01-18-2013 02:32 PM - edited 03-07-2019 11:10 AM
Hello, I have setup 'router on a stick' VLANs between a switch and a router, however I cannot seem to ping from a PC to the different VLAN interfaces on the router. I can only ping to the router interface of the specific VLAN my PC is conected to on the switch. I am using three VLANs (99, 100, 200).
As an example, if my PC is connected to the swtich port for VLAN 99, it can only ping the VLAN 99 interface 192.168.1.99 and cannot ping to 192.168.200.1 (router interface of VLAN 200).
Could anyone please advise what I am doing wrong here ?
Thank you kindly.
Here is my switch config:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
ip subnet-zero
ip routing
no ip domain-lookup
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
interface FastEthernet0/1
no ip address
!
interface FastEthernet0/2
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
no ip address
!
interface FastEthernet0/5
no ip address
!
interface FastEthernet0/6
no ip address
!
interface FastEthernet0/7
no ip address
!
interface FastEthernet0/8
no ip address
!
interface FastEthernet0/9
switchport access vlan 99
switchport mode access
no ip address
!
interface FastEthernet0/10
no ip address
!
interface FastEthernet0/11
no ip address
!
interface FastEthernet0/12
no ip address
!
interface FastEthernet0/13
no ip address
!
interface FastEthernet0/14
no ip address
!
interface FastEthernet0/15
switchport trunk encapsulation dot1q
switchport mode trunk
no ip address
!
interface FastEthernet0/16
no ip address
!
interface FastEthernet0/17
switchport access vlan 200
switchport mode access
switchport voice vlan 100
no ip address
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 200
switchport mode access
switchport voice vlan 100
no ip address
spanning-tree portfast
!
interface FastEthernet0/19
no ip address
!
interface FastEthernet0/20
no ip address
!
interface FastEthernet0/21
no ip address
!
interface FastEthernet0/22
no ip address
!
interface FastEthernet0/23
no ip address
!
interface FastEthernet0/24
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
no ip address
!
interface Vlan99
ip address 192.168.1.100 255.255.255.0
!
ip default-gateway 192.168.1.99
ip classless
no ip http server
!
!
!
line con 0
logging synchronous
line vty 0 4
password phil
login
line vty 5 15
password phil
login
!
end
Here is my router config:
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot system flash:c2801-ipvoicek9-mz.151-2.T0a.bin
boot-end-marker
!
!
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip dhcp pool DATA_SCOPE
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
!
ip dhcp pool VOICE_SCOPE
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
!
ip dhcp pool MGMT_SCOPE
network 192.168.1.0 255.255.255.0
default-router 192.168.1.99
!
!
ip cef
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-2995340181
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2995340181
revocation-check none
!
!
crypto pki certificate chain TP-self-signed-2995340181
certificate self-signed 01
3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393935 33343031 3831301E 170D3733 30323137 31313231
35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39393533
34303138 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C34D C8ECBB53 E01373A3 2E286B78 2D23042B 1C8588B1 A7861899 BA1C6860
AE1D7868 2A59E3BC 54D0A457 8FFDE27F C09104E5 C7A429F3 74CD9DA8 4A980366
675CC27C CDB94838 821CC05F 2C0AC2BC D882C132 6CAA1FA6 6DA740E4 562428B1
12B741F1 A50C9246 4CC35EDA DEE1D038 3883BB35 A91ABF8B 483E4160 F5FA4B5A
9A570203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603
551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 72119640
F3396E1F E4168086 D31D8619 0D8337FF 301D0603 551D0E04 16041472 119640F3
396E1FE4 168086D3 1D86190D 8337FF30 0D06092A 864886F7 0D010104 05000381
81005DFE 4E6AFCB8 FAB7997D 0274C19C 76F2EF64 E0119D7A DD11438B 77E0CE2B
5C4A8EBE 2F697D06 B9BC8015 3D3C0F2F A6BA5E34 FD23D1B9 BB21A2D9 00086511
243F7781 D5788935 A97B4762 F14545CC 0674138C F92BB0E0 31DCEAB4 7DE487BE
141444B4 6BE74EE6 A30E3A5C 1DE56049 20751D84 20C1A5AB 8003B85B EE4D6607 A943
quit
!
!
license udi pid CISCO2801 sn FTX0947W07M
username phil privilege 15 password 0 phil
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.99
encapsulation dot1Q 99
ip address 192.168.1.99 255.255.255.0
!
interface FastEthernet0/1.100
description voice_VLAN
encapsulation dot1Q 100
ip address 192.168.100.1 255.255.255.0
!
interface FastEthernet0/1.200
description data_VLAN
encapsulation dot1Q 200
ip address 192.168.200.1 255.255.255.0
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
!
logging esm config
!
!
tftp-server flash:/phone/7940-7960/P00307020200.bin alias P00307020200.bin
tftp-server flash:/phone/7940-7960/P00307020200.loads alias P00307020200.loads
tftp-server flash:/phone/7940-7960/P00307020200.sb2 alias P00307020200.sb2
tftp-server flash:/phone/7940-7960/P00307020200.sbn alias P00307020200.sbn
!
control-plane
!
!
!
mgcp fax t38 ecm
!
!
!
!
telephony-service
max-ephones 10
max-dn 20
ip source-address 192.168.1.99 port 2000
max-conferences 4 gain -6
transfer-system full-consult
!
!
ephone-dn 1
number 1000
!
!
ephone-dn 2 dual-line
number 1001
!
!
ephone 1
mac-address C80A.A970.01DE
type CIPC
button 1:1 2:2
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
01-19-2013 11:20 AM
Glad you got it working and thanks for the update
01-18-2013 02:41 PM
Hi,
So, you are saying, you can ping the default gateway for each vlan from the hosts, but for example not from host in vlan 99 to vlan 100 (192.168.100.1)?
Do the PCs have the correct default gateways?
HTH
01-18-2013 02:55 PM
yes, for instance, my PC has an IP of 192.168.1.1 and a default-gateway of 192.168.1.99. It can only ping 192.168.1.99 and cannot ping 192.168.100.1 or 192.168.200.1.
Exactly the same result if I do the same ping from the switch itself.
Thanks for any help.
01-18-2013 02:58 PM
Thanks for the info
What type of router is this and what is the output of "sh ver"
HTH
01-18-2013 03:20 PM
It is a 2801 router.
terminal length 0
Router#show version
Cisco IOS Software, 2801 Software (C2801-IPVOICEK9-M), Version 15.1(2)T0a, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sat 07-Aug-10 16:57 by prod_rel_team
ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)
Router uptime is 2 hours, 2 minutes
System returned to ROM by reload at 11:19:32 UTC Sat Feb 17 1973
System image file is "flash:c2801-ipvoicek9-mz.151-2.T0a.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
Cisco 2801 (revision 5.0) with 357376K/35840K bytes of memory.
Processor board ID FTX0947W07M
2 FastEthernet interfaces
1 DSP, 8 Voice resources
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
250880K bytes of ATA CompactFlash (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2801 FTX0947W07M
Configuration register is 0x2102
R
01-18-2013 03:34 PM
Not entirely sure, but I think it is your IOS.
I am curious if it will resolve the issue if you change your IOS from IP voice to IP base.
c2801-ipbasek9-mz.151-1.T.bin
HTH
01-18-2013 03:19 PM
Never minde, it is a 2801
boot system flash:c2801-ipvoicek9-mz.151-2.T0a.bin
01-18-2013 03:27 PM
is it because I need to activate a routing protocol on the router to enable routing between the sub interfaces ?
01-18-2013 03:38 PM
Yes, that is ok. The switch is just layer-2 with 192.168.1.99 as the management interface.
01-18-2013 03:42 PM
The routers by default have IP routing enable. You usually need to enable IP routing on switch if the SVIs are on the switch, but in you case they are on the router.
01-18-2013 03:43 PM
Can u remove default gateway. I think you don't default gateway.
Also just to make sure, hope u configured PC with Routers respective subnet ips as gateway.
Lek
Sent from Cisco Technical Support iPhone App
01-18-2013 03:52 PM
thanks, I removed the default gateway setting on the switch, but it still has not solved my inter-VLAN routing issue.
01-18-2013 04:11 PM
The default gateway has nothing to do with intervlan routing. The default gateway on the switch is just for management. So you can telnet or ssh to it.
I know routing is enabled by default, but just in case can you try
ip routing
01-19-2013 02:18 AM
Hello Philip,
Do have vlan 99 in the switch vlan D/B - can you please add this to the switch:
conf t
vlan 99,100,200
exit
On a different point i can see you have dhcp enabled on the router but havent excluded the D/G ip addresss from the scopes
.
ip dhcp excluded-address 192.168.1.99
ip dhcp excluded-address 192.168.100.1
ip dhcp excluded-address 192.168.200.1
res
Pau
01-19-2013 03:14 AM
you can not ping the other VLan IP address beacuse you do not configure routing between vlan
you need to configure routing between vlan on router
like
router rip
network x.x.x.x x.x.x.x
or else
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide