Good evening,

I am currently studying for my CCNA using the Sybex study guide and have been attempting the inter VLAN routing practicle using 'Router on a stick'.

I cannot get the hosts in the different VLANs to ping each other. This is how I am set up:

I have a Cisco 2950 switch running IOS 12.1, a Cisco 1800 router running IOS 12.4 and 2 laptops, one running vista and one running windows 7.

I have created the following VLANs:

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24, Gi0/1, Gi0/2
2 Andrew active Fa0/2
3 Marc active Fa0/3

VLAN 1 has been configured with the IP 10.142.5.129 255.255.255.192 default gateway 10.142.5.1

I have the Vista laptop in patched into fa0/2 and the windows 7 laptop in fa0/3. The switch port configs are as follows:

interface FastEthernet0/2
description LAN connection to Andrew PC
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface FastEthernet0/3
description LAN connection to John PC
switchport access vlan 3
no ip address
spanning-tree portfast

The IP addresses of the laptops are as follows:

Vista - 10.142.5.6 255.255.255.192 default gateway 10.142.5.1
7 - 10.142.5.66 255.255.255.192 default gateway 10.142.5.65

I have configured a trunk on fa0/1 of the switch to fa 0 on the router, the sw port config as follows:

interface FastEthernet0/1
description trunk connection to R1
switchport mode trunk
no ip address

Fa0 on the router has been configured with 2 subinterfaces as follows:

interface FastEthernet0
description Beechfield LAN A
no ip address
speed 100
full-duplex
!
interface FastEthernet0.2
encapsulation dot1Q 2
ip address 10.142.5.1 255.255.255.192
no snmp trap link-status
!
interface FastEthernet0.3
encapsulation dot1Q 3
ip address 10.142.5.65 255.255.255.192
no snmp trap link-status

I can successfully ping both subinterfaces from both hosts but yet can't ping one host from the other. Can anyone point out what I am missing?

Any help would be greatly appreciated.

Thanks

Andy

Can you ping the hosts from each other when they are on the same VLAN? Have you disabled the Windows firewall?

Like Fuzz said check windows firewall. I have had windows block pings before.

I duplicated your setup using routers instead of laptops. I cut and pasted from your post and I have no problem pinging each router

Can you ping the hosts from each other when they are on the same VLAN? Have you disabled the Windows firewall?

In addition to the above, I would suggest the following:

On the router:
Configure F0 with an ip address for the management VLAN. can be configured one of two ways.
interface FastEthernet0
description Beechfield Management VLAN
ip address 10.142.5.129 255.255.255.192
speed 100
full-duplex
!
!

or

!
interface FastEthernet0.1
description Beechfield Management VLAN
enc dot1q 1 native
ip address 10.142.5.129 255.255.255.192
speed 100
full-duplex

On the switch:
I am venturing a quess, but, with your current config, I doubt you are able to ping the router from the switch. This is because you have assigned the switch a default-gateway and VLAN1 an ip address that is accessable only through VLAN2 on the trunk port F0/1. The 2950 is an a L3 capable switch and therefore does not know that the only way to get to the default gateway is through VLAN2 on the trunk port.
int vlan1
ip address 10.142.5.130 255.255.255.192

ip default-gateway 10.142.5.129

The best way to approach troubleshooting connectivity isses to begin by confirming communication between directly connected devices - router and switch. Next test communications between end-points - PC -> router, router -> PC. Finally, PC -> PC.

If you are able to ping Switch > Router -> Switch, all (sub) interfaces on the router from both PCs, and cannot ping PC -> PC the problem is, as Fuzz suggested, mostlikely a firewall issue. W7 is particularly picky about that.

Hi guys,

Thanks very much for all your responses, they are greatly appreciated!

The issue was the Windows firewall! So you were all bang on the money!

John,

Followed your further advice as well and everything is running great!

Thanks again guys!

Andy