Haven't cracked VLAN's

Comments

• Options

  Mrock4 Banned Posts: 2,359 ■■■■■■■■□□

  November 2008

  If you want traffic to travel between VLAN's, by traveling to the switch, then to the router, and back, you need to configure the interface from the switch to the router as an 802.1Q trunk to carry traffic for all of the VLAN's.
  
  Do this:
  
  int x (I'm assuming f0/1)
  switchport trunk encap dot1q
  switchport mode trunk
  no shut
  
  
  Also, Int Vlan1 is in network 10.1.1.0/24 whereas the interface it is connecting to on the router is in 10.1.5.0/24..they should be on the same subnet. After creating the trunk to the router, try changing the IP on the routers f0/0 to 10.1.1.2/24 or whatever you'd like, and you should be able to ping across VLAN's.

  0 · Share on FacebookShare on Twitter
• Options

  totalfailure Member Posts: 18 ■□□□□□□□□□

  November 2008

  Thanks for your reply mrock.
  
  The switch doesn't accept the command:
  
  switchport trunk encap dot1q
  
  I've set fa 0/1 to be a trunk port and the switch and router can ping each other. THe workstations still can't ping each other or ping the router.

  0 · Share on FacebookShare on Twitter
• Options

  Mrock4 Banned Posts: 2,359 ■■■■■■■■□□

  November 2008

  My mistake..I'm used to 3550's lately. 2950's use only 802.1q encapsulation by default, so you just need the switchport mode trunk command.
  
  Do you have your workstations pointing to the respective sub-interface on the router as their default gateway??
  
  IE: Workstation1 is on VLAN 5, it should have a default gateway of whatever the subinterface is for 5..so f0/0.5's IP, for example.
  
  
  Also, one thing I missed, you shouldn't have Layer 2/3 config on your physical interface of the router (f0/0)..since the actual Layer 3 config is done in the sub-interfaces.

  0 · Share on FacebookShare on Twitter
• Options

  ilcram19-2 Banned Posts: 436

  November 2008

  change this
  interface FastEthernet0/0
  ip address 10.1.5.2 255.255.255.0
  duplex auto
  speed auto
  
  to this
  interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  
  interface FastEthernet0/0.1
  ip address 10.1.5.2 255.255.255.0
  encapsulation dot1q
  duplex auto
  speed auto
  
  then go to your switch and on the interface tha is connected to the router do a switch port mode trun
  ex
  inter fas x/x
  switchport mode trunk

  0 · Share on FacebookShare on Twitter
• Options

  totalfailure Member Posts: 18 ■□□□□□□□□□

  November 2008

  Seems to work now. PC's can ping each other. Thanks very much for your input chaps.
  
  
  Router config is:
  
  Router#sh run
  Building configuration...
  
  Current configuration : 588 bytes
  !
  version 12.2
  no service password-encryption
  !
  hostname Router
  !
  ip ssh version 1
  !
  interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  !
  interface FastEthernet0/0.1
  encapsulation dot1Q 1 native
  ip address 10.1.1.2 255.255.255.0
  !
  interface FastEthernet0/0.2
  encapsulation dot1Q 2
  ip address 10.1.2.10 255.255.255.0
  !
  interface FastEthernet0/0.3
  encapsulation dot1Q 3
  ip address 10.1.3.10 255.255.255.0
  !
  interface FastEthernet0/0.4
  encapsulation dot1Q 4
  ip address 10.1.4.10 255.255.255.0
  !
  ip classless
  !
  
  line con 0
  line vty 0 4
  login
  !
  !
  end
  
  
  Switch config is:
  
  Switch#sh run
  Building configuration...
  
  Current configuration : 1206 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname Switch
  !
  !
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport access vlan 2
  switchport mode access
  !
  interface FastEthernet0/3
  switchport access vlan 3
  switchport mode access
  !
  interface FastEthernet0/4
  switchport access vlan 4
  switchport mode access
  !
  interface FastEthernet0/24
  !
  interface Vlan1
  ip address 10.1.1.10 255.255.255.0
  !
  interface Vlan2
  ip address 10.1.2.1 255.255.255.0
  !
  interface Vlan3
  ip address 10.1.3.1 255.255.255.0
  !
  interface Vlan4
  ip address 10.1.4.1 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end
  
  
  I've change the PC's IP address from .10 on all of them to .11 and used the sub-interface as configured on the router for the gateway. I've disabled rip on the router too.
  
  Thanks again. Certainly never had to do this VLAN stuff last time I did the CCNA. Seems to be harder now.

  0 · Share on FacebookShare on Twitter
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• Options

  Mrock4 Banned Posts: 2,359 ■■■■■■■■□□

  November 2008

  totalfailure wrote:

  Certainly never had to do this VLAN stuff last time I did the CCNA. Seems to be harder now.

  
  At one time speaking was difficult for you..but you manage just fine now ..it'll be easy before you know it if you keep playing around with it.

  0 · Share on FacebookShare on Twitter
• Options

  phantasm Member Posts: 995

  November 2008

  For further reading on this setup, google "Router on a Stick."

  "No man ever steps in the same river twice, for it's not the same river and he's not the same man." -Heraclitus

  0 · Share on FacebookShare on Twitter
• Options

  mamono Member Posts: 776 ■■□□□□□□□□

  November 2008

  Agreed, keep up with the labs! They are a key element to passing Cisco certs!

  0 · Share on FacebookShare on Twitter
• Options

  totalfailure Member Posts: 18 ■□□□□□□□□□

  November 2008

  Thought I'd try a more complex VLAN scenario on Packet Tracer. Got a main switch and 3 imaginary floors of a building, one switch and PC's on each floor. All switches are 2950's. Did have this working when I just had 2 floors, but then added the 3rd and somewhere along the line it stopped working.
  
  Here's the configs:
  
  Router#sh run
  Building configuration...
  
  Current configuration : 606 bytes
  !
  version 12.2
  no service password-encryption
  !
  hostname Router
  !
  ip ssh version 1
  !
  !
  interface FastEthernet0/0
  no ip address
  duplex auto
  speed auto
  !
  interface FastEthernet0/0.1
  encapsulation dot1Q 1 native
  ip address 192.168.1.1 255.255.255.0
  !
  interface FastEthernet0/0.10
  encapsulation dot1Q 10
  ip address 192.168.10.1 255.255.255.0
  !
  interface FastEthernet0/0.20
  encapsulation dot1Q 20
  ip address 192.168.20.1 255.255.255.0
  !
  interface FastEthernet0/0.30
  encapsulation dot1Q 30
  ip address 192.168.30.1 255.255.255.0
  !
  ip classless
  !
  line con 0
  line vty 0 4
  login
  !
  end
  
  
  main#sh run
  Building configuration...
  
  Current configuration : 1140 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname main
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport mode trunk
  !
  interface FastEthernet0/3
  switchport mode trunk
  !
  interface FastEthernet0/24
  switchport mode trunk
  !
  interface Vlan1
  ip address 192.168.1.1 255.255.255.0
  !
  interface Vlan10
  ip address 192.168.10.1 255.255.255.0
  !
  interface Vlan20
  ip address 192.168.20.1 255.255.255.0
  !
  interface Vlan30
  ip address 192.168.30.1 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end
  
  
  floor1#sh run
  Building configuration...
  
  Current configuration : 988 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname floor1
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport access vlan 10
  !
  interface FastEthernet0/3
  switchport access vlan 10
  !
  interface Vlan1
  no ip address
  !
  interface Vlan10
  ip address 192.168.10.1 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end
  
  
  floor2#sh run
  Building configuration...
  
  Current configuration : 988 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname floor2
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport access vlan 20
  !
  interface FastEthernet0/3
  switchport access vlan 20
  !
  interface Vlan1
  no ip address
  !
  interface Vlan20
  ip address 192.168.20.1 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end
  
  
  floor3#sh run
  Building configuration...
  
  Current configuration : 988 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname floor3
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport access vlan 30
  !
  interface FastEthernet0/3
  switchport access vlan 30
  !
  interface Vlan1
  no ip address
  !
  interface Vlan30
  ip address 192.168.30.1 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end
  
  
  Am I missing something obvious here?

  0 · Share on FacebookShare on Twitter
• Options

  Mrock4 Banned Posts: 2,359 ■■■■■■■■□□

  November 2008

  Yes...I see three 192.168.30.1 addresses being used..one on your router, one on your Main switch, and the third on the Floor3 switch....change them to all be on the same network, but with different host addresses and you should be good.
  
  I noticed your VLAN management addresses are the same across switches..why? The idea of a management interface is to give you the ability to SSH/Telnet in remotely and monitor/configure the switch..if they all share the same IP, it would be hard to know which switch you're getting into. Just like I was mentioning with the 30.1 address..leave the router subinterface addresses the same, but change the last octet for the switch's VLAN interface, therefore giving it a unique address. See if that yields any results. I'll have to check it out more later if that doesn't work. Unfortunately work calls and I am in a hurry!

  0 · Share on FacebookShare on Twitter
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• 
• Options

  totalfailure Member Posts: 18 ■□□□□□□□□□

  November 2008

  Went back to my lab, and sure enoguh was getting IP conflicts. It was working ok this morning before I added the floor3 switch.
  
  I was probably thinking that for example, the VLAN 30 IP address had to be the same across all switches. This must have been where I was getting confused. Have made changes and every PC can ping every PC now.
  
  Here's the updated configs (no changes made to the router):
  
  main#sh run
  Building configuration...
  
  Current configuration : 1140 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname main
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport mode trunk
  !
  interface FastEthernet0/3
  switchport mode trunk
  !
  interface FastEthernet0/24
  switchport mode trunk
  !
  interface Vlan1
  ip address 192.168.1.3 255.255.255.0
  !
  interface Vlan10
  ip address 192.168.10.3 255.255.255.0
  !
  interface Vlan20
  ip address 192.168.20.3 255.255.255.0
  !
  interface Vlan30
  ip address 192.168.30.3 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end
  
  
  floor1#sh run
  Building configuration...
  
  Current configuration : 988 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname floor1
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport access vlan 10
  !
  interface FastEthernet0/3
  switchport access vlan 10
  !
  interface Vlan1
  no ip address
  !
  interface Vlan10
  ip address 192.168.10.2 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end
  
  
  floor2#sh run
  Building configuration...
  
  Current configuration : 988 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname floor2
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport access vlan 20
  !
  interface FastEthernet0/3
  switchport access vlan 20
  !
  interface Vlan1
  no ip address
  !
  interface Vlan20
  ip address 192.168.20.2 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end
  
  
  floor3#sh run
  Building configuration...
  
  Current configuration : 988 bytes
  !
  version 12.1
  no service password-encryption
  !
  hostname floor3
  !
  interface FastEthernet0/1
  switchport mode trunk
  !
  interface FastEthernet0/2
  switchport access vlan 30
  !
  interface FastEthernet0/3
  switchport access vlan 30
  !
  interface Vlan1
  no ip address
  !
  interface Vlan30
  ip address 192.168.30.2 255.255.255.0
  !
  line con 0
  !
  line vty 0 4
  login
  line vty 5 15
  login
  !
  end

  0 · Share on FacebookShare on Twitter
• Options

  Mrock4 Banned Posts: 2,359 ■■■■■■■■□□

  November 2008

  No worries..kudos to you for getting in there and trying new things, that's the best way to learn. It probably worked before since you (mostly) had IP's that were unique to each node. I understand your line of thinking about the VLAN 30 IP addresses. Now you definitely won't forget!!
  
  Keep it up..

  0 · Share on FacebookShare on Twitter