Slippin My Mind

boostinbadger · August 2011

I am racking my brain trying to figure out why I can't make this work. Here is the topology:

E4200
|
1760
|
2950
|
3524

I have the E4200 in fa 0/0 and the 2950 uplinked to the 1760 in fa 0/1 (WIC-4ESW). My PC is plugged into the 2950 but will not make it's way to the internet.

Here is the 1760 config:

interface FastEthernet0/0
ip address 10.59.1.4 255.255.255.224
speed auto
!
interface FastEthernet0/1
switchport trunk native vlan 59
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface Vlan1
no ip address
!
interface Vlan59

!
ip default-gateway 10.59.1.1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.59.1.1
!
ip http server
ip http secure-server
!
voice-port 2/0
!
voice-port 2/1
!
voice-port 2/2
!
voice-port 2/3
!

CaySpekko · August 2011

I'm assuming internet comes from E4200 on port 0/0, and I'm assuming you've got NAT configured on that device.

I'm also assuming the whatever port from the 2950 you have connected to fa0/1 is also trunking and using vlan 59 as it's native vlan. Also assuming the switch port on the 2950 that your computer is plugged in is configured as switch-port access vlan 59 and your pc is configured ip address in the 10.59.1.0/27 range with a default gateway of 10.59.1.1 or 10.59.1.4.

So as long as that's the way the other equipment is set up you should get have internet, but if not, can you ping 10.59.1.4 from your host?

boostinbadger · August 2011

Yes all of the assumptions are true and yes I can ping from the host. Sorry I forgot all that stuff...it was late. Here is the 2950 config:

spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree uplinkfast
!
interface FastEthernet0/1
switchport access vlan 59
switchport mode access
spanning-tree portfast
!

blah blah blah

!
interface FastEthernet0/23
switchport access vlan 59
switchport trunk native vlan 59
switchport trunk pruning vlan 59
switchport mode trunk
!
interface FastEthernet0/24
switchport trunk native vlan 59
switchport trunk pruning vlan 59
switchport mode trunk
!
interface FastEthernet0/25
!
interface FastEthernet0/26
switchport trunk native vlan 59
switchport trunk pruning vlan 59
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan59
ip address 10.59.1.2 255.255.255.224
no ip route-cache
!
ip default-gateway 10.59.1.1
ip http server
!
ntp clock-period 17179968
ntp server 198.82.1.201 key 0 prefer
!
end

It seems the problem is at the 1760 fa 0/0 port but I can't figure it out.

Monkerz · August 2011

Keep in mind, I have never used a 1760 and know nothing about them. Have you tried:

With your config, turning on IP routing if it is not already on?

--or--

Remove the IP from Fa0/0 on the 1760 and assigning it to interface vlan 59, then issuing the no ip routing command on the 1760.

SdotLow · August 2011

Isn't your WIC slot to switch connection considered switch to switch, requiring a crossover cable?

And VLAN 1 on your router has no IP address. I'm not CCNA but that stuck out to me.

Edit: Wait, you can ping the router from your PC through the switch? So 10.59.1.4 is reachable from your host through the switch?

boostinbadger · August 2011

Thanks for the replies!

Monkerz: I have tried taking the ip off fa 0/0 and assigning it to vlan 59.

SdotLow: The WIC is a layer 2 interface and yes typically you would need a crossover but it supports auto-mdix so you are right I can ping from the host through the switch. That is why I think it is a routing issue. That is why I added the static default route.

CaySpekko · August 2011

Can you ping 10.59.1.1 from your host or the 1760? Can your 1760 ping the internet?

hyperrawr9000 · August 2011

What does the routing table look like? For some reason when I look at your config and only see the static default route there it makes me feel like something is wrong.

Ok thinking about this a bit more. your setup is a linksys E4200 home router that connects to the internet. One port on that connects to a cisco 1760 router correct? Another port on the 1760 connects to a 2950 switch and a port on the switch connects to a second switch? If im right the first problem i see is that there is only 1 ip address on the 1760, but 2 ports in use. Even though the switch is connected to 1 of those ports, that port still needs an ip address to be able to route. Second thing i see is that all the ip addresses are in the same subnet, but the router is expected to pass traffic between interfaces. I dont know of any way to make that work. Fa0 and Fa1 should be setup to be in different subnets.

SdotLow · August 2011

hyperrawr9000 wrote: »

What does the routing table look like? For some reason when I look at your config and only see the static default route there it makes me feel like something is wrong.

Ok thinking about this a bit more. your setup is a linksys E4200 home router that connects to the internet. One port on that connects to a cisco 1760 router correct? Another port on the 1760 connects to a 2950 switch and a port on the switch connects to a second switch? If im right the first problem i see is that there is only 1 ip address on the 1760, but 2 ports in use. Even though the switch is connected to 1 of those ports, that port still needs an ip address to be able to route. Second thing i see is that all the ip addresses are in the same subnet, but the router is expected to pass traffic between interfaces. I dont know of any way to make that work. Fa0 and Fa1 should be setup to be in different subnets.

That's what I was thinking when I saw VLAN 1 and no IP address. When he said he could ping the routers interface to the E4200 I just assumed that because his router WIC slot was set to VLAN 59 that meant it wouldn't require an IP address. I haven't jumped in to ICND2 yet so, I haven't a clue why a VLAN wouldn't need an IP assigned.

hiddenknight821 · August 2011

I'm gonna try throw a solution here to see if it works.

Your E4200 is a home router. Your 1760 router should be connect to one of the LAN ports on the E4200.

Since your E4200 LAN ports are technically behind a NAT, I am going to assume it expects DHCP client to connect to it.

So, you should have a straight cable connecting to the Fa0/0 interface on your 1760 router from one of the LAN ports on your E4200. The Fa0/0 interface on the 1760 should be configured as dhcp client by using the "ip address dhcp" command (I think that is the right command if my memory serves me correctly).

Now you should have another interface on your 1760 that connects to your 2950 switch. I am going to assume that interface is Fa0/1 interface. You will need a straight cable, and you should connect it to the appropriate interface on your switch. For this particular Fa0/1 interface, you will need to assign an IP address to it since it's in a different subnet.

Now, using the IP address you assigned on the Fa0/1 interface above, this IP should be your 2950 switch gatway. You may have to statically configure your PC to connect to the network. Unless if you want to dynamically obtain address from the E4200 router, then you would need to set up dhcp helper on the Fa0/1 interface on your 1760 router (again, not sure how that is done).

I think what I have above should work, but since I'm very weak with the VTP/Switchport/Trunking/VLAN stuff, I can't help you troubleshoot since this is out of my hands.

EDIT: I forgot to add, you will need to issue the "IP routing" command on the 1760 router since the E4200 will not know the network on the 1760's Fa0/1 and vice versa.

Timber Wolf · August 2011

Have you configured routes back to your pc in your E4200?

boostinbadger · August 2011

Now that I have thought about it and worked a little more with it, I don't believe it is possible. It would need to have two interfaces with IPs from different subnets to route. In this case the WIC-4ESW is stictly an L2 device. Therefore you cannot assign an IP to fa 0/1. Since this is going to my CME I will just configure router on a stick and use fa 0/0.

hiddenknight821 · August 2011

Just do whatever you can do to figure out the problem. You are keeping us in suspense and it's killing me.

Once you figured it out, tell us how you did it. Thanks.

hyperrawr9000 · August 2011

hmm i didnt know they had pure switching cards you could put in routers. But anyways, you should still be able to put an ip address on there by creating a vlan and assigning an ip address to that vlan, then assigning the vlan to that port. Although that might not be solution to the problem since you still need to fix the subnets so that it can route between the fa0 interface and other routable interfaces. the switch management vlan ip address was still in the same subnet as fa0/0 which definitely wont work properly.

SdotLow · August 2011

Not quite sure how a L2 switch port in a router works.

Would it make sense to, instead of connecting the E4200 to the FA0/0 port, run the E4200 into one of your WIC switch slots. Then run a cable to your 2950 off of the FA0/0 port?

hiddenknight821 · August 2011

boostinbadger wrote: »

Now that I have thought about it and worked a little more with it, I don't believe it is possible. It would need to have two interfaces with IPs from different subnets to route. In this case the WIC-4ESW is stictly an L2 device. Therefore you cannot assign an IP to fa 0/1. Since this is going to my CME I will just configure router on a stick and use fa 0/0.

I just realized there is nothing in the documentation that claims you can't do that. Here is what I found. WIC-4ESW Documentation.

So, you should keep on trying. If I overlook something, then please quote the document where it said you can't do it.

boostinbadger · August 2011

I stand corrected. You guys are right. I did some further research and found

"The 4-port 10/100BASE-TX Ethernet switch is a Layer 2 Ethernet switch with Layer 3 routing capability, and supports a maximum of 16 VLANs. (Layer 3 routing is forwarded to the host, and is not actually performed at the switch.) "

- 4-Port Ethernet Switch Configuration Notes for the Cisco 1700 Series Routers [Cisco 1700 Series Modular Access Routers] - Cisco Systems

I guess I could go back to the drawing board on this. I just tried setting up the E4200 with 10.1.1.1/30 and the fa 0/0 on the 1760 to 10.1.1.2/30. I did connectivity between them. I guess I could (re)try setting the ip on vlan 59 on the WIC 4ESW to 10.59.1.4 and make the ports members of vlan 59. That should do it I guess. I wonder if I need to turn on ip routing on the WIC 4ESW though?

I am away for the weekend so I only have remote access so I can try a whole lot of things.

Thanks for all the help so far. Lets get this think figured out!

SdotLow · August 2011

/31 is not a valid subnet mask. Has to be /30 or lower.

boostinbadger · August 2011

dumb mistake. I was watching Sports Center and trying to type at the same time.

lrb · August 2011

Not really relevant to this thread but you most definately can use a /31 mask on point to point links, check out RFC 3021. It's ugly, but it works

SdotLow · August 2011

lrb wrote: »

Not really relevant to this thread but you most definately can use a /31 mask on point to point links, check out RFC 3021. It's ugly, but it works

Well I stand corrected :P

I remember in a CBT nugget, for ICND1 I believe, they said that anything above /30 was not allowed. I even saw it on a practice test question.

Kind of like how Jeremy used routers using mac addresses to route packets, and they replace the mac addresses after every router hop. That caused me to miss a practice question as well, lol. I remember thinking, wtf is this.

boostinbadger · August 2011

What would be the recommended connection between an E4200 and a 1760 with WIC-4ESW? I haven't had a lot of time lately to troubleshoot my earlier issues.

Should the E4200 be hooked to the 1760's fa 0/0 or to one of the ports on the WIC-4ESW?

boostinbadger · May 2012

OK....so a year later I am getting back to this project and I am still having similar issues but I have made it a little further.

Here is the config (with unnecessary info cut out) of my 1760 which will be my CME router:

hostname Router
!
interface FastEthernet0/0
no ip address
speed auto
!
interface FastEthernet0/0.59
encapsulation dot1Q 59 native
ip address 10.59.1.4 255.255.255.224
!
interface FastEthernet0/0.159
encapsulation dot1Q 159
ip address 10.159.1.1 255.255.255.224
!
interface FastEthernet0/1
switchport access vlan 59
!
interface FastEthernet0/2
switchport access vlan 59
!
interface FastEthernet0/3
switchport access vlan 159
!
interface FastEthernet0/4
switchport access vlan 159
!
interface Vlan1
no ip address
!
end

The 1760 is uplinked to a 2940 switch (still) with this config:

hostname 5NINER2940
!
ip domain-name 5NINER2950
ip name-server 216.146.35.35
ip name-server 216.146.36.36
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode rapid-pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
spanning-tree uplinkfast
!
interface FastEthernet0/1
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 59
switchport mode access
!
interface FastEthernet0/7
switchport trunk native vlan 59
switchport trunk allowed vlan 159
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk native vlan 59
switchport trunk allowed vlan 159
switchport mode trunk
mdix auto
!
interface GigabitEthernet0/1
switchport trunk native vlan 59
switchport trunk pruning vlan 59
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan59
ip address 10.59.1.2 255.255.255.224
no ip route-cache
!
interface Vlan159
no ip address
no ip route-cache
shutdown
!
ip default-gateway 10.59.1.1
ip http server
!
ntp clock-period 17180151
ntp server 198.82.1.201 key 0 prefer
!
end

This is in my production home network and I am passing traffic through the 2940. The 1760 is uplinked into fa 0/7 on the 2940. When plugged into that port I can't ping anything on the 10.59.1.0/27 network. Now...when I plug it into fa 0/2 on the 2940 I can ping anything on the 10.59.1.0/27 network. What the crap am I doing wrong?!?!

drkat · May 2012

tell me what you see here... vs fa0/2

interface FastEthernet0/7
switchport trunk native vlan 59
switchport trunk allowed vlan 159
switchport mode trunk

boostinbadger · May 2012

One is a trunk and one is an access port, like it should be

azaghul · May 2012

Hi, Don't have my home lab handy, and don't know the ins-and-outs of your network so you will have to modify this to suit...but it "should"

: work. It takes the 4ESW out of the equation.

!*** Cisco 1760
!
int fa0/0
 desc *** TRUNK TO 2940 SWITCH fa0/2
 no ip addr
 no shut
int fa0/0.1
 desc *** Home VLAN
 encap dot1q 1
 ip addr 10.59.1.4 255.255.255.224
int fa0/0.59
 desc *** Voice VLAN
 encap dot1q 59
 ip addr 10.59.59.1 255.255.255.0
int fa0/0.159
 desc *** Data VLAN
 encap dot1q 159
 ip addr 10.59.159.1 255.255.255.0
 exit

ip route 0.0.0.0 0.0.0.0 10.59.1.1

! Enable RIP v2 on the E4200

routing rip
 ver 2
 no auto
 network 10.59.1.0
 network 10.59.59.0
 network 10.59.159.0
 exit
end


!*** Cisco 2940
!
int fa0/1
 desc *** LINK TO LINKSYS E4200
 switchport mode access
 spanning-tree portfast
int fa0/2
 desc *** LINK TO CISCO 1760
 switchport mode trunk
 switchport trunk allowed 1,59,159

int fa0/3 (to ?)
 desc *** USER PORTS
 switchport mode access
 switchport access vlan 159
 switchport voice vlan 59
 spanning-tree portfast

int vlan 1
 desc *** Management IP
 ip addr 10.59.1.2 255.255.255.224
 no shut
end

This can be extended by putting a trunk between the 2940 (Prod Network) and the 3524 (Lab Network).

drkat · May 2012

boostinbadger wrote: »

One is a trunk and one is an access port, like it should be

If it were like it should be then it'd work, wouldnt you say?

dead_p00l · May 2012

What do you have plugged into fa0/8 and gi0/1?

drkat · May 2012

This is just ... idk

So he defines a native vlan of 59 - but puts access ports on 59... so the native vlan never comes into play since we're sending the frames tagged as 59 and not untagged. If we were to send untagged frames the trunk port would encapsulate them in vlan 59. He also did not allow vlan 59 on his trunk so he stepped on his own toes by doing so.

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.59.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SW 2950-24
interface FastEthernet0/1
switchport trunk native vlan 59
switchport trunk allowed vlan 159
switchport mode trunk

=====

Switch#ping 10.59.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.59.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 31/31/32 ms
Switch#

interface FastEthernet0/1
switchport trunk native vlan 59
switchport trunk allowed vlan 59,159
switchport mode trunk

I honestly dont know what you're attempting

Why are we using access ports to tag our voice traffic? If you're interoping cisco phones with CME then use switchport voice vlan.

boostinbadger · May 2012

@azaghul Thanks for the advise. That is pretty much what I have already minus the routes. I will add those. My management vlan is 59. I will take all of the "native" stuff out and just leave it as trunk and allow 59 and 159.

@dead_p00l I have the E4200 uplinked to gig 0/1 and fa 0/8 is a trunk to a 3524 that provides inline power to my IP phones.

CME is not set up yet. I have most of the config done on the 1760 but have not loaded CME, phone loads, etc. I do have the router registering with flowroute now though.

georgemc · May 2012

Your trunk port(FA 0/7) is only allowing VLAN 159 to traverse it. Either allow VLAN 59 accross or issue the "no switchport trunk vlan allowed 159" command on that interface.

Slippin My Mind

Comments