cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5866
Views
0
Helpful
19
Replies

Routing through sub-interfaces fails

Hello,

I have a problem accessing my wireless router through VLAN sub-interface on my Cisco 1841 router.

My hardware:

Cisco Catalyst 2960 switch (192.168.100.4 /24)

Cisco Catalyst 3550 switch (192.168.100.6 /24)

Cisco 1841 router (192.168.100.7 /24)

Asus RT N66U wireless router (192.168.100.2 /24)

Here's my network topology:

I have two VLANs - 10 and 20.

2 DHCP pools are configured on 2 1841's interfaces - 192.168.1.0 /25 and 192.168.1.128/26 with default router sitting on 192.168.1.1 and 192.168.1.129 respectively. No issues with obtaining IP address from any of those pools.

Laptop connects to L3 3550 switch (switchport access vlan 10), which, in turn, connects to 1841 router through trunk (with VLANs 10 and 20 allowed).

3550 is connected to 2960 through trunk with VLANs 10 and 20 allowed.

Wireless router is connected to 2960.

I can successfully ping my wireless router and outside world from 1841 from fa0/1 interface, but not from fa0/1.10 or fa0/1.20 sub-interfaces -  all packets got dropped. My laptop can obtain IP from both pools (depending on port I connect it to), but can't ping my wireless router and anything beyond it. Could anyone please explain why?

I attach my configs:

Cisco Catalyst 3550:

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport port-security mac-address sticky
speed 100
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!

Cisco 1841:

ip dhcp pool Vlan10DHCP
network 192.168.1.0 255.255.255.128
default-router 192.168.1.1
dns-server 208.67.220.220
domain-name home.local

!
ip dhcp pool Vlan20DHCP
network 192.168.1.128 255.255.255.192
default-router 192.168.1.129
dns-server 208.67.220.220
lease 0 12

interface FastEthernet0/1
ip address 192.168.100.7 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1.10
description VLAN10 Sub Interface
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.128
!
interface FastEthernet0/1.20
description VLAN20 Sub Interface
encapsulation dot1Q 20
ip address 192.168.1.129 255.255.255.192
!

Routing table on 1841:

S*    0.0.0.0/0 [1/0] via 192.168.100.2
                is directly connected, FastEthernet0/1
      192.168.1.0/24 is variably subnetted, 4 subnets, 3 masks
C        192.168.1.0/25 is directly connected, FastEthernet0/1.10
L        192.168.1.1/32 is directly connected, FastEthernet0/1.10
C        192.168.1.128/26 is directly connected, FastEthernet0/1.20
L        192.168.1.129/32 is directly connected, FastEthernet0/1.20
      192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.100.0/24 is directly connected, FastEthernet0/1
L        192.168.100.7/32 is directly connected, FastEthernet0/1

Sorry if this all looks a bit messy - I've just started my preparation for CCENT and I still feel a little confused about several terms.

1 Accepted Solution

Accepted Solutions

The original poster describes the switches as having vlans 10 and 20 but did not mention having vlan 1 also. The configuration that is given makes sense if vlan 1 is present on the switches and is how the wireless router is connected. In this case the IP on the physical interface works fine and connects to the native vlan (vlan 1) where the wireless router is connected. Perhaps the original poster can verify this?

Given the description of the symptoms my guess about the problem is that the router can route to the wireless router from vlan 10 and 20. But the wireless router probably does not have routes to subnets 192.168.1.0 and 192.168.1.128.

HTH

Rick

HTH

Rick

View solution in original post

19 Replies 19

Hello

First of all have you excluded you default router ip addresses from you dhcp pools- I don't see this in your post

Also the interface and subinterfaces are incorrect as the physical ip is the same as sub int 10 ( should not have an ip on the main interface)


Res
Paul

Sent from Cisco Technical Support iPad App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

pdriver написал(а):

Hello

First of all have you excluded you default router ip addresses from you dhcp pools- I don't see this in your post

Thank you for your reply!

I didn't exclude it originally because, as far as I know, DHCP server will not assign IP from its pool which is already in use - before offering IP to its client it will attempt to send ICMP echo request to that IP in order to check if it's in use.

pdriver написал(а):

Also the interface and subinterfaces are incorrect as the physical ip is the same as sub int 10 ( should not have an ip on the main interface)

Wendell Odom does say it's OK to configure an IP address on physical interface. Here's a quote from his book I am reading now:

"Configure the ip address command on the physical interface, but without encapsulation command; the router considers this physical interface to be using the native VLAN."

pratik gandhi
Level 1
Level 1

U have configured interface f0/1 with ip And also ccreated sub interface

When u hve a sub interface thn y u need ip on physical interface

N also y port security is enabled on trunk port???

Sent from Cisco Technical Support iPhone App

pratik gandhi написал(а):

U have configured interface f0/1 with ip And also ccreated sub interface

When u hve a sub interface thn y u need ip on physical interface

N also y port security is enabled on trunk port???

Sent from Cisco Technical Support iPhone App

As far as I can see from the examples in CCENT book and working configs around the Internet, there's no problem in setting up IP address for physical interface. Please correct me if I am wrong.

Hello

Maybe i am missing something here - this fa0/1 is facing your wirelees router which is the next hpp for internet?

why do you have subinterfaces on this interface as this router is performing intervlan routing so these should be on an interface facing you local network not on the wan facining interface
Res
Paul


Sent from Cisco Technical Support Android App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

My original plan was to configure different DHCP pools for different VLANs, see how they will work with different devices, practice with show commands and let these devices serf the web - that's all I want to achieve for now.

Since I have 2 1841s, I thought it would be a good idea to configure one of them as a DHCP server for several VLANs/subnets.

fa0/1 on my router is there just for SSH connectivity and is a basis for sub-interfaces - fa0/1.10 and fa0/1.20, that is.

And yes, it has my wireless router as its next hop (0.0.0.0 0.0.0.0 192.168.100.2), although, as you can see, it also faces my other LAN switches and I can ping any device sitting on them.

So I almost achieved what I wanted - DHCP servers are working and leasing IPs correctly, but there is no connectivity beyond my 1841 router for clients.

Again, the problem is that devices from those two DHCP pools can not go beyond 1841. I can ping and traceroute outside world from 3550 (the switch 1841 is connected to), but somehow not from sub-interfaces on 1841.

Hello
Could you provide a simple drawing of your topology?

Res
Paul

Sent from Cisco Technical Support Android App


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

The original poster describes the switches as having vlans 10 and 20 but did not mention having vlan 1 also. The configuration that is given makes sense if vlan 1 is present on the switches and is how the wireless router is connected. In this case the IP on the physical interface works fine and connects to the native vlan (vlan 1) where the wireless router is connected. Perhaps the original poster can verify this?

Given the description of the symptoms my guess about the problem is that the router can route to the wireless router from vlan 10 and 20. But the wireless router probably does not have routes to subnets 192.168.1.0 and 192.168.1.128.

HTH

Rick

HTH

Rick

Yes, I totally forgot about static routes on my wireless router - now I can ping it and outside world without any issues from 1841. Thank you very much for this tip.

I can also ping the wireless router from my Client PC almost without a problem (10 ICMP packets got "lost" out of 450), but when it comes to outside world, huge packet loss is in place - 5/10 or even more packets got dropped.

I attach my network's diagram.

I am glad that my suggestion led you to a solution for the original problem. Thank you for using the rating system to mark the question as answered. It makes the forum more useful when people can read about a problem and can know that a solution was found. Your marking has contributed to this process.

Your diagram shows how things are connected for your inside network. But it does not have any information about how traffic gets to the Internet. If we had more information about that we might be able to make suggestions about the packet loss when you ping into the Internet.

HTH

Rick

HTH

Rick

Thank you very much for your help, Richard. I updated my previous diagram according to your request.

Yes I see that there is now additional information with the drawing. I will comment on a couple of things.

- You show two static routes on the Asus and both of them give the network as 192.168.1.0 with different masks. I am guessing that you meant for one to be 192.168.1.0 with /25 mask and the other to be 192.168.1.128 also with /25 mask.

While I am not sure that this would cause a problem for vlan 10 it surely does cause problems for vlan 20.

- I notice that CEF is turned off on the physical interface of the 1841. I am not sure why this is done and suggest that you enable CEF on all interfaces, or give us the reason why it is turned off.

- what you have given shows that the 1841 has a default route. It is not entirely clear but I assume that the default route next hop is the Asus? If changing the items above does not make it better to ping the Internet then I would believe that the problem is more likely on the Asus than it is on the 1841.

HTH

Rick

HTH

Rick

I created 2 subnets (/25 and /26) intentionally - I need 2 subnets with 126 and 62 hosts each. Why it should be a problem? These networks do not intersect and I can not see any issues at this point. Please correct me if I am wrong.

Now to the CEF point.

Yes, I turned it off by mistake, though it doesn't make any difference if it is up or not in my case.

Yes, default route (next hop) is my wireless router (192.168.100.2 /24).

I accept your correction.

HTH

I accept your correction. I did not accurately remember the masks of the subnets from your earlier post. You did give different subnet masks in the original post

192.168.1.0 /25 and 192.168.1.128/26

Those networks/subnets do not intersect or overlap and there is not any problem with those networks/subnets. The problem is with the routes that you show from Asus which are for

192.168.1.0 255.255.255.128

192.168.1.0 255.255.255.192

These routes do overlap and that will cause a problem when the Asus attempts to reach subnet 192.168.1.128. The second static route on Asus should be for

192.168.1.128 255.255.255.192

It is good to know that CEF being disabled does not make any particular difference in your situation. In general it is a Best Practice to have CEFenabled unless there is a particular reason to disable it.

HTH

Rick

HTH

Rick