Simple VLAN Problem

bankintherollbankintheroll Member Posts: 121
I am setting up 5 connected networks through Cisco Packet Tracer. I'm going over everything I learned in the first 17 chapters of the CCENT official cert guide. For some reason, I cannot get my VLANs/subnets to work. I've only tried on the left network so far.

I even created a new network with 1 router, 1 switch, and 4 hosts, and got the router and all 4 end devices to ping successfully.

Here is what I did:

1) Created and named VLANs 20 & 30 in my switch, and placed interface FA1/1 in VLAN 20, and interface FA2/1 in VLAN 30. I made interface FA0/1 the trunk port, and the other 2 access ports.

2) I then went into my Router CLI. FA0/0 is connected to the switch. I went into interface FA0/0.20, and assigned VLAN 20 to that interface, as well as IP 192.168.20.1. I then went into interface FA0/0.30, and assigned VLAN 30 to it, with the IP address 192.168.30.1.

3) I then went into my 2 end devices. On one end device, I assigned the gateway 192.168.20.1, and 192.168.20.150 for the static IP of the PC. I went into my other end device, and assigned the gateway 192.168.30.1, with a 192.168.30.150 IP for that static IP.

(I used 255.255.255.0 for every subnet mask in every device).

I did all of this for my other network, and it worked fine. I have no idea what I am doing wrong here. Does anyone see anything that I am not catching? Thanks.

Comments

  • fredrikjjfredrikjj Member Posts: 879
    You are missing one step.

    Take a look at the link between your switch and the router and focus on the trunking aspect.

    PS.
    I reread your post. Forget what I said if you by "I went into interface FA0/0.20, and assigned VLAN 20 to that interface" are referring to the encapsulation dot1q 20 command.
  • bankintherollbankintheroll Member Posts: 121
    Hmmm, do you mean the switchport trunk encapsulation dot1q command? Because this switch doesn't even have that command in PT, so I assume ISL is completely disabled for this switch.
  • fredrikjjfredrikjj Member Posts: 879
    no I'm talking about the router subinterfaces.
  • bankintherollbankintheroll Member Posts: 121
    I did no shutdown for both of those. And a "show ip int brief" command shows that they are up/up.
  • bankintherollbankintheroll Member Posts: 121
    The only commands I see in the subinterface are access-group, address, hello-interval, helper-address, mtu, nat, ospf, proxy-arp, split-horizon, and summary-address. I'm not sure what else I need to do here...
  • fredrikjjfredrikjj Member Posts: 879
    You could take this systematic approach:

    #show vlan

    Are the vlans created. Are they assigned to the right ports?

    #show spanning-tree vlan 20,30

    Are the access ports forwarding?

    #show interface trunk

    Is the trunk port in the forwarding state for vlan 20,30

    If those check out ok, you issue is likely with the router:


    #show ip route

    Is ip routing enabled?

    #show run int FA0/0.20 (or show run if this command isn't available in PT)
    #show run int FA0/0.30

    Are the ip addresses assigned and is the encapsulation and vlan-id defined?


    Next step: ping from a PC to that PC's default GW.
  • bankintherollbankintheroll Member Posts: 121
    Everything checked out okay for the switch. Here is what I got for the router show commands:

    Router1#show ip route
    Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
    i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
    * - candidate default, U - per-user static route, o - ODR
    P - periodic downloaded static route


    Gateway of last resort is not set


    C 192.168.4.0/24 is directly connected, Serial2/0
    C 192.168.5.0/24 is directly connected, Serial3/0
    C 192.168.20.0/24 is directly connected, FastEthernet0/0.20
    C 192.168.30.0/24 is directly connected, FastEthernet0/0.30



    Router1#show int fa0/0.20
    FastEthernet0/0.20 is up, line protocol is up (connected)
    Hardware is PQUICC_FEC, address is 0005.5ee5.588c (bia 0005.5ee5.588c)
    Internet address is 192.168.20.1/24
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation 802.1Q Virtual LAN, Vlan ID 20
    ARP type: ARPA, ARP Timeout 04:00:00,
    Last clearing of "show interface" counters never



    Router1#show int fa0/0.30
    FastEthernet0/0.30 is up, line protocol is up (connected)
    Hardware is PQUICC_FEC, address is 0005.5ee5.588c (bia 0005.5ee5.588c)
    Internet address is 192.168.30.1/24
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation 802.1Q Virtual LAN, Vlan ID 30
    ARP type: ARPA, ARP Timeout 04:00:00,
    Last clearing of "show interface" counters never
  • fredrikjjfredrikjj Member Posts: 879
    debug arp is probably not available on the router right, or debug ip packet?

    show ip arp (or maybe just show arp) on the router. are there arp entries for the host PCs?
  • bankintherollbankintheroll Member Posts: 121
    Router1#debug ip packet
    Packet debugging is on
  • fredrikjjfredrikjj Member Posts: 879
    with debug ip packet turned on, ping the gateway from one of the PCs. is there debug output on the router?
  • bankintherollbankintheroll Member Posts: 121
    I just tried to ping the router from both PCs, but they weren't successful. Still, they show up in the arp command, as follows:

    Router1#show ip arp
    Protocol Address Age (min) Hardware Addr Type Interface
    Internet 192.168.20.150 4 0003.E4BB.B663 ARPA FastEthernet0/0.20
    Internet 192.168.30.150 0 000B.BEC5.D545 ARPA FastEthernet0/0.30
  • fredrikjjfredrikjj Member Posts: 879
    I'm kind of running out of ideas. At this point it's conceivable (but unlikely) that the issue is that ping is ICMP echo requests/replies.

    Try telnetting from the PC to its GW.
  • bankintherollbankintheroll Member Posts: 121
    Telnet didn't work either. Could this be why:

    For this network(s), I chose Switch-PT and Router-PT (which are the generic devices). For the one I actually got to work with the router-on-a-stick example, I used switch 2960, and router 2621XM.

    Would that make any difference at all?
  • fredrikjjfredrikjj Member Posts: 879
    I really don't know anything about PT.
  • bankintherollbankintheroll Member Posts: 121
    fredrikjj wrote: »
    I really don't know anything about PT.

    Thanks for all your time and help! Do you use GNS3 or something instead of packet tracer, or do you just have a home lab?
  • fredrikjjfredrikjj Member Posts: 879
    what version of packet tracer is it?
  • bankintherollbankintheroll Member Posts: 121
  • fredrikjjfredrikjj Member Posts: 879
    I just configured an identical scenario and it works.

    The only guess I have left is that your PCs don't actually have the ip addresses that you think they have. You can check with ipconfig. I just tried to change the IP addresses of mine and it only works if you first release the old one by setting it to DHCP and back to static.

    Though, that doesn't explain why they are in the arp cache of the router...

    PS.
    This is the config I have:

    switch:
    interface FastEthernet0/1
    switchport access vlan 20
    switchport mode access
    !
    interface FastEthernet1/1
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet2/1
    switchport mode trunk
    !

    router:

    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/0.20
    encapsulation dot1Q 20
    ip address 192.168.20.1 255.255.255.0
    !
    interface FastEthernet0/0.30
    encapsulation dot1Q 30
    ip address 192.168.30.1 255.255.255.0
  • bankintherollbankintheroll Member Posts: 121
    fredrikjj wrote: »
    I just configured an identical scenario and it works.

    The only guess I have left is that your PCs don't actually have the ip addresses that you think they have. You can check with ipconfig. I just tried to change the IP addresses of mine and it only works if you first release the old one by setting it to DHCP and back to static.

    Though, that doesn't explain why they are in the arp cache of the router...

    PS.
    This is the config I have:

    switch:
    interface FastEthernet0/1
    switchport access vlan 20
    switchport mode access
    !
    interface FastEthernet1/1
    switchport access vlan 30
    switchport mode access
    !
    interface FastEthernet2/1
    switchport mode trunk
    !

    router:

    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/0.20
    encapsulation dot1Q 20
    ip address 192.168.20.1 255.255.255.0
    !
    interface FastEthernet0/0.30
    encapsulation dot1Q 30
    ip address 192.168.30.1 255.255.255.0

    I actually just created an exact scenario too with the same router and switch, and it worked. Wow, this is weird.
  • bankintherollbankintheroll Member Posts: 121
    Well, I figured it out. I am kind of embarrassed to say this, but just in case someone comes across this problem, here it is.

    I completely forgot I started configuring port security, but got sidetracked and didn't finish. I accidentally enabled port security on the trunk port....OUCH! Big mistake.
  • fredrikjjfredrikjj Member Posts: 879
    I've identified the issue as the ip address and gateway settings for the clients being horribly broken. I had an assigned address in the config menu, but hovering over the PC in the topology showed no IP address assigned.
  • bankintherollbankintheroll Member Posts: 121
    fredrikjj wrote: »
    I've identified the issue as the ip address and gateway settings for the clients being horribly broken. I had an assigned address in the config menu, but hovering over the PC in the topology showed no IP address assigned.

    Hmm, that's strange. I didn't have any problems with the client IP/gateway settings.
Sign In or Register to comment.