Cisco 2621 Intervlan routing HELP

[eatingrice]

Hi,

I have a Cisco 2621 with interface e0/0 on the Internet with NAT and e0/1 trunking with two VLANs (e0/1.1 and e0/1.2). I could access the Internet from each of the VLAN on a Cisco 2950 with trunking. My problem is that I could not get to any systems on VLAN2 from VLAN1 and vice versa. The router could get to both VLAN though. Here is my router config: Thanks in advance.

version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!

no ip domain lookup
ip name-server 64.81.122.2
ip name-server 216.231.145.6
!
ip audit po max-events 100
interface FastEthernet0/0
ip address 208.168.123.50 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
speed 100
full-duplex
!
interface FastEthernet0/1.1
encapsulation dot1Q 1 native
ip address 10.11.10.1 255.255.255.0
no ip redirects
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 10.11.9.1 255.255.255.0
no ip redirects
ip nat inside
no snmp trap link-status
!
interface Serial0/1
no ip address
shutdown
!
ip nat inside source list 110 interface FastEthernet0/0 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 208.168.123.1
!
!
access-list 110 permit ip 10.11.10.0 0.0.0.255 any
access-list 110 permit ip 10.11.9.0 0.0.0.255 any
!
line con 0
line aux 0
line vty 0 4
login
transport input none
!
!
end

 

[KiscoKid]

Hi

Could you possibly provide the config of the directly-connected switch also?

 

[eatingrice]

Sorry. Here is the config for the 2950. From the router, I could ping clients on both VLAN. From the VLAN, the client could ping the gateway of the other VLAN but nothing beyond that.


version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SWITCH
!
enable secret 5 $1$hBUb$xBgzbAHutuy6AXjLW5RbS1
!
ip subnet-zero
!
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 2-3
!
interface FastEthernet0/1
description to 2600 e0/1 trunking
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/3
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/4
switchport mode access
!
interface FastEthernet0/5
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/6
switchport mode access
!
interface FastEthernet0/7
switchport mode access
!
interface FastEthernet0/8
switchport mode access
!
interface FastEthernet0/9
switchport mode access
!
interface FastEthernet0/10
switchport mode access
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
speed 100
duplex full
!
interface FastEthernet0/15
!
interface FastEthernet0/16
speed 100
duplex full
spanning-tree portfast
!
interface FastEthernet0/17
!
interface FastEthernet0/18
speed 100
duplex full
!
interface FastEthernet0/19
speed 100
duplex full
!
interface FastEthernet0/20
speed 100
duplex full
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode dynamic auto
speed 100
duplex full
!
interface Vlan1
ip address 10.11.10.2 255.255.255.0
no ip route-cache
!
interface Vlan2
no ip address
no ip route-cache
!
ip default-gateway 10.11.10.1
ip http server
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
!
end

 

[bahamas68]

Once you have created an interface for a vlan on a switch, that switch becomes the local router for that particular vlan.
The switch now becomes a L3 switch, and everything on vlan2 expects their packet to get out on interface vlan2.

Try assigning a valid ip address (10.11.9.x) to the vlan2 interface.

Once that is done you will be able to communicate just fine between the two vlans.
Also with that configuration you no longer have to do trunking on the two subinterfaces that you have configured. Just route everything out.



Mystral (Ty) Massé
Network Analyst
University of Texas Health Center

 

[vipergg]

The 2950 is a layer 2 device and can do no routing , all routing is done at the 2621 via the trunk he has created . On the 2950 do a show vlan and make sure all vlans show active that you want to use . Then do a "show int trunk" and see if that looks ok , with both vlans allowed across the trunk . Also on your clients nics make sure the default gateway is pointed to the router address for that particular vlan that they are in . On your 2950 trunk link add the command "switchport trunk native vlan 1" . then look at the trunk again and see if it looks ok . Make sure vlan 1 and 2 are allowed across the link. The rest of the config looks like it should work.

 

[eatingrice]

It is working!!! Thank you to all you experta for the help.