Simple VLAN Problem
bankintheroll
Member Posts: 121
in CCNA & CCENT
I am setting up 5 connected networks through Cisco Packet Tracer. I'm going over everything I learned in the first 17 chapters of the CCENT official cert guide. For some reason, I cannot get my VLANs/subnets to work. I've only tried on the left network so far.
I even created a new network with 1 router, 1 switch, and 4 hosts, and got the router and all 4 end devices to ping successfully.
Here is what I did:
1) Created and named VLANs 20 & 30 in my switch, and placed interface FA1/1 in VLAN 20, and interface FA2/1 in VLAN 30. I made interface FA0/1 the trunk port, and the other 2 access ports.
2) I then went into my Router CLI. FA0/0 is connected to the switch. I went into interface FA0/0.20, and assigned VLAN 20 to that interface, as well as IP 192.168.20.1. I then went into interface FA0/0.30, and assigned VLAN 30 to it, with the IP address 192.168.30.1.
3) I then went into my 2 end devices. On one end device, I assigned the gateway 192.168.20.1, and 192.168.20.150 for the static IP of the PC. I went into my other end device, and assigned the gateway 192.168.30.1, with a 192.168.30.150 IP for that static IP.
(I used 255.255.255.0 for every subnet mask in every device).
I did all of this for my other network, and it worked fine. I have no idea what I am doing wrong here. Does anyone see anything that I am not catching? Thanks.
I even created a new network with 1 router, 1 switch, and 4 hosts, and got the router and all 4 end devices to ping successfully.
Here is what I did:
1) Created and named VLANs 20 & 30 in my switch, and placed interface FA1/1 in VLAN 20, and interface FA2/1 in VLAN 30. I made interface FA0/1 the trunk port, and the other 2 access ports.
2) I then went into my Router CLI. FA0/0 is connected to the switch. I went into interface FA0/0.20, and assigned VLAN 20 to that interface, as well as IP 192.168.20.1. I then went into interface FA0/0.30, and assigned VLAN 30 to it, with the IP address 192.168.30.1.
3) I then went into my 2 end devices. On one end device, I assigned the gateway 192.168.20.1, and 192.168.20.150 for the static IP of the PC. I went into my other end device, and assigned the gateway 192.168.30.1, with a 192.168.30.150 IP for that static IP.
(I used 255.255.255.0 for every subnet mask in every device).
I did all of this for my other network, and it worked fine. I have no idea what I am doing wrong here. Does anyone see anything that I am not catching? Thanks.
Comments
-
fredrikjj
Member Posts: 879
You are missing one step.
Take a look at the link between your switch and the router and focus on the trunking aspect.
PS.
I reread your post. Forget what I said if you by "I went into interface FA0/0.20, and assigned VLAN 20 to that interface" are referring to the encapsulation dot1q 20 command. -
bankintheroll
Member Posts: 121
Hmmm, do you mean the switchport trunk encapsulation dot1q command? Because this switch doesn't even have that command in PT, so I assume ISL is completely disabled for this switch.
-
bankintheroll
Member Posts: 121
I did no shutdown for both of those. And a "show ip int brief" command shows that they are up/up.
-
bankintheroll
Member Posts: 121
The only commands I see in the subinterface are access-group, address, hello-interval, helper-address, mtu, nat, ospf, proxy-arp, split-horizon, and summary-address. I'm not sure what else I need to do here...
-
fredrikjj
Member Posts: 879
You could take this systematic approach:
#show vlan
Are the vlans created. Are they assigned to the right ports?
#show spanning-tree vlan 20,30
Are the access ports forwarding?
#show interface trunk
Is the trunk port in the forwarding state for vlan 20,30
If those check out ok, you issue is likely with the router:
#show ip route
Is ip routing enabled?
#show run int FA0/0.20 (or show run if this command isn't available in PT)
#show run int FA0/0.30
Are the ip addresses assigned and is the encapsulation and vlan-id defined?
Next step: ping from a PC to that PC's default GW. -
bankintheroll
Member Posts: 121
Everything checked out okay for the switch. Here is what I got for the router show commands:
Router1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.4.0/24 is directly connected, Serial2/0
C 192.168.5.0/24 is directly connected, Serial3/0
C 192.168.20.0/24 is directly connected, FastEthernet0/0.20
C 192.168.30.0/24 is directly connected, FastEthernet0/0.30
Router1#show int fa0/0.20
FastEthernet0/0.20 is up, line protocol is up (connected)
Hardware is PQUICC_FEC, address is 0005.5ee5.588c (bia 0005.5ee5.588c)
Internet address is 192.168.20.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 20
ARP type: ARPA, ARP Timeout 04:00:00,
Last clearing of "show interface" counters never
Router1#show int fa0/0.30
FastEthernet0/0.30 is up, line protocol is up (connected)
Hardware is PQUICC_FEC, address is 0005.5ee5.588c (bia 0005.5ee5.588c)
Internet address is 192.168.30.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 30
ARP type: ARPA, ARP Timeout 04:00:00,
Last clearing of "show interface" counters never -
fredrikjj
Member Posts: 879
debug arp is probably not available on the router right, or debug ip packet?
show ip arp (or maybe just show arp) on the router. are there arp entries for the host PCs? -
fredrikjj
Member Posts: 879
with debug ip packet turned on, ping the gateway from one of the PCs. is there debug output on the router?
-
bankintheroll
Member Posts: 121
I just tried to ping the router from both PCs, but they weren't successful. Still, they show up in the arp command, as follows:
Router1#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.20.150 4 0003.E4BB.B663 ARPA FastEthernet0/0.20
Internet 192.168.30.150 0 000B.BEC5.D545 ARPA FastEthernet0/0.30 -
fredrikjj
Member Posts: 879
I'm kind of running out of ideas. At this point it's conceivable (but unlikely) that the issue is that ping is ICMP echo requests/replies.
Try telnetting from the PC to its GW. -
bankintheroll
Member Posts: 121
Telnet didn't work either. Could this be why:
For this network(s), I chose Switch-PT and Router-PT (which are the generic devices). For the one I actually got to work with the router-on-a-stick example, I used switch 2960, and router 2621XM.
Would that make any difference at all? -
bankintheroll
Member Posts: 121
I really don't know anything about PT.
Thanks for all your time and help! Do you use GNS3 or something instead of packet tracer, or do you just have a home lab? -
fredrikjj
Member Posts: 879
I just configured an identical scenario and it works.
The only guess I have left is that your PCs don't actually have the ip addresses that you think they have. You can check with ipconfig. I just tried to change the IP addresses of mine and it only works if you first release the old one by setting it to DHCP and back to static.
Though, that doesn't explain why they are in the arp cache of the router...
PS.
This is the config I have:
switch:
interface FastEthernet0/1
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/1
switchport access vlan 30
switchport mode access
!
interface FastEthernet2/1
switchport mode trunk
!
router:
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0 -
bankintheroll
Member Posts: 121
I just configured an identical scenario and it works.
The only guess I have left is that your PCs don't actually have the ip addresses that you think they have. You can check with ipconfig. I just tried to change the IP addresses of mine and it only works if you first release the old one by setting it to DHCP and back to static.
Though, that doesn't explain why they are in the arp cache of the router...
PS.
This is the config I have:
switch:
interface FastEthernet0/1
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/1
switchport access vlan 30
switchport mode access
!
interface FastEthernet2/1
switchport mode trunk
!
router:
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
I actually just created an exact scenario too with the same router and switch, and it worked. Wow, this is weird. -
bankintheroll
Member Posts: 121
Well, I figured it out. I am kind of embarrassed to say this, but just in case someone comes across this problem, here it is.
I completely forgot I started configuring port security, but got sidetracked and didn't finish. I accidentally enabled port security on the trunk port....OUCH! Big mistake. -
fredrikjj
Member Posts: 879
I've identified the issue as the ip address and gateway settings for the clients being horribly broken. I had an assigned address in the config menu, but hovering over the PC in the topology showed no IP address assigned.
-
bankintheroll
Member Posts: 121
I've identified the issue as the ip address and gateway settings for the clients being horribly broken. I had an assigned address in the config menu, but hovering over the PC in the topology showed no IP address assigned.
Hmm, that's strange. I didn't have any problems with the client IP/gateway settings.
