VLAN TRUNKING between switch to router

dash_dash

Hi, I am currently trying to do the ccna integrated skills challenge. I stuck at the inter vlan routing part.
consider only branch 1
the router config :

---

interface FastEthernet0/0
description Admin VLAN 10
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
description Admin VLAN 10
encapsulation dot1Q 10
ip address 10.1.10.1 255.255.255.0
!
interface FastEthernet0/0.20
description Sales VLAN 20
encapsulation dot1Q 20
ip address 10.1.20.1 255.255.255.0
!
interface FastEthernet0/0.30
description Production VLAN 30
encapsulation dot1Q 30
ip address 10.1.30.1 255.255.255.0
!
interface FastEthernet0/0.88
description Wireless VLAN 88
encapsulation dot1Q 88
ip address 10.1.88.1 255.255.255.0
!
interface FastEthernet0/0.99
description Mgmt&Native VLAN 99
encapsulation dot1Q 99 native
ip address 10.1.99.1 255.255.255.0
!

---

B1-SW1 config :

---

hostname B1-S1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
spanning-tree vlan 1 priority 4096
spanning-tree vlan 10 priority 4096
spanning-tree vlan 20 priority 4096
spanning-tree vlan 30 priority 4096
spanning-tree vlan 88 priority 4096
spanning-tree vlan 99 priority 4096
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
!
interface FastEthernet1/1
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,20,30,88,99,1001-1005
switchport mode trunk
!
interface FastEthernet1/2
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,20,30,88,99,1001-1005
switchport mode trunk
!
interface FastEthernet1/3
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,20,30,88,99,1001-1005
switchport mode trunk
!
interface FastEthernet1/4
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,20,30,88,99,1001-1005
switchport mode trunk
!
interface FastEthernet1/5
switchport trunk native vlan 99
switchport trunk allowed vlan 1,10,20,30,88,99,1001-1005
switchport mode trunk

!
interface Vlan1
no ip address
!
interface Vlan99
ip address 10.1.99.21 255.255.255.0
!
ip default-gateway 10.1.99.1
!
!
ip http server
no ip http secure-server
!
no cdp log mismatch duplex

---

B1-S2 conf :

---

interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
!
interface FastEthernet1/1
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/2
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/3
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/4
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/5
!
interface FastEthernet1/6
switchport access vlan 10
!
interface FastEthernet1/11
switchport access vlan 20
!
interface FastEthernet1/15
switchport access vlan 30
!
interface Vlan1
no ip address
!
interface Vlan99
ip address 10.1.99.22 255.255.255.0
!
ip default-gateway 10.1.99.1
!

---

B1-S3 conf :

---

hostname B1-S3
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
spanning-tree vlan 1 priority 8192
spanning-tree vlan 10 priority 8192
spanning-tree vlan 20 priority 8192
spanning-tree vlan 30 priority 8192
spanning-tree vlan 88 priority 8192
spanning-tree vlan 99 priority 8192
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
!
interface FastEthernet1/1
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/2
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/3
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/4
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
switchport access vlan 88
!
interface Vlan1
no ip address
!
interface Vlan99
ip address 10.1.99.23 255.255.255.0
!
ip default-gateway 10.1.99.1
!


I can not ping to router subinterfaces (from any B1-S2 : ping 10.1.10.1 giving 0 % success)
any help?

alliasneo

From briefly looking at this. The diagram shows /16 subnets and you have configured /24 on your sub interfaces

ayori

alliasneo wrote: »

From briefly looking at this. The diagram shows /16 subnets and you have configured /24 on your sub interfaces

Should be fine as it is subnetted to accomodate the different vlans.

dash_dash, can you post the output of show ip int brief from SW2?

drkat

ping 10.1.10.1 source vlan99 provides no results?



show ip int br on S2

show vlan on S2
show int trunk S2

what kind of switch is S2? does it allow for switchport trunk encapsulation dot1q? or is it a 2900 series

phoeneous

So you're saying that you cannot ping from B1-S2 to B1-R1? What about from B1-S1 to B1-R1, or B1-S3 to B1-R1?

Use extended ping so you can specify source and destination ip's.

dash_dash

ayori wrote: »

Should be fine as it is subnetted to accomodate the different vlans.

dash_dash, can you post the output of show ip int brief from SW2?

here is the screen shot. i am doing it on my school server with gns3

dash_dash

drkat wrote: »

ping 10.1.10.1 source vlan99 provides no results?



show ip int br on S2

show vlan on S2
show int trunk S2

what kind of switch is S2? does it allow for switchport trunk encapsulation dot1q? or is it a 2900 series

i can ping to 10.1.99.1 which is default gateway for all switches but i cannt ping 10.1.10(20/30/8.1 even if they are on trunk link
S2 is 3725 router with nm16esw. i am doing it on gns3

dash_dash

phoeneous wrote: »

So you're saying that you cannot ping from B1-S2 to B1-R1? What about from B1-S1 to B1-R1, or B1-S3 to B1-R1?

Use extended ping so you can specify source and destination ip's.

only except ping to default gateway ip all other ping fails

phoeneous

dash_dash wrote: »

only except ping to default gateway ip all other ping fails

1) Do a sh ip int bri on B1-R1.

2) Do an extended ping specifying source 10.1.99.21 and destination 10.1.10.1.

dash_dash

phoeneous wrote: »

1) Do a sh ip int bri on B1-R1.

2) Do an extended ping specifying source 10.1.99.21 and destination 10.1.10.1.

no sucess

NetworkVeteran

dash_dash wrote: »

I can not ping to router subinterfaces (from any B1-S2 : ping 10.1.10.1 giving 0 % success)
any help?

No answer yet?

Well, your topology shows: B1-S2 -> B1-S1 -> B1. Strange you mention your pings from B1-S2 but not from B1-S1. That's a missing troubleshooting step!

B1-S1::f0/5 -> B1::f0/0
Bf1::f0/0=
interface FastEthernet0/0
description Admin VLAN 10
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
description Admin VLAN 10
encapsulation dot1Q 10
ip address 10.1.10.1 255.255.255.0
!
B1-S1::f0/5=
<blank>

The config on one of your key interfces, B1-S1::f0/5, is missing! Frankly, I'd expect to see something like 802.1Q configured and a VLAN 10 or so to match what you have on B1. Appears to be a misconfiguration. B1 and B1-S1 are not consistently configured. Focus on that hop. Forget the B1-S2 to B1 pings until you've nailed that down the B1-S1 to B1 pings.

NetworkVeteran

Your topology diagram shows B1-S2 connects via an FE module in slot 0, and yet your show commands show B1-S2 connects via an FE module in slot 1. So not only are we missing troubleshooting steps, but also your huuuuuge topology diagram is inaccurate. When trying to debug something, it helps if you can reduce the problem down to the simplest case that shows a problem. In other words, maybe B1-S1 can't ping its direct neighbor B1. Focus on that. Only worry about more complex scenarios--where you're prone to get things wrong--once you've figured out how to resolve simpler scenarios.

dash_dash

NetworkVeteran wrote: »

Your topology diagram shows B1-S2 connects via an FE module in slot 0, and yet your show commands show B1-S2 connects via an FE module in slot 1. So not only are we missing troubleshooting steps, but also your huuuuuge topology diagram is inaccurate. When trying to debug something, it helps if you can reduce the problem down to the simplest case that shows a problem. In other words, maybe B1-S1 can't ping its direct neighbor B1. Focus on that. Only worry about more complex scenarios--where you're prone to get things wrong--once you've figured out how to resolve simpler scenarios.

You are perfectly correct. I know what i am trying to do, but i am making mistakes to express my problem and anyone will have difficulties to understand it. So here i decomposed my issue only with one branch.

B1-S1 is the VTP server with root bridge for STP. B1-S2 is backup root for STP.
B1-S1 : no hosts, so f1/1-5 : all are in trunk mode
B1-S2 : vlan 10 (at f1/6), vlan 20 (at f1/11), vlan 30 (at f1/15) in access mode. f1/1-4 are in trunk mode
B1-S3 : vlan 88 (at f1/7) in access mode . f1/1-4 are in trunk mode
Native vlan is 99
The routerB1 interface changed from original topology, but just in above topology diag i configured and connected to f1/0 .
So now i think it will be easier for anyone to grasp a picture what i am trying to say. I am sorry for ambigous posts b4, but i m fairly new to this thing, so culdnt express my issue in clear way.

dash_dash

NetworkVeteran wrote: »

No answer yet?

!
B1-S1::f0/5=
<blank>

The config on one of your key interfces, B1-S1::f0/5, is missing! Frankly, I'd expect to see something like 802.1Q configured and a VLAN 10 or so to match what you have on B1. Appears to be a misconfiguration. B1 and B1-S1 are not consistently configured. Focus on that hop. Forget the B1-S2 to B1 pings until you've nailed that down the B1-S1 to B1 pings.

I have configured B1-S1 port f1/5 with switchport mode trunk, so it will autometiaclly go into 802.1q encapsulation. right?
now i am cosidering only on the primary trunk link B1-S1(f1/5) -> B1(f1/0)

ayori

I think we get what you're trying to express however, it's hard to troubleshoot something if your topology and config don't match. Just looking at your original post, I didn't see any immediate issue on the configuration so I thought there must be something with the ports that you're using. Can you ping from SW2 to SW1 on their VLAN interfaces? FYI, I've ran into some bugs on the 3700 series on GNS3. Not related to this but keep that in mind.

I suggest that you repost your configuration on both routerB1 and SW1 since you've made some changes with the topology. I agree with NetworkVeteran, let's focus on SW1 to routerB1 and make sure you can ping sucessfully on these devices.

dash_dash

ayori wrote: »

I think we get what you're trying to express however, it's hard to troubleshoot something if your topology and config don't match. Just looking at your original post, I didn't see any immediate issue on the configuration so I thought there must be something with the ports that you're using. Can you ping from SW2 to SW1 on their VLAN interfaces? FYI, I've ran into some bugs on the 3700 series on GNS3. Not related to this but keep that in mind.

I suggest that you repost your configuration on both routerB1 and SW1 since you've made some changes with the topology. I agree with NetworkVeteran, let's focus on SW1 to routerB1 and make sure you can ping sucessfully on these devices.

you guys are absolutely right. now i have created a very simple topology like :

SW1 (f0/1)

---

B1(f1/0)
SW1(f0/1) is on trunk mode with allowed vlan 10,99. vlan 99 is native
B1(f1/0) has 2 subinterfaces for vlan 10 and 99
i cannt still ping to subinterface of router from SW1.
SW1 :ping 10.1.10.1 : fail
SW1 :ping 10.1.99.1 : fail

now i dont understand why it does not work. any suggestions ?

the config file looks like this :
SW1

---

! version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface Vlan1
no ip address
!
interface Vlan99
ip address 10.1.99.21 255.255.255.0
!
ip default-gateway 10.1.99.1
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end

---

Router B1

---

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname B1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
interface FastEthernet1/0.10
encapsulation dot1Q 10
ip address 10.1.10.1 255.255.255.0
!
interface FastEthernet1/0.99
encapsulation dot1Q 99 native
ip address 10.1.99.1 255.255.255.0
!
!
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
end

---

phoeneous

Debugs are your friend.

Also:

Do you have cdp enabled?
Have you tried using different negotiating commands for dtp?
What does sh interface x/x/x trunk on the switch show?

dash_dash

phoeneous wrote: »

Debugs are your friend.

Also:

Do you have cdp enabled?
Have you tried using different negotiating commands for dtp?
What does sh interface x/x/x trunk on the switch show?

yeah cdp is enabled. i have some news.
on the switch i added manually vlan interfaces like
int vlan10
ip add 10.1.10.25 255.255.255.0
no sh

and now from the switch i can ping to router subinterface(10.1.10.1) which is the default gateway for vlan 10.

but another problem is there. in the switch say port 5 is on access mode for vlan10. when i am connecting an end device (pc: a router with no ip route), it can not ping to any address(10.1.10.25 or 10.1.10.1).
the cdp ne command shows the switch can not detect the device. any clue?
also the port5 on switch is in "status:up protocol:down" state

ayori

I bet you your vlan99 interface on the switch is down/down. Connect an end device to any port on the switch configured on vlan 99 to bring it up then try doing your pings.

dash_dash

ayori wrote: »

I bet you your vlan99 interface on the switch is down/down. Connect an end device to any port on the switch configured on vlan 99 to bring it up then try doing your pings.

The vlan 99 interface on switch is up/up. all the access ports are at up/down state, how to bring them up?

georgemc

dash_dash wrote: »

The vlan 99 interface on switch is up/up. all the access ports are at up/down state, how to bring them up?

When you first posted this I set it up in PT using the configs that you posted and it worked fine. I only change being that I had to create the actual VLANs (not the SVI / Interface VLAN) on the switches. What does your VLAN database look like?

dash_dash

georgemc wrote: »

When you first posted this I set it up in PT using the configs that you posted and it worked fine. I only change being that I had to create the actual VLANs (not the SVI / Interface VLAN) on the switches. What does your VLAN database look like?

still no clue. the vlan db looks fine

phoeneous

Do a sh vlan, not from the database. And what model switch is this?

dash_dash

phoeneous wrote: »

Do a sh vlan, not from the database. And what model switch is this?

actually it is a router 3725 with 16nmesw module mounted at gns3.