Solved: vlan cannot ping gateway of last resort

bsciarra1 · ‎12-15-2010

Good afternoon,

I have a 2811 router that has a lan (not vlan) set up for use at a certain location. I recently added an NM-16ESW so I could create a vlan. The regular lan and the new vlan both exist on the same router. It routes across the WAN successfully via bgp network statement.

Problem is the vlan cannot ping our gateway of last resort, which goes to the outside internet. The regular lan on the same router can get to this gateway of last resort.

My vlan can see the other local lan, and all remote LAN's via bgp, but cannot access the internet because it cannot get to the default route on the router.

Here is a partial sample of some of my config that may or may not be relevant, is there anything I need to add to make it happen?

interface FastEthernet0/0

description Wilmington Network

ip address 172.16.0.3 255.255.0.0

ip access-group 100 in

ip flow ingress

ip flow egress

ip route-cache flow

duplex auto

speed 100

!

access-list 100 deny ip 10.1.26.0 0.0.0.255 host 192.168.6.26 log

access-list 100 deny ip 10.1.11.0 0.0.0.255 host 192.168.6.26 log

access-list 100 deny ip 172.21.21.0 0.0.0.255 host 192.168.6.26 log

access-list 100 permit ip any any

ip route 0.0.0.0 0.0.0.0 172.16.0.31

ip route 10.16.0.0 255.255.255.0 172.16.0.85

ip route 192.168.25.0 255.255.255.0 172.16.0.31

!

interface Vlan1

no ip address

!

interface Vlan10

description Phone VLAN

ip address 10.0.1.1 255.255.255.0

!

interface FastEthernet2/0

switchport access vlan 10

!

letsgomets · ‎12-15-2010

Does the gateway know how to route back to the new vlan?

Sent from my iPhone

View solution in original post

letsgomets · ‎12-15-2010

Show ip int br

Is the interface VLAN 10 up?

Do you have any devices assigned to VLAN 10 and connected to the router?

If there are no active VLAN 10 connections the VLAN interface will remain down.

bsciarra1 · ‎12-15-2010

letsgomets,

I did a sho ip int brief and vlan 10 is up. Three ports, fa2./0, fa2/1, fa2/2 are in vlan 10 and have devices connected to it that I can ping. From within my vlan I can ping everything on my network except the default route (which points to the outside internet)

letsgomets · ‎12-15-2010

Can you send a show ip route output?

And a scrubbed config

Call me Ed

bsciarra1 · ‎12-15-2010

Ed, Here is the result of sho ip route, thanks:

NewCastle_3745#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 172.16.0.31 to network 0.0.0.0

B    192.168.28.0/24 [20/0] via 12.113.9.21, 1w2d
S    192.168.25.0/24 [1/0] via 172.16.0.31
B    192.168.24.0/24 [20/0] via 12.113.9.21, 1w2d
B    192.168.9.0/24 [20/0] via 12.113.9.21, 1w2d
B    192.168.27.0/24 [20/0] via 12.113.9.21, 1w2d
C    172.16.0.0/16 is directly connected, FastEthernet0/0
     172.21.0.0/24 is subnetted, 1 subnets
B       172.21.21.0 [20/0] via 172.16.0.7, 2w4d
B    192.168.26.0/24 [20/0] via 12.113.9.21, 1w2d
B    192.168.11.0/24 [20/0] via 12.113.9.21, 1w2d
B    192.168.4.0/24 [20/0] via 12.113.9.21, 1w2d
B    192.168.21.0/24 [20/0] via 12.113.9.21, 1w2d
     10.0.0.0/24 is subnetted, 15 subnets
B       10.0.11.0 [20/0] via 12.113.9.21, 1d05h
B       10.0.9.0 [20/0] via 12.113.9.21, 2d06h
B       10.0.3.0 [20/0] via 12.113.9.21, 2d08h
C       10.0.1.0 is directly connected, Vlan10
B       10.0.6.0 [20/0] via 12.113.9.21, 5d07h
B       10.0.4.0 [20/0] via 12.113.9.21, 2d07h
B       10.0.26.0 [20/0] via 12.113.9.21, 06:05:54
B       10.0.27.0 [20/0] via 12.113.9.21, 1d08h
B       10.0.24.0 [20/0] via 12.113.9.21, 6d05h
B       10.0.28.0 [20/0] via 12.113.9.21, 1d03h
B       10.0.19.0 [20/0] via 12.113.9.21, 6d04h
S       10.16.0.0 [1/0] via 172.16.0.85
B       10.0.22.0 [20/0] via 12.113.9.21, 6d08h
B       10.0.23.0 [20/0] via 12.113.9.21, 07:39:54
B       10.0.21.0 [20/0] via 12.113.9.21, 5d03h
B    192.168.6.0/24 [20/0] via 12.113.9.21, 1w2d
B    192.168.23.0/24 [20/0] via 12.113.9.21, 3d01h
B    192.168.22.0/24 [20/0] via 12.113.9.21, 1w2d
B    192.168.7.0/24 [20/0] via 12.113.9.21, 1w2d
     12.0.0.0/8 is variably subnetted, 18 subnets, 3 masks
B       12.113.9.116/30 [20/0] via 12.113.9.21, 1w2d
B       12.115.74.36/30 [20/0] via 12.113.9.21, 1w2d
B       12.117.75.20/30 [20/0] via 12.113.9.21, 1w2d
B       12.113.9.88/30 [20/0] via 12.113.9.21, 1w2d
B       12.115.51.12/30 [20/0] via 12.113.9.21, 3d01h
B       12.85.233.240/30 [20/0] via 12.113.9.21, 1w2d
B       12.115.51.28/30 [20/0] via 12.113.9.21, 1w2d
C       12.113.9.20/30 is directly connected, Multilink1
C       12.113.9.21/32 is directly connected, Multilink1
B       12.84.0.60/30 [20/0] via 12.113.9.21, 1w2d
B       12.115.225.244/30 [20/0] via 12.113.9.21, 1w2d
B       12.115.225.240/30 [20/0] via 12.113.9.21, 1w2d
B       12.84.0.36/30 [20/0] via 12.113.9.21, 1w2d
B       12.38.168.0/24 [20/0] via 12.113.9.21, 1w2d
B       12.117.116.172/30 [20/0] via 12.113.9.21, 1w2d
B       12.117.68.132/30 [20/0] via 12.113.9.21, 1w2d
B       12.117.116.176/30 [20/0] via 12.113.9.21, 1w2d
B       12.113.9.164/30 [20/0] via 12.113.9.21, 1w2d
B    192.168.2.0/24 [20/0] via 12.113.9.21, 1w2d
B    192.168.19.0/24 [20/0] via 12.113.9.21, 1w2d
     135.89.0.0/16 is variably subnetted, 4 subnets, 2 masks
B       135.89.152.56/29 [20/0] via 12.113.9.21, 1w2d
B       135.89.152.128/28 [20/0] via 12.113.9.21, 1w2d
B       135.89.154.152/29 [20/0] via 12.113.9.21, 1w2d
B       135.89.157.160/28 [20/0] via 12.113.9.21, 1w2d
B    192.168.3.0/24 [20/0] via 12.113.9.21, 1w2d
S*   0.0.0.0/0 [1/0] via 172.16.0.31
NewCastle_3745#

letsgomets · ‎12-15-2010

Does the gateway know how to route back to the new vlan?

Sent from my iPhone

Richard Burts · ‎12-15-2010

There are some things in your environment that puzzle me. Your configured static default route has 172.16.0.31 as its next hop. And the BGP learned routes have 12.113.9.21 as the next hop. Can you help us understand why you are running BGP with a peer but your default route points to somewhere else?

Since the configured default route points to an address that is in the subnet of FastEth0/0 and since FastEth0/0 does not have any network address translation configured, would I be correct in assuming that the device at 172.16.0.31is a firewall and is doing the network address translation? I agree with some previous posts that the most likely problem is that the device at 172.16.0.31does not have a route back to the subnet configured on your VLAN.

HTH

Rick

HTH

Rick

glen.grant · ‎12-15-2010

If the gateway of last resort is a FW has that been setup to know that this new vlan exists and what to do with traffic destined for that vlan ?

bsciarra1 · ‎12-16-2010

Guys, thank you for your responses and help. I really appreciate it.

Richard, if I understand you're question correctly it is because we separate our wan traffic from our internet traffic.

Ed and Glenn, yes the routing was correct on the cisco router side, the problem was the firewall, which is the default route, didn't know how to route back to the vlan. I added the route in the firewall and all is well. Thanks!