implementing Inter-Vlan Routing

hi

I am trying to configure this Lab

image

from Host A, Host B, ALS1 ,  ALS2, I am able to ping only their gateways !

on R1, I am able to ping all subnets (static route is enable to reach 200.200.200.0/24)

on R2, I am able to ping up to Fa0/0 on R1

IP routing is enabled on R1, but it does not route packets ?

can some one assit me please ?

thanks,

Comments

  • make sure the switches are running dot1q over the trunk links:
     - switchport trunk encapsulation dot1q

    R1(config-if)# interface fa0/0.1
    R1(config-subif)# description VLAN1
    R1(config-subif)# encapsulation dot1q 1 native

    R1(config-if)# interface fa0/0.100
    R1(config-subif)# description VLAN100
    R1(config-subif)# encapsulation dot1q 100

    R1(config-if)# interface fa0/0.200
    R1(config-subif)# description VLAN200
    R1(config-subif)# encapsulation dot1q 200

    help this helps...

  • it is exactly as you mention,

    I think it is layer 3 issue, Vlans and trunking are configured well. connectivity is there. but router 1 is not routing packets

  • Hi oudmaster,

    Have you configured NAT on R1? Since you have reachabiility up to the gateways, there shouldn't be any kind of layer 2 issues. Please post the config of R1 so that we can have a quick look into it.

    Good luck!

  • please have a look into R1 config

    the port numbers are different then the picture, because I am using INE CCIE lab topology.

    Gateway#
    Gateway#show run
    Gateway#show running-config
    Building configuration...

    Current configuration : 1376 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Gateway
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    ip cef
    !
    !
    !
    !
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface FastEthernet0/0.1
    !
    interface FastEthernet0/1
     no ip address
     duplex auto
     speed auto
    !
    interface FastEthernet0/1.1
     description Management VLAN 1
     encapsulation dot1Q 1 native
     ip address 172.16.1.1 255.255.255.0
    !
    interface FastEthernet0/1.100
     description Payroll VLAN 100
     encapsulation dot1Q 100
     ip address 172.16.100.1 255.255.255.0
    !
    interface FastEthernet0/1.200
     description Engineering VLAN 200
     encapsulation dot1Q 200
     ip address 172.16.200.1 255.255.255.0
    !
    interface Serial1/0
     no ip address
     shutdown
    !
    interface Serial1/1
     no ip address
     shutdown
    !
    interface Serial1/2
     ip address 192.168.1.1 255.255.255.0
    !
    interface Serial1/3
     no ip address
     shutdown
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 192.168.1.2
    !
    !
    ip http server
    no ip http secure-server
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    line con 0
     exec-timeout 0 0
    line aux 0
    line vty 0 4
     login
    !
    !
    end

    Gateway#

    however, the objective in the lab does not require any configurations like NAT or dynamic routing.

  • please have a look into R1 config

    the port numbers are different then the picture, because I am using INE CCIE lab topology.

    Gateway#
    Gateway#show run
    Gateway#show running-config
    Building configuration...

    Current configuration : 1376 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Gateway
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    ip cef
    !
    !
    !
    !
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface FastEthernet0/0.1
    !
    interface FastEthernet0/1
     no ip address
     duplex auto
     speed auto
    !
    interface FastEthernet0/1.1
     description Management VLAN 1
     encapsulation dot1Q 1 native
     ip address 172.16.1.1 255.255.255.0
    !
    interface FastEthernet0/1.100
     description Payroll VLAN 100
     encapsulation dot1Q 100
     ip address 172.16.100.1 255.255.255.0
    !
    interface FastEthernet0/1.200
     description Engineering VLAN 200
     encapsulation dot1Q 200
     ip address 172.16.200.1 255.255.255.0
    !
    interface Serial1/0
     no ip address
     shutdown
    !
    interface Serial1/1
     no ip address
     shutdown
    !
    interface Serial1/2
     ip address 192.168.1.1 255.255.255.0
    !
    interface Serial1/3
     no ip address
     shutdown
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 192.168.1.2
    !
    !
    ip http server
    no ip http secure-server
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    line con 0
     exec-timeout 0 0
    line aux 0
    line vty 0 4
     login
    !
    !
    end

    Gateway#

    however, the objective in the lab does not require any configurations like NAT or dynamic routing.

     

    Hi,

     "ip routing" command is missing from your config. Go to global config and enter ip routing

     You have configured fa0/1 interface while in the diagram you are using fa0/0

    Please double check the cabling etc.

    HTH

    Murad

  • I already did that by configuring

    ip routing

    and

    ip source-route

    did not work !

     

    just ignore the ports numbers, it is just different topology but same connections. 

  • Hi Murad,

    As he mentioned earlier, there is no physical layer issue. If this is the router with latest IOS, "ip routing" is automatically enabled & usually not shown in the "show run" output. 

    I would suggest to check for the reverse route on ISP router. It should have static routes for vlan 1, 100 & 200 networks. 

    Hope this helps!

  • hi Hari

    ISP#show ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route

    Gateway of last resort is not set

    C    200.200.200.0/24 is directly connected, Loopback0
    S    172.16.0.0/16 [1/0] via 192.168.1.1
    C    192.168.1.0/24 is directly connected, Serial0/1
    ISP#

     

    from ISP, I can ping only loopback, directly connected and R1 subinterfaces,

    but not Host A, Host B , ALS1 and ALS2

    !!!

  • I'd take a look at the routing on Host A, Host B and the two switches. If they don't have a default route in their routing table, then you'll see what's happening here - ping to same subnet (including default GW) works, but nothing else.

  • Can i ask you how you think to route through the gateway without routing information been advertised?

    If the hosts havent at least a default route they cannot take over the gateway to search the desired subnet destinations.

    Another solution could be to implement an IGP between the switch SVIs interfaces and the router's subifs to exchange routing information between the vlans or even much more simpler you can use only the switch to route between the SVIs

  • I don't think anyone realizes this but the physical interface responds for vlan 1. You don't need a sub interface for vlan 1. I don't see a sho ip route from the router, or a show arp that shows the router can see the different hosts in the different subnets. Also you don't need the native vlan marking on the router, that is only applicable between the switches. Make sure you are placing the config on the right interface. 


    On Thursday, December 12, 2013 1:03 PM, Murad <[email protected]> wrote:
    image oudmaster:

    please have a look into R1 config

    the port numbers are different then the picture, because I am using INE CCIE lab topology.

    Gateway#
    Gateway#show run
    Gateway#show running-config
    Building configuration...

    Current configuration : 1376 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Gateway
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    ip cef
    !
    !
    !
    !
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    interface FastEthernet0/0.1
    !
    interface FastEthernet0/1
     no ip address
     duplex auto
     speed auto
    !
    interface FastEthernet0/1.1
     description Management VLAN 1
     encapsulation dot1Q 1 native
     ip address 172.16.1.1 255.255.255.0
    !
    interface FastEthernet0/1.100
     description Payroll
    VLAN 100
     encapsulation dot1Q 100
     ip address 172.16.100.1 255.255.255.0
    !
    interface FastEthernet0/1.200
     description Engineering VLAN 200
     encapsulation dot1Q 200
     ip address 172.16.200.1 255.255.255.0
    !
    interface Serial1/0
     no ip address
     shutdown
    !
    interface Serial1/1
     no ip address
     shutdown
    !
    interface Serial1/2
     ip address 192.168.1.1 255.255.255.0
    !
    interface Serial1/3
     no ip address
     shutdown
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 192.168.1.2
    !
    !
    ip http server
    no ip http secure-server
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    line con 0
     exec-timeout 0 0
    line aux 0
    line vty 0 4
     login
    !
    !
    end

    Gateway#



    however, the objective in the lab does not require any configurations like NAT or dynamic routing.


     

    Hi,

     "ip routing" command is missing from your config. Go to global config and enter ip routing

     You have configured fa0/1 interface while in the diagram you are using fa0/0

    Please double check the cabling etc.

    HTH

    Murad



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • If routing is not working, I would debug ip routing and debug ip icmp on the router and send a ping from the host to see if they are even reaching the default gateway. I am guessing that it is layer 2, but without seeing any farther into it it's hard to say.


    On Thursday, December 12, 2013 1:49 PM, oudmaster <[email protected]> wrote:
    I already did that by configuring

    ip routing

    and

    ip source-route

    did not work !

     

    just ignore the ports numbers, it is just different topology but same connections. 



    INE - The Industry Leader in CCIE Preparation

    http://www.INE.com



    Subscription information may be found at:

    http://www.ieoc.com/forums/ForumSubscriptions.aspx


  • If you are using a ROUTER in place of PC-A and PC-B then turn off routing and just configure an ip default gateway.

    conf t
    no ip routing

    and you have the a default gateway configured

    ip default-gateway x.x.x.x

    It's either routing or it's not, not both.

    HTH.

  • thanks all

    the issue has been resolved by inserting no ip routing on both switches !!!

    just one thing I want to mention also is I am using routers instead of the hosts to test connectivity.

    also I am doing this from a ciscopress woorkbook not from mine, so I had to be restricted with it.

    anyway, now it is working well.

    thanks again

  • The swithes for INE will also be L3 by default; like you say this will also need to be disabled to make L2 only. You could have got round the PC-A and PC-B issue with default static routes to the gatway adderess

Sign In or Register to comment.