Native Vlan & Management Vlan

[kapupu]

Can you put some host in the management vlan and ping the regular Vlan host. I try this but I cannot ping them.

 

[vipergg]

As long as the port is assigned the vlan that the management address space is in , you should be able to ping it assuming you have shutoff all firewalls in the client.

 

[PScottC]

As long as you have a device that is routing traffic between the vlans somewhere.

PSC
[—] CCNP (R&S/Wireless) [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[kapupu]

I have a router to route between VLAN and I assume the Management is just another VLAN. Here my physical topology.


Ok since I don't have 3 or 4 PC I turn the router into a PC.
These 2 router are in VLAN 20 and their ethernet interface are configure like this.

inter e0/0
ip address 172.17.20.3 = pc1 172.17.20.4 = pc2
no shutdown

and in global config for both router I did like this
ip route 0.0.0.0 0.0.0.0 ethernet 0/0

these two host are able to ping each other and their default gateway, VLAN 1 & 99 default gateway,
They however cannot ping the switch or the host in vlan 99

Here is the router config
inter e0/0
no shutdown

//VLAN 1
inter e0/0.1
encapsulation dot1Q 1
ip address 172.17.1.1 255.255.255.0

//VLAN 20
inter e0/0.20
encapsulation dot1Q 20
ip address 172.17.20.1 255.255.255.0

//VLAN 99
inter e0/0.99
encapsulation dot1Q 99 native
ip address 172.17.99.1 255.255.255.0


Also in the router ethernet 0/1 I have a host whose IP address is 172.17.50.254 and the router e0/1 configuration is
inter e0/1
ip address 172.17.50.1 255.255.255.0
no shutdown

and this host is able to ping its default gateway and any host in VLAN 20 and the default gateway for VLAN 1,20 and 99 too



Here is the switch configuration:
this is 2950 switch
inte fa0/1
switchport mode trunk
switchport trunk native vlan 99
no shutdown

inter vlan 99
ip address 172.17.99.9 255.255.255.0
no shutdown

ip default-gateway 172.17.99.1


inter fa0/9
switchport mode access
switchport acces vlan 20
no shut
172.17.20.3 reside here


inter fa0/10
switchport mode access
switchport acces vlan 20
no shut
172.17.20.4 reside here

inter fa0/11
switchport mode access
switchport acces vlan 99
no shut
172.17.99.10 reside here


172.17.99.10 cannot ping anybody not even it default gateway
the switch cannot ping nobody too and
the router router can ping everybody except the switch and
host in VLAN 99

Would someone suggets some solution

 

[PScottC]

Well... a static route of "ip route 0.0.0.0 0.0.0.0 eth0" doesn't really help much unless your using a /30 subnet. How does the router know which IP it's sending the packet to? The easy way to fix this is by making the routers (PCs) into true endpoint devices...

no ip routing
ip default-gateway 172.17.20.1

The host at 172.17.99.10... What is it's default gateway?

PSC
[—] CCNP (R&S/Wireless) [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[vipergg]

Did you create the layer 2 vlans on the 2950 ? If you do a show vlan on the 2950 do all your vlans show up and active with the ports you have assigned . vlan 20 and vlan 99 should show up with that command , if not you have not created the layer 2 vlan and why you cannot ping out of those vlans.

 

[kapupu]

host 172.17.99.10 default gateway is 172.17.99.1
I did the no ip routing and assign default-gateway too

ok it seems that vlan 20 and 1 can communicate but vlan 99 can't. I also want to mention that the native vlan for the trunk is vlan 99 and in this switch I have one switch belong to vlan 99.

Also the switch cannot ping nobody. Here is the switch & router config

Switch:

interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport mode trunk


interface VLAN99
ip address 172.17.99.9 255.255.255.0

ip default-gateway 172.17.99.1


Router:

interface Ethernet0/1
no ip address
half-duplex
!
interface Ethernet0/1.1
encapsulation dot1Q 1
ip address 172.17.1.1 255.255.255.0

interface Ethernet0/1.20
encapsulation dot1Q 20
ip address 172.17.20.1 255.255.255.0

interface Ethernet0/1.99
encapsulation dot1Q 99 native
ip address 172.17.99.1 255.255.255.0


R1#sh ip inter brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/1 unassigned YES NVRAM up up
Ethernet0/1.1 172.17.1.1 YES NVRAM up up
Ethernet0/1.20 172.17.20.1 YES NVRAM up up
Ethernet0/1.99 172.17.99.1 YES NVRAM up up
up

 

[PScottC]

I just simulated your configuration using GNS3. I used 4 routers, 2 as hosts, 1 as a switch with a NM-16ESW module, and 1 as a router. I have it working 100% with the following configuration:

[red]Router:[/red]
interface FastEthernet0/0
description Connection to Switch Fa1/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 1
ip address 172.17.1.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 172.17.20.1 255.255.255.0
!
interface FastEthernet0/0.99
encapsulation dot1Q 99 native
ip address 172.17.99.1 255.255.255.0
!

[red]Switch:[/red]
no ip routing
!
interface FastEthernet1/0
description Connection to Router Fa0/0
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet1/1
description Connection to Host 1 Fa0/0
switchport access vlan 99
!
interface FastEthernet1/2
description Connection to Host 2 Fa0/0
switchport access vlan 20
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan20
no ip address
!
interface Vlan99
ip address 172.17.99.9 255.255.255.0
!
ip default-gateway 172.17.99.1


[red]Host 1:[/red]
no ip routing
!
interface FastEthernet0/0
description Connection to Switch Fa1/1
ip address 172.17.99.10 255.255.255.0
speed 100
full-duplex
!
ip default-gateway 172.17.99.1


[red]Host 2:[/red]
no ip routing
!
interface FastEthernet0/0
description Connection to Switch Fa1/2
ip address 172.17.20.3 255.255.255.0
speed 100
full-duplex
!
!
ip default-gateway 172.17.20.1


PSC
[—] CCNP (R&S/Wireless) [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers

 

[kapupu]

It works on my packet tracer but on live router it won't work.
Well I will update if I found anything wrong with it.

 

[kapupu]

Nope it still not work but I need you to answer one question. Ok correct me if I'm wrong. All switch ports by default belong to the DEFAULT VLAN which is also know as the NATIVE VLAN. Now once you create VLAN 20; you now have 2 VLAN in the switch. You decided to assigns some ports to VLAN 20

ports 1-5 = vlan 20
ports 6-12 = vlan 1 aka(default vlan or native vlan)

so host in vlan 1 sent a packet to host in vlan 20. The switch reviece the packet but before the packet exit the switch to the default gateway is the packet going to travel in the trunk native VLAN 1(by default) with VLAN 1 ID inserted in the frame or not?

 

[PScottC]

On an "Access" port on a switch, any VLAN tag received from the connected host is stripped, and the tag for the port's assigned VLAN is added. If the frame is leaving an access port to a host, any VLAN tags that were used are stripped away before transmission.

For a "Trunk" port (on a switch), the native VLAN command tells the switch which VLAN untagged frames go into. By default, untagged frames go into VLAN 1 (the default VLAN).

On a router, when you specify "encapsulation dot1q 99 native", you are telling the router to correlate untagged frames with the subinterface where the command is placed. It also tells the router that frames leaving that interface should be untagged.

Consequently, you could simply not specify a native vlan on either side and packets heading for VLAN 99 should go normally...

[red]Router:[/red]
interface FastEthernet0/0
description Connection to Switch Fa1/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
! Leave fa0/0.1 untagged
[green]encapsulation dot1Q 1 native[/green]
ip address 172.17.1.1 255.255.255.0
!
interface FastEthernet0/0.99
[green]! Tag traffic bound for VLAN 99[/green]
encapsulation dot1Q 99 native
ip address 172.17.99.1 255.255.255.0
!

[red]Switch:[/red]
no ip routing
!
interface FastEthernet1/0
description Connection to Router Fa0/0
[green]! Untagged traffic goes to default VLAN (1)[/green]
switchport trunk native vlan 99
switchport mode trunk


BTW... I did have a problem changing the native vlan on the trunk and was forced to do a shut/no shut on the switch (Fa1/0). Probably a quirk in GNS3.

PSC
[—] CCNP (R&S/Wireless) [•] CCSP [•] MCITP: Enterprise Admin [•] MCSE [—]

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers