ROAS help please!!!

murrayj425murrayj425 Member Posts: 8 ■□□□□□□□□□
I recently passed my CCNA so this is a little embarrising. I have never been able to get Router on a stick to work in my home lab. I have a 2950 connected to a 3640. I am going to post my configs. I really havent the slightest: I've tried using my 2600 router, I've posted this on cisco's learning website and no one could figure it out...they just gave up. Anyho, please help this is driving me crazy, lol! Maybe i'm just confused. I can ping the pc from the router and switch. I can ping the other subnet's (2.1) default gateway from my pc (192.168.1.25). I have a feeling i'm doing something dumb! lol

switch::::::::::::::::::::::::::::::::::::::
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname switch1
!
!
username murray privilege 15 secret 5 $1$/wvj$4AftPGjn9szJxaH4hipWw1
ip subnet-zero
!
no ip domain-lookup
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1 <====this port died so i'm using fa0/2 as the trunk
shutdown
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/2
switchport mode trunk
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/3
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
no keepalive
!
interface FastEthernet0/5
no keepalive
spanning-tree portfast
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
switchport mode trunk
shutdown
speed 100
duplex full
!
interface Vlan1
description NATIVE_VLAN
ip address 192.168.1.10 255.255.255.0
no ip route-cache
!
interface Vlan2
no ip address
no ip route-cache
shutdown
!
ip default-gateway 192.168.1.1
ip http server
!
line con 0
exec-timeout 0 0
password cisco
logging synchronous
login local
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
terminal-type mon
line vty 5 15
login
!
!
end




router::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

rtr1#sh run
Building configuration...
Current configuration : 900 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rtr1
!
!
username murray privilege 15 password 0 Nfyuri88
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip classless
ip http server
ip pim bidir-enable
!
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line aux 0
line vty 0 4
!
end

Comments

  • georgemcgeorgemc Member Posts: 429
    What device is in VLAN 2 that you are trying to ping/connect to? I would try assignning the PC an address of 1921.68.2.2 and plug it into FA0/4(assigned to vlan2) on the switch and then try to ping the SVI(int vlan1) on the switch from the PC. If that works, it would prove that you have traffic leaving the switch on one vlan and returning across your ROAS trunk on another vlan.

    George

    You're not really telling what you're not able to do. :)
    WGU BS: Business - Information Technology Management
    Start Date: 01 October 2012
    QFT1,PFIT in progress.
    TRANSFERRED/COMPLETED: AGC1,BBC1,LAE1,QBT1,LUT1,QLC1,QMC1,QLT1,IWC1,INC1,INT1,BVC1,CLC1,MGC1, CWV1 BNC1, LIT1,LWC1,QAT1,WFV1,EST1,EGC1,EGT1,IWT1,MKC1,MKT1,RWT1,FNT1,FNC1, BDC1,TPV1 REQUIRED:
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    So what is it that you can't do?
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • murrayj425murrayj425 Member Posts: 8 ■□□□□□□□□□
    Sorry, should have been more clear. I was a little frazzled when i posted this lol. I have a pc plugged into the switch on fa0/3 (vlan1), shouldn't that pc be able to ping the gateway of vlan2 (192.168.2.1)? Because it can't. I'll plug a pc into vlan2 but I thought i should be able to at least ping the default gateway of vlan2 from a pc on vlan1.?

    Thanks guys.
  • fsanyeefsanyee Member Posts: 171
    did you configured the default gateway on the pc?
  • fsanyeefsanyee Member Posts: 171
    portfast on trunk?
  • georgemcgeorgemc Member Posts: 429
    murrayj425 wrote: »
    Sorry, should have been more clear. I was a little frazzled when i posted this lol. I have a pc plugged into the switch on fa0/3 (vlan1), shouldn't that pc be able to ping the gateway of vlan2 (192.168.2.1)? Because it can't. I'll plug a pc into vlan2 but I thought i should be able to at least ping the default gateway of vlan2 from a pc on vlan1.?

    Thanks guys.

    OK, In you previous post you said you could ping 2.1. If you can't ping 192.168.2.1 but you can ping 192.168.1.1 then you should probably insure that the correct gateway(192.168.1.1) is configured on the PC. If your gateway on the PC is not set correctly then it will not know where to send packets destined for 192.168.2.1 or any other address outside of it's own subnet. If the ping were reaching the router (and 2.1 is up/up) it would know how to respond because 192.168.1.1 is directly connected.

    George

    P.S. I tried out your configs on equipment here and they worked fine. (3825 and a 3750 in non-routing mode, as well as a 2950)
    WGU BS: Business - Information Technology Management
    Start Date: 01 October 2012
    QFT1,PFIT in progress.
    TRANSFERRED/COMPLETED: AGC1,BBC1,LAE1,QBT1,LUT1,QLC1,QMC1,QLT1,IWC1,INC1,INT1,BVC1,CLC1,MGC1, CWV1 BNC1, LIT1,LWC1,QAT1,WFV1,EST1,EGC1,EGT1,IWT1,MKC1,MKT1,RWT1,FNT1,FNC1, BDC1,TPV1 REQUIRED:
  • georgemcgeorgemc Member Posts: 429
    fsanyee wrote: »
    did you configured the default gateway on the pc?

    I'll +1 that.
    WGU BS: Business - Information Technology Management
    Start Date: 01 October 2012
    QFT1,PFIT in progress.
    TRANSFERRED/COMPLETED: AGC1,BBC1,LAE1,QBT1,LUT1,QLC1,QMC1,QLT1,IWC1,INC1,INT1,BVC1,CLC1,MGC1, CWV1 BNC1, LIT1,LWC1,QAT1,WFV1,EST1,EGC1,EGT1,IWT1,MKC1,MKT1,RWT1,FNT1,FNC1, BDC1,TPV1 REQUIRED:
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    Did you actually create the vlan on the switch? I see interface vlan2, but that doesn't create the vlan and drop it in the vlan database.

    Do a sh vlan, and if you don't see vlan2 in the list, issue the command vlan 2 in config mode and then try it again

    And do a show int trunk. You're setting dot1q on the router side, but have you checked to see whether the switch is actually forming a dot1q trunk?
  • georgemcgeorgemc Member Posts: 429
    !
    interface FastEthernet0/4
    switchport access vlan 2
    switchport mode access
    no keepalive
    !
    VLAN 2 would be created when he assigned the port to the vlan whether he explicitly created it or not.
    WGU BS: Business - Information Technology Management
    Start Date: 01 October 2012
    QFT1,PFIT in progress.
    TRANSFERRED/COMPLETED: AGC1,BBC1,LAE1,QBT1,LUT1,QLC1,QMC1,QLT1,IWC1,INC1,INT1,BVC1,CLC1,MGC1, CWV1 BNC1, LIT1,LWC1,QAT1,WFV1,EST1,EGC1,EGT1,IWT1,MKC1,MKT1,RWT1,FNT1,FNC1, BDC1,TPV1 REQUIRED:
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    georgemc wrote: »
    VLAN 2 would be created when he assigned the port to the vlan whether he explicitly created it or not.

    Not in all cases, it is possible to assign the port to a vlan via switchport, but not have the vlan created. This is why I *always* expliclity create my vlans via the vlan command instead of relying on switchport assignments to create them.

    As the switch will not pass traffic for a vlan that it's not configured for, it's a simple and basic thing to check.

    Really, what we need here is the output of sh int trunk on the switch to see whether the trunk is forming, and what vlans are allowed to pass on it.
  • murrayj425murrayj425 Member Posts: 8 ■□□□□□□□□□
    Wow. Thanks for all the responses, this has to be one of the best discussion boards out there :). Umm, yes I do have the default gateway configured on the pc and here is the output from the sh int trunk:

    Port Mode Encapsulation Status Native vlan
    Fa0/2 on 802.1q trunking 1
    Port Vlans allowed on trunk
    Fa0/2 1-4094
    Port Vlans allowed and active in management domain
    Fa0/2 1-2
    Port Vlans in spanning tree forwarding state and not pruned
    Fa0/2 1-2

    Thanks guys! Really appreciate it, this is driving me crazy lol!
  • murrayj425murrayj425 Member Posts: 8 ■□□□□□□□□□
    I know you can portfast to a router as it is a host, but good point, I'll take it out.
  • VAHokie56VAHokie56 Member Posts: 783
    Did this in PT with your configs...worked fine for me, check you end user configs.
    .ιlι..ιlι.
    CISCO
    "A flute without holes, is not a flute. A donut without a hole, is a Danish" - Ty Webb
    Reading:NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    murrayj425 wrote: »
    Wow. Thanks for all the responses, this has to be one of the best discussion boards out there :). Umm, yes I do have the default gateway configured on the pc and here is the output from the sh int trunk:

    Port Mode Encapsulation Status Native vlan
    Fa0/2 on 802.1q trunking 1
    Port Vlans allowed on trunk
    Fa0/2 1-4094
    Port Vlans allowed and active in management domain
    Fa0/2 1-2
    Port Vlans in spanning tree forwarding state and not pruned
    Fa0/2 1-2

    Thanks guys! Really appreciate it, this is driving me crazy lol!

    Ok, that's good, so the trunk is up, and it's dot1q encap instead of ISL, and the vlan is present in spanning tree and forwarding.

    If you can ping vlan 2's gateway from a vlan 1 box, then routing is correct.

    You mentioned you can ping the PC in vlan 2 from the router and switch, correct? Try pinging the host in vlan2 from the router, but source the ping from the subint that's in vlan1.

    If that's successful, then there's nothing wrong with your network config, and I'd start looking at end host problems. I'd debug ip packet detail on the router to see if the host is sending a response back, and I'd also be looking at end host firewall settings.
  • Greenmet29Greenmet29 Member Posts: 240
    Also check any firewalls. I've gotten to the point that I disable all firewalls while labbing because they've caused me endless hours of headache.
  • murrayj425murrayj425 Member Posts: 8 ■□□□□□□□□□
    IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    murrayj425 wrote: »
    IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!

    Welcome to a very important lesson - when weird **** starts happening, it's usually NOT the network. Network outages tend to be rather dramatic and obvious.
  • murrayj425murrayj425 Member Posts: 8 ■□□□□□□□□□
    yes sir, lesson learned! (I hope)
  • Greenmet29Greenmet29 Member Posts: 240
    +1 for me!! Haha... I hope I saved you some time in the future.
  • CodeBloxCodeBlox Member Posts: 1,363 ■■■■□□□□□□
    murrayj425 wrote: »
    IT was the windows firewall!!!! Holy Snikes! All that time, and you cant just turn it off for the private networks (like you would assume) you have to turn it off for the public networks too! Thanks everyone so much!!

    You can add an exception for ICMP in the windows firewall instead of turning it off... I've done that without an issue.
    Currently reading: Network Warrior, Unix Network Programming by Richard Stevens
  • georgemcgeorgemc Member Posts: 429
    Welcome to a very important lesson - when weird **** starts happening, it's usually NOT the network. Network outages tend to be rather dramatic and obvious.

    +1, it's always the little things that bite you in the a**...
    WGU BS: Business - Information Technology Management
    Start Date: 01 October 2012
    QFT1,PFIT in progress.
    TRANSFERRED/COMPLETED: AGC1,BBC1,LAE1,QBT1,LUT1,QLC1,QMC1,QLT1,IWC1,INC1,INT1,BVC1,CLC1,MGC1, CWV1 BNC1, LIT1,LWC1,QAT1,WFV1,EST1,EGC1,EGT1,IWT1,MKC1,MKT1,RWT1,FNT1,FNC1, BDC1,TPV1 REQUIRED:
  • murrayj425murrayj425 Member Posts: 8 ■□□□□□□□□□
    thanks again everyone, that **** was driving me crazy!
  • jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
    I love those scenarios lol - it is almost like a group of engineers is trying to repair a windows install not noticing there is a boot floppy in the PC ... :D
    My own knowledge base made public: http://open902.com :p
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    jibbajabba wrote: »
    I love those scenarios lol - it is almost like a group of engineers is trying to repair a windows install not noticing there is a boot floppy in the PC ... :D

    What's a boot floppy?
  • VAHokie56VAHokie56 Member Posts: 783
    like an old boot disk to kick your PC into DOS
    .ιlι..ιlι.
    CISCO
    "A flute without holes, is not a flute. A donut without a hole, is a Danish" - Ty Webb
    Reading:NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures
  • Forsaken_GAForsaken_GA Member Posts: 4,024
    VAHokie56 wrote: »
    like an old boot disk to kick your PC into DOS

    I know ;)

    I haven't seen a floppy drive in a computer in..... a very long time.
  • VAHokie56VAHokie56 Member Posts: 783
    ya last time I saw one we where using them as Frisbee's to knock over Styrofoam cups in a inventory room.
    .ιlι..ιlι.
    CISCO
    "A flute without holes, is not a flute. A donut without a hole, is a Danish" - Ty Webb
    Reading:NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures
Sign In or Register to comment.