Solved: Router on stick, pinging subinterface

CiscoPurist · ‎10-13-2012

Hi All.

This is my first post so be nice, I did a search before posting but I was not able to find an exact answer.

In my preparation for my coming CCNA certification I am experimenting with different network configurations. In my test network I am currently working with a "Router on a stick" setup. A Cisco 2611 router connecting a Cisco 2950 switch. VLANs configured on the switch and subinterfaces + dot1q encapsulation configured on the router. Switch only supports dot1q.

Router's Eth0/1 is connected to the Switch Fa0/24 port which is also set to trunk mode. I am using a normal Cat5e twisted pair cable to connect the 2 devices.

VLANs are working since I can connect a workstation to an access port for example fa0/2 (vlan2) and get Internet access.

I can also ping any of the subinterfaces of the router from the workstation.

Question: With the current setup I am not able to ping the switch from the router, or the other way around, so in other words I can't remote manage the switch from a telnet or SSH session with this setup. What I am missing?

Just to be clear I am pinging the switch directly from the router (Router2611#ping 172.16.100.2), so please ignore all static routes and OSPF.

Here are the configs, any help much appreciated.

2611 ROUTER CONFIG

Current configuration : 1614 bytes

!

version 12.1

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 2611_core

!

enable password *****

!

username root password 0 *****

!

ip subnet-zero

no ip domain-lookup

!

interface Ethernet0/0

description WAN to 1721_top

ip address 10.1.5.1 255.255.255.0

full-duplex

!

interface Serial0/0

description WAN to 1721_buttom

bandwidth 80000

ip address 10.1.3.1 255.255.255.0

clockrate 1000000

!

interface Ethernet0/1

no ip address

full-duplex

!

interface Ethernet0/1.1

encapsulation dot1Q 1

ip address 172.16.100.1 255.255.255.192

!

interface Ethernet0/1.2

encapsulation dot1Q 2

ip address 172.16.100.65 255.255.255.192

!

interface Ethernet0/1.3

encapsulation dot1Q 3

ip address 172.16.100.129 255.255.255.192

!

interface Ethernet0/1.4

encapsulation dot1Q 4

ip address 172.16.100.193 255.255.255.192

!

interface Serial0/1

description WAN to 1721_middle

bandwidth 80000

ip address 10.1.4.1 255.255.255.0

clockrate 1000000

!

router ospf 11

log-adjacency-changes

network 10.1.0.0 0.0.255.255 area 0

network 172.16.100.0 0.0.0.63 area 0

network 172.16.100.64 0.0.0.63 area 0

network 172.16.100.128 0.0.0.63 area 0

network 172.16.100.192 0.0.0.63 area 0

!

ip classless

ip route 192.168.30.0 255.255.255.0 10.1.3.2 150

ip route 192.168.40.0 255.255.255.0 10.1.4.2 150

ip route 192.168.50.0 255.255.255.0 10.1.5.2 150

ip http server

!

line con 0

exec-timeout 0 0

logging synchronous

line aux 0

line vty 0 4

exec-timeout 0 0

password *****

logging synchronous

login

!

end

2950 SWITCH CONFIG

Current configuration : 1576 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 2950_buttom

!

enable password *****

!

username root password 0 *****

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree vlan 1 priority 4096

!

interface FastEthernet0/1

!

interface FastEthernet0/2

switchport access vlan 2

!

interface FastEthernet0/3

switchport access vlan 3

!

interface FastEthernet0/4

switchport access vlan 4

!

LINE CUT

!

interface FastEthernet0/24

switchport mode trunk

duplex full

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

ip address 172.16.100.2 255.255.255.192

no ip route-cache

!

ip http server

!

line con 0

exec-timeout 0 0

logging synchronous

line vty 0 4

exec-timeout 0 0

password *****

logging synchronous

login

line vty 5 15

exec-timeout 0 0

password *****

logging synchronous

login

!

end

2950 SWITCH SHOW INT TRUNK

Port Mode Encapsulation Status Native vlan

Fa0/24 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-4094

Port Vlans allowed and active in management domain

Fa0/24 1-4

Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 1-4

2950 SWITCH SHOW VLAN

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12, Fa0/13, Fa0/14, Fa0/15

Fa0/16, Fa0/17, Fa0/18, Fa0/19

Fa0/20, Fa0/21, Fa0/22, Fa0/23

Gi0/1, Gi0/2

2 Test_Workstation_2 active Fa0/2

3 Test_Workstation_3 active Fa0/3

4 Test_Workstation_4 active Fa0/4

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

LINE CUT

Peter Paluch · ‎10-13-2012

Hello,

Welcome to Cisco Support Community

And also welcome to one of quirks on older Cisco equipment. You have placed your switch into the management VLAN 1. This VLAN is native, i.e. untagged, on the trunk. Now, Cisco 2600 routers with 10Mbps Ethernet interfaces do not support subinterfaces for native VLAN - although they can be configured, the router is unable to communicate using them. On these routers, the settings for the native VLAN must be configured on the physical Ethernet interface directly. So changing your configuration to:

no interface Ethernet0/1.1

interface Ethernet0/1

ip address 172.16.100.1 255.255.255.192

should solve your problems and allow your switch and router to achieve IP connectivity.

This is a limitation of the Ethernet interface controller on these routers. If you had a router with FastEthernet or faster interfaces, your configuration would work just fine in its current form.

Note that it would also help if you moved your switch to a different management VLAN that is tagged on this trunk. This problem affects only subinterfaces created for native VLAN under Ethernet interfaces.

Do not forget to configure the default gateway on your switch using the command

ip default-gateway 172.16.100.1

Best regards,

Peter

View solution in original post

Peter Paluch · ‎10-13-2012

Hello,

Welcome to Cisco Support Community

And also welcome to one of quirks on older Cisco equipment. You have placed your switch into the management VLAN 1. This VLAN is native, i.e. untagged, on the trunk. Now, Cisco 2600 routers with 10Mbps Ethernet interfaces do not support subinterfaces for native VLAN - although they can be configured, the router is unable to communicate using them. On these routers, the settings for the native VLAN must be configured on the physical Ethernet interface directly. So changing your configuration to:

no interface Ethernet0/1.1

interface Ethernet0/1

ip address 172.16.100.1 255.255.255.192

should solve your problems and allow your switch and router to achieve IP connectivity.

This is a limitation of the Ethernet interface controller on these routers. If you had a router with FastEthernet or faster interfaces, your configuration would work just fine in its current form.

Note that it would also help if you moved your switch to a different management VLAN that is tagged on this trunk. This problem affects only subinterfaces created for native VLAN under Ethernet interfaces.

Do not forget to configure the default gateway on your switch using the command

ip default-gateway 172.16.100.1

Best regards,

Peter

CiscoPurist · ‎10-14-2012

Hi Peter

Thanks for the warm welcome.

I tried your suggestions and they all work, brilliant.

First I removed the subinterface as recommended and added an IP to the physical interface. After that all echo request worked and I was able to manage the switch and have VLANs working as the same time.

Next I reverted to the "non-working" configuration but changed the native vlan to 99 on the trunk port of the switch connecting to the router. Also worked.

I think I got a Cisco FastEthernet module lying around that meet the 100Mbit/s requirements for using subinterfaces and nativite VLAN together, I will also try that out...

Best from Lars

Peter Paluch · ‎10-14-2012

Hello Lars,

I am glad to have helped.

Regarding the support of VLANs on Ethernet or FastEthernet interfaces - predominantly, this is a software issue, not a hardware one. A VLAN tag is just a 4B additional structured field inserted into the Ethernet frame in such a way that the basic frame format is still retained: DMAC|SMAC|EthType|DATA|FCS. In fact, VLANs can be implemented purely in software - this is how, for example, Linux kernel does it. However, recent network card chips offer hardware-based assistance with tagging/untagging the frames so that the operating system and/or the NIC driver does not need to take care of it. So some hardware support may be present after all, but principially, it is not required.

This is also the reason why it is an absolute nonsense to say that "10Mbps Ethernet interface do not support 802.1Q VLANs, period". This is not about the speed or Ethernet version at all - rather, this is about the software support above the NIC. For a long time, Cisco simply did not implement the 802.1Q driver for its 10Mbps Ethernet controllers so routers having only Ethernet interfaces did not support 802.1Q VLANs, and led people to believe that it is technically impossible to achieve. Only later, Cisco started rolling out IOSes that included the 802.1Q support even for 10Mbps Ethernet interfaces. However, either a bug or a particular Ethernet controller limitation in these 2600 series routers causes problems with the native VLAN as you have experienced yourself.

Regarding the 100Mbps interface you are talking about - I am not sure if the IOS will offer you the option of creating 802.1Q subinterfaces under it. If it does not, again - this is primarily an IOS limitation.

Best regards,

Peter

andrewsmith7783 · ‎09-16-2016

Please post the updated config. thanks!