ROAS Problem

boostinbadger

I have configured a ROAS network and am having some problems getting things to fully work.

I have a 1760 doing inter-vlan routing connected to a distribution layer 2940 switch. The 2940 is configured for trunking out it's gig0/1. I then have three 2924XLs connected to the 2940's fa 0/1 -fa 0/3 ports. The first 2924 has all it's ports as members of vlan 10, the second vlan 20, and the third, vlan 30. Each 2924 has it's fa 0/24 configured to trunk.

When I do CDP neighbor on the 1760, I can see the 2940 and vice versa. When I do a CDP neighbor on the 2940, I do not see the 2924XLs.

The 1760 has three sub-interfaces 0/0.10 through 0/0.30, each representing a vlan.

0/0.10 - 10.10.1.1 255.255.0.0
0/0.20 - 10.20.1.1 255.255.0.0
0/0.30 - 10.30.1.1 255.255.0.0

Each 2924 has an ip default-gateway set for it's sub interface on the router.

eg. VLAN10_2924XL - ip default-gateway 10.10.1.1

Here are the configs:

R1_1760#show conf
Using 1671 out of 29688 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1_1760
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip cef
!
no ip domain lookup
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.10.1.1 255.255.0.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 10.20.1.1 255.255.0.0
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 10.30.1.1 255.255.0.0
!
interface Serial0/0
ip address 172.12.123.1 255.255.255.0
encapsulation frame-relay
ip ospf authentication
ip ospf authentication-key 7 0110050A4B1F031C35
frame-relay map ip 172.12.123.1 221 broadcast
frame-relay map ip 172.12.123.2 122 broadcast
frame-relay map ip 172.12.123.3 123 broadcast
no frame-relay inverse-arp
!
interface Serial0/1
ip address 172.12.13.1 255.255.255.0
encapsulation ppp
clock rate 56000
ppp authentication chap
!
interface BRI1/0
no ip address
encapsulation hdlc
shutdown
!
router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 1
network 172.12.13.0 0.0.0.3 area 13
network 172.12.123.0 0.0.0.255 area 0
neighbor 172.12.123.2 priority 1
neighbor 172.12.123.3 priority 1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
control-plane
!
line con 0
exec-timeout 0 0
logging synchronous
login
line aux 0
line vty 0 4
login
!
end
*******************************************
DISTRO_2924#show conf
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname DISTRO_2940
!
ip subnet-zero
!
no ip domain-lookup
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode access
speed 100
duplex full
mdix auto
!
interface FastEthernet0/2
switchport mode access
speed 100
duplex full
mdix auto
!
interface FastEthernet0/3
switchport mode access
speed 100
duplex full
mdix auto
!
interface FastEthernet0/4
mdix auto
!
interface FastEthernet0/5
mdix auto
!
interface FastEthernet0/6
mdix auto
!
interface FastEthernet0/7
mdix auto
!
interface FastEthernet0/8
mdix auto
!
interface GigabitEthernet0/1
switchport mode trunk
speed 100
duplex full
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
no ip address
no ip route-cache
!
interface Vlan20
no ip address
no ip route-cache
!
interface Vlan30
no ip address
no ip route-cache
!
ip http server
!
line con 0
exec-timeout 0 0
logging synchronous
login
line vty 0 4
exec-timeout 0 0
logging synchronous
login
line vty 5 15
exec-timeout 0 0
logging synchronous
login
!
end
********************************
LAN30_2924XL#show conf
Using 2120 out of 32768 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname VLAN30_2924XL
!
ip subnet-zero
no ip domain-lookup
!
interface FastEthernet0/1
switchport access vlan 30
!
interface FastEthernet0/2
switchport access vlan 30
!
interface FastEthernet0/3
switchport access vlan 30
!
interface FastEthernet0/4
switchport access vlan 30
!
interface FastEthernet0/5
switchport access vlan 30
!
interface FastEthernet0/6
switchport access vlan 30
!
interface FastEthernet0/7
switchport access vlan 30
!
interface FastEthernet0/8
switchport access vlan 30
!
interface FastEthernet0/9
switchport access vlan 30
!
interface FastEthernet0/10
switchport access vlan 30
!
interface FastEthernet0/11
switchport access vlan 30
!
interface FastEthernet0/12
switchport access vlan 30
!
interface FastEthernet0/13
switchport access vlan 30
!
interface FastEthernet0/14
switchport access vlan 30
!
interface FastEthernet0/15
switchport access vlan 30
!
interface FastEthernet0/16
switchport access vlan 30
!
interface FastEthernet0/17
switchport access vlan 30
!
interface FastEthernet0/18
switchport access vlan 30
!
interface FastEthernet0/19
switchport access vlan 30
!
interface FastEthernet0/20
switchport access vlan 30
!
interface FastEthernet0/21
switchport access vlan 30
!
interface FastEthernet0/22
switchport access vlan 30
!
interface FastEthernet0/23
switchport access vlan 30
!
interface FastEthernet0/24
duplex full
speed 100
switchport mode trunk
!
interface VLAN1
no ip directed-broadcast
no ip route-cache
!
interface VLAN30
ip address 10.30.1.2 255.255.0.0
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 10.30.1.1
!
line con 0
exec-timeout 0 0
logging synchronous
login
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
logging synchronous
login
line vty 5 15
exec-timeout 0 0
logging synchronous
login
!
end

Morty3

I didnt read your configs, but for your information, the switch only needs a defualt gateway for you to be able to SSH into it. It is not like a PC, that always needs a defualt gateway (for inter-vlan routing).

Hope I did not fail now, hehe :P

Netwurk

boostinbadger wrote: »

interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.10.1.1 255.255.0.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 10.20.1.1 255.255.0.0
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 10.30.1.1 255.255.0.0

******

router ospf 1
log-adjacency-changes
network 1.1.1.1 0.0.0.0 area 1
network 172.12.13.0 0.0.0.3 area 13
network 172.12.123.0 0.0.0.255 area 0
neighbor 172.12.123.2 priority 1
neighbor 172.12.123.3 priority 1

One thing I noticed is that you don't have the 10 dot networks in your ospf config

mikej412

boostinbadger wrote: »

When I do a CDP neighbor on the 2940, I do not see the 2924XLs.

Is that the question/problem?

Are the ports active?

Are you using crossover cables?

Did you do a show cdp and show cdp neighbor on the 2924XLs?

creamy_stew

Um.. I should google this more thoroughly before asking, but what the sweet Jebus is ROAS?

creamy_stew

Oh, never mind. Router on a Stick, got it. Is that a commonly used acronym?

p.s. Panic averted

boostinbadger

Thanks for the gateway info. I did not know that.

I now I don't have the 10. network in my OSPF configs yet, but I don't need to get passed the fa port on that router. I just want the 2924s to communicate through ROAS.

The ports are active and they are crossover.

I have run both CDP commands. The 2924s do not show the 2940 and vice versa.

I am getting this error message on each 2924 for the trunk port:

1d19h: %LINK-4-ERROR: FastEthernet0/24 is experiencing errors

mikej412

boostinbadger wrote: »

hostname VLAN30_2924XL
!

interface VLAN1
no ip directed-broadcast
no ip route-cache
!
interface VLAN30
ip address 10.30.1.2 255.255.0.0
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 10.30.1.1
!

This switch wouldn't be able to ping the Router subinterface with IP 10.30.1.2 since VLAN30 is shutdown.... is that one of your problems?

boostinbadger

Thank you Mike...yes that is a problem. I do a no shut and it still stays down. I forgot to mention that.

mikej412

boostinbadger wrote: »

1d19h: %LINK-4-ERROR: FastEthernet0/24 is experiencing errors

What do you get when you do a show interface status command?

Have you done a show interface trunk command to see if your trunk has formed correctly (and encapsulation matches)?

Did you swap out the cable with a known good working cable.

Is that error just on the one port? Or is it on all the 2924XL ports

captobvious

boostinbadger wrote: »

LAN30_2924XL#show conf
Using 2120 out of 32768 bytes
!
interface FastEthernet0/24
duplex full
speed 100
switchport mode trunk
!
1d19h: %LINK-4-ERROR: FastEthernet0/24 is experiencing errors

My guess is that the encapsulation doesn't match on the trunk ends. I have a 2924XL in my lab setup and I got the same errors when I didn't set the encapsulation on the trunk port, switchport trunk encapsulation dot1q. My other switches are 2950 which default to dot1q.

boostinbadger

OK...It was an encapsulation mismatch on the 2924s. When I do a show cdp neighbor now I can see the 2924s from the 2940. The ports on the 2940 or lit amber though.

boostinbadger

Nevermind. I went back and checked the 2940. Fa 0/1 -3 where not set as trunks...thus showing the amber light.

boostinbadger

I am getting somewhere now.

When I try to ping a sub-interface on the router from the 2940, this is what I get:

DISTRO_2940#ping 10.10.1.1
% Unrecognized host or address, or protocol not running.

If I type ping enter and select IP, this is what I get:

DISTRO_2940#ping
Protocol [ip]:
% Unknown protocol - "", type "ping ?" for help

I imagine this has something to do with my problem.

mikej412

Do a show ip interface brief on the 2940..... have you configured an administrative ip address and default gateway?

boostinbadger

Do you mean for vlan 1? What would the gateway be?

mikej412

boostinbadger wrote: »

Do you mean for vlan 1? What would the gateway be?

Well, it could be VLAN 1.... if you have an ip address configured on it. Or it could be VLAN 20 or VLAN 30 -- if that's where you've configured an IP address.

The gateway would be the Router IP that's on that VLAN.

boostinbadger

I just gave vlan 1 on the 2940 an ip address of 10.1.1.1. Do I need to create vlans 10, 20, and 30 on the 2940?

boostinbadger

Correct me if I am wrong please, but the 1760's fa port does not get an ip address? Only the subinterfaces of that port do.

mikej412

boostinbadger wrote: »

Correct me if I am wrong please, but the 1760's fa port does not get an ip address? Only the subinterfaces of that port do.

Right.

If you put the 2940 in VLAN 1 (and gave it an IP Address in that subnet), then you probably need to create another subinterface on the 1760 for that subnet so that the 2940 can have a default gateway (and talk to/be accessible from other devices).

boostinbadger

Thanks Mike! I have ip communication between the router and the 2940 now. However, when I am on the third 2924 (VLAN30_2924XL) and try to ping 10.10.1.1 (vlan 10 sub-interface on the router), it fails.

mikej412

boostinbadger wrote: »

when I am on the third 2924 (VLAN30_2924XL) and try to ping 10.10.1.1 (vlan 10 sub-interface on the router), it fails.

Make sure you can ping 10.30.1.1 first.... that's the default gateway for that switch, right?

Use the commands to troubleshoot.... what does cdp show you?

Does the show ip interface brief command show the correct/expected IPs in an UP/UP state? Check both sides of the connections.

What's the status of any trunk links?

etc....

Since that 10.10.1.1 IP should be a directly connected interface (subinterface) on the 1760 (right?) it's not a routing issue....

boostinbadger

The gateway for that switch is 10.30.1.1, but it can't ping it.

Running show cdp neighbor on the 2924s shows the 2940. On the third 2924, it shows administratively down. I go to global config and type in interface vlan 30 and do a no shut and nothing happens...still administratively down.

Does the distribution layer 2940 need to have the 10, 20, and 30 VLANS?

kryolla

boostinbadger wrote: »

The gateway for that switch is 10.30.1.1, but it can't ping it.

Running show cdp neighbor on the 2924s shows the 2940. On the third 2924, it shows administratively down. I go to global config and type in interface vlan 30 and do a no shut and nothing happens...still administratively down.

Does the distribution layer 2940 need to have the 10, 20, and 30 VLANS?

Yes the 2940 need all vlans configured that are traversing the trunk to 1760. Spanning-tree needs to be forwarding and only allow those specific vlans

boostinbadger

I created the VLANs on the 2940. When I do a no shut on VLAN 10, it shuts down VLAN 1. When I do a no shut on VLAN 20, it shuts down VLAN 10. Also the ip address for VLAN 1 moves to the VLAN that has just been turned on.

Could someone explain this?

mikej412

On a layer 2 switch you can only have 1 administrative interface (and 1 IP address) -- which gets defined under the interface vlan command. As you found you can create as many as you want, but only one can be active at a time on a layer 2 switch -- but layer 3 switches are a different story which you'll learn about studying someday for the BCMSN CCNP exam.

Don't confuse creating an administrative interface on a layer 2 switch using the interface vlan command with the creation of VLANs, which can be done via the global config vlan command, the old vlan database command, or depending on the VTP configuration and switch mode -- propogated from a server switch via VTP or created by assigning an access port to a vlan via the switchport command.