Vlan should be simple but I'm banging my head
Basicly R3 can not ping R4. Am I just missing a vlan config on the router sides?
R4---Switch---R3
R4
interface FastEthernet0/0
ip address 17.3.4.2 255.255.255.240
duplex auto
speed auto
Switch
interface FastEthernet0/3
switchport access vlan 17
switchport trunk allowed vlan 17
switchport trunk encapsulation dot1q
!
interface FastEthernet0/4
switchport access vlan 17
switchport trunk allowed vlan 17
switchport trunk encapsulation dot1q
R3
interface FastEthernet0/0
ip address 17.3.4.1 255.255.255.240
duplex auto
speed auto
Comments
omagico,
do you have trunking enabled on the switch facing the routers? If so, that is your problem; the router is sending non-dot1q traffic but the switch is expecting the traffic to be tagged. So either turn off trunking on the switch ports facing the routers or enable it on the routers.
Actually I don't think so. I'm checking.
Made some changes and nothing improves.
R4
interface FastEthernet0/0
ip address 17.3.4.2 255.255.255.240
duplex auto
speed auto
Switch
interface FastEthernet0/3
switchport access vlan 17
!
interface FastEthernet0/4
switchport access vlan 17
R3
interface FastEthernet0/0
ip address 17.3.4.1 255.255.255.240
duplex auto
speed auto
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 17.3.4.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
- I noticed you didn't configure the trunk on router port (your first configuration part)
Now you configured vlan 17 to both routers facing interfaces.
- Can you check the interface status?
Another thing I suggest:
Assing the ip on vlan 17 interface on switch and try to ping to both routers from switch.
Switch#config t
Switch(config)#int vlan 17
Switch(config-if)#ip add 17.3.4.3 255.255.255.240
now ping to 17.3.4.1 and 2
Update after this with : show vlan brief and show interface status
HAPPY STUDY
[:D]
Ok, I'm a completely losing it.
I configured the wrong FA interface on R3. Very nice how CDP helps in those cases. I guess I'm pretty far from even attempting the lab if I get stumpped by something like that.
Thanks for the help.
Yes, we should keep CDP on our mind while doing the troubleshooting.
[:D]
Brian Dennis, CCIEx5 #2210 (R&S/ISP-Dial/Security/SP/Voice)
[email protected]
Internetwork Expert, Inc.
http://www.INE.com
Reply-To: "[email protected]" <[email protected]>
Date: Tue, 30 Aug 2011 16:23:46 -0500
To: Brian Dennis <[email protected]>
Subject: [CCIE R&S] Vlan should be simple but I'm banging my head
Basicly R3 can not ping R4. Am I just missing a vlan config on the router sides?
R4---Switch---R3
R4
interface FastEthernet0/0
ip address 17.3.4.2 255.255.255.240
duplex auto
speed auto
Switch
interface FastEthernet0/3
switchport access vlan 17
switchport trunk allowed vlan 17
switchport trunk encapsulation dot1q
!
interface FastEthernet0/4
switchport access vlan 17
switchport trunk allowed vlan 17
switchport trunk encapsulation dot1q
R3
interface FastEthernet0/0
ip address 17.3.4.1 255.255.255.240
duplex auto
speed auto
INE - The Industry Leader in CCIE Preparation
http://www.INE.com
Subscription information may be found at:
http://www.ieoc.com/forums/ForumSubscriptions.aspx
Sent from my iPhone 4
On 30 Aug 2011, at 23:23, omagico <[email protected]> wrote:
Don't be so discouraged; sh*t happens Omagico... I bet next time you'll be sure to check that the right port is configured and if it still doesn't work, you know to use CDP to verify that it is the right connection. Just be sure to learn from your mistakes and you will be fine [:D].
CDP neighbors may not always indicate the physical/directly connected device, if for example l2protocol tunneling is configured.
Hello omagico, I could be wrong here but, my understanding is that
a switchpot cannot be both access & trunking at the *same* time. It's
either one or the other. I've seen both configs on switches in the past, but I believe
*access* takes precedence.
Few things I've noticed/used for troubleshooting similar issues
are;
1. sh interface status
2. sh cdp nei (i even have an alias for this)
3. sh int trunk
4. creating a vlan int on a switch helps greatly too
Tough to do but, just enjoy the journey.
Hi djiit,
What do you mean by "access" takes precedence, there is no such thing and i would like to clarify it for you.
Good luck with your studies!
Hey christian, thanks for the clarification.
I was wondering as per the above config on the switches,
what would the behaviour be of the switchport? Whether it will act as access or
trunk? Because a switchport cannot be both at the same time.
dijit,
You are correct - a switchport cannot be trunk and access at the same time.
How do you specify which mode it is in?
The model of switch will determine the default mode of a switchport - 3550: dynamic desirable, 3560 dynamic auto, ...
To recap the dynamic modes:
Given the configuration by omagico above, the switchports would be in access mode, because R3 and R4 are not capable of DTP negotiation.
If you have a choice, configuring switchport mode access would be better, but omagico's configuration should work if R3 and R4 directly connect to F0/3 and F0/4 on the same switch - if they connect to switchports on different switches (as in the case of the INE topology), VLAN 17 would need to be trunked between the switches.
If you want to trunk with a router, you need to specify "switchport trunk encapsulation dot1q" AND "switchport mode trunk".
Awesome Darrell - Thanks.
You need trunking on the routers to connect to a switch trunk port. With subinterfaces.
kind regards
The switchport will behave differently depending on its operational state which is defined by the administrative setting (switchport mode) and the result of trunk negotiation if DTP is being used. Let's take the following config:
interface FastEthernet0/1
switchport mode dynamic auto
switchport access vlan 10
switchport voice vlan 20
spanning-tree portfast
switchport trunk native vlan 5
switchport trunk allowed vlan 10,20
Mode "dynamic auto" means that DTP is used for trunk negotiation, and the latter will be passive, i.e. the port will wait for someone else to start sending DTP queries.
If the port Fa0/1 negotiates trunk, the green part will work, and the blue part will do nothing.
If it becomes an access port, on the contrary, the blue part will be working whereas the green commands will do nothing.
In any case all the commands can happily co-exist in the running config.