ROAS help please!!!

What device is in VLAN 2 that you are trying to ping/connect to? I would try assignning the PC an address of 1921.68.2.2 and plug it into FA0/4(assigned to vlan2) on the switch and then try to ping the SVI(int vlan1) on the switch from the PC. If that works, it would prove that you have traffic leaving the switch on one vlan and returning across your ROAS trunk on another vlan.

George

You're not really telling what you're not able to do.

CodeBlox

So what is it that you can't do?

Sorry, should have been more clear. I was a little frazzled when i posted this lol. I have a pc plugged into the switch on fa0/3 (vlan1), shouldn't that pc be able to ping the gateway of vlan2 (192.168.2.1)? Because it can't. I'll plug a pc into vlan2 but I thought i should be able to at least ping the default gateway of vlan2 from a pc on vlan1.?

Thanks guys.

fsanyee

did you configured the default gateway on the pc?

fsanyee

portfast on trunk?

murrayj425 wrote: »

Sorry, should have been more clear. I was a little frazzled when i posted this lol. I have a pc plugged into the switch on fa0/3 (vlan1), shouldn't that pc be able to ping the gateway of vlan2 (192.168.2.1)? Because it can't. I'll plug a pc into vlan2 but I thought i should be able to at least ping the default gateway of vlan2 from a pc on vlan1.?

Thanks guys.

OK, In you previous post you said you could ping 2.1. If you can't ping 192.168.2.1 but you can ping 192.168.1.1 then you should probably insure that the correct gateway(192.168.1.1) is configured on the PC. If your gateway on the PC is not set correctly then it will not know where to send packets destined for 192.168.2.1 or any other address outside of it's own subnet. If the ping were reaching the router (and 2.1 is up/up) it would know how to respond because 192.168.1.1 is directly connected.

George

P.S. I tried out your configs on equipment here and they worked fine. (3825 and a 3750 in non-routing mode, as well as a 2950)

fsanyee wrote: »

did you configured the default gateway on the pc?

I'll +1 that.

Did you actually create the vlan on the switch? I see interface vlan2, but that doesn't create the vlan and drop it in the vlan database.

Do a sh vlan, and if you don't see vlan2 in the list, issue the command vlan 2 in config mode and then try it again

And do a show int trunk. You're setting dot1q on the router side, but have you checked to see whether the switch is actually forming a dot1q trunk?

!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
no keepalive
!

VLAN 2 would be created when he assigned the port to the vlan whether he explicitly created it or not.

georgemc wrote: »

VLAN 2 would be created when he assigned the port to the vlan whether he explicitly created it or not.

Not in all cases, it is possible to assign the port to a vlan via switchport, but not have the vlan created. This is why I *always* expliclity create my vlans via the vlan command instead of relying on switchport assignments to create them.

As the switch will not pass traffic for a vlan that it's not configured for, it's a simple and basic thing to check.

Really, what we need here is the output of sh int trunk on the switch to see whether the trunk is forming, and what vlans are allowed to pass on it.

Wow. Thanks for all the responses, this has to be one of the best discussion boards out there

. Umm, yes I do have the default gateway configured on the pc and here is the output from the sh int trunk:

Port Mode Encapsulation Status Native vlan
Fa0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/2 1-2
Port Vlans in spanning tree forwarding state and not pruned
Fa0/2 1-2

Thanks guys! Really appreciate it, this is driving me crazy lol!

I know you can portfast to a router as it is a host, but good point, I'll take it out.

VAHokie56

Did this in PT with your configs...worked fine for me, check you end user configs.

murrayj425 wrote: »

Wow. Thanks for all the responses, this has to be one of the best discussion boards out there . Umm, yes I do have the default gateway configured on the pc and here is the output from the sh int trunk:

Port Mode Encapsulation Status Native vlan
Fa0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/2 1-2
Port Vlans in spanning tree forwarding state and not pruned
Fa0/2 1-2

Thanks guys! Really appreciate it, this is driving me crazy lol!

Ok, that's good, so the trunk is up, and it's dot1q encap instead of ISL, and the vlan is present in spanning tree and forwarding.

If you can ping vlan 2's gateway from a vlan 1 box, then routing is correct.

You mentioned you can ping the PC in vlan 2 from the router and switch, correct? Try pinging the host in vlan2 from the router, but source the ping from the subint that's in vlan1.

If that's successful, then there's nothing wrong with your network config, and I'd start looking at end host problems. I'd debug ip packet detail on the router to see if the host is sending a response back, and I'd also be looking at end host firewall settings.

Greenmet29

Also check any firewalls. I've gotten to the point that I disable all firewalls while labbing because they've caused me endless hours of headache.

IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!

murrayj425 wrote: »

IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!

Welcome to a very important lesson - when weird **** starts happening, it's usually NOT the network. Network outages tend to be rather dramatic and obvious.

yes sir, lesson learned! (I hope)

Greenmet29

+1 for me!! Haha... I hope I saved you some time in the future.

CodeBlox

murrayj425 wrote: »

IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!

You can add an exception for ICMP in the windows firewall instead of turning it off... I've done that without an issue.

Forsaken_GA wrote: »

Welcome to a very important lesson - when weird **** starts happening, it's usually NOT the network. Network outages tend to be rather dramatic and obvious.

+1, it's always the little things that bite you in the a**...

thanks again everyone, that **** was driving me crazy!

jibbajabba

I love those scenarios lol - it is almost like a group of engineers is trying to repair a windows install not noticing there is a boot floppy in the PC ...

jibbajabba wrote: »

I love those scenarios lol - it is almost like a group of engineers is trying to repair a windows install not noticing there is a boot floppy in the PC ...

What's a boot floppy?

VAHokie56

like an old boot disk to kick your PC into DOS