ROAS help please!!!

murrayj425 · March 2012

I recently passed my CCNA so this is a little embarrising. I have never been able to get Router on a stick to work in my home lab. I have a 2950 connected to a 3640. I am going to post my configs. I really havent the slightest: I've tried using my 2600 router, I've posted this on cisco's learning website and no one could figure it out...they just gave up. Anyho, please help this is driving me crazy, lol! Maybe i'm just confused. I can ping the pc from the router and switch. I can ping the other subnet's (2.1) default gateway from my pc (192.168.1.25). I have a feeling i'm doing something dumb! lol

switch::::::::::::::::::::::::::::::::::::::
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname switch1
!
!
username murray privilege 15 secret 5 $1$/wvj$4AftPGjn9szJxaH4hipWw1
ip subnet-zero
!
no ip domain-lookup
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1 <====this port died so i'm using fa0/2 as the trunk
shutdown
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode trunk
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
no keepalive
!
interface FastEthernet0/5
no keepalive
spanning-tree portfast
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport mode trunk
shutdown
speed 100
duplex full
!
interface Vlan1
description NATIVE_VLAN
ip address 192.168.1.10 255.255.255.0
no ip route-cache
!
interface Vlan2
no ip address
no ip route-cache
shutdown
!
ip default-gateway 192.168.1.1
ip http server
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login local
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
terminal-type mon
line vty 5 15
login
!
!
end

router::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

rtr1#sh run
Building configuration...
Current configuration : 900 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rtr1
!
!
username murray privilege 15 password 0 Nfyuri88
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip classless
ip http server
ip pim bidir-enable
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line vty 0 4
!
end

georgemc · March 2012

What device is in VLAN 2 that you are trying to ping/connect to? I would try assignning the PC an address of 1921.68.2.2 and plug it into FA0/4(assigned to vlan2) on the switch and then try to ping the SVI(int vlan1) on the switch from the PC. If that works, it would prove that you have traffic leaving the switch on one vlan and returning across your ROAS trunk on another vlan.

George

You're not really telling what you're not able to do.

CodeBlox · March 2012

So what is it that you can't do?

murrayj425 · March 2012

Sorry, should have been more clear. I was a little frazzled when i posted this lol. I have a pc plugged into the switch on fa0/3 (vlan1), shouldn't that pc be able to ping the gateway of vlan2 (192.168.2.1)? Because it can't. I'll plug a pc into vlan2 but I thought i should be able to at least ping the default gateway of vlan2 from a pc on vlan1.?

Thanks guys.

fsanyee · March 2012

did you configured the default gateway on the pc?

fsanyee · March 2012

portfast on trunk?

georgemc · March 2012

murrayj425 wrote: »

Sorry, should have been more clear. I was a little frazzled when i posted this lol. I have a pc plugged into the switch on fa0/3 (vlan1), shouldn't that pc be able to ping the gateway of vlan2 (192.168.2.1)? Because it can't. I'll plug a pc into vlan2 but I thought i should be able to at least ping the default gateway of vlan2 from a pc on vlan1.?

Thanks guys.

OK, In you previous post you said you could ping 2.1. If you can't ping 192.168.2.1 but you can ping 192.168.1.1 then you should probably insure that the correct gateway(192.168.1.1) is configured on the PC. If your gateway on the PC is not set correctly then it will not know where to send packets destined for 192.168.2.1 or any other address outside of it's own subnet. If the ping were reaching the router (and 2.1 is up/up) it would know how to respond because 192.168.1.1 is directly connected.

George

P.S. I tried out your configs on equipment here and they worked fine. (3825 and a 3750 in non-routing mode, as well as a 2950)

georgemc · March 2012

fsanyee wrote: »

did you configured the default gateway on the pc?

I'll +1 that.

Forsaken_GA · March 2012

Did you actually create the vlan on the switch? I see interface vlan2, but that doesn't create the vlan and drop it in the vlan database.

Do a sh vlan, and if you don't see vlan2 in the list, issue the command vlan 2 in config mode and then try it again

And do a show int trunk. You're setting dot1q on the router side, but have you checked to see whether the switch is actually forming a dot1q trunk?

georgemc · March 2012

!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
no keepalive
!

VLAN 2 would be created when he assigned the port to the vlan whether he explicitly created it or not.

Forsaken_GA · March 2012

georgemc wrote: »

VLAN 2 would be created when he assigned the port to the vlan whether he explicitly created it or not.

Not in all cases, it is possible to assign the port to a vlan via switchport, but not have the vlan created. This is why I *always* expliclity create my vlans via the vlan command instead of relying on switchport assignments to create them.

As the switch will not pass traffic for a vlan that it's not configured for, it's a simple and basic thing to check.

Really, what we need here is the output of sh int trunk on the switch to see whether the trunk is forming, and what vlans are allowed to pass on it.

murrayj425 · March 2012

Wow. Thanks for all the responses, this has to be one of the best discussion boards out there

. Umm, yes I do have the default gateway configured on the pc and here is the output from the sh int trunk:

Port Mode Encapsulation Status Native vlan
Fa0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/2 1-2
Port Vlans in spanning tree forwarding state and not pruned
Fa0/2 1-2

Thanks guys! Really appreciate it, this is driving me crazy lol!

murrayj425 · March 2012

I know you can portfast to a router as it is a host, but good point, I'll take it out.

VAHokie56 · March 2012

Did this in PT with your configs...worked fine for me, check you end user configs.

Forsaken_GA · March 2012

murrayj425 wrote: »

Wow. Thanks for all the responses, this has to be one of the best discussion boards out there . Umm, yes I do have the default gateway configured on the pc and here is the output from the sh int trunk:

Port Mode Encapsulation Status Native vlan
Fa0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/2 1-2
Port Vlans in spanning tree forwarding state and not pruned
Fa0/2 1-2

Thanks guys! Really appreciate it, this is driving me crazy lol!

Ok, that's good, so the trunk is up, and it's dot1q encap instead of ISL, and the vlan is present in spanning tree and forwarding.

If you can ping vlan 2's gateway from a vlan 1 box, then routing is correct.

You mentioned you can ping the PC in vlan 2 from the router and switch, correct? Try pinging the host in vlan2 from the router, but source the ping from the subint that's in vlan1.

If that's successful, then there's nothing wrong with your network config, and I'd start looking at end host problems. I'd debug ip packet detail on the router to see if the host is sending a response back, and I'd also be looking at end host firewall settings.

Greenmet29 · March 2012

Also check any firewalls. I've gotten to the point that I disable all firewalls while labbing because they've caused me endless hours of headache.

murrayj425 · March 2012

IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!

Forsaken_GA · March 2012

murrayj425 wrote: »

IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!

Welcome to a very important lesson - when weird **** starts happening, it's usually NOT the network. Network outages tend to be rather dramatic and obvious.

murrayj425 · March 2012

yes sir, lesson learned! (I hope)

Greenmet29 · March 2012

+1 for me!! Haha... I hope I saved you some time in the future.

CodeBlox · March 2012

murrayj425 wrote: »

IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!

You can add an exception for ICMP in the windows firewall instead of turning it off... I've done that without an issue.

georgemc · March 2012

Forsaken_GA wrote: »

Welcome to a very important lesson - when weird **** starts happening, it's usually NOT the network. Network outages tend to be rather dramatic and obvious.

+1, it's always the little things that bite you in the a**...

murrayj425 · March 2012

thanks again everyone, that **** was driving me crazy!

jibbajabba · March 2012

I love those scenarios lol - it is almost like a group of engineers is trying to repair a windows install not noticing there is a boot floppy in the PC ...

Forsaken_GA · March 2012

jibbajabba wrote: »

I love those scenarios lol - it is almost like a group of engineers is trying to repair a windows install not noticing there is a boot floppy in the PC ...

What's a boot floppy?

VAHokie56 · March 2012

like an old boot disk to kick your PC into DOS

Forsaken_GA · March 2012

VAHokie56 wrote: »

like an old boot disk to kick your PC into DOS

I know

I haven't seen a floppy drive in a computer in..... a very long time.

VAHokie56 · March 2012

ya last time I saw one we where using them as Frisbee's to knock over Styrofoam cups in a inventory room.

ROAS help please!!!

Comments