I purchased the following for my CCNA lab:

(2) 2950-24 Switches
(2) 2610 Routers

The 2950s are trunked together with a crossover cable on fa0/1.

One of the 2610s has it's ethernet port trunked to fa0/2 of the bottome 2950.

Both switches show the proper trunking.

I easily got the management VLAN running and am able to telnet to all the devices.

I decide to create a simple VLAN using my desktop. I set the IP address of my desktop to 192.168.10.2/24. I connected the cable to the bottom fa0/3.

I created VLAN 2 on the bottom switch and assigned fa0/3 to it.

I configured the 2610 fa0/0.2 to dot1q and set it's address to 192.168.10.1/24.

Problem is I can't even ping the router from my desktop! Using Wireshark I can see the ARP request for the router's IP going out on the wire but no response. It is if the switch is not passing anything thru the VLAN. There must be something really basic I am overlookiing but I can't figure it out!!

I am using the 7th edition of the CCNA study guide. I have followed every detail of Configuring inter-VLAN Routing on page 581.

Any help is HUGELY appreciated!


Gary

did you add the actual vlan tag to the end of the statement, like this?

R1(config-if)#interface fa0/1.10
R1(config-subif)#encapsulation dot1q 10

I always forget that part

Hello,
and don't forget to create the VLans on the router and on the switches. Read the part about VTP on switches.

HTH!
Bye, Tore

Kind of shooting in the dark here without seeing your configs. Still, if the vlans exist, and are allowed on the trunks (you've declared the router switchport trunk?), then post some config.

Kind of shooting in the dark here without seeing your configs. Still, if the vlans exist, and are allowed on the trunks (you've declared the router switchport trunk?), then post some config.

I verified everything suggested and found no problems. The VLAN still is not working.

Here is my configuration for the relevant swithc and router. I did notice the vlan 2 interface on the switch is marked 'shutdown'. When I did 'no shutdown' on it, the switch locked up and I could not get into it via telnet without rebooting it.

This is the bottom switch

User Access Verification

Password:
Bottom>enab
Password:
Bottom#sh run
Building configuration...

Current configuration : 1627 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Bottom
!
enable secret 5 $1$YxX7$rpbKFE/dzJAI7VQM.rtcN/
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description Interswitch Trunk Port
switchport mode trunk
!
interface FastEthernet0/2
description Router Trunk Port
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode access
!
interface Vlan1
ip address 192.168.15.6 255.255.255.0
no ip route-cache
!
interface Vlan2
no ip address
no ip route-cache
shutdown
!
interface Vlan2.2
no ip route-cache
!
ip http server
banner motd ^CThis is the bottom switch^C
!
line con 0
line vty 0 4
password Secu1285
login
line vty 5 15
password Secu1285
login
!
!
end

Bottom#


Headquarters#sh run
Building configuration...

Current configuration : 806 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Headquarters
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$7AK8$birqN5apl3Y9aJs2VYzea0
!
no aaa new-model
ip cef
!
!
!
!
ip domain name GaryMiller.mil
Username MillerGD
!
!
!
!
interface FastEthernet0/0
description LAN
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
description VLAN 2
encapsulation dot1Q 2
ip address 192.168.10.1 255.255.255.0
!
interface Serial0/0
description WAN to Branch
ip address 10.10.10.1 255.255.255.252
no fair-queue
service-module t1 clock source internal
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

I verified everything suggested and found no problems. The VLAN still is not working.

Here is my configuration for the relevant swithc and router. I did notice the vlan 2 interface on the switch is marked 'shutdown'. When I did 'no shutdown' on it, the switch locked up and I could not get into it via telnet without rebooting it.

This is the bottom switch

User Access Verification

Password:
Bottom>enab
Password:
Bottom#sh run
Building configuration...

Current configuration : 1627 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Bottom
!
enable secret 5 $1$YxX7$rpbKFE/dzJAI7VQM.rtcN/
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description Interswitch Trunk Port
switchport mode trunk
!
interface FastEthernet0/2
description Router Trunk Port
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
switchport mode access
!
interface Vlan1
ip address 192.168.15.6 255.255.255.0
no ip route-cache
!
interface Vlan2
no ip address
no ip route-cache
shutdown
!
interface Vlan2.2
no ip route-cache
!
ip http server
banner motd ^CThis is the bottom switch^C
!
line con 0
line vty 0 4
password Secu1285
login
line vty 5 15
password Secu1285
login
!
!
end

Bottom#


Headquarters#sh run
Building configuration...

Current configuration : 806 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Headquarters
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$7AK8$birqN5apl3Y9aJs2VYzea0
!
no aaa new-model
ip cef
!
!
!
!
ip domain name GaryMiller.mil
Username MillerGD
!
!
!
!
interface FastEthernet0/0
description LAN
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
description VLAN 2
encapsulation dot1Q 2
ip address 192.168.10.1 255.255.255.0
!
interface Serial0/0
description WAN to Branch
ip address 10.10.10.1 255.255.255.252
no fair-queue
service-module t1 clock source internal
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

I added my Windows 2008 box to the VLAn and it works! The other host is Windows 7. Must be something about that OS causing the problem. I will continue too try to figure this out but at least I know the Cisco config is OK.

Thanks for everyones help!

Gary

Just curious (totally shooting from the hip here)...none of this my be helpful...

what IOS versions are you running? also dont see a native vlan statement.

Oh, i see the version...12.1 on on the 2950...there might be some issues there, check out cisco's website
search on 2950 vlan

I think I see why I dont see the native vlan...but thats not an issue, its in the vlan db config.

•http://www.cisco.com/en/US/i/templates/blank.gifIf the switch is running IOS release 12.1(9)EA1 or later and you use an older startup configuration file to boot up the switch, the configuration file does not contain VTP or VLAN information, and the switch uses the VLAN database configurations.
•http://www.cisco.com/en/US/i/templates/blank.gifIf the switch is running an IOS release earlier than 12.1(9)EA1 and you use a startup configuration file from IOS release 12.1(9)EA1 or later to boot up the switch, the image on the switch does not recognize the VLAN and VTP configurations in the startup configuration file, so the switch uses the VLAN database configuration.
http://www.cisco.com/en/US/i/templates/caut.gif
Caution http://www.cisco.com/en/US/i/templates/blank.gifIf the startup configuration file contains extended-range VLAN configuration, this information will be lost when the system boots up

Just curious (totally shooting from the hip here)...none of this my be helpful...

what IOS versions are you running? also dont see a native vlan statement.

Oh, i see the version...12.1 on on the 2950...there might be some issues there, check out cisco's website
search on 2950 vlan

I think I see why I dont see the native vlan...but thats not an issue, its in the vlan db config.

•http://www.cisco.com/en/US/i/templates/blank.gifIf the switch is running IOS release 12.1(9)EA1 or later and you use an older startup configuration file to boot up the switch, the configuration file does not contain VTP or VLAN information, and the switch uses the VLAN database configurations.
•http://www.cisco.com/en/US/i/templates/blank.gifIf the switch is running an IOS release earlier than 12.1(9)EA1 and you use a startup configuration file from IOS release 12.1(9)EA1 or later to boot up the switch, the image on the switch does not recognize the VLAN and VTP configurations in the startup configuration file, so the switch uses the VLAN database configuration.
http://www.cisco.com/en/US/i/templates/caut.gif
Caution http://www.cisco.com/en/US/i/templates/blank.gifIf the startup configuration file contains extended-range VLAN configuration, this information will be lost when the system boots up

Well, I got to the bottom of this. The Intel Pro 1000 GT network card is ARPing incorrectly. When it sends the broadcast looking for the IP address of the VLAN on the router, it sets the bit saying that the sending address is a multicast address. Cisco doesn't like that and just ignores it.

The Intel PRO 1000 MT cards on my 2008 machine and all the built in adapters do the ARPing correctly!

I looked for an updated driver from Intel for the GT card but they provide the drivers for that card only via Windows 7 Update.

Looks like I can't use the GT cards. I can't believe this kind of problem exists. There must be many of these cards out there talking to Cisco 2950s.

Anyway, my VLAN works when I don't use those GT cards.

Thanks. I appeciate the assist.

Gary

Interesting the Intel is using a multicast for ARP, which makes it proprietary....I think that would be efficient if they used the multicast address and if that didn't resolve to then use a broadcast.

Anyway, that was some good troubleshooting! What a great thread this is.

Cheers!
Todd Lammle

Anyway, that was some good troubleshooting! What a great thread this is.

Cheers!
Todd Lammle

Definitely a good catch, Gary...love these types of head scratchers!