cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
2506
Views
0
Helpful
16
Replies
Highlighted
Beginner

routing between vlans problem

Hello, I have setup 'router on a stick' VLANs between a switch and a router, however I cannot seem to ping from a PC to the different VLAN interfaces on the router. I can only ping to the router interface of the specific VLAN my PC is conected to on the switch. I am using three VLANs (99, 100, 200).

As an example, if my PC is connected to the swtich port for VLAN 99, it can only ping the VLAN 99 interface 192.168.1.99 and cannot ping to 192.168.200.1 (router interface of VLAN 200).

Could anyone please advise what I am doing wrong here ?

Thank you kindly.

Here is my switch config:

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

!

ip subnet-zero

ip routing

no ip domain-lookup

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

interface FastEthernet0/1

no ip address

!

interface FastEthernet0/2

no ip address

!

interface FastEthernet0/3

no ip address

!

interface FastEthernet0/4

no ip address

!

interface FastEthernet0/5

no ip address

!

interface FastEthernet0/6

no ip address

!

interface FastEthernet0/7

no ip address

!

interface FastEthernet0/8

no ip address

!

interface FastEthernet0/9

switchport access vlan 99

switchport mode access

no ip address

!

interface FastEthernet0/10

no ip address

!

interface FastEthernet0/11

no ip address

!

interface FastEthernet0/12

no ip address

!

interface FastEthernet0/13

no ip address

!

interface FastEthernet0/14

no ip address

!

interface FastEthernet0/15

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface FastEthernet0/16

no ip address

!

interface FastEthernet0/17

switchport access vlan 200

switchport mode access

switchport voice vlan 100

no ip address

spanning-tree portfast

!

interface FastEthernet0/18

switchport access vlan 200

switchport mode access

switchport voice vlan 100

no ip address

spanning-tree portfast

!

interface FastEthernet0/19

no ip address

!

interface FastEthernet0/20

no ip address

!

interface FastEthernet0/21

no ip address

!

interface FastEthernet0/22

no ip address

!

interface FastEthernet0/23

no ip address

!

interface FastEthernet0/24

no ip address

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

no ip address

!

interface Vlan1

no ip address

!

interface Vlan99

ip address 192.168.1.100 255.255.255.0

!

ip default-gateway 192.168.1.99

ip classless

no ip http server

!

!

!

line con 0

logging synchronous

line vty 0 4

password phil

login

line vty 5 15

password phil

login

!

end

Here is my router config:

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot system flash:c2801-ipvoicek9-mz.151-2.T0a.bin

boot-end-marker

!

!

!

no aaa new-model

dot11 syslog

ip source-route

!

!

!

!

ip dhcp pool DATA_SCOPE

   network 192.168.200.0 255.255.255.0

   default-router 192.168.200.1

!

ip dhcp pool VOICE_SCOPE

   network 192.168.100.0 255.255.255.0

   default-router 192.168.100.1

!

ip dhcp pool MGMT_SCOPE

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.99

!

!

ip cef

no ip domain lookup

no ipv6 cef

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

voice-card 0

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-2995340181

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2995340181

revocation-check none

!

!

crypto pki certificate chain TP-self-signed-2995340181

certificate self-signed 01

  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32393935 33343031 3831301E 170D3733 30323137 31313231

  35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39393533

  34303138 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100C34D C8ECBB53 E01373A3 2E286B78 2D23042B 1C8588B1 A7861899 BA1C6860

  AE1D7868 2A59E3BC 54D0A457 8FFDE27F C09104E5 C7A429F3 74CD9DA8 4A980366

  675CC27C CDB94838 821CC05F 2C0AC2BC D882C132 6CAA1FA6 6DA740E4 562428B1

  12B741F1 A50C9246 4CC35EDA DEE1D038 3883BB35 A91ABF8B 483E4160 F5FA4B5A

  9A570203 010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603

  551D1104 0A300882 06526F75 74657230 1F060355 1D230418 30168014 72119640

  F3396E1F E4168086 D31D8619 0D8337FF 301D0603 551D0E04 16041472 119640F3

  396E1FE4 168086D3 1D86190D 8337FF30 0D06092A 864886F7 0D010104 05000381

  81005DFE 4E6AFCB8 FAB7997D 0274C19C 76F2EF64 E0119D7A DD11438B 77E0CE2B

  5C4A8EBE 2F697D06 B9BC8015 3D3C0F2F A6BA5E34 FD23D1B9 BB21A2D9 00086511

  243F7781 D5788935 A97B4762 F14545CC 0674138C F92BB0E0 31DCEAB4 7DE487BE

  141444B4 6BE74EE6 A30E3A5C 1DE56049 20751D84 20C1A5AB 8003B85B EE4D6607 A943

      quit

!

!

license udi pid CISCO2801 sn FTX0947W07M

username phil privilege 15 password 0 phil

!

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.99

encapsulation dot1Q 99

ip address 192.168.1.99 255.255.255.0

!

interface FastEthernet0/1.100

description voice_VLAN

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.0

!

interface FastEthernet0/1.200

description data_VLAN

encapsulation dot1Q 200

ip address 192.168.200.1 255.255.255.0

!

ip forward-protocol nd

!

!

ip http server

ip http authentication local

ip http secure-server

!

logging esm config

!

!

tftp-server flash:/phone/7940-7960/P00307020200.bin alias P00307020200.bin

tftp-server flash:/phone/7940-7960/P00307020200.loads alias P00307020200.loads

tftp-server flash:/phone/7940-7960/P00307020200.sb2 alias P00307020200.sb2

tftp-server flash:/phone/7940-7960/P00307020200.sbn alias P00307020200.sbn

!

control-plane

!

!

!

mgcp fax t38 ecm

!

!

!

!

telephony-service

max-ephones 10

max-dn 20

ip source-address 192.168.1.99 port 2000

max-conferences 4 gain -6

transfer-system full-consult

!

!

ephone-dn  1

number 1000

!

!

ephone-dn  2  dual-line

number 1001

!

!

ephone  1

mac-address C80A.A970.01DE

type CIPC

button  1:1 2:2

!

!

!

line con 0

logging synchronous

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Glad you got it working and thanks for the update

View solution in original post

16 REPLIES 16
Highlighted
Hall of Fame Expert

Hi,

So, you are saying, you can ping the default gateway for each vlan from the hosts, but for example not from host in vlan 99 to vlan 100 (192.168.100.1)?

Do the PCs have the correct default gateways?

HTH

Highlighted

yes, for instance, my PC has an IP of 192.168.1.1 and a default-gateway of 192.168.1.99. It can only ping 192.168.1.99 and cannot ping 192.168.100.1 or 192.168.200.1.

Exactly the same result if I do the same ping from the switch itself.

Thanks for any help.

Highlighted

Thanks for the info

What type of router is this and what is the output of "sh ver"

HTH

Highlighted

It is a 2801 router.

terminal length 0

Router#show version

Cisco IOS Software, 2801 Software (C2801-IPVOICEK9-M), Version 15.1(2)T0a, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Sat 07-Aug-10 16:57 by prod_rel_team

ROM: System Bootstrap, Version 12.3(8r)T8, RELEASE SOFTWARE (fc1)

Router uptime is 2 hours, 2 minutes

System returned to ROM by reload at 11:19:32 UTC Sat Feb 17 1973

System image file is "flash:c2801-ipvoicek9-mz.151-2.T0a.bin"

Last reload type: Normal Reload

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to

export@cisco.com.

Cisco 2801 (revision 5.0) with 357376K/35840K bytes of memory.

Processor board ID FTX0947W07M

2 FastEthernet interfaces

1 DSP, 8 Voice resources

DRAM configuration is 64 bits wide with parity disabled.

191K bytes of NVRAM.

250880K bytes of ATA CompactFlash (Read/Write)

License Info:

License UDI:

-------------------------------------------------

Device#      PID            SN

-------------------------------------------------

*0        CISCO2801             FTX0947W07M    

Configuration register is 0x2102

R

Highlighted

Not entirely sure, but I think it is your IOS.

I am curious if it will resolve the issue if you change your IOS from IP voice to IP base.

c2801-ipbasek9-mz.151-1.T.bin

HTH

Highlighted

Never minde, it is a 2801

boot system flash:c2801-ipvoicek9-mz.151-2.T0a.bin

Highlighted

is it because I need to activate a routing protocol on the router to enable routing between the sub interfaces ?

Highlighted

Yes, that is ok. The switch is just layer-2 with 192.168.1.99 as the management interface.

Highlighted

The routers by default have IP routing enable.  You usually need to enable IP routing on switch if the SVIs are on the switch, but in you case they are on the router.

Highlighted

Can u remove default gateway. I think you don't default gateway.
Also just to make sure, hope u configured PC with Routers respective subnet ips as gateway.
Lek

Sent from Cisco Technical Support iPhone App

Highlighted

thanks, I removed the default gateway setting on the switch, but it still has not solved my inter-VLAN routing issue.

Highlighted

The default gateway has nothing to do with intervlan routing.  The default gateway on the switch is just for management.  So you can telnet or ssh to it.

I know routing is enabled by default, but just in case can you try

ip routing

Highlighted
VIP Mentor

Hello Philip,

Do have vlan 99 in the switch vlan D/B - can you please add this to the switch:

conf t

vlan 99,100,200

exit

On a different point i can see you have dhcp enabled on the router but havent excluded the D/G ip addresss from the scopes

.

ip dhcp excluded-address 192.168.1.99

ip dhcp excluded-address 192.168.100.1

ip dhcp excluded-address 192.168.200.1

res

Pau



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

you can not ping the other VLan IP address beacuse you do not configure routing between vlan

you need to configure routing between vlan on  router

like

router rip

network x.x.x.x x.x.x.x

or else

Content for Community-Ad