Problem with Router-on-a stick, help please.

beef1218beef1218 Member Posts: 65 ■■□□□□□□□□
in CCNA & CCENT
Hi,
I am studying for my CCNA and having problem setting up Router-on-a-stick. I watched this part in both video and the book. I think I have set everything but still it is not working. Each host can only ping the subinterface of their own default-gateway on the router. They cannot ping the subinterface of others’ default-gateway.

Please help. Thank you very much!

Here is my set up: I am actually using a 1721 router and a 2950 switch.
15e1f6c236dd9f963c00647453ffd489.jpg

Here is my config:
SW2950#show vlan bri

VLAN Name Status Ports
----
1 default active Fa0/3, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12
2 VLAN-2 active Fa0/2
4 VLAN0004 active Fa0/4
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

SW2950#show int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/1 1-4094
Port Vlans allowed and active in management domain
Fa0/1 1-2,4
Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1-2,4

R1721(config)#int fa0.2
R1721(config-subif)#encapsulation dot1Q 2
R1721(config-subif)#ip address 194.1.2.1 255.255.255.0
R1721(config-subif)#int fa0.4
R1721(config-subif)#encapsulation dot1Q 4
R1721(config-subif)#ip address 194.1.4.1 255.255.255.0

R1721#show ip int bri
Interface IP-Address OK? Method Status Protocol
FastEthernet0 unassigned YES manual up up
FastEthernet0.2 194.1.2.1 YES manual up up
FastEthernet0.4 194.1.4.1 YES manual up up
Serial0 unassigned YES NVRAM administratively down down
Serial1 193.1.1.1 YES NVRAM down down


R1721#show int fa0.2
FastEthernet0.2 is up, line protocol is up
Hardware is PQUICC_FEC, address is 000d.ed1b.69b5 (bia 000d.ed1b.69b5)
Internet address is 194.1.2.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 2.
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of "show interface" counters never

R1721#show int fa0.4
FastEthernet0.4 is up, line protocol is up
Hardware is PQUICC_FEC, address is 000d.ed1b.69b5 (bia 000d.ed1b.69b5)
Internet address is 194.1.4.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 4.
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of "show interface" counters never

R1721#show run
Building configuration...

Apr 3 08:11:44.487: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1131 bytes
!
! Last configuration change at 08:11:44 UTC Fri Apr 3 2009
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R1721
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$8xf/$wKWdRftcgl2YodmAUnCHK.
!
memory-size iomem 25
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
no ip domain lookup
!
ip cef
ip audit po max-events 100
!
!
interface FastEthernet0
no ip address
speed auto
!
interface FastEthernet0.2
encapsulation dot1Q 2
ip address 194.1.2.1 255.255.255.0
!
interface FastEthernet0.4
encapsulation dot1Q 4
ip address 194.1.4.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation ppp
shutdown
clock rate 64000
!
interface Serial1
ip address 193.1.1.1 255.255.255.0
encapsulation ppp
clock rate 64000
!
ip default-gateway 194.1.1.1
ip classless
no ip http server
no ip http secure-server
!
!
alias exec s show ip int bri
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
password 7 104D000A0618
login
!
end


SW2950#show run
Building configuration...

Current configuration : 1209 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname SW2950
!
enable secret 5 $1$DS5z$WYzDrsxptglKwORD0ekZJ.
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport mode trunk
no ip address
!
interface FastEthernet0/2
switchport access vlan 2
no ip address
!
interface FastEthernet0/3
no ip address
!
interface FastEthernet0/4
switchport access vlan 4
no ip address
!
interface FastEthernet0/5
no ip address
!
interface FastEthernet0/6
no ip address
!
interface FastEthernet0/7
no ip address
!
interface FastEthernet0/8
no ip address
!
interface FastEthernet0/9
no ip address
!
interface FastEthernet0/10
no ip address
!
interface FastEthernet0/11
no ip address
!
interface FastEthernet0/12
no ip address
!
interface Vlan1
ip address 194.1.1.21 255.255.255.0
no ip route-cache
!
interface Vlan20
no ip address
no ip route-cache
shutdown
!
ip http server
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
password 7 030752180500
login
line vty 5 15
password 7 030752180500
login
!
end


Another question: There is not a vlan20 on 2950, but it still shows a VLAN20 in its "show run". Why?
· Share on FacebookShare on Twitter

Comments

  • jovan88jovan88 Member Posts: 393
    I would have posted the show run :D
    · Share on FacebookShare on Twitter
  • beef1218beef1218 Member Posts: 65 ■■□□□□□□□□
    jovan88 wrote: »
    I would have posted the show run :D

    Thank you.
    I added the "show run" for both 2950 and 1721.
    Also, there is not a "vlan20" on my 2950, but it still shows a "vlan20" in its "show run". Why?
    · Share on FacebookShare on Twitter
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Can the router ping both hosts?

    Is this packet tracer or real hardware?

    If it's real hardware, are the PCs running firewall software (or the XP/Vista firewall)? If they aren't, check again, because it sounds like a PC firewall issue.

    If it's packet tracer, save your configuration, close out packet tracer, smack your monitor, and see if it works when you restart packet tracer.


    The only VLAN 20 I see in the configs is that VLAN 20 Interface -- use the no interface VLAN 20 command to get rid of it.
    :mike: Cisco Certifications -- Collect the Entire Set!
    · Share on FacebookShare on Twitter
  • beef1218beef1218 Member Posts: 65 ■■□□□□□□□□
    mikej412 wrote: »
    Can the router ping both hosts?

    Is this packet tracer or real hardware?

    If it's real hardware, are the PCs running firewall software (or the XP/Vista firewall)? If they aren't, check again, because it sounds like a PC firewall issue.

    If it's packet tracer, save your configuration, close out packet tracer, smack your monitor, and see if it works when you restart packet tracer.


    The only VLAN 20 I see in the configs is that VLAN 20 Interface -- use the no interface VLAN 20 command to get rid of it.

    Thank you, mike.
    This is real hardware. The router can ping both hosts. I disabled the firewall already but still got no luck.
    I also tried using packet tracer, and it worked. I think it means my setting is fine.
    I just don't understand why the real hardware is not working. In the Train Signal, the instructor said if the host could only ping its own default-gateway, it was usually the router's problem.
    Unfortunately, this 1721 is my only router that has FA port, and I really wanna figure our why it is not working.
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Do your hosts have the correct default gateway set? Config looks good to me.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • beef1218beef1218 Member Posts: 65 ■■□□□□□□□□
    networker050184 wrote: »
    Do your hosts have the correct default gateway set? Config looks good to me.

    Thank you.
    The config on the host is correct. Since I could make it work using packet tracer, I think my config is fine too.

    However, what prevents the real hardware from working? Is it my router's problem?
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    beef1218 wrote: »
    Thank you.
    The config on the host is correct. Since I could make it work using packet tracer, I think my config is fine too.

    However, what prevents the real hardware from working? Is it my router's problem?


    Not sure what your issue is. Turn off cef and then do a debug ip packet and see if the ping is making it there and being sent out the correct interface.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    beef1218 wrote: »
    I disabled the firewall already
    Disable the firewalls again!!

    Does a show ip route on the router show the connected networks?

    Try to ping (use the extended ping or ping with source option) the PCs from the router using a different interface as your source. If you can only ping using the local interface, it still sounds like a PC firewall issue.

    What firewall(s) do you have on the PCs? What Anti-Virus/Internet Protection Suites do you have on the PCs?

    If all else fails -- debug icon_eek.gif

    Since this is just a lab exercise, feel free to liberally use the debug commands on the router. Just remember to always think before you debug -- you don't want to pick up the "debug habit" and do it some day on a production network (and bring it to a screeching, crashing halt). :D
    :mike: Cisco Certifications -- Collect the Entire Set!
    · Share on FacebookShare on Twitter
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Like Mike said watch your debugs on production equipment! I usually leave debugs running for what ever I'm doing in a lab though whether it be OSPF, BGP or VPNs. Watching what the router is actually doing is the best way to learn IMO.
    An expert is a man who has made all the mistakes which can be made.
    · Share on FacebookShare on Twitter
  • beef1218beef1218 Member Posts: 65 ■■□□□□□□□□
    mikej412 wrote: »
    Disable the firewalls again!!

    Does a show ip route on the router show the connected networks?

    Try to ping (use the extended ping or ping with source option) the PCs from the router using a different interface as your source. If you can only ping using the local interface, it still sounds like a PC firewall issue.

    What firewall(s) do you have on the PCs? What Anti-Virus/Internet Protection Suites do you have on the PCs?

    If all else fails -- debug icon_eek.gif

    Since this is just a lab exercise, feel free to liberally use the debug commands on the router. Just remember to always think before you debug -- you don't want to pick up the "debug habit" and do it some day on a production network (and bring it to a screeching, crashing halt). :D

    I finally found out the problem!
    I have 2 NIC on my PC, one connects to my home lab switch and the other one connects to WAN (a linksys router).
    The router-on-a-stick works the second I disable the NIC that connects to the WAN. I had no problem using home lab before with both NIC enable. This is the first time I have to disable a NIC to make the other works.
    I don't know why this happened. It is very inconvenient since I need internet access for resources while using home lab. Does anyone know how to fix this?
    Thank you.
    · Share on FacebookShare on Twitter
  • ccnacertified2000ccnacertified2000 Member Posts: 27 ■■□□□□□□□□
    Set your default gateway to be the ip address of the lab router.
    · Share on FacebookShare on Twitter
  • beef1218beef1218 Member Posts: 65 ■■□□□□□□□□
    ccnacertified2000 wrote: »
    Set your default gateway to be the ip address of the lab router.

    I'm not sure what you mean. For the NIC for homelab on my PC, I set the default gateway to be a of the subinterface of the lab router. For the NIC for WAN, I set the default to be my linksys router.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.