05-31-2013 11:48 PM - edited 03-07-2019 01:40 PM
Hello,
I have a problem accessing my wireless router through VLAN sub-interface on my Cisco 1841 router.
My hardware:
Cisco Catalyst 2960 switch (192.168.100.4 /24)
Cisco Catalyst 3550 switch (192.168.100.6 /24)
Cisco 1841 router (192.168.100.7 /24)
Asus RT N66U wireless router (192.168.100.2 /24)
Here's my network topology:
I have two VLANs - 10 and 20.
2 DHCP pools are configured on 2 1841's interfaces - 192.168.1.0 /25 and 192.168.1.128/26 with default router sitting on 192.168.1.1 and 192.168.1.129 respectively. No issues with obtaining IP address from any of those pools.
Laptop connects to L3 3550 switch (switchport access vlan 10), which, in turn, connects to 1841 router through trunk (with VLANs 10 and 20 allowed).
3550 is connected to 2960 through trunk with VLANs 10 and 20 allowed.
Wireless router is connected to 2960.
I can successfully ping my wireless router and outside world from 1841 from fa0/1 interface, but not from fa0/1.10 or fa0/1.20 sub-interfaces - all packets got dropped. My laptop can obtain IP from both pools (depending on port I connect it to), but can't ping my wireless router and anything beyond it. Could anyone please explain why?
I attach my configs:
Cisco Catalyst 3550:
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport port-security mac-address sticky
speed 100
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!
Cisco 1841:
ip dhcp pool Vlan10DHCP
network 192.168.1.0 255.255.255.128
default-router 192.168.1.1
dns-server 208.67.220.220
domain-name home.local!
ip dhcp pool Vlan20DHCP
network 192.168.1.128 255.255.255.192
default-router 192.168.1.129
dns-server 208.67.220.220
lease 0 12interface FastEthernet0/1
ip address 192.168.100.7 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1.10
description VLAN10 Sub Interface
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.128
!
interface FastEthernet0/1.20
description VLAN20 Sub Interface
encapsulation dot1Q 20
ip address 192.168.1.129 255.255.255.192
!
Routing table on 1841:
S* 0.0.0.0/0 [1/0] via 192.168.100.2
is directly connected, FastEthernet0/1
192.168.1.0/24 is variably subnetted, 4 subnets, 3 masks
C 192.168.1.0/25 is directly connected, FastEthernet0/1.10
L 192.168.1.1/32 is directly connected, FastEthernet0/1.10
C 192.168.1.128/26 is directly connected, FastEthernet0/1.20
L 192.168.1.129/32 is directly connected, FastEthernet0/1.20
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, FastEthernet0/1
L 192.168.100.7/32 is directly connected, FastEthernet0/1
Sorry if this all looks a bit messy - I've just started my preparation for CCENT and I still feel a little confused about several terms.
Solved! Go to Solution.
06-01-2013 07:12 AM
The original poster describes the switches as having vlans 10 and 20 but did not mention having vlan 1 also. The configuration that is given makes sense if vlan 1 is present on the switches and is how the wireless router is connected. In this case the IP on the physical interface works fine and connects to the native vlan (vlan 1) where the wireless router is connected. Perhaps the original poster can verify this?
Given the description of the symptoms my guess about the problem is that the router can route to the wireless router from vlan 10 and 20. But the wireless router probably does not have routes to subnets 192.168.1.0 and 192.168.1.128.
HTH
Rick
06-01-2013 12:11 AM
Hello
First of all have you excluded you default router ip addresses from you dhcp pools- I don't see this in your post
Also the interface and subinterfaces are incorrect as the physical ip is the same as sub int 10 ( should not have an ip on the main interface)
Res
Paul
Sent from Cisco Technical Support iPad App
06-01-2013 12:48 AM
pdriver написал(а):
Hello
First of all have you excluded you default router ip addresses from you dhcp pools- I don't see this in your post
Thank you for your reply!
I didn't exclude it originally because, as far as I know, DHCP server will not assign IP from its pool which is already in use - before offering IP to its client it will attempt to send ICMP echo request to that IP in order to check if it's in use.
pdriver написал(а):
Also the interface and subinterfaces are incorrect as the physical ip is the same as sub int 10 ( should not have an ip on the main interface)
Wendell Odom does say it's OK to configure an IP address on physical interface. Here's a quote from his book I am reading now:
"Configure the ip address command on the physical interface, but without encapsulation command; the router considers this physical interface to be using the native VLAN."
06-01-2013 12:23 AM
U have configured interface f0/1 with ip And also ccreated sub interface
When u hve a sub interface thn y u need ip on physical interface
N also y port security is enabled on trunk port???
Sent from Cisco Technical Support iPhone App
06-01-2013 12:51 AM
pratik gandhi написал(а):
U have configured interface f0/1 with ip And also ccreated sub interface
When u hve a sub interface thn y u need ip on physical interface
N also y port security is enabled on trunk port???
Sent from Cisco Technical Support iPhone App
As far as I can see from the examples in CCENT book and working configs around the Internet, there's no problem in setting up IP address for physical interface. Please correct me if I am wrong.
06-01-2013 01:32 AM
Hello
Maybe i am missing something here - this fa0/1 is facing your wirelees router which is the next hpp for internet?
why do you have subinterfaces on this interface as this router is performing intervlan routing so these should be on an interface facing you local network not on the wan facining interface
Res
Paul
Sent from Cisco Technical Support Android App
06-01-2013 01:55 AM
My original plan was to configure different DHCP pools for different VLANs, see how they will work with different devices, practice with show commands and let these devices serf the web - that's all I want to achieve for now.
Since I have 2 1841s, I thought it would be a good idea to configure one of them as a DHCP server for several VLANs/subnets.
fa0/1 on my router is there just for SSH connectivity and is a basis for sub-interfaces - fa0/1.10 and fa0/1.20, that is.
And yes, it has my wireless router as its next hop (0.0.0.0 0.0.0.0 192.168.100.2), although, as you can see, it also faces my other LAN switches and I can ping any device sitting on them.
So I almost achieved what I wanted - DHCP servers are working and leasing IPs correctly, but there is no connectivity beyond my 1841 router for clients.
Again, the problem is that devices from those two DHCP pools can not go beyond 1841. I can ping and traceroute outside world from 3550 (the switch 1841 is connected to), but somehow not from sub-interfaces on 1841.
06-01-2013 02:12 AM
Hello
Could you provide a simple drawing of your topology?
Res
Paul
Sent from Cisco Technical Support Android App
06-01-2013 07:12 AM
The original poster describes the switches as having vlans 10 and 20 but did not mention having vlan 1 also. The configuration that is given makes sense if vlan 1 is present on the switches and is how the wireless router is connected. In this case the IP on the physical interface works fine and connects to the native vlan (vlan 1) where the wireless router is connected. Perhaps the original poster can verify this?
Given the description of the symptoms my guess about the problem is that the router can route to the wireless router from vlan 10 and 20. But the wireless router probably does not have routes to subnets 192.168.1.0 and 192.168.1.128.
HTH
Rick
06-01-2013 11:09 AM
Yes, I totally forgot about static routes on my wireless router - now I can ping it and outside world without any issues from 1841. Thank you very much for this tip.
I can also ping the wireless router from my Client PC almost without a problem (10 ICMP packets got "lost" out of 450), but when it comes to outside world, huge packet loss is in place - 5/10 or even more packets got dropped.
I attach my network's diagram.
06-01-2013 11:30 AM
I am glad that my suggestion led you to a solution for the original problem. Thank you for using the rating system to mark the question as answered. It makes the forum more useful when people can read about a problem and can know that a solution was found. Your marking has contributed to this process.
Your diagram shows how things are connected for your inside network. But it does not have any information about how traffic gets to the Internet. If we had more information about that we might be able to make suggestions about the packet loss when you ping into the Internet.
HTH
Rick
06-01-2013 11:47 AM
Thank you very much for your help, Richard. I updated my previous diagram according to your request.
06-01-2013 12:55 PM
Yes I see that there is now additional information with the drawing. I will comment on a couple of things.
- You show two static routes on the Asus and both of them give the network as 192.168.1.0 with different masks. I am guessing that you meant for one to be 192.168.1.0 with /25 mask and the other to be 192.168.1.128 also with /25 mask.
While I am not sure that this would cause a problem for vlan 10 it surely does cause problems for vlan 20.
- I notice that CEF is turned off on the physical interface of the 1841. I am not sure why this is done and suggest that you enable CEF on all interfaces, or give us the reason why it is turned off.
- what you have given shows that the 1841 has a default route. It is not entirely clear but I assume that the default route next hop is the Asus? If changing the items above does not make it better to ping the Internet then I would believe that the problem is more likely on the Asus than it is on the 1841.
HTH
Rick
06-01-2013 01:08 PM
I created 2 subnets (/25 and /26) intentionally - I need 2 subnets with 126 and 62 hosts each. Why it should be a problem? These networks do not intersect and I can not see any issues at this point. Please correct me if I am wrong.
Now to the CEF point.
Yes, I turned it off by mistake, though it doesn't make any difference if it is up or not in my case.
Yes, default route (next hop) is my wireless router (192.168.100.2 /24).
06-01-2013 01:22 PM
I accept your correction.
HTH
I accept your correction. I did not accurately remember the masks of the subnets from your earlier post. You did give different subnet masks in the original post
192.168.1.0 /25 and 192.168.1.128/26
Those networks/subnets do not intersect or overlap and there is not any problem with those networks/subnets. The problem is with the routes that you show from Asus which are for
192.168.1.0 255.255.255.128
192.168.1.0 255.255.255.192
These routes do overlap and that will cause a problem when the Asus attempts to reach subnet 192.168.1.128. The second static route on Asus should be for
192.168.1.128 255.255.255.192
It is good to know that CEF being disabled does not make any particular difference in your situation. In general it is a Best Practice to have CEFenabled unless there is a particular reason to disable it.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide