Need help with inter-vlan routing

krazymofo24

I just set up my network, I for some reason can not get the router on a stick to work for some reason. The same configuration works fine on packet tracer checked it twice.

The router I am using is a 2620 and a 2900XL switch I got the IOS that supports Dot1Q encapsulation. I set up port that is physically connected to my only ethernet interface on my router as a trunk. However I'm not able to ping my laptop it shows destination unreachable. I assigned the laptop 192.168.3.3 and 255.255.255.0, and 192.168.3.1 as gateway. My router has fa0/0.2 as 192.168.3.1 encap dot1q 3. I assigned my laptop's port on the switch to access vlan 3. I checked the settings and everything appears to be correct.

Any advice would be appreciated.

Another question I have is I want to set up lab that will help me both with CCNA, and CCNP, I am probably going to pick up a 1760 router this week.

I wanted to know the main differences between the 2950 vs 2900XL as far as features that are required for CCNP...I know SSH doesn't work my routers dont support it either. I'm hoping the 1760 will. Other than that what are some of the key features the 2900XL's and 2600 Series non-XM lacking?

mella060

I know this may be a silly question but is the ethernet port on the router up. Did you do a no shutdown on the port ?

What output do you get when you do a show ip int br on the router ?

mikej412

Can the PC ping the gateway ip address? If you do have everything configured correctly, then it's usually the PC firewall when you can't ping the PC.

Check out table 2 in this Cisco doc for the 2900XL vs 2950 (SI and EI) comparison.
Catalyst 2950 Series Software Feature Comparison--SI and EI [Cisco Catalyst 2950 Series Switches] - Cisco Systems

If SSL doesn't work on your routers, it's probably because you don't have an IOS image installed that supports it -- even the old 2500 IOS Images with Crypto support did SSH version 1.

If you use 2900XL's and 2600s (instead of 2950s or 2960s or 2600XM routers) then you may not have access to all the commands you'd want to practice. The 2600 routers don't support SDM -- but you'd be fine there as long as you have one router that does (check the CCNA FAQ for the SDM link to the supported routers). A 2924-XL-EN works fine as a 3rd switch for those STP scenarios and lets you practice ISL Trunking if Cisco still tests on that.

beef1218

Agree with Mike, to ping your host from your route, you have to turn off your windows firewall.

krazymofo24

Thanks for the link. I can ping fine when I connect my laptop back up the internet router. Also it's not timing out it's saying destination host unreachable. I double checked settings again, and in doing that I discovered another issue with this router. I can't get the startup config to save. I recently flashed it with an IOS that supports the DOT1Q. I saved my configuration last night, and powered off router, checked it today and every setting is gone. I tried another copy run start and reloaded same thing just extracts the IOS and it's back to square one.

Am I suppose to do another command to get the startup config to save for the first time?

Anyways I'm a bit disappointed with my purchases so far not doing anything I want it to do.

mikej412

krazymofo24 wrote: »

I tried another copy run start and reloaded same thing just extracts the IOS and it's back to square one.

Did you do a "show start" to see if had saved before you reloaded?

Did you do a "show version" and check the configuration register setting? Square one sounds like it could be 0x2142 configuration register, rather than the 0x2102 you normally want to see on a router.

krazymofo24

Thanks that was definitely it...I should have known that. Well I guess now it's on to trying another switch when I get a chance. The router will ping the subinterfaces the ip I set them, but it wont ping the host.

This is the steps I have taken:

I assigned my physical port FA0/0 to an ip address 192.168.0.1 255.255.255.0 and did a no shut.

I assigned fa0/0.1 192.168.1.50 255.255.255.0 and also put in encapsulation do1q 1.
So this should be the network to VLAN 1 on my switch to my understanding. I wanted to use this to connect to my internet router.

I assigned fa0/0.2 to 192.168.2.1 255.255.255.0 with encapsulation dot1q 2 to access vlan 2.

I then setup my switch.

I assign FA0/1 to trunk which is port that is connected to my router's fa0/0. I assign fa0/3 to VLAN 2, and connect my laptop to that port. I set up my laptop to 192.168.2.3 255.255.255.0 gateway 192.168.2.1

Ping = destination unreachable. I connect cord to my internet router and enable DHCP and i'm able to ping fine.

I am not sure what could be wrong.

miller811

krazymofo24 wrote: »

Thanks that was definitely it...I should have known that. Well I guess now it's on to trying another switch when I get a chance. The router will ping the subinterfaces the ip I set them, but it wont ping the host.

This is the steps I have taken:

I assigned my physical port FA0/0 to an ip address 192.168.0.1 255.255.255.0 and did a no shut.

I assigned fa0/0.1 192.168.1.50 255.255.255.0 and also put in encapsulation do1q 1.
So this should be the network to VLAN 1 on my switch to my understanding. I wanted to use this to connect to my internet router.

I assigned fa0/0.2 to 192.168.2.1 255.255.255.0 with encapsulation dot1q 2 to access vlan 2.

I then setup my switch.

I assign FA0/1 to trunk which is port that is connected to my router's fa0/0. I assign fa0/3 to VLAN 2, and connect my laptop to that port. I set up my laptop to 192.168.2.3 255.255.255.0 gateway 192.168.2.1

Ping = destination unreachable. I connect cord to my internet router and enable DHCP and i'm able to ping fine.

I am not sure what could be wrong.

Take the ip address off of the phyiscal interface.
Shut it down, then bring it back up.

The physical port on the router will not have an IP address.

networker050184

If VLAN 1 is your native you are going to want to use the encapsulation dot1q 1 native on the router sub.

krazymofo24

I took the ip off fa0/0, shut down and brought it back up, still have the same issue.

It does not allow me to set encap dot1q 1 native. After encap dot1q 1 ? only option is <CR>

I have my laptop set up in vlan 2.

miller811

port your running config from your router and switch,

here is mine

interface FastEthernet0/0
no ip address
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 172.16.30.254 255.255.255.0
!
interface FastEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.100.254 255.255.255.0
!
interface FastEthernet0/0.101
encapsulation dot1Q 101
ip address 192.168.101.254 255.255.255.0
!
interface FastEthernet0/0.102
encapsulation dot1Q 102
ip address 192.168.102.254 255.255.255.0
!
interface FastEthernet0/0.103
encapsulation dot1Q 103
ip address 192.168.103.254 255.255.255.0
!
switch - trunk port

interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk

access ports

interface FastEthernet0/10
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 102
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 103
switchport mode access
spanning-tree portfast

krazymofo24

Man...I guess I feel dumb I should have looked it up in the book again before posting. I assumed it was right because it worked in packet tracer. One example on why a real lab is better than a simulator. I did only switchport mode trunk and did not include encapsulation dot1q. I just added that on the switch and it works now. Thanks again for your guys help.

My next move is to try to get it connected to my internet router. My router is FIOS so it has tv's hooked up to it as well, I am planning on keeping it as the primary router for the internet.

On the 4 ports switch portion of the internet router I am assuming I assign my router 192.168.1.50 the one I put in for my router as fa0/0.1 and to access vlan 1. I then would create a default route 0.0.0.0 0.0.0.0 to internet router's gateway 192.168.1.1. I'm assuming then the router will forward it out the internet's ip address.
My internet router does let me set up static routes...I would create static routes to get back to my networks on the cisco routers right?

I don't have an extra interface so I have to go through the switch and router on a stick to connect to the internet router.

mikej412

krazymofo24 wrote: »

did not include encapsulation dot1q.

If you used a 2950 or 2960 switch in Packet Tracer, it only supports 802.1Q -- so you don't have to enter it.

On an older switch like the 2900XL (or newer/bigger switches that still support ISL) you'd have to tell it to use 802.1Q -- or it would (probably) default to Cisco's own ISL.

beef1218

krazymofo24, thank you for bringing this problem up.
I didn't find out what was wrong in your config because I used 2 2950s and didn't need to config the Dot1q.
Your problem helped me learn.

billscott92787

Hey mike thanks for pointing that out. I was lost at first when I was trying to find the same config on my 2950 switch. But then I remember reading in my ICND2 book that newer devices only support 802.1q. I did the same thing as here.


FastEthernet0/0.1 is up, line protocol is up
Hardware is AmdFE, address is 000b.bea4.bde0 (bia 000b.bea4.bde0)
Internet address is 192.168.3.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 3.
ARP type: ARPA, ARP Timeout 04:00:00
Last clearing of "show interface" counters never

interface FastEthernet0/0.1
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0


I set the Fa0/1 interface on the switch to basically just trunk mode:

interface FastEthernet0/1
switchport mode trunk
no ip address


I tried to ping from the host to the router, It was successful, then tried from the router to the PC and it wouldn't go through. I then did as you said and disabled windows firewall and BAM!!!!! It worked Thanks for pointing that out. I stored that in my vault. Gosh, I love having real equipment to touch I am in heaven in my basement. LOL

miller811

[ Gosh, I love having real equipment to touch I am in heaven in my basement. LOL[/QUOTE]

Have fun down there, but not too much fun, your making us nervous....