Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3455
Views
20
Helpful
21
Replies

Routing for VLANs

htshurup21
Level 1
Level 1

‎03-30-2017 03:06 PM - edited ‎03-08-2019 09:59 AM

Hello everybody.

In my HomeLab I have 2960G-48 switch  with VLANs 10,32,64,90 for vMotion,100 - for esxi hosts.

Switch connection comes from 1921 router from gig0/0 to gig0/44 on switch.

Default network is 192.168.0.0 255.255.255.0

On router gig0/0 has IP 192.168.0.1 255.255.255.0

IPs on VLANs:

10 -192.168.10.0

32- 192.168.32.0

64- 192.168.64.0

90- 192.168.90.0

100- 10.100.100.0

IPs have been assigned to sub interfaces on router with numbers of the VLANs (ie   gig0/0.10 , gig0/0.32....etc)

When Im setting up on router    ip route 192.168.10.0 255.255.255.0 192.168.0.0   Im still not able to get to the hosts on that subnet.

Trunk has been setup on switch on port gig0/44 as it connects with gig0/0 on router.

Native for trunk is 80 and is being setup on port gig 0/44 on switch.

interface GigabitEthernet0/1
switchport access vlan 100
switchport mode access

Same settings are on other interfaces on switch.

From switch I can ping gig0.0.10 or  sub interface gig 0/0.10 on router, but cannot ping any other sub interface.

Could you please tell me what am I doing wrong?

Sorry for my broken english.

Regards,

Vitalii

Labels:
0 Helpful
21 Replies 21

htshurup21
Level 1
Level 1
In response to Julio E. Moisa

‎03-30-2017 03:52 PM

My topology looks like you've mentioned 

Router -- Sub-int----trunk--Switch

Did read your previous comments and applied those settings to a router:

no  ip address 192.168.0.1 255.255.255.0

no  ip nat inside

also did  

no ip route 192.168.10.0 255.255.255.0 192.168.0.0

no ip route 192.168.32.0 255.255.255.0 192.168.0.0

no ip route 192.168.64.0 255.255.255.0 192.168.0.0

Why do I have to do    no ip address 192.168.0.1 255.255.255.0     ?? Its my main internal LAN for home

Sorry if Im not understanding, just getting into it.....

0 Helpful

htshurup21
Level 1
Level 1
In response to Julio E. Moisa

‎03-30-2017 03:30 PM

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname MainGate

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 !!!!!!!!!!!!!!!!!!!!!

aaa new-model

!

!

aaa authentication login default local

!

!         

!

!

!

aaa session-id common

!

memory-size iomem 10

!

no ipv6 cef

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 192.168.0.1 192.168.0.99

ip dhcp excluded-address 192.168.0.200 192.168.0.254

!

ip dhcp pool Lan

 network 192.168.0.0 255.255.255.0

 default-router 192.168.0.1 

 dns-server 8.8.8.8 

!

!

ip name-server x.x.x.13

ip name-server x.x.x.242

ip name-server 8.8.8.8

ip inspect name DNS dns

ip inspect name ICMP icmp

ip inspect name NTP ntp

ip inspect name Router-trafic router

ip inspect name Router-trafic tcp router-traffic

!

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1453036957

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1453036957

 revocation-check none

 rsakeypair TP-self-signed-1453036957

!

!

crypto pki certificate chain TP-self-signed-1453036957

 certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 

  69666963 6174652D 31343533 30333639 3537301E 170D3137 30333037 30333338 

  31345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34353330 

  33363935 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 

  8100CE54 F75192CF 93A8122E DA303E05 F01DA588 0FAEB9BE 67A5DCA5 0A163734 

  D8F4AF72 362DD848 3269B677 B2EDC3DB 90AD9AB8 0DD26BC5 7EC907C5 D9CD20AC 

  E89C2FD9 A05D873C 2D550AD2 718E431B 2DD41789 7EC76EEF B7C59273 6CD54700 

  A24A41B2 C9703699 54B79E52 112FD7A5 F38E0E63 21EF15CE 102A81BC 6E26152D 

  3AE70203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 

  551D2304 18301680 141FF321 5FF756EA 76A8CAF5 7D73C2CE 86182DB1 6B301D06 

  03551D0E 04160414 1FF3215F F756EA76 A8CAF57D 73C2CE86 182DB16B 300D0609 

  2A864886 F70D0101 05050003 8181007B EFDD9503 9A887AAE 537F98E7 FAA618EF 

  91E3C922 2F5F4778 6D6505EF 117859DC 3DB46E32 F31EFD0E 2775BA99 2FBB03F5 

  E3AC7FB7 D8C0EA6E E362F2AA D5F5541A 066F6CD7 07357748 C6E4AD2C 056C23E8 

  9540F3B9 34388428 9E1E6438 E21E4A6C B643DDD4 3249AC28 558C642E D4460986 

  75E364C8 53A92070 861AF125 FF84BC

  quit

license udi pid CISCO1921/K9 sn FTX154282Z1

license boot module c1900 technology-package securityk9

license boot module c1900 technology-package datak9

!

!

archive

 log config

  logging enable

  hidekeys

username root privilege 15 secret 5  !!!!!!!!!!!!!!

username vpnuser1 secret 5 !!!!!!!!!!!!!!!!

redundancy

!

!

!

!

ip tftp source-interface GigabitEthernet0/0

ip ssh authentication-retries 2

ip ssh version 2

!

crypto isakmp policy 10

 encr 3des

 hash md5

 authentication pre-share

 group 2

!

crypto isakmp client configuration group homevpn

 key SECRET

 dns 192.168.0.2

 pool VPN-POOL

 acl 110

crypto isakmp profile homevpn

   match identity group homevpn

   client authentication list USER-AUTH

   isakmp authorization list GROUP-AUTH

   client configuration address respond

!

!

crypto ipsec transform-set homevpn esp-3des esp-md5-hmac 

!

crypto map homevpn 10 ipsec-isakmp 

 ! Incomplete

 set peer x.x.x.218

 set security-association lifetime seconds 86400

 set transform-set homevpn 

 match address 110

!

!

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown 

!

interface GigabitEthernet0/0

 description LabLan

 ip address 192.168.0.1 255.255.255.0

 ip accounting output-packets

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/0.10

 encapsulation dot1Q 10

 ip address 192.168.10.1 255.255.255.0

!

interface GigabitEthernet0/0.32

 encapsulation dot1Q 32

 ip address 172.32.32.1 255.255.255.0

!

interface GigabitEthernet0/0.50

 encapsulation dot1Q 50

 ip address 10.50.50.1 255.255.255.0

!

interface GigabitEthernet0/0.64

 encapsulation dot1Q 64

 ip address 192.168.64.1 255.255.255.0

!

interface GigabitEthernet0/0.90

 encapsulation dot1Q 90

 ip address 192.168.90.1 255.255.255.0

!

interface GigabitEthernet0/0.100

 encapsulation dot1Q 100

 ip address 10.100.100.1 255.255.255.0

!

interface GigabitEthernet0/0.200

 encapsulation dot1Q 200

 ip address 192.168.200.1 255.255.255.240

!

interface GigabitEthernet0/0.240

 encapsulation dot1Q 240

 ip address 192.168.240.1 255.255.255.0

!

interface GigabitEthernet0/0.245

 encapsulation dot1Q 245

 ip address 192.168.245.1 255.255.255.0

!

interface GigabitEthernet0/1

 description Internet

 ip address x.x.x.218 255.255.255.252

 no ip redirects

 no ip proxy-arp

 ip nat outside

 ip virtual-reassembly in

 ip verify unicast reverse-path

 duplex auto

 speed auto

 no cdp enable

 crypto map homevpn

!

interface Virtual-Template10

 ip unnumbered GigabitEthernet0/1

 peer default ip address pool VPN-POOl

 ppp encrypt mppe auto

 ppp authentication ms-chap-v2

!

ip local pool VPN-POOL 192.168.0.240 192.168.0.250

ip default-gateway x.x.x.217

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!         

ip dns server

ip nat inside source list 100 interface GigabitEthernet0/1 overload

ip nat inside source static esp 192.168.0.2 interface GigabitEthernet0/1

ip nat inside source static tcp 192.168.0.15 x.x.x.218 25 extendable

ip nat inside source static tcp 192.168.0.2 80 x.x.x.218 80 extendable

ip nat inside source static tcp 192.168.0.15 110 x.x.x.218 110 extendable

ip nat inside source static tcp 192.168.0.15 143 x.x.x.218 143 extendable

ip nat inside source static tcp 192.168.0.2 443 x.x.x.218 443 extendable

ip nat inside source static tcp 192.168.0.15 465 x.x.x.218 465 extendable

ip nat inside source static udp 192.168.0.2 500 x.x.x.218 500 extendable

ip nat inside source static tcp 192.168.0.15 585 x.x.x.218 585 extendable

ip nat inside source static tcp 192.168.0.15 993 x.x.x.218 993 extendable

ip nat inside source static tcp 192.168.0.15 995 x.x.x.218 995 extendable

ip nat inside source static udp 192.168.0.2 1701 x.x.x.218 1701 extendable

ip nat inside source static udp 192.168.0.2 4500 x.x.x.218 4500 extendable

ip route 0.0.0.0 0.0.0.0 x.x.x.217

ip route 192.168.10.0 255.255.255.0 192.168.0.0

ip route 192.168.32.0 255.255.255.0 192.168.0.0

ip route 192.168.64.0 255.255.255.0 192.168.0.0

!

ip access-list extended FIREWALL

 permit tcp any any eq 22

ip access-list extended VPN-POOL

 permit ip 192.168.0.0 0.0.0.255 any

!

access-list 1 permit 192.168.0.254

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

!

!

!

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport input all

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 privilege level 15

 transport input ssh

!

scheduler allocate 20000 1000

ntp server 17.253.24.125

ntp server 17.253.24.253

ntp server 17.253.4.125

end

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to htshurup21

‎03-30-2017 03:36 PM

Hi

No configuration should be configured under the interface g0/0 if you are using subinterfaces. And you are missing the subinterface for native vlan 80 

interface GigabitEthernet0/0

 description LabLan

no  ip address 192.168.0.1 255.255.255.0

 ip accounting output-packets

no  ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

inter g0/0.80 
encapsulation dot1q 80 native

If you want to provide internet access for the internal subnets (related to the sub interfaces) you can configure the ip nat inside under each sub-interface

int g0/0.10
ip nat inside

int g0/0.32
ip nat inside

int g0/0.64
ip nat inside

and the same for the rest of the sub interfaces. For the subinterface for the vlan 80 is not required.

Remember, you dont need static route to know the internal subnets because they are directly connected to the router.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎03-30-2017 03:17 PM

Vitalii

Have you set a default gateway on your switch to point to the IP address of the Gi0/0.10 on your router?

Is there any particular reason you are using native VLAN 80?

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

htshurup21
Level 1
Level 1
In response to Dennis Mink

‎03-30-2017 03:24 PM

No I have not set a default gateway on my switch.

Please, may I have a proper command to do this?

There is no reason in particular for using VLAN 80 for native. Should I just use VLAN 1 for it?

Regards,

Vitalii

0 Helpful

Julio E. Moisa
VIP Alumni
VIP Alumni
In response to htshurup21

‎03-30-2017 03:25 PM

Hi

You can use a native vlan different to 1, actually a good practice is disable the vlan 1 for security purposes.

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni
In response to htshurup21

‎03-30-2017 03:40 PM

add a default gateway to point to the router, like I indicate in previous post, then see if you can ping for instance gi0/0.32 from your switch. Now dont forget you dont need an IP address in each vlan on your switch if you let the router do the intervlan routing. only one IP address to be able to telnet in is enough.

so all your hosts will need to point to your routers IP address of their respective VLANs.

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful
Customers Also Viewed These Support Documents