Question about interVLAN routing.

persona

First of all plz forgive me for a stupid question..but i am trying to learn as much as I can.

I have 1 2600 router, 1 switch (2900), and 10 pcs connected to the switch and the switch is connected to the router forming the so-called "router-on a stick".

I did all the configuration needed, and the network seems to work just fine.
PCs 1 to 5 are on VLAN2, while 6 to 10 are on Vlan3.

I can ping from any PC to the router (subinterfaces).
Here comes my silly question: I cannot ping from a PC on VLAN 2 to a PC on VLAN3 EVENTHOUGH i used a routing protocol RIP on the router.

Is this normal since I am using 2 VLANs, or am I missing something? I can provide the configuration I did if need be.

PLEASE help.

georgemc

With router on a stick set up correctly you should be able to ping from vlan2 to vlan3. Let's see the config.

persona

Assuming we have 1 Router (2600) and 1 Switch (2900) and 4 PCs. PC1 and 2 are on VLAN 10 while PCs 3 and 4 are on VLAN 11.


Router

---

Router#conf t
Router(config)#int fa0/0
Router(config-if)#no ip address
Router(config-if)#no shut
Router(config-if)#int fa0/0.1
Router(config-subif)#ip address 10.10.10.1 255.255.255.0
Router(config-subif)#encap dot1q 10
Router(config-subif)#exit
Router(config)#int fa0/0.2
Router(config-subif)#ip address 11.11.11.1 255.255.255.0
Router(config-subif)#encap dot1q 11
Router(config-subif)#exit

---

Switch:

sw1#vlan database
sw1(vlan)#vlan 10
sw1(vlan)#vlan 11
exit
sw1#conf t
sw1(config)#int fa0/12
sw1(config-if)#switchport mode trunk
sw1(config-if)#switchport trunk encap dot1q
sw1(config-if)#exit

sw1(config)#int vlan 10
sw1(config-if)#ip address 10.10.10.2 255.255.255.0
sw1(config-if)#ip default-gateway 10.10.10.1
sw1(config)#exit

sw1#conf t
sw1(config)#int vlan 11
sw1(config-if)#ip address 11.11.11.2 255.255.255.0
sw1(config-if)#ip default-gateway 11.11.11.1
sw1(config)#exit

sw1#conf t
sw1(config)#int fa0/1
sw1(config-if)#switchport access vlan 10
sw1(config-if)#switchport mode access

(on int f0/2 I did the same setting since they both belong to VLAN 10) and so on.

(on int f0/3 and int f0/4 I did the same but used vlan 11 since they both belong to VLAN 11)

PC1 and 2 since they belong to VLAN 10 have 10.10.10.2 as their Gateway.
PC3 and 4 since they belong to VLAN 11 have 11.11.11.2 as their Gateway.

I can ping from any PC to the router. BUt I cannot ping from PC1 to PC3. ...please clarify.

Thanks in advance.

Webmaster

You should set the default gateway to the router.

sw1(config)#int vlan 10
sw1(config-if)#ip address 10.10.10.2 255.255.255.0
sw1(config-if)#ip default-gateway 10.10.10.1
sw1(config)#exit

sw1#conf t
sw1(config)#int vlan 11
sw1(config-if)#ip address 11.11.11.2 255.255.255.0
sw1(config-if)#ip default-gateway 11.11.11.1
sw1(config)#exit

This part is NOT related to InterVLAN routing on a l2 switch and router on a stick.

interface vlan 11 configures a management VLAN interface. It's a virtual interface that can be used to manage the switch. The default gateway in that section is for when you want to manage the switch from a different subnet.

In short: a layer2 switch's ports cannot be assigned IP address, so you assign them to a Switched Virtual Interface.

You can also have only one active vlan interface on a l2 switch so there's no use in configuring multiple either. In your case you can skip the above section that configures the vlan 'interfaces' (not vlans, vlan interfaces) entirely. And set the default gateway correctly and it should work.

carveone

Webmaster wrote:

You should set the default gateway to the router.

Just to throw in my 2cents in case he misunderstands

The default gateway on the PCs needs to be set to the router. You have to think "where does the pc send the packet and how does it know to send it there"

PS: While on the topic of vlans, is there any way of finding out who the vtp server is in a pile of switches? show vtp isn't telling me. Guess I have to telnet to each one and do a "show vtp" on each...

persona

Webmaster wrote:

You should set the default gateway to the router.

sw1(config)#int vlan 10
sw1(config-if)#ip address 10.10.10.2 255.255.255.0
sw1(config-if)#ip default-gateway 10.10.10.1
sw1(config)#exit

sw1#conf t
sw1(config)#int vlan 11
sw1(config-if)#ip address 11.11.11.2 255.255.255.0
sw1(config-if)#ip default-gateway 11.11.11.1
sw1(config)#exit

This part is NOT related to InterVLAN routing on a l2 switch and router on a stick.

interface vlan 11 configures a management VLAN interface. It's a virtual interface that can be used to manage the switch. The default gateway in that section is for when you want to manage the switch from a different subnet.

In short: a layer2 switch's ports cannot be assigned IP address, so you assign them to a Switched Virtual Interface.

You can also have only one active vlan interface on a l2 switch so there's no use in configuring multiple either. In your case you can skip the above section that configures the vlan 'interfaces' (not vlans, vlan interfaces) entirely. And set the default gateway correctly and it should work.

I skipped it and it did not work mate. I have tried so many things and nothing worked. Posted this question on few boards and did not get a good answer yet. Maybe you can help out.

Before posting the problem, I configured the PCs to have the router's sub-interfaces as gateways, but since it did not work out well, so I tried to come up with a solution..my solution did not work.

here is the new config. Omitted the part you told me not to state. I can ping the router from all PCs. What I want is to have PC1, which is located on VLAN 10 to ping PC3 which is on VLAN 11.

Router

---

Router#conf t
Router(config)#int fa0/0
Router(config-if)#no ip address
Router(config-if)#no shut
Router(config-if)#int fa0/0.1
Router(config-subif)#ip address 10.10.10.1 255.255.255.0
Router(config-subif)#encap dot1q 10
Router(config-subif)#exit
Router(config)#int fa0/0.2
Router(config-subif)#ip address 11.11.11.1 255.255.255.0
Router(config-subif)#encap dot1q 11
Router(config-subif)#exit

router rip
network 10.10.10.0
network 11.11.11.0
exit

Switch:

---

sw1#vlan database
sw1(vlan)#vlan 10
sw1(vlan)#vlan 11
exit
sw1#conf t
sw1(config)#int fa0/12
sw1(config-if)#switchport mode trunk
sw1(config-if)#switchport trunk encap dot1q
sw1(config-if)#exit

sw1#conf t
sw1(config)#int fa0/1
sw1(config-if)#switchport access vlan 10
sw1(config-if)#switchport mode access
end

sw1#conf t
sw1(config)#int fa0/2
sw1(config-if)#switchport access vlan 10
sw1(config-if)#switchport mode access
end

sw1#conf t
sw1(config)#int fa0/3
sw1(config-if)#switchport access vlan 11
sw1(config-if)#switchport mode access
end

sw1#conf t
sw1(config)#int fa0/4
sw1(config-if)#switchport access vlan 11
sw1(config-if)#switchport mode access
end

PC1 and 2 have 10.10.10.1 as their Gateway.
PC3 and 4 have 11.11.11.1 as their Gateway.

I can ping from any PC to the router. I can ping from PC1 (10.10.10.2 to router sub-interface 11.11.11.1) BUt I cannot ping from PC1 to PC3(11.11.11.2).

...please clarify.

markzab

This might be a shot in the dark...but since you noted that nobody could answer it maybe it's something simple. I'm assuming you are running a Class A network since you have a 10. 1st octet. So your network is something like 10.0.0.0 /24?

Hell of a lot of subnets you got there.

Question...why do you have a completely seperate network of 11.0.0.0 with no routing protocals configured? Or at least I don't see any from what you showed us. Scratch that...that's not even the main thing...

We're not even talking about 2 seperate subnets here, we're talking about 2 completely different networks. I'm not that on the up and up but isn't that called discontiguous networks? And don't you need to use one of the upper/better routing protocols to be able to handle them?

Somebody with a bit more knowledge know what I'm talking about?

Let me guess...every host on your 11. side can't ping the 10. side hosts? Can the 11. hosts and 10. hosts ping eachother though?

mikej412

Sounds like a routing issue.... what's the routing config on the router? What do you get from a "show ip protocol" and "show ip route" command on the router?

persona

I used rip routing protocol

router rip
network 10.10.10.0
network 11.11.11.0
exit

markzab

Like Mike said...do a "show ip protocol" and "show ip route" command on the router and paste us the output...

Webmaster

Since there's only one router, and directly connected networks are automatically added to the routing table, you don't need a routing protocol. Nevertheless, as Mike posted, please post your show ip route output.

"discontiguous networks" does not apply here. Those are networks in which two or more subnets are interconnected by one or more networks that have a subnet from a different major network. Sorry for that bad explanation.

Anyway, I agree it's probably something simple. I killed a very similar working config at home just a couple of days ago. I'll set it up again and will post my working setup. That will be on a 2600+2950. brb...

markzab

Webmaster wrote:

Since there's only one router, and directly connected networks are automatically added to the routing table, you don't need a routing protocol. Nevertheless, as Mike posted, please post your show ip route output.

"discontiguous networks" does not apply here. Those are networks in which two or more subnets are interconnected by one or more networks that have a subnet from a different major network. Sorry for that bad explanation.

Anyway, I agree it's probably something simple. I killed a very similar working config at home just a couple of days ago. I'll set it up again and will post my working setup. That will be on a 2600+2950. brb...

Wasn't sure if I had the terminology correct. Guess not.

Wouldn't his problem be solved if he just didn't have 2 completely different networks, rather just 2 subnets in the same network? Like instead of the 11. network, just have another subnet of the 10. network?

remyforbes777

You have your default gateways set up incorrectly.

You have here your DG set as .1 for each subnet. But your PC's show you have them set as .2.

Router

---

Router#conf t
Router(config)#int fa0/0
Router(config-if)#no ip address
Router(config-if)#no shut
Router(config-if)#int fa0/0.1
Router(config-subif)#ip address 10.10.10.1 255.255.255.0
Router(config-subif)#encap dot1q 10
Router(config-subif)#exit
Router(config)#int fa0/0.2
Router(config-subif)#ip address 11.11.11.1 255.255.255.0
Router(config-subif)#encap dot1q 11
Router(config-subif)#exit

PC1 and 2 since they belong to VLAN 10 have 10.10.10.2 as their Gateway.
PC3 and 4 since they belong to VLAN 11 have 11.11.11.2 as their Gateway.

remyforbes777

Your PC's should be set to 10.10.10.1 as their DG and 11.11.11.1 as the other DG.

Took me a second to look over this entire post and see that but better late than never.

Webmaster

carveone wrote:

Webmaster wrote:

You should set the default gateway to the router.

Just to throw in my 2cents in case he misunderstands

The default gateway on the PCs needs to be set to the router. You have to think "where does the pc send the packet and how does it know to send it there"

Yup, it's essential to understand the default gateway should be a 'routing device' (router, l3 switch, dual home ...cough... Windows box ..cough).

PS: While on the topic of vlans, is there any way of finding out who the vtp server is in a pile of switches? show vtp isn't telling me. Guess I have to telnet to each one and do a "show vtp" on each...

By default they are all servers. A proper way is to configure a vtp domain and explicitely configure two switches as VTP servers and the rest as clients. If you run 'sh vtp status' it will show whether it's a client or server (or transparent), hence Server by default. vtp domain name is NULL (not shown).

Webmaster

remyforbes777 wrote:

Your PC's should be set to 10.10.10.1 as their DG and 11.11.11.1 as the other DG.

Took me a second to look over this entire post and see that but better late than never.

Yes, that was pointed out a couple of times already, so besides 'better late than never', 'better 3 times than never'

mikej412

remyforbes777 wrote:

Your PC's should be set to 10.10.10.1 as their DG and 11.11.11.1 as the other DG.

Took me a second to look over this entire post and see that but better late than never.

What happened to this config?

persona wrote:

PC1 and 2 have 10.10.10.1 as their Gateway.
PC3 and 4 have 11.11.11.1 as their Gateway.

I can ping from any PC to the router. I can ping from PC1 (10.10.10.2 to router sub-interface 11.11.11.1) BUt I cannot ping from PC1 to PC3(11.11.11.2).

I guess we should ask for an ipconfig and trace route from one of the PCs too.

markzab

I'm so lost.

Webmaster

markzab wrote:

Wasn't sure if I had the terminology correct. Guess not.

Wouldn't his problem be solved if he just didn't have 2 completely different networks, rather just 2 subnets in the same network? Like instead of the 11. network, just have another subnet of the 10. network?

Well, that's also a matter of terminology, in this situation, network and subnet are interchangeable (this is actually mentioned in the RIP or routing tutorial RFC). In the bigger scale, every IP network is a 'subnet'. Unless you use classful routing protocols, autosummarization and other ways of assuming the classful mask, the router doesn't care.

The routes to the networks attached to the subinterfaces will be in it (given the interfaces are actually all up, rather than just configured to be up, and the other cable isn't a cross-over, or something entirely else). It doesn't matter whether these are routes to an IP subnet or major IP network. The routes will point to the subnets (the router 'will' notice they are subnetted) and if the PCs are then configured correctly, it should work...

That said, when you set up a practice lab like this, I recommend to start with simple classful addresses. I usually use 10.0.0./8 and 11.0.0.0/8 12.. etc. because it takes less time to type than 192.168.0.1 Eventually you will want to start practicing using subnetted and variable subnetted networks, but there's no shame in wasting address space in a CCNA practice lab.

persona

gateway are set to 10.10.10.1 and 11.11.11.1 sorry for the mistyping. Still did not work.

here is the complete config. With sh ip route at the end.

Router

---

Router#conf t
Router(config)#int fa0/0
Router(config-if)#no ip address
Router(config-if)#no shut
Router(config-if)#int fa0/0.1
Router(config-subif)#ip address 10.10.10.1 255.255.255.0
Router(config-subif)#encap dot1q 10
Router(config-subif)#exit
Router(config)#int fa0/0.2
Router(config-subif)#ip address 11.11.11.1 255.255.255.0
Router(config-subif)#encap dot1q 11
Router(config-subif)#exit

Router(config)#router rip
Router(config-Router)#network 10.10.10.0
Router(config-Router)#network 11.11.11.0
exit

Switch:

---

sw1#vlan database
sw1(vlan)#vlan 10
sw1(vlan)#vlan 11
exit
sw1#conf t
sw1(config)#int fa0/12
sw1(config-if)#switchport mode trunk
sw1(config-if)#switchport trunk encap dot1q
sw1(config-if)#exit

sw1#conf t
sw1(config)#int fa0/1
sw1(config-if)#switchport access vlan 10
sw1(config-if)#switchport mode access
end

sw1#conf t
sw1(config)#int fa0/2
sw1(config-if)#switchport access vlan 10
sw1(config-if)#switchport mode access
end

sw1#conf t
sw1(config)#int fa0/3
sw1(config-if)#switchport access vlan 11
sw1(config-if)#switchport mode access
end

sw1#conf t
sw1(config)#int fa0/4
sw1(config-if)#switchport access vlan 11
sw1(config-if)#switchport mode access
end

PC1 ip = 10.10.10.2 255.255.255.0 GW= 10.10.10.1
PC2 ip = 10.10.10.3 255.255.255.0 GW= 10.10.10.1
PC3 ip = 11.11.11.2 255.255.255.0 GW= 11.11.11.1
PC4 ip = 11.11.11.3 255.255.255.0 GW= 11.11.11.1

sh ip route
Gateway of last resort is not set <

---

what is this? could this be the problem?
10.0.0.0/24 is subnetted, 1 subnet
C 10.10.10.0 is directly conneted
11.0.0.0/24 is subnetted, 1 subnet
C 11.11.11.0 is directly conneted

Still I cannot ping from PC1 to PC3. PLEASE HELP.

mikej412

persona wrote:

I have 1 2600 router, 1 switch (2900), and 10 pcs connected to the switch and the switch is connected to the router forming the so-called "router-on a stick".

Is this a real router and switch and PCs..... or Boson NetSim?

remyforbes777

Gateway of last resort is all unknown traffic. Usually set statically 0.0.0.0.

Webmaster

mikej412 wrote:

persona wrote:

I have 1 2600 router, 1 switch (2900), and 10 pcs connected to the switch and the switch is connected to the router forming the so-called "router-on a stick".

Is this a real router and switch and PCs..... or Boson NetSim?

Good question!

Still I cannot ping from PC1 to PC3

Just in case... how about from PC1 to PC4?

markzab wrote:

I'm so lost.

The best way to learn how to swim is just jumping in water.

(Notice I only have 10MB Ethernet so slightly different). The following config is the only config that's not default on my router:

interface Ethernet0/0
 no ip address
 half-duplex
!
interface Ethernet0/0.10
 encapsulation dot1Q 10
 ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/0.20
 encapsulation dot1Q 20
 ip address 11.11.11.1 255.255.255.0

which results in:

Router#sh ip ro
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.10.10.0 is directly connected, Ethernet0/0.10
     11.0.0.0/24 is subnetted, 1 subnets
C       11.11.11.0 is directly connected, Ethernet0/0.20

As you can see it knows they are subnetted, even there's only one subnet, but the route is for the subnet (logically not the major IP network because it's subnetted). If the switch and PCs are properly configured, this should do the trick as far as the router is concered.

My switch config is slightly different because it supports only dot1q so I can't do a 'switchport trunk encap dot1q', it's implied after the switchport mode trunk. And since routers don't support DTP, it's good practice to disable DTP negotiation by using the switchport nonegotiate on the trunk port to the router.

interface FastEthernet0/1
 switchport access vlan 10
!
interface FastEthernet0/2
 switchport access vlan 20
!
interface FastEthernet0/12
 switchport mode trunk
 switchport nonegotiate

Works for me.

persona

it is Boson Sim. Might be the problem? if yes how come nobody mentioned it b4?

remyforbes777

The question should be how come you never mentioned it before. Giving us partial information does not help in getting your issue resolved.

mikej412

persona wrote:

it is Boson Sim. Might be the problem? if yes how come nobody mentioned it b4?

Because you didn't say you were using Boson.... you said

persona wrote:

I have 1 2600 router, 1 switch (2900), and 10 pcs connected to the switch and the switch is connected to the router forming the so-called "router-on a stick".

Boson has problems when you don't use the built-in labs (and sometimes when you do).

Save your configuration. Close out of Boson. Reopen Boson and reload your network and configurations -- and re-configure the PCs if its a version that loses the PC configurations.

Sometimes that's "the fix" for Boson when it has VLAN routing issues -- either when it routes and pings when it shouldn't, or doesn't route and ping when it should.

Check out this thead
http://www.techexams.net/forums/viewtopic.php?t=15377
I forgot about the repeating the ping attempt several times may be enough for it to "magically work" solution.

markzab

Webmaster wrote:

markzab wrote:

Wasn't sure if I had the terminology correct. Guess not.

Wouldn't his problem be solved if he just didn't have 2 completely different networks, rather just 2 subnets in the same network? Like instead of the 11. network, just have another subnet of the 10. network?

Well, that's also a matter of terminology, in this situation, network and subnet are interchangeable (this is actually mentioned in the RIP or routing tutorial RFC). In the bigger scale, every IP network is a 'subnet'. Unless you use classful routing protocols, autosummarization and other ways of assuming the classful mask, the router doesn't care.

The routes to the networks attached to the subinterfaces will be in it (given the interfaces are actually all up, rather than just configured to be up, and the other cable isn't a cross-over, or something entirely else). It doesn't matter whether these are routes to an IP subnet or major IP network. The routes will point to the subnets (the router 'will' notice they are subnetted) and if the PCs are then configured correctly, it should work...

That said, when you set up a practice lab like this, I recommend to start with simple classful addresses. I usually use 10.0.0./8 and 11.0.0.0/8 12.. etc. because it takes less time to type than 192.168.0.1 Eventually you will want to start practicing using subnetted and variable subnetted networks, but there's no shame in wasting address space in a CCNA practice lab.

I guess my gripe would be...why not just set the first interface to 10.1.0.1 and the second to 10.2.0.1? I just think this would allow the PC's to communicate.

Also, now you kind of confused me about something. If it's a Class A network, don't the subnets start in the 2nd octet, not the first? I may have misread you wrong but did you say that 10.0 and 11.0 were on the same network, just different subnets? Because from what I'm understanding, those are 2 completely seperate networks alltogether. RIPv1 is classful so it wont know the mask is 255.255.255.0. It would assume a default mask of 255.0.0.0 for the Class A IP address. That in turn would make 10.0 and 11.0 2 completely different networks.

Will a simple protocal such as RIP allow 2 completely different networks, not subnets, to communicate?

Like, ATT has their network based off of 10.0 and Bellsouth has theirs based off of 20.0. Note, I know its much more complicated than this but...could you just connect the main routers back to back and run RIP for the 2 completely different networks to communicate?

Thats really what's been bothering me the whole time. Sorry if I'm not using proper terms in this. Still a CC-Baby.

persona

not mentioned before on any Boson forum I meant, not here.
It is not documented that is.

markzab

persona wrote:

not mentioned before on any Boson forum I meant, not here.
It is not documented that is.

If you haven't fixed the problem yet...for my own piece of mind could you do something for me? Make your first interface on the router 10.1.0.1, and make your 2nd interface 10.2.0.1. Change everything else accordingly (gateway's on PC's, VLANs, etc.) and see if it works then.

I just have a hunch.

persona

Well at least the config I did was correct. This is the most important thing to me.

Also I wanna praise this forum for having ppl like you gents.
Thank you for your concern.

/respect I have for all.

@markzab: ok will do. Will post it l8tr.

Persona

mikej412

Didn't you say you had posted on some other forums too?

Did we win! Did we win! Did any other forum figure out it was a Boson problem?