10-23-2013 11:36 PM - edited 03-07-2019 04:12 PM
Hi everyone,
This is my first time using this service so please be gentle.
I have an 871 router connected to a 2960 switch via two ports; both ports are configured as trunks.
On one of the router's trunks, I have set up subinterfaces.
My issue is - how come I can't ping across subinterfaces, or even VLANs? Any suggestions would greatly help.
Following are my router's config and CDP output for both the router and switch:
Current configuration : 6000 bytes
!
! Last configuration change at 16:08:47 C Wed Oct 23 2013 by root
! NVRAM config last updated at 14:32:14 C Fri Jul 19 2013 by root
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname kai-vlan-gw
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$lcxP$E3AqTmhjOU7dVGPhEEQCN1
!
no aaa new-model
!
resource policy
!
clock timezone C 3
ip subnet-zero
ip cef
!
!
no ip bootp server
ip domain name kenyanalliance.local
ip name-server 192.168.5.1
ip multicast-routing
ip ssh time-out 60
login block-for 100 attempts 3 within 100
!
!
crypto pki trustpoint TP-self-signed-1536830124
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1536830124
revocation-check none
rsakeypair TP-self-signed-1536830124
!
!
username root password 7 10455D485044111E1E57
!
!
class-map type port-filter match-all DHCP_Traffic
match port udp 67
class-map type port-filter match-all Telnet_Traffic
match port tcp 23
!
!
policy-map type port-filter Unnecessary_Ports
class DHCP_Traffic
drop
class Telnet_Traffic
drop
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
switchport mode trunk
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.5
encapsulation dot1Q 5
ip address 192.168.5.245 255.255.255.0
no snmp trap link-status
!
interface FastEthernet4.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.10.250
no snmp trap link-status
!
interface FastEthernet4.11
encapsulation dot1Q 11
ip address 192.168.11.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.11.250
no snmp trap link-status
!
interface FastEthernet4.12
encapsulation dot1Q 12
ip address 192.168.12.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.12.250
no snmp trap link-status
!
interface FastEthernet4.13
encapsulation dot1Q 13
ip address 192.168.13.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.13.250
no snmp trap link-status
!
interface FastEthernet4.14
encapsulation dot1Q 14
ip address 192.168.14.254 255.255.255.0
ip helper-address 192.168.14.250
no snmp trap link-status
!
interface FastEthernet4.15
encapsulation dot1Q 15
ip address 192.168.15.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.15.250
no snmp trap link-status
!
interface FastEthernet4.16
encapsulation dot1Q 16
ip address 192.168.16.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.16.250
no snmp trap link-status
!
interface FastEthernet4.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.20.250
no snmp trap link-status
!
interface Vlan1
ip address 10.10.10.25 255.255.255.0
ip route-cache flow
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.5.254
ip route 172.20.20.8 255.255.255.248 192.168.5.150
ip route 172.22.254.0 255.255.255.224 192.168.20.253 name TO-AKI
ip route 192.168.0.0 255.255.255.0 192.168.5.252 name Mombasa
ip route 192.168.1.0 255.255.255.0 192.168.5.252 name Thika
ip route 192.168.18.0 255.255.255.0 192.168.5.252 name Kisumu
ip route 192.168.21.0 255.255.255.0 192.168.5.150 name Machakos
ip route 192.168.22.0 255.255.255.0 192.168.5.150 name Bunyala_Yard
ip route 192.168.23.0 255.255.255.0 192.168.5.150 name Meru
ip route 192.168.100.0 255.255.255.0 192.168.5.150
!
no ip http server
ip http authentication local
ip http secure-server
!
!
logging trap debugging
logging 192.168.20.12
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
control-plane host
!
!
control-plane
!
banner exec ^C
Please be advised that you must be an administrator to proceed.
Failure to comply with this notification could lead to prosecution.
^C
banner login ^C
==============================================================
You're logging in to a restricted device. Please contact the
administrator if you need access!!
==============================================================
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 130E43435E5F073F3977
login local
transport preferred ssh
transport input ssh
!
scheduler max-task-time 5000
ntp clock-period 17174973
ntp server 128.138.141.172
end
Rouer CDP neighbors:
kai-vlan-gw#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
etsw1 Fas 1 142 S I WS-C2960-2Fas 0/23
etsw1 Fas 4 152 S I WS-C2960-2Gig 0/1
Switch CDP neighbors:
etsw1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
kai-vlan-gw.kenyanalliance.local
Fas 0/23 150 R S I 871 Fas 1
kai-vlan-gw.kenyanalliance.local
Gig 0/1 156 R S I 871 Fas 4
etsw3 Gig 0/2 177 S I WS-C2960- Gig 0/2
Kenyan_Alliance_MPLS_HQ
Fas 0/7 158 R S I 871 Fas 0
Kenya_Alliance.yourdomain.com
Fas 0/13 151 R S I 1841 Fas 0/0
Kenya_Alliance_HQ
Fas 0/14 158 R S I 881 Fas 3
10-24-2013 12:28 AM
Have you configured ip default-gateway in Swtch.?
10-24-2013 12:41 AM
Hi Shibi
Yes I have. The default gateway for the switch is the IP address of Vlan 1 on the router i.e. 10.10.10.25
Warui
10-24-2013 01:43 AM
Presumably the Vlans exist on the switch and are allowed on the trunk link back to the Router?
Can you post your switch config?
10-24-2013 01:58 AM
Thanks for your response.
Yes, the Vlans exist on the switch. Here's my switch config:
Current configuration : 3125 bytes
!
! Last configuration change at 10:13:13 C Thu Oct 24 2013
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname etsw1
!
enable secret 5 $1$QtkT$ArHPOKJqiLtNCA1/a0cjr.
!
no aaa new-model
clock timezone C 3
system mtu routing 1500
ip subnet-zero
!
ip name-server 192.168.5.1
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/3
!
interface FastEthernet0/4
description VMHost_10.10.10.6
switchport mode trunk
!
interface FastEthernet0/5
description VMHost_10.10.10.7
switchport mode trunk
!
interface FastEthernet0/6
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/8
description VMHost_10.10.10.6
switchport mode trunk
!
interface FastEthernet0/9
description VMHost_10.10.10.7
switchport mode trunk
!
interface FastEthernet0/10
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/13
switchport mode trunk
!
interface FastEthernet0/14
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/15
description VMHost_10.10.10.6
switchport access vlan 20
switchport mode trunk
!
interface FastEthernet0/16
description Proxy_Server
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/17
description VMHost_10.10.10.7
switchport mode trunk
!
interface FastEthernet0/18
switchport mode trunk
!
interface FastEthernet0/19
description VMHost_10.10.10.7
switchport mode trunk
!
interface FastEthernet0/20
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport mode trunk
!
interface FastEthernet0/23
description Mgmnt_VLAN_Int
switchport access vlan 5
switchport mode trunk
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
switchport mode trunk
!
interface Vlan1
ip address 10.10.10.1 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.10.25
ip http server
logging trap debugging
logging 192.168.20.12
!
control-plane
!
banner login ^C
============================================================
You're logging in to a restricted device. Please contact the
administrator if you need access!!
============================================================
^C
!
line con 0
password 7 15195F5D517928313A60
login
line vty 0 4
session-timeout 5
password 7 15195F5D517928313A60
login
line vty 5 15
login
!
ntp clock-period 36029439
ntp server 10.10.10.25
end
10-27-2013 10:29 PM
Hi guys,
Any thoughts? I'm still strugling with this.....
10-27-2013 11:49 PM
Hi,
I suspect about the Domain name server that you configured in Switch.Have a look on that.
Guru
10-28-2013 02:54 AM
Can you do a #show ip route on the Router and post the results?
10-28-2013 03:33 AM
Hi,
Here's the routing table. I'm thinking it's an L2 issue rather than L3...
Gateway of last resort is 192.168.5.254 to network 0.0.0.0
C 192.168.12.0/24 is directly connected, FastEthernet4.12
C 192.168.13.0/24 is directly connected, FastEthernet4.13
C 192.168.14.0/24 is directly connected, FastEthernet4.14
C 192.168.15.0/24 is directly connected, FastEthernet4.15
C 192.168.10.0/24 is directly connected, FastEthernet4.10
172.20.0.0/29 is subnetted, 1 subnets
S 172.20.20.8 [1/0] via 192.168.5.150
172.22.0.0/27 is subnetted, 1 subnets
S 172.22.254.0 [1/0] via 192.168.20.253
C 192.168.11.0/24 is directly connected, FastEthernet4.11
S 192.168.21.0/24 [1/0] via 192.168.5.150
C 192.168.20.0/24 is directly connected, FastEthernet4.20
C 192.168.5.0/24 is directly connected, FastEthernet4.5
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Vlan1
S 192.168.23.0/24 [1/0] via 192.168.5.150
S 192.168.22.0/24 [1/0] via 192.168.5.150
S 192.168.0.0/24 [1/0] via 192.168.5.252
C 192.168.16.0/24 is directly connected, FastEthernet4.16
S 192.168.1.0/24 [1/0] via 192.168.5.252
S 192.168.100.0/24 [1/0] via 192.168.5.150
S 192.168.18.0/24 [1/0] via 192.168.5.252
S* 0.0.0.0/0 [1/0] via 192.168.5.254
10-28-2013 06:08 AM
Hi all,
I've also just noticed something else that's a bit strange. The router can ping only one of its own subinterfaces; does this make sense?:
kai-vlan-gw#ping 192.168.5.245 source 192.168.5.245
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.245, timeout is 2 seconds:
Packet sent with a source address of 192.168.5.245
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms
kai-vlan-gw#ping 192.168.20.254 source 192.168.20.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.254
.....
Success rate is 0 percent (0/5)
kai-vlan-gw#ping 192.168.5.245 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.245, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.25
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
kai-vlan-gw#ping 192.168.20.254 source vlan1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.254, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.25
.....
Success rate is 0 percent (0/5)
10-28-2013 07:20 AM
Hi Warui Warui,
If you have configured the device interface with unicast reverse path forwarding,by default it cannot ping it self.So if you want to enable self ping you have to apply the following commands on the unicast rpf configured interfaces.
command:
kai-vlan-gw(config-if)ip verify unicast source reachable-via any allow-self-ping
please try this command and refer this doc
10-28-2013 11:09 PM
Hi Prajithtr
Thanks for the suggestion; the router can now ping itself. Thanks.
I however still cannot ping across VLANS. Any other ideas?
Warui.
10-29-2013 03:03 AM
I found Only vlan 5 and 20 is configured.
I1.The traffic from the switch should be coming to the router only through inteface Fa4 not through Fa1(Router).Confirm if the Switch interface Gi0/1 is up or it is not blocked (Since there is two connection to the router from the switch).
2.Just confirm if the Gi0/1 is configured with trunk encapsulation protocol (dot1q).
3.I found only vlan 5 and 20 in the switch.So confirm the end device's ip address(Vlan 5 and 20) and default gateway is correct.
======================================
kai-vlan-gw#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
etsw1 Fas 1 142 S I WS-C2960-2Fas 0/23
etsw1 Fas 4 152 S I WS-C2960-2Gig 0/1
========================================
PLEASE RATE THIS COMMENT IF YOU ARE SATISFIED
10-29-2013 04:40 AM
Hi Prajithr,
I have other Vlans (other than 5 & 20) set up on the switch:
etsw1#show vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/22, Fa0/24
5 VLAN0005 active Fa0/1, Fa0/2, Fa0/6, Fa0/7, Fa0/10, Fa0/12, Fa0/14, Fa0/16, Fa0/20
10 Finance active
11 Life active
12 Underwritting active
13 Claims active
14 Administration active
15 Marketing active
16 Wireless active
20 IT active Fa0/11, Fa0/21
Secondly, the switch is a 2960. Interface Gi0/1 is configured as a trunk and uses dot1q encap because 2960s do not support ISL.
etsw1#show int status
Port Name Status Vlan Duplex Speed Type
Fa0/23 Mgmnt_VLAN_Int connected trunk a-full a-100 10/100BaseTX
Fa0/24 notconnect 1 auto auto 10/100BaseTX
Gi0/1 connected trunk a-full a-100 10/100/1000BaseTX
Gi0/2 connected trunk a-full a-1000 10/100/1000BaseTX
The default gateway IP addresses are correct.
Warui.
10-29-2013 06:54 AM
Can you check the devices in Vlan 5 have been given with gateway 192.168.5.245 <------Last octate is 245(Not 254)
and for devices in Vlan 20 have been given gateway 192.168.20.254<------Last octate is 254
===============================
interface FastEthernet4.5
encapsulation dot1Q 5
ip address 192.168.5.245 255.255.255.0 <------------------
interface FastEthernet4.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0 <-------------
================================
The rest all seems correct...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide