/24
description TRUNK-to-ROUTER
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan15
ip address 192.168.15.254 255.255.255.0
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0
!
interface Vlan77
ip address 192.168.77.254 255.255.255.0
!
ip default-gateway 192.168.20.1
ip classless
ip http server
ip http secure-server
!
!
!
line con 0
line vty 0 4
password password@
login
line vty 5
password password@
login
line vty 6 15
login
!
end

_________________________________________________________

Router 

Building configuration...

Current configuration : 1427 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable password password@
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip dhcp pool VLAN15_VOICE
network 192.168.15.0 255.255.255.0
default-router 192.168.20.1
!
ip dhcp pool VLAN20_DATA
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
!
ip dhcp pool VLAN77_MANAGE
network 192.168.77.0 255.255.255.0
default-router 192.168.20.1
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description TRUNK-to-SWITCH
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.15
description VOICE
encapsulation dot1Q 15
ip address 192.168.15.1 255.255.255.0
!
interface FastEthernet0/0.20
description DATA
encapsulation dot1Q 20 native
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0.77
description MANAGEMENT
encapsulation dot1Q 77
ip address 192.168.77.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip http server
no ip http secure-server
ip classless
!
!
!
!
voice-port 1/0/0
!
voice-port 1/0/1
!
voice-port 1/1/0
!
voice-port 1/1/1
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password password@
login
!
!
end

Labels:
0 Helpful
22 Replies 22

andrewsmith7783
Level 1
Level 1
In response to ahmedshoaib

‎09-13-2016 10:52 AM

I'll remove the 15 and 20 SVI and leave the management tonight.  I'll let you know how I make out but this sounds logical.    thanks.   

0 Helpful

andrewsmith7783
Level 1
Level 1
In response to andrewsmith7783

‎09-13-2016 07:35 PM

I removed 15 and 20 SVI and still cannot ping from 192.168.15.2 to 192.168.20.2.  I can continue to ping 192.168.77.1 & .254 as before.  I know this has been going on for days but any other ideas?

thanks,

-Andrew

Preview file
5 KB
0 Helpful

Luke Oxley
Level 1
Level 1
In response to andrewsmith7783

‎09-13-2016 10:32 PM

andrewsmith7783,

Removing SVIs on the switch will make no difference, although ahmedshoaib is correct in the sense that having them on there is a little pointless.
As per my last post, we need to prove inter-VLAN routing as of yet. At current, the clients are able to ping their own gateways so we know we have layer 2 communication, for example,192.168.20.2 can ping 192.168.20.1.
To prove the inter-VLAN routing is working correctly, we need to ping across the sub-interfaces. Please try and ping 192.168.77.1 FROM 192.168.20.2. Let me know the results of this and we can move forward.

Kind regards,
Luke Oxley

Please rate helpful posts and mark correct answers.
0 Helpful

andrewsmith7783
Level 1
Level 1
In response to Luke Oxley

‎09-14-2016 03:43 AM

Yes layer 3 was also confirmed.  

All of the X.X.X.2 address for the 3 subnets can ping all the RT (X.X.X.1) and SW (X.X.X.254) interfaces.

192.168.20.2 can ping 192.168.77.1 ... 192.168.15.1, 192.168.77.254, 192.168.15.254 and so on.

192.168.77.2 can ping 192.168.20.1 ... 192.168.20.1, 192.168.15.254, 192.168.20.254 and so on.

0 Helpful

andrewsmith7783
Level 1
Level 1
In response to andrewsmith7783

‎09-15-2016 10:58 AM

Bump...

0 Helpful

Luke Oxley
Level 1
Level 1
In response to andrewsmith7783

‎09-19-2016 12:40 AM

andrewsmith7783,

Thanks for the response. In this case, we have proved layer 2 and layer 3 communication, in the sense that traffic is able to travel in both directions between the subnets (192.168.20.2 is able to ping 192.168.77.1).
This means that the configuration gremlin MUST lie with either the switch or the host(s). Closely check the following.
  1. IS the host(s) directly connected to the switch from a port with access to the correct VLAN?
  2. DOES the host(s) have its default gateway set correct, as we discussed?
  3. DOES the host(s) have Windows Firewall disabled? This blocks ICMP in its default state, so must be disabled for testing.

I look forward to hearing back.

Kind regards,

Luke

Please rate helpful posts and mark correct answers.

0 Helpful

ahmedshoaib
Level 4
Level 4
In response to andrewsmith7783

‎09-12-2016 11:52 AM

Hi;

Please can you also remove the native keyword from router:

interface FastEthernet0/0.20
 description DATA
 no encapsulation dot1Q 20 native
 encapsulation dot1Q 20

What are the status of Router interface? can you share the show ip interface brief of Router?

Thanks & Best regards;

0 Helpful

Luke Oxley
Level 1
Level 1
In response to andrewsmith7783

‎09-11-2016 07:09 AM

andrewsmith7783,
The default GW for both machine is the Data VLAN subinterface: 192.168.20.1
Is this not correct?
No this is not correct. As per my last post, the default gateway of a host MUST be on the same subnet as itself. So VLAN15's DHCP pool will need to have 192.168.15.1 as the default gateway, VLAN77 will be 192.168.77.1 and VLAN20's default gateway should be 192.168.20.1. A host cannot move outside of layer 2 communication without a default gateway and in your example for VLAN15 and VLAN17 their default gateway has been set to a host outside of their own subnet.

Please follow the below steps to get this working for you. Remember to save your configurations afterward.
Step 1) Amend the DHCP pools to have the correct IP address as their default gateway. Enter the following commands to the router in global configuration mode.
ip dhcp pool VLAN15_VOICE
 default-router 192.168.15.1 
ip dhcp pool VLAN77_MANAGE
 default-router 192.168.77.1
Step 2) Clear the current DHCP bindings from the router by entering the following command in privileged exec mode (enable).
clear ip dhcp binding
Step 3) From within CMD on the PCs, we need to force them to drop their current DHCP lease and broadcast for a new one from the router with the new pool details that we've changed. Issue the following command in Windows CMD on all of the hosts.
ipconfig /renew
Now, as long as the PCs have picked up the correct DHCP lease information up from the router you will now be able to ping across subnets. Please test and let me know.

Kind regards,
Luke

Please rate helpful posts and mark correct answers.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card