Router-on-a-stick configuration and VLANS (several things...

rjbarlow · June 2007

Hi guys, please, I need help for a lab I created in trying my skills.

Topology.

Situation:
all PCs belonging to VLAN 2 can ping from each other;
all PCs belonging to VLAN 3 can ping from each other;

def.gateway assigned to all PCs into VLAN 2 is 192.168.0.100;
def.gateway assigned to all PCs into VLAN 3 is 192.168.1.100;

all PCs belonging to VLAN 2 are unable to ping their default gateway;
all PCs belonging to VLAN 3 are unable to ping their default gateway.

all PCs belonging to VLAN 2 are unable to ping PCs belonging to VLAN3 and vice-versa.

The goal is to communicate VLAN 2 and VLAN 3 together.

Please don't tell to me to change the topology, the VLANS's numbers or to use a different trunk protocol.

Config. of the Router:
router#sh run
!
interface Ethernet0/0
no ip address
no ip directed-broadcast
!
interface Ethernet0/0.1
encapsulation dot1q 2
ip address 192.168.0.100 255.255.255.0
!
interface Ethernet0/0.2
encapsulation dot1q 3
ip address 192.168.1.100 255.255.255.0
!

router#show interface
!
Ethernet0/0 is up, line protocol is up
!
[CUT]

Config of switch1:

switch1#sh run
!
interface FastEthernet0/1
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode access
switchport access vlan 3
!
interface FastEthernet0/4
switchport mode trunk
switchport trunk encapsulation dot1q
!

Config of switch2:
!
interface FastEthernet0/1
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode access
switchport access vlan 3
!
interface FastEthernet0/4
switchport mode trunk
switchport trunk encapsulation dot1q
!

Config of switch3 (the middle):
!
interface FastEthernet0/1
switchport mode trunk
switchport access vlan 2
switchport trunk encapsulation dot1q
!
interface FastEthernet0/2
switchport mode trunk
switchport access vlan 2
switchport trunk encapsulation dot1q
!
interface FastEthernet0/3
switchport mode trunk
switchport access vlan 3
switchport trunk encapsulation dot1q
!

Due to a bug of Boson netsim, when I open the configuration I made on the simulator, he put all switchs just to VTP Server even if previously I had set up switch3 (the middle), as VTP transparent.
As You can see, I marked 3 commands in red, I think they are residual of the configuration on switch1 and switch2 advertised to switch 3.
However the only way to not find those three commands into switch 3, is to configure switch1 and 2 as VTP Client and switch3 as VTP transparent, but when I remove those commands, the PCs in VLAN 2 on switch1 becomes unable to ping VLAN 2 PCs's in switch2 and the same becomes for VLAN 3. It seems to me very strange.

Any advice to match where the configuration lacks or it's wrong is very very appreciated.

If You need any other information tell to me.

Thank You.

Netstudent · June 2007

You need to make the outside switches VTP clients before you start your vlan configuration. I think Boson puts all switches in a VTP domain called BIGDOMAIN or something like and all switches are servers by default. So as soon as you load that topology, I think you will already have a VTP domain setup. I could be wrong on that though.

ALso try creating a subinterface on the router for vlan1. Give it a subnet.
Then go to switch 3 and give switch 3 an interface vlan 1 IP in that subnet.

Also need to know which switchports are being used on switch 3...what port is conected to switch 2? port to switch 1? port to router?

I learned that trunk ports forward all VLANS by default. By putting those trunk ports as switchport access vlan#, you are blocking the other vlan.

Also make sure you are using a sim router with a FAst ethernet interface not an Ethernet.

rjbarlow · June 2007

Hi Netstudent, I just tried some of your advices, but still don't works.

ALso try creating a subinterface on the router for vlan1. Give it a subnet.
Then go to switch 3 and give switch 3 an interface vlan 1 IP in that subnet.

The VTP Domain is for all three switchs "augh" (that's the first name that has come in mind

), output show like follows for all 3 switchs:

switch1#show vtp status
VTP Version : 2
Configuration Revision : 2
Maximum VLANs supported locally : 64
Number of existing VLANs : 7

VTP Operating Mode : Server
VTP Domain Name : augh
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled

For that:

I learned that trunk ports forward all VLANS by default. By putting those trunk ports as switchport access vlan#, you are blocking the other vlan.

don't think, because however the ports on switch3 are all in trunk mode as You see, not access and in that way all PCs in the same vlan on different switchs can ping succesfully.

Also need to know which switchports are being used on switch 3...what port is conected to switch 2? port to switch 1? port to router?

For that soon will post an image with ports.

Thanks.

rjbarlow · June 2007

For that soon will post an image with ports.

Done!

Netstudent · June 2007

Makse sure you have issued a NO SHUT on the router's physical ethernet interface.
int E0
no shut

Also, WITH the commands in red enabled, can you ping from PC to PC in vlan 3?

It looks to me like the commands in red are causing the problem because as you stated you cannot ping the router. The frame is getting blocked before it ever gets to the router.

If the switchport access vlan# command is not conflicting with the switchport mode trunk command, then you should be able to get to the router. If you cannot ping your Def Gate then you cannot perfrom inter-vlan routing.

Another thing is, I don't think VTP will propogate information on VLAN port assignments. Only the creation of the VLAN.

widjerd · June 2007

i find in boson that you are unable to ping subinterfaces, but i created a small version of what you are doing, and i couldnt ping the default gateway/subinterface but i could ping the pc on the other vlan despite this.

Netstudent · June 2007

What model router did you choose? Okay I just configured the exact same Network and got it to work fine without using those switchport access vlan # commands on top of the sitchpoer mode trunk command. Give me 1 minute to copy and paste the configs

Netstudent · June 2007

Router1:

!
Version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
!
ip subnet-zero
!
!
!
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
interface FastEthernet0/0
no ip address
no ip directed-broadcast
!
interface FastEthernet0/0.1
encapsulation dot1q 1
ip address 192.168.0.100 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1q 2
ip address 192.168.1.100 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1q 3
ip address 192.168.2.100 255.255.255.0
!
!
ip classless
no ip http server
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!
no scheduler allocate

Switch1:

Version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname switch1
ip name-server 0.0.0.0
!
!
!
ip subnet-zero
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/4
switchport mode access
switchport access vlan 3
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
vtp domain bigdomain
interface Vlan 1
ip address 192.168.0.12 255.255.255.0
no ip route-cache

vlan 2 name sales

vlan 3 name marketing
!
ip classless
no ip http server
!
!
line con 0
transport input none
line aux 0
line vty 0 15
!
no scheduler allocate

Switch2

Version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname switch2
ip name-server 0.0.0.0
!
!
!
ip subnet-zero
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/4
switchport mode access
switchport access vlan 3
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
vtp domain bigdomain
interface Vlan 1
ip address 192.168.0.13 255.255.255.0
no ip route-cache

vlan 2 name sales

vlan 3 name marketing
!
ip classless
no ip http server
!
!
line con 0
transport input none
line aux 0
line vty 0 15
!
no scheduler allocate
end

Switch3

Version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname switch3
ip name-server 0.0.0.0
!
!
!
ip subnet-zero
spanning-tree extend system-id
ip default-gateway 192.168.0.100
!
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport mode trunk
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
vtp domain bigdomain
interface Vlan 1
ip address 192.168.0.11 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.0.100
ip classless
no ip http server
!
!
line con 0
transport input none
line aux 0
line vty 0 15
!
no scheduler allocate
end

elegua · June 2007

Hi.

Do this in the router:

interface FastEthernet0/0 
no ip address 
no ip directed-broadcast 
! 
interface FastEthernet0/0.1 
encapsulation dot1q 1 native 
ip address 192.168.2.100 255.255.255.0 
! 
interface FastEthernet0/0.2 
encapsulation dot1q 2 
ip address 192.168.0.100 255.255.255.0 
! 
interface FastEthernet0/0.3 
encapsulation dot1q 3 
ip address 192.168.2.100 255.255.255.0

In the SW3 do this:

ip default-gateway 192.168.2.100

Let me see the switches conf and let you know.

Hope this help.

Netstudent · June 2007

Boson BOSS 5.0 IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : boson.com
IP Address. . . . . . . . . . . . : 192.168.2.200
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.100

You can also use winipcfg to configure the IP Address

C:>ping 192.168.2.100
Pinging 192.168.2.100 with 32 bytes of data:

Reply from 192.168.2.100: bytes=32 time=60ms TTL=241
Reply from 192.168.2.100: bytes=32 time=60ms TTL=241
Reply from 192.168.2.100: bytes=32 time=60ms TTL=241
Reply from 192.168.2.100: bytes=32 time=60ms TTL=241
Reply from 192.168.2.100: bytes=32 time=60ms TTL=241

Ping statistics for 192.168.2.100: Packets: Sent = 5, Received = 5, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 60ms, Average = 55ms

So in case there was any confusion about being able to ping a subinterface in boson, this proves that you can with the proper configuration.

rjbarlow · June 2007

First, thanks to all for replies,
I want to reply to widjerd that is not possible for me through that configuration I posted to ping the subinterfaces neither the PCs of the other VLAN. (hell and damn the fact I'can't purchase all devices I would have need!).

The router used is a 4500 and the switchs are 2950.

For the other configurations I need some time to try them, I hope tomorrow 9 june (now in my country is already) I will be able to say if I will be successful to make pinging between the PCs of the VLANS.
Thanks again!

rjbarlow

dtlokee · June 2007

For router on a stick the more accepted configuration (as far as the Cisco courseware is concerened) when working with the native vlan would be like this:

Interface FastEthernet1/0  !this will become the untagged native vlan
 ip address 192.168.1.1 255.255.255.0
!
Interface FastEthernet1/0.1
 encapsulation dot1q 2
 ip address 192.168.2.1 255.255.255.0
!
Interface FastEthernet1/0.2
 encapsulation dot1q 3
 ip address 192.168.3.1 255.255.255.0

you can use the "encapsulation dot1q 1 native" to define the untagged vlan on the router but it is extra work to create the additional subinterface when the physical interface works just fine.

Just somthing to keep in mind, it works both ways

rjbarlow · June 2007

Related to this lab I want to say that after I tried few times, the result is that I succeed to ping interface e0/0 and subinterfaces from all PCs belonging to VLAN2, but nothing of nothing from PCs belonging to VLAN3, neither subinterfaces.

I created a different but similar lab with substantially specular configs with result of pinging all subinterfaces from all PCs in all VLANs, (strange Boson netsim...

), but again is not possible to ping PCs of different VLANs from each others.

These are the configs. (refer to the first post for topology):

Router:
!
interface Ethernet0/0
ip address 192.168.0.100 255.255.255.0
no ip directed-broadcast
!
interface Ethernet0/0.1
encapsulation dot1q 3
ip address 192.168.1.100 255.255.255.0
!

Switch1:
!
interface FastEthernet0/1
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode access
switchport access vlan 3
!
interface FastEthernet0/4
switchport mode trunk
switchport trunk encapsulation dot1q
!

Switch2:
!
interface FastEthernet0/1
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 2
!
interface FastEthernet0/3
switchport mode access
switchport access vlan 3
!
interface FastEthernet0/4
switchport mode trunk
switchport trunk encapsulation dot1q
!

Switch3:
!
interface FastEthernet0/1
switchport mode trunk
switchport access vlan 2
switchport trunk encapsulation dot1q
!
interface FastEthernet0/2
switchport mode trunk
switchport access vlan 2
switchport trunk encapsulation dot1q
!
interface FastEthernet0/3
switchport mode trunk
switchport access vlan 3
switchport trunk encapsulation dot1q
!

Any comment would be appreciated.

Ciao.

rjbarlow · June 2007

elegua wrote:

Hi.

Do this in the router:

interface FastEthernet0/0 
no ip address 
no ip directed-broadcast 
! 
interface FastEthernet0/0.1 
----------------> encapsulation dot1q 1 native <---------------
ip address 192.168.2.100 255.255.255.0 
! 
interface FastEthernet0/0.2 
encapsulation dot1q 2 
ip address 192.168.0.100 255.255.255.0 
! 
interface FastEthernet0/0.3 
encapsulation dot1q 3 
ip address 192.168.2.100 255.255.255.0

The command I marked is not supported by boson netsim, I was not able to do that. Sorry.

elegua wrote:
In the SW3 do this:
ip default-gateway 192.168.2.100
Let me see the switches conf and let you know.

Hope this help. [/code]

What the meant of this command?

elegua · June 2007

rjbarlow wrote:
elegua wrote:
Hi.

Do this in the router:
interface FastEthernet0/0 
no ip address 
no ip directed-broadcast 
! 
interface FastEthernet0/0.1 
----------------> encapsulation dot1q 1 native <---------------
ip address 192.168.2.100 255.255.255.0 
! 
interface FastEthernet0/0.2 
encapsulation dot1q 2 
ip address 192.168.0.100 255.255.255.0 
! 
interface FastEthernet0/0.3 
encapsulation dot1q 3 
ip address 192.168.2.100 255.255.255.0 
The command I marked is not supported by boson netsim, I was not able to do that. Sorry.
elegua wrote:
In the SW3 do this:
ip default-gateway 192.168.2.100
Let me see the switches conf and let you know.

Hope this help. [/code]
What the meant of this command?

Hi.

You have to create a native vlan, is you don't have that opcion in you simulator, you have to use real routers to accomplish that, sorry.

The cmd ip default-gateway 192.168.2.100 is for route all the traffic from the vlans to the router, ex, i have 4 vlans at home for users, for those users get access to internet i have to tell the switch the route to get access to internet that is through the switch native vlan, and then the router does the rest.

Sorry, english in not my first lenguage but you can get the main idea.

If you want i can put here my router and switch configuration and you can have a better view, just let me know.

Hope this help.

rjbarlow · June 2007

Thanks elegua, I guessed the purpose of that command, but that I can't find to uderstand is his real utility. In my simulations never I put it.
My question is the follow:
the command ip default-gateway on a switch is absolutely necessary in a situation like that in first post? And why is not issued also on switch1 and 2? Doubt arise to me mainly from the fact that we are speaking about layer 2 switchs and for what I know a layer2 switch don't takes an ARP table in order to make a corespondence between MAC-Address-IP Address and ports.
Then what the switch makes with this information?
Need advice on that.

Router-on-a-stick configuration and VLANS (several things...

Comments