Solved: Routing from 3560 to DSL modem not working

dblair · ‎08-25-2012

I'm setting up a lab switch, 3560 to a DSL router/modem and i cannot seem to get the routing from VLAN100 to the DSL router/ modem to work.

int g0/1 is connected to the DSL router/ modem
int g0/10 is connect to the client (10.10.100.10)

From the 3560, I can ping the DSL router (192.168.1.1), the client (10.10.100.10) and I can ping the internet.

From the client connected to to the 3560, I can ping the g0/1 interface IP address (192.168.1.201), but not the DSL router (192.168.1.1).

From the DSL router, I can ping the internet and the 3560 g0/1 ip address (192.168.1.201) but cannot ping the client (10.10.100.10)

Config from 3560 follows:

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 3560Lab1-DLS2

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1500

vtp domain TestLab

vtp mode transparent

ip routing

ip name-server 4.2.2.2

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 100

name Home_VLAN

!

interface GigabitEthernet0/1

description To DSL

no switchport

ip address 192.168.1.201 255.255.255.0

!

<snip>

!

interface GigabitEthernet0/10

description Client

switchport access vlan 100

switchport mode access

!

interface Vlan1

no ip address

shutdown

!

interface Vlan100

ip address 10.10.100.1 255.255.255.0

!

router eigrp 100

network 10.10.100.0 0.0.0.255

network 192.168.1.0 0.0.0.255

!

ip http server

ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Any help would be greatly appreciated!

John Blakley · ‎08-25-2012

I'm actually not sure. I have uverse and the modem that they supply allows you to put all of your traffic into a dmz. I had my router on the dmz interface which allowed my public address to be assigned to my router instead of the modem. The problem with that in this situation is that the 3560 doesn't support natting as far as I know, so it doesn't make sense to put your public ip on you switch.

So, another test that you could do if you wanted is to put your lan side ip on your dsl modem on the 10 subnet. Then you'd have to change the ip on vlan 10, but you'd be able to see if your 10.x.x.x host could get on the internet. I'm almost sure that's what this is. Now it doesn't explain why you couldn't ping between devices on the same switch in different vlans earlier though. You have the vlan created and a l3 svi attached with routing on, so those subnets are locally connected and should be able to route between vlans with no issue. Through all of this, I'm not sure if that part was ever fixed. Have you checked the ios version that you're on to see if you're running the latest?

If you decide to do the internal lan side address change on the dsl modem and it works, I'm afraid that you may not be able to segment your network into different subnets if you can't nat them via the modem. You could still create your vlans for internal testing, but they wouldn't be able to get on the internet because of the natting issue. This is one reason a lot of people on the forums will put a cisco router in between their dsl modem and switches. You could also do this with an ASA as well.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎08-25-2012

If this is a dsl router that has support for static routes, you'll need to add a static route for 10.10.100.0 pointing to 192.168.1.201 on the dsl router. If you don't have that, it will have a default gateway pointing to the ISP and it will know about your connected subnet of 192.168.1.0/24. The traffic from the 10.10.100.0/24 subnet will get to the dsl router/modem, but the modem will try to send it to the ISP because it doesn't have a route for 10.10.100.0 pointing back to your 3560.

HTH,

John

**** Please rate all useful posts ****

HTH, John *** Please rate all useful posts ***

dblair · ‎08-25-2012

Hi thanks for the reply. I actually have a static route in the DSL modem

Destination	Subnet Mask	Gateway	Interface	Remove
10.10.100.0	255.255.255.0	192.168.1.201	br0

The DSL modem also supports RIP. I've turned on RIP (not currently on) and it doesn't really seem to do anything. There are 3 options for "interface". One is WAN, one is LAN and the final is to put nothing in there at all. I've tried the above with all three options and still nothing. I'm sure it's something easy i'm overlooking.

John Blakley · ‎08-25-2012

Can you ping the dsl mode if you source from vlan 100 on the 3560? (ping 192.168.1.1 sour vlan 100) From the looks of it, it simply looks like your static route isn't working on the dsl router....

Have you tried to reboot your dsl router after adding the static route?

HTH,

John

HTH, John *** Please rate all useful posts ***

dblair · ‎08-25-2012

I hadn't tried that. But yes, it does work.

3560Lab1-DLS2#ping 192.168.1.1 sour vlan 100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.100.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

John Blakley · ‎08-25-2012

That's even more interesting...Can you run "debug ip icmp" and ping the workstation from the dsl router? And can you post the results?

HTH, John *** Please rate all useful posts ***

dblair · ‎08-25-2012

The DSL router doesn't have the capacity to issue a ping directly from it, or at least I can't find where it is. (brand is Zhone). So I plugged a PC (192.168.1.220) directly into the DSL modem and issued some pings.

Ping issued from client - 10.10.100.10

3560Lab1-DLS2#

Aug 25 16:54:44.645: ICMP: echo reply rcvd, src 10.10.100.10, dst 10.10.100.1, topology BASE, dscp 0 topoid 0

Aug 25 16:54:44.653: ICMP: echo reply rcvd, src 10.10.100.10, dst 10.10.100.1, topology BASE, dscp 0 topoid 0

Aug 25 16:54:44.662: ICMP: echo reply rcvd, src 10.10.100.10, dst 10.10.100.1, topology BASE, dscp 0 topoid 0

Pings issued from clients to g0/1 ip address

3560Lab1-DLS2#

Aug 25 16:55:51.284: ICMP: echo reply sent, src 192.168.1.201, dst 192.168.1.2, topology BASE, dscp 0 topoid 0

Aug 25 16:55:52.283: ICMP: echo reply sent, src 192.168.1.201, dst 192.168.1.2, topology BASE, dscp 0 topoid 0

Aug 25 16:55:53.281: ICMP: echo reply sent, src 192.168.1.201, dst 192.168.1.2, topology BASE, dscp 0 topoid 0

Aug 25 16:55:54.279: ICMP: echo reply sent, src 192.168.1.201, dst 192.168.1.2, topology BASE, dscp 0 topoid 0

Aug 25 17:02:32.010: ICMP: echo reply sent, src 192.168.1.201, dst 192.168.1.220, topology BASE, dscp 0 topoid 0

Aug 25 17:02:32.991: ICMP: echo reply sent, src 192.168.1.201, dst 192.168.1.220, topology BASE, dscp 0 topoid 0

Aug 25 17:02:34.006: ICMP: echo reply sent, src 192.168.1.201, dst 192.168.1.220, topology BASE, dscp 0 topoid 0

Aug 25 17:02:35.021: ICMP: echo reply sent, src 192.168.1.201, dst 192.168.1.220, topology BASE, dscp 0 topoid 0

when attempting to ping 10.10.100.10, the request times out on the client (192.168.1.220 or 192.168.1.2)

John Blakley · ‎08-25-2012

can you do the same test but run debug ip packet and post the results?

Also, this shouldn't matter, but have you tried removing the routed port and then configuring vlan1s svi with an ip address? I'd be curious to see if it worked.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

dblair · ‎08-25-2012

This is the response when the client (192.168.1.220) pings the g0/1 IP (192.168.1.201)

Aug 25 17:56:12.624: IP: tableid=0, s=10.10.100.1 (local), d=10.10.100.10 (Vlan100), routed via FIB

Aug 25 17:56:12.624: IP: s=10.10.100.1 (local), d=10.10.100.10 (Vlan100), len 600, output feature, Check hwidb(81), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Aug 25 17:56:12.633: IP: s=192.168.1.201 (local), d=224.0.0.10 (GigabitEthernet0/1), len 60, local feature, RCLI(7), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Aug 25 17:56:12.633: IP: s=192.168.1.201 (local), d=224.0.0.10 (GigabitEthernet0/1), len 60, local feature, Local Clustering(8), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Aug 25 17:56:12.633: IP: s=192.168.1.201 (local), d=224.0.0.10 (GigabitEthernet0/1), len 60, sending broad/multicast

Aug 25 17:56:12.633: IP: s=192.168.1.201 (local), d=224.0.0.10 (GigabitEthernet0/1), len 60, sending full packet

Aug 25 17:56:12.641: IP: s=10.10.100.1 (local), d=10.10.100.10, len 600, local feature, RCLI(7), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Aug 25 17:56:12.641: IP: s=10.10.100.1 (local), d=10.10.100.10, len 600, local feature, Local Clustering(8), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Aug 25 17:56:12.641: IP: tableid=0, s=10.10.100.1 (local), d=10.10.100.10 (Vlan100), routed via FIB

Aug 25 17:56:12.641: IP: s=10.10.100.1 (local), d=10.10.100.10 (Vlan100), len 600, output feature, Check hwidb(81), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

Aug 25 17:56:12.641: IP: s=10.10.100.1 (local), d=10.10.100.10, len 600, local feature, RCLI(7), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE

The client at 192.168.1.220 times out when attempting to ping 10.10.100.1 or 10.10.100.10

I really appreciate your help on this btw

John Blakley · ‎08-25-2012

No problem! We'll get there eventually

I'm curious to see if you could try something. On your routed port, try changing back to a switchport. Then under your vlan 1, put the ip address 192.168.1.201/24. Take your PC that you have connected directly to the dsl modem and plug it directly into the 3560. The. See if you can ping the workstation on vlan 100. If you can, the switch is routing correctly.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

dblair · ‎08-25-2012

Ok so here is the changed config

interface GigabitEthernet0/1

end

interface Vlan1

ip address 192.168.1.201 255.255.255.0

end

I've plugged the client PC (192.168.1.220) into g0/1. From the client, I can ping 192.168.1.201, but cannot ping 10.10.100.1 or 10.10.100.10

The client PC on vlan 100 cannot ping 192.168.1.220

The router can ping 192.168.1.220

For routing on the switch I have:

ip routing

router eigrp 100

network 10.10.100.0 0.0.0.255

network 192.168.1.0

ip route 0.0.0.0 0.0.0.0 192.168.1.1

i've removed the ip default-gateway line

John Blakley · ‎08-25-2012

Ok can you post

Sh vlan

Sh ip route

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

dblair · ‎08-25-2012

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/3, Gi0/4, Gi0/5
                                                Gi0/6, Gi0/7, Gi0/8, Gi0/11
                                                Gi0/12, Gi0/13, Gi0/14, Gi0/15
                                                Gi0/16, Gi0/17, Gi0/18, Gi0/19
                                                Gi0/20, Gi0/21, Gi0/22, Gi0/23
                                                Gi0/24, Gi0/25, Gi0/26, Gi0/27
                                                Gi0/28
100 Home_VLAN                        active    Gi0/9, Gi0/10
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup

VLAN Type SAID       MTU   Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet 100001     1500 -      -      -        -    -        0      0
100 enet 100100     1500 -      -      -        -    -        0      0
1002 fddi 101002     1500 -      -      -        -    -        0      0
1003 trcrf 101003     4472 1005   3276   -        -    srb      0      0
1004 fdnet 101004     1500 -      -      -        ieee -        0      0
1005 trbrf 101005     4472 -      -      15       ibm -        0      0

VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

3560Lab1-DLS2#

3560Lab1-DLS2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.1.1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.10.100.0/24 is directly connected, Vlan100
L        10.10.100.1/32 is directly connected, Vlan100
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan1
L        192.168.1.201/32 is directly connected, Vlan1
3560Lab1-DLS2#

John Blakley · ‎08-25-2012

Last thing. Try removing ip routing and the readd it.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

dblair · ‎08-25-2012

done.

I also re-added

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Same behavior.

int vlan1 is still 192.168.1.201 255.255.255.0

int g0/1 is still plugged into the DSL router

3560Lab1-DLS2#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.1.1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.10.100.0/24 is directly connected, Vlan100
L        10.10.100.1/32 is directly connected, Vlan100
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan1
L        192.168.1.201/32 is directly connected, Vlan1

3560Lab1-DLS2#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/3, Gi0/4, Gi0/5
                                                Gi0/6, Gi0/7, Gi0/8, Gi0/11
                                                Gi0/12, Gi0/13, Gi0/14, Gi0/15
                                                Gi0/16, Gi0/17, Gi0/18, Gi0/19
                                                Gi0/20, Gi0/21, Gi0/22, Gi0/23
                                                Gi0/24, Gi0/25, Gi0/26, Gi0/27
                                                Gi0/28
100 Home_VLAN                        active    Gi0/9, Gi0/10
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup

VLAN Type SAID       MTU   Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet 100001     1500 -      -      -        -    -        0      0
100 enet 100100     1500 -      -      -        -    -        0      0
1002 fddi 101002     1500 -      -      -        -    -        0      0
1003 trcrf 101003     4472 1005   3276   -        -    srb      0      0
1004 fdnet 101004     1500 -      -      -        ieee -        0      0
1005 trbrf 101005     4472 -      -      15       ibm -        0      0

VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

3560Lab1-DLS2#

3560Lab1-DLS2#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
3560Lab1-DLS2#ping www.google.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.227.80, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 58/58/59 ms
3560Lab1-DLS2#

Pings from vlan100 client (10.10.100.10)

C:\Users\administrator>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=1ms TTL=63
Reply from 192.168.1.1: bytes=32 time=1ms TTL=63
Reply from 192.168.1.1: bytes=32 time=1ms TTL=63
Reply from 192.168.1.1: bytes=32 time=1ms TTL=63

Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\administrator>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 4.2.2.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\administrator>ping www.google.com
Ping request could not find host www.google.com. Please check the name and try a
gain.

When the directly attached 192.168.1.220 client was attached, it was able to ping the vlan ip 192.168.1.201 but received a mix of host unreachable and timeout errors when attempting to ping 10.10.100.1 and 10.10.100.10

Edit: wait a sec... i can now ping 192.168.1.1 from 10.10.100.10 - previously was unable to. Still unable to ping the internet from the 10.10.100.10 client.

I hooked up a different machine to a different port (g0/2). The client was able to pull a dhcp address (192.168.1.3) from the DSL router and is able to browse the internet, but not able to ping addresses in vlan100

While i'm able to ping 192.168.1.1 from 10.10.100.10, i cannot pnig 192.168.1.3. I can ping 192.168.1.3 from the switch.