CCNA Video Training Series

Instant Access, Web or Mobile!

Only $99 for 30 days...
Renew at half price!

Buy/Renew

Includes FREE Practice Exams!

Member Login

Lost your password?

Not a member yet? Sign Up!

Official Lammle User Forum

Results 1 to 7 of 7
  1. #1
    Join Date
    Aug 2009
    Location
    California, US
    Posts
    115

    Default how do I route across vlans?

    I have a question about routing between vlans. I have a 2950 switch trunking to a 1721 router (dot1q). The 1721 only has the 1 fastethernet port.

    On the 2950 I have 3 vlans(1,2,3). On vlan 1, I have the trunk port and a port going to another router that goes to the internet. Any host in vlan 1 can get to the internet but not hosts in vlan 2 or 3. Hosts in vlan 2 or 3 can ping hosts in vlan 1 so I believe the trunking is working.

    How do I allow hosts in vlan 2 or 3 to access the internet?

  2. #2
    Join Date
    Nov 2007
    Location
    Dortmund, Germany
    Posts
    554

    Default

    Quote Originally Posted by DonB View Post
    I have a question about routing between vlans. I have a 2950 switch trunking to a 1721 router (dot1q). The 1721 only has the 1 fastethernet port.

    On the 2950 I have 3 vlans(1,2,3). On vlan 1, I have the trunk port and a port going to another router that goes to the internet. Any host in vlan 1 can get to the internet but not hosts in vlan 2 or 3. Hosts in vlan 2 or 3 can ping hosts in vlan 1 so I believe the trunking is working.

    How do I allow hosts in vlan 2 or 3 to access the internet?
    Hello,
    first: Because of security reasons is not a good idea to use vlan 1, even if this is the deafault vlan.
    Second, do you use NAT on the router?

    Could you post the config of your router (without the passwords), please?
    Bye, Tore

  3. #3
    Join Date
    Aug 2009
    Location
    California, US
    Posts
    115

    Default more info

    This is a home lab so I was not too concerned about vlan1 security. In the interest of doing thing correctly I have move all of the ports in vlan1 to vlan2.

    I put a pc with wireshark on vlan2 and another pc on vlan3. I then tried to ping an address on the net of my providers dns servers 68.87.76.182.
    What I saw on the wireshark on vlan2 is an arp for 68.87.76.182.

    However, I need the ip address of the upstream router 192.168.0.3. There is another upstream wireless router connected to the internet with nat.

    I have tried both default gateways and routes. Any ideas on how to make this work. Maybe by using nat?

    Heres the configs.

    1721
    ====
    Router1721#show run
    Building configuration.. .
    Current configuration : 2720 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router1721
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    !
    !
    !
    interface FastEthernet0
    description CCNA Lab network fa0
    no ip address
    speed auto
    !
    interface FastEthernet0.2
    encapsulation dot1Q 2
    ip address 192.168.0.14 255.255.255.240
    !
    interface FastEthernet0.3
    encapsulation dot1Q 3
    ip address 192.168.0.30 255.255.255.240
    !
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    line aux 0
    line vty 0 4
    exec-timeout 0 0
    privilege level 15
    password xxxxxx
    login local
    terminal-type monitor
    transport input telnet ssh
    line vty 5 10
    exec-timeout 0 0
    password xxxxxxx
    login
    terminal-type monitor
    line vty 11 15
    exec-timeout 0 0
    login
    terminal-type monitor
    !
    end
    Router1721#



    2950
    =====
    2950Switch#show run
    Building configuration.. .
    Current configuration : 1635 bytes
    !
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname 2950Switch
    !
    !
    ip subnet-zero
    !
    no ip domain-lookup
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    !
    !
    !
    interface FastEthernet0/1
    description 1721vlanRouter
    switchport mode trunk
    !
    interface FastEthernet0/2
    !
    interface FastEthernet0/3
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    switchport access vlan 2
    !
    interface FastEthernet0/10
    switchport access vlan 2
    !
    interface FastEthernet0/11
    switchport access vlan 2
    !
    interface FastEthernet0/12
    switchport access vlan 2
    !
    interface FastEthernet0/13
    switchport access vlan 2
    !
    interface FastEthernet0/14
    switchport access vlan 2
    !
    interface FastEthernet0/15
    switchport access vlan 2
    !
    interface FastEthernet0/16
    switchport access vlan 2
    !
    interface FastEthernet0/17
    switchport access vlan 3
    !
    interface FastEthernet0/18
    switchport access vlan 3
    !
    interface FastEthernet0/19
    switchport access vlan 3
    !
    interface FastEthernet0/20
    switchport access vlan 3
    !
    interface FastEthernet0/21
    switchport access vlan 3
    !
    interface FastEthernet0/22
    switchport access vlan 3
    !
    interface FastEthernet0/23
    switchport access vlan 3
    !
    interface FastEthernet0/24
    switchport access vlan 3
    !
    interface Vlan1
    ip address 192.168.0.210 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 192.168.0.3
    ip http server
    !
    line con 0
    line vty 0 4
    login
    line vty 5 15
    login
    !
    !
    end
    2950Switch#

  4. #4
    Join Date
    Aug 2009
    Location
    California, US
    Posts
    115

    Default more info

    This is a home lab so I was not too concerned about vlan1 security. In the interest of doing thing correctly I have move all of the ports in vlan1 to vlan2.

    I put a pc with wireshark on vlan2 and another pc on vlan3. I then tried to ping an address on the net of my providers dns servers 68.87.76.182.
    What I saw on the wireshark on vlan2 is an arp for 68.87.76.182.

    However, I need the ip address of the upstream router 192.168.0.3. There is another upstream wireless router connected to the net with nat.

    I have tried both default gateways and routes. Any ideas on how to make this work. Maybe by using nat?

    Heres the configs.

    1721
    ====
    Router1721#show run
    Building configuration.. .
    Current configuration : 2720 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router1721
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    ip cef
    !
    !
    !
    !
    no ip domain lookup
    !
    !
    !
    interface FastEthernet0
    description CCNA Lab network fa0
    no ip address
    speed auto
    !
    interface FastEthernet0.2
    encapsulation dot1Q 2
    ip address 192.168.0.14 255.255.255.240
    !
    interface FastEthernet0.3
    encapsulation dot1Q 3
    ip address 192.168.0.30 255.255.255.240
    !
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    !
    !
    !
    !
    control-plane
    !
    !
    !
    !
    !
    !
    !
    !
    !
    line con 0
    exec-timeout 0 0
    line aux 0
    line vty 0 4
    exec-timeout 0 0
    privilege level 15
    password xxxxxx
    login local
    terminal-type monitor
    transport input telnet ssh
    line vty 5 10
    exec-timeout 0 0
    password xxxxxxx
    login
    terminal-type monitor
    line vty 11 15
    exec-timeout 0 0
    login
    terminal-type monitor
    !
    end
    Router1721#



    2950
    =====
    2950Switch#show run
    Building configuration.. .
    Current configuration : 1635 bytes
    !
    version 12.1
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname 2950Switch
    !
    !
    ip subnet-zero
    !
    no ip domain-lookup
    !
    spanning-tree mode pvst
    no spanning-tree optimize bpdu transmission
    spanning-tree extend system-id
    !
    !
    !
    !
    interface FastEthernet0/1
    description 1721vlanRouter
    switchport mode trunk
    !
    interface FastEthernet0/2
    !
    interface FastEthernet0/3
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    switchport access vlan 2
    !
    interface FastEthernet0/10
    switchport access vlan 2
    !
    interface FastEthernet0/11
    switchport access vlan 2
    !
    interface FastEthernet0/12
    switchport access vlan 2
    !
    interface FastEthernet0/13
    switchport access vlan 2
    !
    interface FastEthernet0/14
    switchport access vlan 2
    !
    interface FastEthernet0/15
    switchport access vlan 2
    !
    interface FastEthernet0/16
    switchport access vlan 2
    !
    interface FastEthernet0/17
    switchport access vlan 3
    !
    interface FastEthernet0/18
    switchport access vlan 3
    !
    interface FastEthernet0/19
    switchport access vlan 3
    !
    interface FastEthernet0/20
    switchport access vlan 3
    !
    interface FastEthernet0/21
    switchport access vlan 3
    !
    interface FastEthernet0/22
    switchport access vlan 3
    !
    interface FastEthernet0/23
    switchport access vlan 3
    !
    interface FastEthernet0/24
    switchport access vlan 3
    !
    interface Vlan1
    ip address 192.168.0.210 255.255.255.0
    no ip route-cache
    !
    ip default-gateway 192.168.0.3
    ip http server
    !
    line con 0
    line vty 0 4
    login
    line vty 5 15
    login
    !
    !
    end
    2950Switch#

  5. #5
    Join Date
    Oct 2009
    Posts
    40

    Default

    Looks like your upstream router has overlapping subnets with your lab kit.

    You're running 192.168.0.0 /28, 192.168.0.16 /28 on the lab vlans 2 & 3 respectively but the upstream router is on 192.168.0.3 /24. Try moving the labs onto different subnets (eg. 192.168.10.0 /28 and 192.168.10.16 /2.

    Further, assuming your 1721 can ping the upstream net access router 192.168.0.3, whilst it knows how to get there it doesn't know what else lies beyond - ie. it has no knowledge of any other networks. A "sh ip route" command should confirm this. Simplest solution is to put a static route on the 1721 along the lines of "ip route 0.0.0.0 0.0.0.0 192.168.0.3"

  6. #6
    Join Date
    Oct 2009
    Location
    zimbabwe
    Posts
    7

    Default

    looks like yo fastethernet interface is shutdown, try using the no shutdown command 2 gt the interface up.

  7. #7
    Join Date
    Aug 2009
    Location
    California, US
    Posts
    115

    Default

    ngoni,

    The original problem was not that the interface was shutdown. The problem was that hosts in vlan2 ro 3 could not use vlan1 to get to the upstream router. Hosts on vlan1 could access the gateway just fine.

    I used wireshark to look at the traffic and discovered that the router was indeed routing the packets from vlan2 and 3 to vlan 1 BUT not to the gateway.

    For example, if a host on vlan3 were to ping a dns server at some address like 67.87.76.182, I would see arp request for that address on vlan1. I should have seen an arp request for the default gateway of 192.168.0.3.

    For some reason the router would not use the default route that I had.

    I re-configured the switch and router(on a stick) so I had the trunk and the upstream link in vlan1 and all other ports in vlan2 or 3.

    I also re-entered the default static route to the upstream router.

    I am and not sure what is different from the first time but it works fine now.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. EIGRP route table still shows RIP route??
    By iaingray741 in forum Chapter 9: EIGRP and OSPF
    Replies: 2
    Last Post: 06-23-2013, 05:23 AM
  2. Some questions regarding VLANs
    By Frank in forum Switching
    Replies: 3
    Last Post: 04-12-2010, 10:52 AM
  3. VLANS -- IP Route and Mismatched IP Class ?
    By ZACiscoKid in forum Switching
    Replies: 3
    Last Post: 12-24-2009, 07:36 PM
  4. Help with vlans
    By Msizi in forum Switching
    Replies: 9
    Last Post: 05-29-2009, 07:48 AM
  5. VLANs
    By comatose in forum Switching
    Replies: 3
    Last Post: 03-13-2009, 06:53 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •