getting routing to work?

I'm looking to save a switches configuration to my tftp server. But, I'm unable to ping the pc's ip address. So, i'm trying to figure out why I'm unable to do so.
I have two switches. one is network 192.168.1.0, the other is 192.168.2.0. then subnet mask is 255.255.255.0 for both. and the host address is x.x.x.200 on both svi for the single (default) vlan that each has. I have one router that is connected via it's ethernet ports to each switch. The router reports that each network is directly connected to it.
ok each switch has the router's ethernet address set to it's default gateway (192.168.1.6 and 192.168.2.12). each switch can ping the router's ip addresses, but can't ping each other. set up a trunk between the switches. Then the two svi's can ping each other and the pc's mac address shows up in the mac address table on the trunks interface.
but still cant ping the pc from the second switch. Seems like there isn't any routing happening. the router is set up to do rip and has both networks in it's configuration.
So, what i'm I missing? any suggestions?
thanks

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

fredrikjj

You shouldn't need a routing protocol in this scenario.

My guess is that you've not a configured a default gateway somewhere, or misconfigured it. What points to this is that when you added the trunk between the switches, they were able to communicate directly over this trunk despite being on different subnets. Someone sent an ARP for the other switch's SVI and it responded over the trunk. Cisco devices seem to ARP for everything when they don't have a default gw. When the trunk is not there, the traffic needs to go via the default gateway (the router), which fails. That's my guess anyway.

TechGuru80

Part of troubleshooting is analyzing the config. Paste your running config.

clarson

S1#show running-config
Building configuration...
Current configuration : 4181 bytes
!
version 15.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
username router123 privilege 15 secret 5 $1$N2bZ$Yenpv4i1YSSJmQFVKsnyt/
no aaa new-model
system mtu routing 1500
vtp mode transparent
!
!
no ip domain-lookup
ip domain-name mylab.org
!
!
crypto pki trustpoint TP-self-signed-174700032
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-174700032
revocation-check none
rsakeypair TP-self-signed-174700032
!
!
crypto pki certificate chain TP-self-signed-174700032
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31373437 30303033 32301E17 0D393330 33303130 30303130
325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3137 34373030
30333230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
B0AD91E0 3A4EFEA8 340B2CD2 06589F15 E4C7BFAA 4F9BBD25 79126A50 C5A2785B
7B26DCD3 9C8C59AE 0646815D 3A50B41D 8DAA9FD0 9CAB4C74 0BFFC77D 71F709D6
B1C82D66 9F8AA7C8 318911F2 618B34E9 F2D29C89 DA7D68AA B0AA57CE 63172244
36B4C56C 92725275 3B36AB3D 5D1D86C2 2118B37F 5B928529 8D9EF6ED 0BF6E9A5
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014EC 4B4A1EF8 DC552F1A E83D7079 9BD8E75A 1B096430 1D060355
1D0E0416 0414EC4B 4A1EF8DC 552F1AE8 3D70799B D8E75A1B 0964300D 06092A86
4886F70D 01010505 00038181 008368C2 FCC1D077 46A9B916 AE1B847E 345855E2
0E31855C 11DB09D6 E06AB90F 0550A5E1 42739CC6 B443A92D 027E1D37 2CB002F4
7E51874E 179141F3 CED0D747 2E7238B4 97098836 AB30B402 40E764C0 8651CA4F
01969683 6FEB2052 ECE75377 8A491D4F ED3796BD A7DA5793 4FD9C974 7BC14432
3F375F89 D7BB3A52 DC64B3CF B0
quit
!
!
!
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
!
interface FastEthernet0/1
description connection to PC
switchport mode dynamic desirable
!
interface FastEthernet0/2
description connection to R1 ethernet port 0/0
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport mode dynamic desirable
!
interface FastEthernet0/4
description connection to R2 ethernet port 0/0
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
description connection to R3 ethernet port 0/0
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
description crossover connection to S2
switchport mode trunk
!
interface Vlan1
ip address 192.168.1.200 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.1.2
no ip http server
ip http secure-server
!
banner login ^C This is S1 ^C
banner motd ^C

! WARNING !
AUTHORIZED PERSONAL ONLY
TRESSPASSING IS VIOLATION OF LAW AND WILL
PROSECUTED TO THE HIGHEST
EXTENT OF THE LAW
! WARNING !
^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
no login
!
end
S1#
S2#show running-config
Building configuration...
Current configuration : 4294 bytes
!
version 15.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname S2
!
boot-start-marker
boot-end-marker
!
!
username router123 privilege 15 secret 5 $1$N2bZ$Yenpv4i1YSSJmQFVKsnyt/
no aaa new-model
system mtu routing 1500
vtp mode transparent
!
!
no ip domain-lookup
ip domain-name mylab.org
!
!
crypto pki trustpoint TP-self-signed-3272919808
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3272919808
revocation-check none
rsakeypair TP-self-signed-3272919808
!
!
crypto pki certificate chain TP-self-signed-3272919808
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323732 39313938 3038301E 170D3933 30333031 30303030
35355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32373239
31393830 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CB60 BC77C7BD F41FFBEC 1652385E 979BF650 36AAA1C2 4E118080 1ED96A37
B2511C31 60DC2415 1498BC87 54725576 7D507B3E 2A2A09EC FB007EF4 6E653A1F
71316B43 0144B9ED 8B4FB3FA 586804EB 8AAD4438 9E629D15 710B64F9 D1AA7357
08218FA2 6E727BFC 03A3FD1A F9876EA0 8AD01F11 4417197B 17534702 53C07E05
E5350203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14AEF643 F169F81B 0889A168 781E4C20 7F7AD23E 7B301D06
03551D0E 04160414 AEF643F1 69F81B08 89A16878 1E4C207F 7AD23E7B 300D0609
2A864886 F70D0101 05050003 81810035 6C7B89E5 E9FC3898 AF7ED4DD F7612716
3C2CE05E D7937A9C 9C250D90 60F787A9 5D5B7B32 EC19D799 57A6CE0E B60AD0F2
AC968F32 A80FF956 77270EB0 5F10A449 D5FE44C2 26378832 0A0FEFB7 96054F62
C82BDF9B 1D4C0EFE AA8D351D 2E14C234 EBB51322 1E55F64B B32C1BB2 6D54A8BF
90614E91 137E0428 B4594293 4A9E60
quit
!
!
!
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
description connection to R1 0/1
!
interface FastEthernet0/9
!
interface FastEthernet0/10
description connection to R3 0/1
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
description connection to S1 0/1
switchport mode trunk
!
interface GigabitEthernet0/2
description connection to S1 0/2
!
interface Vlan1
ip address 192.168.2.200 255.255.255.0
no ip route-cache
!
no ip http server
ip http secure-server
!
banner login ^C This is S2 ^C
banner motd ^C

! WARNING !
AUTHORIZED PERSONAL ONLY
TRESSPASSING IS VIOLATION OF LAW AND WILL
PROSECUTED TO THE HIGHEST
EXTENT OF THE LAW
! WARNING !
^C
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
no login
!
end
S2#
R3#
R3#
R3#show running-config
Building configuration...

Current configuration : 2693 bytes
!
! Last configuration change at 00:57:42 UTC Tue Nov 25 2014 by router123
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.M8.bin
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip domain name mylab.org
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn FTX1051A40Y
archive
log config
hidekeys
username router123 privilege 15 secret 5 $1$8hsc$YKsLAUEXC9rGsWGE/nw2v.
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description connection to S1 port 6
ip address 192.168.1.6 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description connection to S2 port 12
ip address 192.168.2.12 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
description T1 serial connection to R1 port 0/1
ip address 10.1.3.1 255.255.255.252
encapsulation ppp
service-module t1 clock source internal
!
interface Serial0/1/0
description T1 serial connection to R2 port 0/0
ip address 10.1.2.2 255.255.255.252
encapsulation ppp
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
banner login ^C
This is the R3 Router
^C
banner motd ^C

! WARNING !
AUTHORIZED PERSONAL ONLY
TRESSPASSING IS VIOLATION OF LAW AND WILL
PROSECUTED TO THE HIGHEST
EXTENT OF THE LAW
! WARNING !
^C
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
R3#

clarson

hate to post a big long message like that, but there are the configs.
the switches don't have any default gateway set. But, didn't work after I set them either.
Thanks for all the help

fredrikjj

I only see one default gateway configured and it's not the correct IP address.

clarson

Yes, you are right about the one default gateway. Restarted the equipment, so i'd be back to the startup configs. Not so much incorrect, as inappropriate for this setup. That is to another router in my lab that isn't turned on for this setup.
Removed the default gateway, so it is now not there.
S1#show ip default
192.168.1.2
S1#config t
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#no ip default
S1(config)#no ip default-gateway
S1(config)#end
S1#
00:07:24: %SYS-5-CONFIG_I: Configured from console by console
S1#show ip default
0.0.0.0

gorebrush

Does the PC allow you to ping it? I.e. firewall?

Also.. BOTH switches need a default gateway if they are not participating in routing. All well and good getting traffic from S1->R->S2 but S2 needs a default gateway so it knows how to send the packets back to S1.

The routers two ethernet interfaces should be one each in each network, but you knew that.

clarson

Yes, I would have thought both switches would need a default gateway set. But, for whatever reason with defaults set last night it wasn't working.
And, after being shut down over night and restarted with no defaults set. things are now working. go figure.
S2#ping 192.168.1.200
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.200, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/5/9 ms
S2#ping 192.168.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms

fredrikjj

clarson wrote: »

[...]
no defaults set. things are now working. go figure.
[...]

Working due to proxy ARP running on the router's two interfaces. It "works", but not really. You could read up on that feature and try to figure out why you should use default gateways instead.

clarson

ok take that back. it is only working with a second router (r2) is running. r2 has an ethernet connection to each switch also and a serial connection to r3. with r2 &r3 running it works. with just r3 running it doesn't. 192.168.2.10 is on r2

S2#traceroute 192.168.1.200
Type escape sequence to abort.
Tracing the route to 192.168.1.200
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.2.10 0 msec 9 msec 0 msec
2 192.168.1.200 0 msec * 0 msec
S2#traceroute 192.168.1.200
01:04:19: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to down
01:04:20: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to down
S2#traceroute 192.168.1.200
Type escape sequence to abort.
Tracing the route to 192.168.1.200
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * *
S2#
01:05:26: %LINK-3-UPDOWN: Interface FastEthernet0/7, changed state to up
01:05:27: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up
S2#traceroute 192.168.1.200
Type escape sequence to abort.
Tracing the route to 192.168.1.200
VRF info: (vrf in name/id, vrf out name/id)
1
01:06:52: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to down *
01:06:54: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/7, changed state to up * *
2 * * *
3 * * *
4 * *
192.168.1.200 0 msec
S2#traceroute 192.168.1.200
Type escape sequence to abort.
Tracing the route to 192.168.1.200
VRF info: (vrf in name/id, vrf out name/id)
1 *
192.168.2.10 0 msec 0 msec
2 192.168.1.200 9 msec * 0 msec
S2#

gorebrush

I'm not sure what you mean by that comment...?

clarson

Well the comment was about those 3 post that seem the same. They had been blocked as possible spam. But, the moderator approved them. and now i do look like a spammer.
anyway here is the running config of the router that seems to be working (r2).
R2#show running
Building configuration...

Current configuration : 2620 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R2
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.M8.bin
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ip domain lookup
ip domain name mylab.org
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn FHK1202F4FX
archive
log config
hidekeys
username router123 privilege 15 secret 5 $1$8hsc$YKsLAUEXC9rGsWGE/nw2v.
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description connection to S1 port 4
ip address 192.168.1.4 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
description connection to S2 port 10
ip address 192.168.2.10 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0/0
description T1 serial connection to R3 port 0/1
ip address 10.1.2.1 255.255.255.252
encapsulation ppp
service-module t1 clock source internal
!
interface Serial0/1/0
description T1 serial connection to R1 port 0/0
ip address 10.1.1.2 255.255.255.252
encapsulation ppp
!
router rip
version 2
network 10.0.0.0
network 192.168.1.0
network 192.168.2.0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
banner login ^C
This is the R2 Router
^C
banner motd ^C

! WARNING !
AUTHORIZED PERSONAL ONLY
TRESSPASSING IS VIOLATION OF LAW AND WILL
PROSECUTED TO THE HIGHEST
EXTENT OF THE LAW
! WARNING !
^C
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
R2#

clarson

oh my now i have two of those messages too. Just having one of those days.
Anyway, I don't see any real difference between r3 and r2's configurations. I'll have to take a close look at cables again.

(hey you can delete messages on here. So, I deleted a few of the extra ones to keep from boring you)

clarson

Well. I removed the trunks so the switches can't communicate that way. Added a pc to each switch to have something to ping to and from.
pc's can ping each other and both switches. switches can ping both pc's But, switches can't ping each other. Added a default gateway to the switches that is the same as for the pc's.
Any thoughts on why they cant ping each other?

clarson

ok. I got it working. it seems you can set the default gateway and even save it. But, it doesn't actually get set until the ios is reloaded. So, the fix was to set the default gateway, save the configureation, and reload the ios. And then it all works.