InterVLAN Query
satishtech
Member Posts: 243
in CCNA & CCENT
Why cannot I have InterVLAN routing when I add a Router to a L3 3560
switch on PT ?
I have created a simple InterVLAN on a 3560 L3 Switch.
I added a Router on one interface and created a VLAN on the
connected interface to the router , as I did to all the PC's.
I am unable to Ping the Router Interface.PC's interVLAN
works fine.In PC's i give the default gateway as the VLAN's
interface.
show ru :
ip routing
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 40
switchport mode access
!
interface Vlan1
ip address 192.168.5.2 255.255.255.0
!
interface Vlan10
ip address 192.168.1.1 255.255.255.252
!
interface Vlan20
ip address 192.168.1.9 255.255.255.252
!
interface Vlan30
ip address 192.168.10.2 255.255.255.0
[Router connected to this VLAN on g0/1 with IP 192.168.10.1 , cannot ping ]
!
interface Vlan40
ip address 192.168.20.2 255.255.255.0
[PC connected here ,same as vlan's 10 and 20 ]
switch on PT ?
I have created a simple InterVLAN on a 3560 L3 Switch.
I added a Router on one interface and created a VLAN on the
connected interface to the router , as I did to all the PC's.
I am unable to Ping the Router Interface.PC's interVLAN
works fine.In PC's i give the default gateway as the VLAN's
interface.
show ru :
ip routing
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 40
switchport mode access
!
interface Vlan1
ip address 192.168.5.2 255.255.255.0
!
interface Vlan10
ip address 192.168.1.1 255.255.255.252
!
interface Vlan20
ip address 192.168.1.9 255.255.255.252
!
interface Vlan30
ip address 192.168.10.2 255.255.255.0
[Router connected to this VLAN on g0/1 with IP 192.168.10.1 , cannot ping ]
!
interface Vlan40
ip address 192.168.20.2 255.255.255.0
[PC connected here ,same as vlan's 10 and 20 ]
Comments
-
Mooseboost Member Posts: 778 ■■■■□□□□□□In packet tracer there should be a simulation where you can follow the path of the ping one step at a time. When you do this, where does the ping fail?
-
volfkhat Member Posts: 1,081 ■■■■■■■■□□You have alot going on... and it's too early in the morning for VLSM :]
I would recommend you 'baby step" this process.
Create a new scenario:
1 router,
1 switch,
2 PC (in different Vlans).
Then try to ping across the Vlans.
post the running-configs for the switch :]
Oh, and also for the router! -
Simrid Member Posts: 327Have you done a no shutdown on the vlan interfaces?Network Engineer | London, UK | Currently working on: CCIE Routing & Switching
sriddle.co.uk
uk.linkedin.com/in/simonriddle -
shortstop20 Member Posts: 161 ■■■□□□□□□□Things to check:
Router interface connecting to switch is up/up.
VLAN 30 interface is up/up.
Gi0/1 on switch is up/up.
VLAN 30 is created. Check with "show VLAN" on switch.CCNA Security - 6/11/2018
CCNP TShoot - 3/7/2018
CCNP Route - 1/31/2018
CCNP Switch - 12/10/2015
CCNA R/S - 1/14/2015 -
Hondabuff Member Posts: 667 ■■■□□□□□□□What's the IP address of the PC's plugged into Fa0/1 and 2?
Also add this to the switch: Switch(config)#ip route 0.0.0.0 0.0.0.0 192.168.10.1
Add this to the Router plugged into Gi0/1 Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.10.2
Worked for me.“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln -
TWX Member Posts: 275 ■■■□□□□□□□The router cannot reply to the PC because the router does not know how to reach the subnet that the PC is on. It receives an echo-request from the 3560 from an IP address in the 192.168.20.0/24 network but that does not mean that it automatically sends an echo-reply back to the 3560. First it looks up in its own routing table the destination for the echo-reply, finds no route entry for 192.168.20.0/24, and drops the packet.
Congratulations, you have now discovered why manually-entered static routes and why routing protocols exist. You either need to add static routes to the router or you need to put all of the devices on the same VLAN as the router and use the same subnet.
Do do what you're trying to do without doing that you need NAT, but the 3560 does not do NAT.
I put a real Cisco router up as my router and I'm running OSPF. That's how I got around it. -
satishtech Member Posts: 243A simpler configuration :
1.3560 L3 switch.
2.PC connected to f0/1 and a Router 2911 connected to G0/1
Here is the running config:
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
Switch#show int f0/1
FastEthernet0/1 is up, line protocol is up (connected)
Switch#show int g0/1
GigabitEthernet0/1 is up, line protocol is up (connected)
Switch#show vlan brief
VLAN Name Status Ports
----
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8, Fa0/9
Fa0/10, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/2
10 jedi active Fa0/1
20 sith active Gig0/1
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#
The PC can Ping the int vlan 20 but router cannot ping int vlan 10.
-
shortstop20 Member Posts: 161 ■■■□□□□□□□As was pointed out, you either need to run a routing protocol on the switch and router or implement a static route on the router pointing towards the switch.CCNA Security - 6/11/2018
CCNP TShoot - 3/7/2018
CCNP Route - 1/31/2018
CCNP Switch - 12/10/2015
CCNA R/S - 1/14/2015 -
satishtech Member Posts: 243added static routes on the switch and router
now able to ping the vlan interfaces , but not beyond ...?
switch :
ip route 192.168.2.0 255.255.255.0 192.168.2.2
Router :
Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1 -
TWX Member Posts: 275 ■■■□□□□□□□We need more information---
What can ping what, exactly? What can't ping what, exactly?
What are the routing tables on the PCs and network devices? -
GDaines Member Posts: 273 ■■■□□□□□□□I recently set up a network using a 3560 switch for DHCP and Inter-VLAN routing and the guys on here were great for talking me through the issues as I found them. At first my additional switches weren't working correctly as I hadn't set up "trunk" ports between switches, and then I too could not ping the router. Here's my network:
For the router to work you need to configure the port on your switch it's connected to as follows:
SW1(config)# int g0/1
SW1(config-if)# no switchport
SW1(config-if)# ip address 192.168.10.2 255.255.255.0
SW1(config-if)# no shutdown
SW1(config-if)# exit
If you add another switch then you'll need to configure the switch-to-switch interfaces on both as follows:
SW1(config)# int fa0/24
SW1(config-if)# switchport trunk encapsulation dot1q
SW1(config-if)# switchport mode trunk
SW1(config-if)# exit
I stand to be corrected as I'm new to this myself but I don't believe you use a VLAN between the switch and router - the VLANs are on the network side for separating groups of PCs.
Once you make the change above you'll also need to make sure you have routes set up on your router to all the different VLANs. Too early to get my head around your config and change my routes to what you need so you'll have to do that, just to say my VLANs are using 1.x 2.x and 3.x networks and the next hop address on the end is the switch port address on my 3560 (so yours will be 192.168.10.2). This is the output from 'show run' on my router:
ip route 10.10.1.0 255.255.255.0 10.10.0.2
ip route 10.10.2.0 255.255.255.0 10.10.0.2
ip route 10.10.3.0 255.255.255.0 10.10.0.2
In my setup a PC will be given an IP address from the appropriate range depending on what VLAN the port it's connected to is configured as, so if the port is set to VLAN1 then the PC will get a 1.x address while for VLAN2 it'll get a 2.x address etc - the fact that I used 3 switches is irrelevant and just allows me to connect more hosts. I could just as easily have 10 different VLANs on a single 24-port switch.
Haven't played with a setup where the router handles DHCP because it's unlikely to be configured like that in the real world.
Am happy to help you get to the same stage as myself. -
TWX Member Posts: 275 ■■■□□□□□□□No reason you can't use SVIs and VLANs...
Taken from a production box:#sh ip route connected Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is 10.255.246.9 to network 0.0.0.0 10.0.0.0/8 is variably subnetted, 869 subnets, 13 masks C 10.0.205.0/24 is directly connected, Vlan16 L 10.0.205.1/32 is directly connected, Vlan16 C 10.2.205.0/24 is directly connected, Vlan16 L 10.2.205.1/32 is directly connected, Vlan16 C 10.4.24.0/21 is directly connected, Vlan16 L 10.4.24.1/32 is directly connected, Vlan16 C 10.8.13.0/24 is directly connected, Vlan224 L 10.8.13.1/32 is directly connected, Vlan224 C 10.9.6.0/24 is directly connected, Vlan704 L 10.9.6.1/32 is directly connected, Vlan704 C 10.9.34.0/24 is directly connected, Vlan701 L 10.9.34.1/32 is directly connected, Vlan701 C 10.9.54.0/24 is directly connected, Vlan700 L 10.9.54.1/32 is directly connected, Vlan700 C 10.255.246.8/30 is directly connected, TenGigabitEthernet1/32 L 10.255.246.10/32 is directly connected, TenGigabitEthernet1/32
All of the local LANs (the PCs at the site) use VLANs.
Define a new VLAN if you want, and put one interface in that VLAN as an access interface or with the native VLAN of a trunk defined, and connect it to any other L3 device that is in the same network and it should work.
On routers you can even get fancy and use bridged virtual interfaces where you need a VLAN to span multiple physical interfaces.
Taken from my lab at home:>sh ip route connected 172.16.0.0/16 is variably subnetted, 18 subnets, 7 masks C 172.16.0.0/27 is directly connected, BVI10 L 172.16.0.1/32 is directly connected, BVI10 C 172.16.0.32/27 is directly connected, BVI20 L 172.16.0.33/32 is directly connected, BVI20 C 172.16.0.64/27 is directly connected, BVI30 L 172.16.0.65/32 is directly connected, BVI30 C 172.16.0.236/30 is directly connected, GigabitEthernet0/0.40 L 172.16.0.237/32 is directly connected, GigabitEthernet0/0.40 C 172.16.0.240/28 is directly connected, BVI5 L 172.16.0.241/32 is directly connected, BVI5
The configs for the physical interfaces look something like this:interface GigabitEthernet0/0.5 encapsulation dot1Q 5 bridge-group 5 ! interface GigabitEthernet0/0.10 encapsulation dot1Q 10 bridge-group 10 ! interface GigabitEthernet0/0.20 encapsulation dot1Q 20 bridge-group 20 ! interface GigabitEthernet0/0.30 encapsulation dot1Q 30 bridge-group 30
The switched virtual interface that I need for an L2 interface:interface Vlan10 no ip address bridge-group 10
And for the bridged virtual interfaces that tie it all together:interface BVI5 ip address 172.16.0.241 255.255.255.240 ip nat inside ip virtual-reassembly in ipv6 address FDAA:2:2:2005::1/64 ! interface BVI10 ip address 172.16.0.1 255.255.255.224 ip nat inside ip virtual-reassembly in ipv6 address FDAA:2:2:2010::1/64 ! interface BVI20 ip address 172.16.0.33 255.255.255.224 ip nat inside ip virtual-reassembly in ipv6 address FDAA:2:2:2020::1/64 ! interface BVI30 ip address 172.16.0.65 255.255.255.224 ip nat inside ip virtual-reassembly in ipv6 address FDAA:2:2:2030::1/64
-
GDaines Member Posts: 273 ■■■□□□□□□□Whoa TWX, you've lost me on that one but I'll not hijack the thread looking for an explanation, instead I'll just revisit if I need anything like this for CCNA or someday decide to try to get my head around it for fun.
I stated that I 'didn't believe' a VLAN would be used between the switch and the router as per my setup which you helped get working. Are you saying you could use one? Perhaps the OP (satishtech) may ask for more clarification. -
shortstop20 Member Posts: 161 ■■■□□□□□□□Whoa TWX, you've lost me on that one but I'll not hijack the thread looking for an explanation, instead I'll just revisit if I need anything like this for CCNA or someday decide to try to get my head around it for fun.
I stated that I 'didn't believe' a VLAN would be used between the switch and the router as per my setup which you helped get working. Are you saying you could use one? Perhaps the OP (satishtech) may ask for more clarification.
Yes, you could use a VLAN if you wished.
You'd simply create the VLAN and the VLAN interface, then assign the switchport that will connect to the router to that VLAN.CCNA Security - 6/11/2018
CCNP TShoot - 3/7/2018
CCNP Route - 1/31/2018
CCNP Switch - 12/10/2015
CCNA R/S - 1/14/2015 -
satishtech Member Posts: 243I did the simple lab again , below is the config :
Figure is the same as above.
Works now !! (added after this post )
Switch(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.2
Router(config)#ip route 192.168.1.0 255.255.255.0 192.168.2.1
sh ru :
ip routing
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
interface Vlan10
ip address 192.168.1.1 255.255.255.0
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
!
Switch#show ip route
Gateway of last resort is not set
C 192.168.1.0/24 is directly connected, Vlan10
C 192.168.2.0/24 is directly connected, Vlan20
Switch#show int f0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 10 (jedi)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch#show int f0/2 switchport
Name: Fa0/2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 20 (sith)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
Switch#show vlan brief
VLAN Name Status Ports
----
1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gig0/1, Gig0/2
10 jedi active Fa0/1
20 sith active Fa0/2
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
PC connected to F0/1 port on the switch :
192.168.1.2 /24 GW : 192.168.1.1
Router connected to F0/2 port on the switch :
192.168.2.2 /24
Figure is same as above.
Can anyone try an interVLAN on L3-3560 , PC on one port router on another, please... on PT. -
TWX Member Posts: 275 ■■■□□□□□□□All I see are connected routes. What command, specifically, did you enter on the router to add the static route?
-
satishtech Member Posts: 243Yup works now ,
either static or default routes work ,
but why this additional configuration when it comes to interVLAN
between a Router and PC ?
novice questions sorry.
Switch:
ip classless
ip route 192.168.2.0 255.255.255.0 192.168.2.2
!
(or default route Switch(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.2 )
Router:
ip classless
ip route 192.168.1.0 255.255.255.0 192.168.2.1 -
TWX Member Posts: 275 ■■■□□□□□□□I don't see how it's working, if the PC is on a subnet that the router doesn't know about, then as far as the router is concerned, the subnet is unreachable.
This is an example from my lab. It's EIGRP, so there are some extra bits in the entry, but it should still help.
There are essentially four major kinds of routes in my lab. One is the default route that is set by the DHCP client process to my ISP. Another is the local user devices that are on an L2 network that this router directly touches. Yet another are the routes to directly-connected routers. The final type, which are the kind that require either a static route, or a route learned by a routing protocol, are routes to other networks that are not directly connected to this router.
Local Routes for end-user devices, I've carved up 172.16.0.0/24 with VLSM for the users in this physical area:C 172.16.0.0/27 is directly connected, BVI10 L 172.16.0.1/32 is directly connected, BVI10 C 172.16.0.32/27 is directly connected, BVI20 L 172.16.0.33/32 is directly connected, BVI20 C 172.16.0.64/27 is directly connected, BVI30 L 172.16.0.65/32 is directly connected, BVI30 C 172.16.0.236/30 is directly connected, GigabitEthernet0/0.40 L 172.16.0.237/32 is directly connected, GigabitEthernet0/0.40
The "C" routes are for the networks. The "L" routes with /32 CIDR masks are my own interfaces on a given network.
Routes to other routers, these happen to use Point to Point Frame Relay but regardless of the method the end result is that this is routers talking to other routers:172.25.0.0/16 is variably subnetted, 8 subnets, 2 masks C 172.25.0.0/30 is directly connected, Serial0/1/0.109 L 172.25.0.1/32 is directly connected, Serial0/1/0.109 C 172.25.0.4/30 is directly connected, Serial0/1/0.108 L 172.25.0.5/32 is directly connected, Serial0/1/0.108 C 172.25.0.8/30 is directly connected, Serial0/1/0.106 L 172.25.0.9/32 is directly connected, Serial0/1/0.106 C 172.25.0.12/30 is directly connected, Serial0/1/0.107 L 172.25.0.13/32 is directly connected, Serial0/1/0.107
As before, the "C" routes are for the networks and the "L" routes are my own interfaces on these networks.
Routes that require connecting through another router, my router would have no idea how to reach these routes if either they weren't propagated by a routing protocol, or else they weren't statically added:D 172.16.2.0/25 [90/2172416] via 172.25.0.2, 1w5d, Serial0/1/0.109 D 172.16.2.240/28 [90/2172416] via 172.25.0.2, 1w5d, Serial0/1/0.109 D 172.16.3.0/26 [90/2170112] via 172.25.0.6, 1w5d, Serial0/1/0.108 D 172.16.3.240/28 [90/2170112] via 172.25.0.6, 1w5d, Serial0/1/0.108 D 172.16.4.0/24 [90/2172416] via 172.25.0.14, 1w4d, Serial0/1/0.107 [90/2172416] via 172.25.0.10, 1w4d, Serial0/1/0.106
Note the lack of "L" routes with /32 CIDR. My router has no interfaces on these networks.
In the case of routing protocols there's that 1w5d portion of the entry that I do not know the meaning of, but either way, there's the network-to-reach, the IP address out which to communicate to reach it, and the physical interface out which to send. In the case of 172.16.4.0/24 there are two equal-cost paths to reach it, as there are two routers that have reported that they have routes to it. In this case both 172.25.0.10 and 172.25.0.14 have interfaces on 172.16.4.0/24 as they're doing HSRP to provide fault-tolerance to the hypothetical users on 172.16.4.0/24.
Now, let's pretend that I am going to re-address my 172.16.2.0/25 network behind router 172.25.0.2 on Serial0/1/0.109. I'll now use 192.168.20.0/24 and I won't use EIGRP. I'll have to add the following to my router:
RT(config)#ip route 192.168.20.0 255.255.255.0 172.25.0.2
which adds this to my routing table:S 192.168.20.0/24 [1/0] via 172.25.0.2
My router now knows how to reach through another router to communicate with that network. It knows that the path to 192.168.20.0/24 is through the router 172.25.0.2, which it knows because it knows that to reach 172.25.0.2 it must communicate out the connected interface associated with 172.25.0.0/30, which it knows is Serial0/1/0.109 because it has an IP address of 172.25.0.1 255.255.255.252 on that interface. -
satishtech Member Posts: 243Works :
Static Routes on switch and Router enable pinging
through this nano network.Figure above.
Works -
GDaines Member Posts: 273 ■■■□□□□□□□One way to be completely sure is to change the ip addressing scheme on the router side so you know for sure you're routing right. I hope I've got this sussed as I've only just covered inter-VLAN routing myself (but I didn't use a VLAN on the router side in my network design). TWX please check and advise any errors made, thanks.
Remove any existing static routing on both the router and switch then use these settings (skip existing settings that are correct).
On the router add G0/0 interface into VLAN10, give it an ip address and set up a static route telling it how to find the 192.168 network:
R1(config)# vlan 10
R1(config)# name VLAN10
R1(config)# int G0/0
R1(config-if)# switchport access vlan 10
R1(config-if)# ip address 10.10.10.1 255.255.255.252
R1(config-if)# exit
R1(config)# ip route 192.168.1.0 255.255.255.0 G0/0
And on the switch add G0/1 interface into VLAN10 and F0/0 interface into VLAN20. Give them both ip addresses and configure the gateway of last resort to send anything it can't find to the router:
SW1(config)# vlan 10
SW1(config-vlan)# name VLAN10
SW1(config-vlan)# exit
SW1(config)# vlan 20
SW1(config-vlan)# name VLAN20
SW1(config-vlan)# exit
SW1(config)# int G0/1
SW1(config-if)# description router network
SW1(config-if)# switchport access vlan 10
SW1(config-if)# ip address 10.10.10.2 255.255.255.252
SW1(config-if)# exit
SW1(config)# int F0/1
SW1(config-if)# description switch network
SW1(config-if)# switchport access vlan 20
SW1(config-if)# ip address 192.168.1.1 255.255.255.0
SW1(config-if)# exit
SW1(config)# ip route 0.0.0.0 0.0.0.0 G0/1
SW1(config)# ip routing
Now the switch can physically see both VLANs as they're directly connected, and the router has a route to the 192.168 network via the switch. There's been no mention of DHCP so I assume on the pc you're using a static address of 192.168.1.10 255.255.255.0 with a default gateway of the vlan address (192.168.1.1 in this example).
If I've got this right the pc should be able to ping everything:
192.168.1.10 - itself
192.168.1.1 - default gateway/switch
10.10.10.2 - switch exit interface to router
10.10.10.1 - router
Quite a bit more configuration required if you're doing this in a physical lab and want to connect the router to the internet as I found myself when the router could access the internet but the network couldn't. -
GDaines Member Posts: 273 ■■■□□□□□□□satishtech wrote: »??
Router(config)#vlan ?
% Unrecognized command
Mmm sorry, like I said, I didn't use a VLAN on my router side, just multiple VLANs for my client side. The stuff I posted clearly only works on a L3 switch and not on a router so I guess I've no idea how to correctly configure your VLAN on that side in which case I'd better take a step back and leave it to TWX and the other more knowledgeable participants to assist.
The setup (my setup) from post 12 works as I have it set up on my lab, but while my uncertainty as to whether you could use a VLAN on the router side was clarified by shortstop20 in post 15 the posts since have been way outside my understanding. -
shortstop20 Member Posts: 161 ■■■□□□□□□□You cannot create VLANs on routers, they do not have a VLAN database.
There are two ways to connect a router to a switch in this situation.
Option 1 - Router connects to a port on the switch which is setup as a "switchport". This means it's a layer 2 port, just as ports are by default on switches. Then you'd assign the port a VLAN using "switchport access vlan". That VLAN needs a matching VLAN interface with an IP address in the same subnet as the interface on the router.
You do not need to define a VLAN or a VLAN interface on the router. Simply connecting the port on the router to the switchport and configuring it as I've described makes it work.
Option 2 - Router connects to a Layer 3 port on switch, configured with the "no switchport" command. This makes the port on the switch a routed or Layer 3 port.CCNA Security - 6/11/2018
CCNP TShoot - 3/7/2018
CCNP Route - 1/31/2018
CCNP Switch - 12/10/2015
CCNA R/S - 1/14/2015 -
TWX Member Posts: 275 ■■■□□□□□□□I had started a reply but got off on a side-note and must not have finished typing it before the computer crashed.
You can set up 802.1q trunking to a router, but you have to define the subinterfaces (command like interface gigabitethernet0/0.10 for example) define the encapsulation type and the vlan to use (encapsulation dot1q 10) and then put the IP address on the subinterface. I have a few subinterfacess like that.
Because of where my service-entrance is, my ISP connection unfortunately has to plug into a switch. That means I have to VLAN trunk from the switch at the service-entrance to the router in another part of the house. I chose to use VLAN 2 to do this. I have an access interface on VLAN2 on the switch, then a trunk interface connecting from the switch to the router. VLAN 2 comes in on G0/0.2. There are extra commands in the interface configuration (I'm tinkering) but you should recognize a bunch of the commands:rt#sh run int g0/0.2 Building configuration... Current configuration : 358 bytes ! interface GigabitEthernet0/0.2 description ISP Service Entrance encapsulation dot1Q 2 ip address dhcp ip access-group WAN-In-Inspect-ACL in ip access-group WAN-Out-Inspect-ACL out ip nat outside ip inspect ROUTER-WAN-OUT out ip virtual-reassembly in ipv6 enable ipv6 traffic-filter LOG-ALL in ipv6 traffic-filter LOG-ALL out no cdp enable
I have another subinterface for another VLAN, VLAN 40, to go back up to that switch. My old consumer-grade wireless access point is on that VLAN, in case any legacy devices in the house are still looking for that WAP instead of the new one, and it's plugged into that switch up where the cablemodem is:rt#sh run int g0/0.40 Building configuration... Current configuration : 225 bytes ! interface GigabitEthernet0/0.40 description WIFI-Ivanhoe encapsulation dot1Q 40 ip address 172.16.0.237 255.255.255.252 ip nat inside ip virtual-reassembly in ipv6 address FDAA:2:2:2040::1/64 ipv6 ospf 1 area 1
On the switch I've set up the VLAN 2 interface to the ISP as follows:interface FastEthernet0/9 description ->Cable-Modem switchport access vlan 2 switchport mode access switchport nonegotiate ip access-group ISP-Inbound in ipv6 traffic-filter LOG-ALL in no cdp enable no lldp transmit spanning-tree bpdufilter enable spanning-tree bpduguard disable ip dhcp snooping trust
I've intentionally done what I could to not make it obvious that it's Cisco gear, and I've removed stuff that the ISP doesn't need to see on account of that. No CDP, no LLDP (if it's even running), no spanning-tree, etc. I probably should run switchport nonegotiate to disable DTP, but so far it hasn't been a problem. I do have an ACL running on the switch, it's sort of a pre-filter to block incoming RFC1918 addresses and other addresses that have no business coming into my network from the outside in case my ISP screws up and doesn't filter properly for me.
As for the WAP:interface FastEthernet0/7 description ->WAP switchport access vlan 40 switchport mode access
Just set up as an access interface on the correct VLAN. -
satishtech Member Posts: 243One default route on the router is enough , to enable pinging throughout.
ip route 0.0.0.0 0.0.0.0 192.168.2.1 -
satishtech Member Posts: 243Simplest solution I found :convert router to a host
Router(config)#no ip routing
Router(config)#ip default-gateway 192.168.2.1