Cisco 1751 router-on-a-stick 3

[tyl3r32]

Hi guys,

I'm pretty new to Cisco stuff and I'm trying to play around with some equipment. I've got a 1751 router and a 2950 switch and I am trying to setup a router on a stick to route between multiple vlans. Is this possible? I currently have the one and only ethernet port on the router setup with sub-interfaces. The problem that I am having is that I have a linux box on one vlan which is able to ping both sub-interfaces (in this case 192.168.168.251 & 192.168.1.1), but I have a Vista machine that is only able to ping the 192.168.168.251 interface. What am I doing wrong? Thanks in advance!

 

[burtsbees]

Post configs from the router and the switch.

Burt

 

[Belushi]

Yes, you can do the router on a stick thing and perform inter-vlan routing. The configuration of the two devices wil help as mentioned previously.

Right off the top of my head I am wondering if your Vista machine has a default gateway set. And if so is it the correct default gateway (i.e. - the router's subinterface IP address for the vlan it is on).

 

[tyl3r32]

Thanks for the quick responses! Currently, I have both the Vista and Linux machines on the same vlan with the gateway on each set to 192.168.168.251, but I had the vista machine on vlan 2 with the gateway set at 192.168.1.1 and had no luck. I'm thinking I'm missing something simple, just not sure what. Configs are posted below:

--------Router Config-------------------
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname NAT_Router
!
logging rate-limit console 10 except errors
enable secret 5 $1$H65b$BPjnwoRYeXDvTDPzzpqEZ/
!
memory-size iomem 25
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
!
!
interface Loopback0
ip address 10.0.0.1 255.255.255.0
!
interface FastEthernet0/0
no ip address
speed auto
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.168.251 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
!
ip classless
no ip http server
!
line con 0
password
logging synchronous
login
transport input none
line aux 0
line vty 0 4
login
!
no scheduler allocate
end

---------Switch Config---------------
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco2950
!
enable secret 5 $1$Jtwb$VgywtaTrWPh25oJ6Ob85k/
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport mode access
!
interface FastEthernet0/4
switchport mode access
!
interface FastEthernet0/5
switchport mode access
!
interface FastEthernet0/6
switchport mode access
!
interface FastEthernet0/7
switchport mode access
!
interface FastEthernet0/8
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 3
switchport mode access
speed 100
duplex half
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 3
switchport mode access
speed 100
duplex half
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 3
switchport mode access
speed 100
duplex half
spanning-tree portfast
!
interface FastEthernet0/20
description Random Device
switchport access vlan 3
switchport mode access
speed 10
duplex half
spanning-tree portfast
!
interface FastEthernet0/21
description ME-LGR200
switchport access vlan 3
switchport mode access
speed 100
duplex half
spanning-tree portfast
!
interface FastEthernet0/22
description ME812u-LGR
switchport access vlan 3
switchport mode access
speed 100
duplex half
spanning-tree portfast
!
interface FastEthernet0/23
description Dell PC
switchport access vlan 3
switchport mode access
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/24
description Linux PC
switchport access vlan 3
switchport mode access
speed 100
duplex half
spanning-tree portfast
!
interface Vlan1
ip address 10.10.10.2 255.255.255.0
no ip route-cache
shutdown
!
interface Vlan2
description Internal
no ip address
no ip route-cache
shutdown
!
interface Vlan3
description Network
no ip address
no ip route-cache
!
ip http server
!
line con 0
password
logging synchronous
login
line vty 0 4
password
login
line vty 5 15
login
!
!
end

 

[tyl3r32]

Does anyone have any ideas what I'm doing wrong?

 

[burtsbees]

Yes...

interface Vlan2
description Internal
no ip address
no ip route-cache
shutdown

so, do a no shut on vlan 2

Also, why are some of the switchports 1/2 duplex? I'd change these to auto...

Burt

 

[tyl3r32]

I've tried bringing both vlans up at once, but when I do a no shut on vlan 2, vlan 3 shuts down. I can't have both up at once :/

 

[burtsbees]

Plug one Windows computer (NOT Vista) in a vlan2 access port and one in a vlan3 access port, and see if both vlans can be up at the same time. Sounds like a machine may be causing this...also sounds like bdpu-guard, but I don't see it. You may want to create vlan 1 in a subinterface in the router and bring it up. Also, post a sh vlan

Burt

 

[tyl3r32]

Since I didn't have a third machine (non-Vista) available, I unplugged all cables from the switch and tried to bring up multiple vlans with no luck. I'm posting the output below along with the sh vlan status.

Cisco2950(config)#int vlan 2
Cisco2950(config-if)#no shut
Cisco2950(config-if)#
2w5d: %LINK-3-UPDOWN: Interface Vlan2, changed state to up
Cisco2950(config-if)#
2w5d: %LINK-5-CHANGED: Interface Vlan1, changed state to administratively down
2w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up
2w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to do
wn
Cisco2950(config-if)#int vlan 3
Cisco2950(config-if)#no shut
Cisco2950(config-if)#
2w5d: %LINK-3-UPDOWN: Interface Vlan3, changed state to up
Cisco2950(config-if)#
2w5d: %LINK-5-CHANGED: Interface Vlan2, changed state to administratively down
2w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to up
2w5d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to do
wn


=================sh vlan=================

Cisco2950#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5
Fa0/6, Fa0/7, Fa0/8
2 Random active Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
3 Controls active Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------


It seems to me I have heard somewhere that the 2950 switch cannot have multiple vlans administratively up at one time. Is that true?

Any other ideas what may be going wrong with my setup?

 

[burtsbees]

No, that's not true. The line protocol will be down with nothing plugged into the vlan switchports...you must plug something into the access ports to properly test it out.

Burt

 

[tyl3r32]

OK...so this time I had one computer (linux) plugged into a port on vlan2, and two devices (non-vista) plugged into ports on vlan3. The outcome posted below shows the vlan that I do the no shut on comes up, but the other goes down automatically.

Cisco2950(config)#int vlan 2
Cisco2950(config-if)#no shut
Cisco2950(config-if)#int vlan 3
Cisco2950(config-if)#no shut
Cisco2950(config-if)#
2w6d: %LINK-3-UPDOWN: Interface Vlan3, changed state to up
Cisco2950(config-if)#
2w6d: %LINK-5-CHANGED: Interface Vlan2, changed state to administratively down
2w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to up
2w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to do
wn
Cisco2950(config-if)#int vlan 2
Cisco2950(config-if)#no shut
Cisco2950(config-if)#
2w6d: %LINK-3-UPDOWN: Interface Vlan2, changed state to up
Cisco2950(config-if)#
2w6d: %LINK-5-CHANGED: Interface Vlan3, changed state to administratively down
2w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up
2w6d: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to do
wn


??

 

[burtsbees]

Very weird...I have never seen that...I'll try and do some research...very intriguing...

Burt

 

[vipergg]

Get rid of the following , it does not even need to be there. it serves no function . You need one SVI with an address on it which is "interface vlan 1" . This is to be able to manage the switch only , it does nothing else . All routing is done by the router once you get the trunks correct . Get rid of these entries.

nterface Vlan2
description Internal
no ip address
no ip route-cache
shutdown
!
interface Vlan3
description Network
no ip address
no ip route-cache

Make these changes

interface FastEthernet0/0.2
encapsulation dot1Q 2 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.168.251 255.255.255.0


2950
interface FastEthernet0/1
switchport trunk native vlan 2
switchport mode trunk

"note i'm not sure what that 10.10.10.2 address is what is used for on vlan 1 as that address space does not even show up on the router. If you need to manage the switch then you could give a address in vlan instead of vlan 1. Create the sVI for vlan 2 on the switch.

conf t
interface vlan 2
ip address 192.168.1.X <mask>

ip default-gateway 192.168.1.1

You won't be able to get rid of the the Vlan 1 SVI because it is the default vlan, just strip the address and shut it down.

 

[burtsbees]

interface FastEthernet0/0.2
encapsulation dot1Q 2 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.168.251 255.255.255.0

He already has these in the router...also, there is only one SVI configured...with the configs for vlan 2 and vlan 3, is it screwing things up and making the switch create SVI's for vlan2 and vlan3?

Burt

 

[vipergg]

It is basically the same problem , he is trying to create layer 3 SVI's , "interface vlan X". doesn't need to do that . the layer 2 vlans are already created because they show up with the show vlan command . If he is creating a layer 3 SVI it will go up and down even without an ip address on it but it basically doing nothing because the only reason to have an address on any layer 2 switch is to manage it so you only need one single SVI created with an address assigned to it to manage it .

 

[vipergg]

On the router the only difference is I made vlan 2 native and matched it on the switch end just to make sure the native vlans match other the trunk won't work correctly.

 

[goosed]

Hey tyl3r32, check my thread. A lot of what these guys are saying helped resolve my issue which was almost identical to yours.

 

[tyl3r32]

Hey guys...sorry I took so long to respond. I changed all those settings. Here is what is happening: Vista machine (192.168.1.100) can ping router sub-interface (192.168.1.1), but not the other sub int or my Linux box (192.168.168.101). Same thing goes for the Linux box...can ping the sub-int of 192.168.168.251, but nothing on the other side.

Also, I'm confused now...what is the difference between the vlans shown when doing the sh run command as opposed to doing the sh vlan command? I'm not even sure how I got those vlans there (the ones shown in sh vlan) haha : )

 

[goosed]

Did you enable IP Routing on the Router?

 

[tyl3r32]

Hey goosed. I typed in the command ip routing and it didn't display it anywhere in the config and I'm still not able to route : / I'm going to try it again today to see what I can come up with.