asked on

VLAN routing issues

HI a newbie here,

I currently have a 2 Vlans created, as we were running out of IP and we will need further vlans in the future. Apart from the default VLan1, the newly created Vlan 10 with its default Subnet of 192.168.1.10/24 and GW 192.168.1.10 ( the ip on the core switch -HP2800 series). VLAN 10 has the servers and printers on it. The local router has a Def GW of 192.168.1.1/24

VLAN 20 is 192.168.2.0/24 with a GW of 192.168.2.1 on the core switch.It 's for all the dhcp users.

We have created a static route on the router ( 192.168.1.1) of 192.168.2.0 255.255.255.0 through gateway 192.168.1.10.

I have include the router config of 192.1.68.1.1 and the upstream router 192.168.200.1 in the attachments

My issue is that the users on 192.168.2.0 cannot ping the 192.168.1.1 gateway and beyond.

I am thinking this is due to the vlan1 and Vlan10 are combined in the same subnet. Your help in determining the best way to fix this without reinventing the wheel would be much appreciated

Cheers,

Topology

Default Gateway is 192.168.1.1 /24

-DF GW Router 192.168.1.1 + has static route 
192.168.2.0.255.255.255.0 192.168.1.10
-Servers and printers are on  VLAN 10 with 192.168.1.x/24 gw 192.168.1.10 
(NB: all servers/printer have def gw of 192.168.1.1)
-user on VLAN 20 192.168.2.0 /24 gw 192.168.2.1
( NB:vlans created on core switch-HP 2800 series)

Open in new window

192.168.1.1.txt
192.168.200.1.txt

SOLUTION

from_exp

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Busa04

ASKER

sorry exp

Here is the ammended config ( I sent the one prior to the change), below, I've put aa string of Asterix next to it.

Building configuration...

Current configuration : 8601 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ang-parramatta-r01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$q.xv$cxAhJp89yQoTSlGnwhp5u1
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
aaa session-id common
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
!
!
username tacacs_backdoor password 7 011456085F120A5F39
archive
log config
hidekeys
!
!
!
!
!
interface Loopback0
ip address 172.25.207.2 255.255.255.255
!
interface FastEthernet0/0
description UECOMM WAN Interface 10Mbps
bandwidth 10000
no ip address
ip nbar protocol-discovery
duplex auto
speed auto
!
interface FastEthernet0/0.1928
description UECOMM WAN DATA VLAN 1928
bandwidth 2000
encapsulation dot1Q 1928
ip address 172.25.206.98 255.255.255.224
ip nbar protocol-discovery
no ip split-horizon eigrp 10
!
interface FastEthernet0/0.1930
description UECOMM WAN DATA VLAN 1930
bandwidth 2000
encapsulation dot1Q 1930
ip address 172.25.206.130 255.255.255.224
ip nbar protocol-discovery
no ip split-horizon eigrp 10
!
interface FastEthernet0/0.1934
description UECOMM WAN DATA VLAN 1934
bandwidth 2000
encapsulation dot1Q 1934
ip address 172.25.206.66 255.255.255.224
ip nbar protocol-discovery
no ip split-horizon eigrp 10
!
interface FastEthernet0/0.1935
description UECOMM WAN DATA VLAN 1935
bandwidth 2000
encapsulation dot1Q 1935
ip address 172.25.206.34 255.255.255.224
ip nbar protocol-discovery
no ip split-horizon eigrp 10
!
interface FastEthernet0/0.1936
description UECOMM WAN DATA VLAN 1936
bandwidth 2000
encapsulation dot1Q 1936
ip address 172.25.206.2 255.255.255.224
ip nbar protocol-discovery
no ip split-horizon eigrp 10
!
interface FastEthernet0/1
description Customer LAN Interface
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0/0
no snmp trap link-status
!
interface FastEthernet0/0/1
no snmp trap link-status
!
interface FastEthernet0/0/2
no snmp trap link-status
!
interface FastEthernet0/0/3
no snmp trap link-status
!
interface Vlan1
no ip address
!
router eigrp 10
offset-list 10 out 10000 FastEthernet0/0
offset-list 10 out 10000 FastEthernet0/0.1928
offset-list 10 out 10000 FastEthernet0/0.1930
offset-list 10 out 10000 FastEthernet0/0.1934
offset-list 10 out 10000 FastEthernet0/0.1935
offset-list 10 out 10000 FastEthernet0/0.1936
network 172.25.206.0 0.0.0.31
network 172.25.206.32 0.0.0.31
network 172.25.206.64 0.0.0.31
network 172.25.206.96 0.0.0.31
network 172.25.206.128 0.0.0.31
network 172.25.207.2 0.0.0.0
network 192.168.1.0
no auto-summary
neighbor 172.25.206.103 FastEthernet0/0.1928
neighbor 172.25.206.102 FastEthernet0/0.1928
neighbor 172.25.206.101 FastEthernet0/0.1928
neighbor 172.25.206.100 FastEthernet0/0.1928
neighbor 172.25.206.99 FastEthernet0/0.1928
neighbor 172.25.206.97 FastEthernet0/0.1928
neighbor 172.25.206.135 FastEthernet0/0.1930
neighbor 172.25.206.134 FastEthernet0/0.1930
neighbor 172.25.206.133 FastEthernet0/0.1930
neighbor 172.25.206.132 FastEthernet0/0.1930
neighbor 172.25.206.131 FastEthernet0/0.1930
neighbor 172.25.206.129 FastEthernet0/0.1930
neighbor 172.25.206.72 FastEthernet0/0.1934
neighbor 172.25.206.71 FastEthernet0/0.1934
neighbor 172.25.206.70 FastEthernet0/0.1934
neighbor 172.25.206.69 FastEthernet0/0.1934
neighbor 172.25.206.68 FastEthernet0/0.1934
neighbor 172.25.206.67 FastEthernet0/0.1934
neighbor 172.25.206.65 FastEthernet0/0.1934
neighbor 172.25.206.35 FastEthernet0/0.1935
neighbor 172.25.206.36 FastEthernet0/0.1935
neighbor 172.25.206.37 FastEthernet0/0.1935
neighbor 172.25.206.38 FastEthernet0/0.1935
neighbor 172.25.206.39 FastEthernet0/0.1935
neighbor 172.25.206.40 FastEthernet0/0.1935
neighbor 172.25.206.41 FastEthernet0/0.1935
neighbor 172.25.206.42 FastEthernet0/0.1935
neighbor 172.25.206.43 FastEthernet0/0.1935
neighbor 172.25.206.33 FastEthernet0/0.1935
neighbor 172.25.206.11 FastEthernet0/0.1936
neighbor 172.25.206.10 FastEthernet0/0.1936
neighbor 172.25.206.9 FastEthernet0/0.1936
neighbor 172.25.206.8 FastEthernet0/0.1936
neighbor 172.25.206.7 FastEthernet0/0.1936
neighbor 172.25.206.6 FastEthernet0/0.1936
neighbor 172.25.206.5 FastEthernet0/0.1936
neighbor 172.25.206.4 FastEthernet0/0.1936
neighbor 172.25.206.3 FastEthernet0/0.1936
neighbor 172.25.206.1 FastEthernet0/0.1936
!
ip forward-protocol nd
ip route 192.168.2.0 255.255.255.0 192.168.1.10 *********************************************************
!
!
ip http server
no ip http secure-server
ip tacacs source-interface Loopback0
!
access-list 10 remark ***Applied to offset-list to prefer HO Router***
access-list 10 permit 192.168.123.0 0.0.0.255
access-list 10 permit 192.168.113.0 0.0.0.255
access-list 10 permit 192.168.124.0 0.0.0.255
access-list 10 permit 192.168.121.0 0.0.0.255
access-list 10 permit 192.168.125.0 0.0.0.255
access-list 10 permit 192.168.122.0 0.0.0.255
access-list 10 permit 192.168.132.0 0.0.0.255
access-list 10 permit 192.168.119.0 0.0.0.255
access-list 10 permit 192.168.128.0 0.0.0.255
access-list 10 permit 192.168.129.0 0.0.0.255
access-list 10 permit 192.168.126.0 0.0.0.255
access-list 10 permit 192.168.120.0 0.0.0.255
access-list 10 permit 192.168.117.0 0.0.0.255
access-list 10 permit 192.168.116.0 0.0.0.255
access-list 10 permit 192.168.130.0 0.0.0.255
access-list 10 permit 192.168.133.0 0.0.0.255
access-list 10 permit 192.168.134.0 0.0.0.255
access-list 10 permit 192.168.151.0 0.0.0.255
access-list 10 permit 192.168.127.0 0.0.0.255
access-list 10 permit 192.168.131.0 0.0.0.255
access-list 10 permit 192.168.114.0 0.0.0.255
access-list 10 permit 192.168.118.0 0.0.0.255
access-list 10 permit 192.168.115.0 0.0.0.255
access-list 10 permit 192.168.111.0 0.0.0.255
access-list 10 permit 192.168.105.0 0.0.0.255
access-list 10 permit 192.168.102.0 0.0.0.255
access-list 10 permit 192.168.101.0 0.0.0.255
access-list 10 permit 192.168.103.0 0.0.0.255
access-list 10 permit 192.168.106.0 0.0.0.255
access-list 10 permit 192.168.108.0 0.0.0.255
access-list 10 permit 192.168.110.0 0.0.0.255
access-list 10 permit 192.168.107.0 0.0.0.255
access-list 10 permit 192.168.136.0 0.0.0.255
access-list 10 permit 192.168.135.0 0.0.0.255
access-list 89 remark ***The following list is for SNMP management on the IBM NMS Subnet***
access-list 89 permit 203.56.65.96 0.0.0.7
snmp-server community Angl1car3 RO 89
snmp-server ifindex persist
snmp-server trap-source Loopback0
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps envmon
snmp-server host 203.56.65.99 Angl1car3 envmon snmp
!
tacacs-server host 203.56.65.99
tacacs-server key 7 070C00411D25090C12
!
control-plane
!
banner login ^CCC
---------------------------------------------------------------------------
WARNING: It is a criminal offence unde the Cybercrime Act (Cth) 2001 to:
i. Obtain access to data without authority
(penalty 2 years imprisonment)
ii. Damage, delete, alter or insert data without authority
(penalty 10 years imprisonment)
---------------------------------------------------------------------------
This device is provided for authorised users only.
If you are not authorised to access this device then log off NOW.

Individuals using this computer system without authority, or in excess of
their authority, are subject to having all of their activities on this system
monitored and recorded by system personnel.

In the course of monitoring individuals improperly using this system, or in
the course of system maintenance, the activities of authorized users may also
be monitored.

Anyone using this system expressly consents to such monitoring and is advised
that if such monitoring reveals possible evidence of criminal activity, system
personnel may provide the evidence of such monitoring to law enforcement officials.
---------------------------------------------------------------------------
^C
!
line con 0
password 7 130D12130F0D07222E
line aux 0
line vty 0 4
password 7 011B03055F0A050724
transport input telnet
!
scheduler allocate 20000 1000
!
end

Busa04

ASKER

exp

your topology description is spot on

Thanks

from_exp

hi!
let's try to understand the problem:
can you ping from 1.1 let's say 2.1? and from 2.x - 1.10?

Busa04

ASKER

Umm don't have direct access to 192.168.1.1 as its a managed router. I have to ask for them to ping it ( i know ....very annoying.

Able to ping 192.168.1.1 from core switch 192.168.1.10 where VLAN 10 and 20 co-exist.

192.168.2.x can ping 192.168.1.10-255. in other words all the servers/printers plugged into VLAN 10 on the switch (192.168.1.208 - HP2610) which is trunked to the core switch 192.168.1.10

I can ping anything on the internet from the servers but they do have a default gw of 192.168.1.1 and can ping 192.168.2.1

Switch config 192.168.1.10, below

Running configuration:

; J4903A Configuration Editor; Created on release #I.08.98

hostname "16PrksHPCorSW"
snmp-server contact "Patrick Vongries"
snmp-server location "16 Parkes St Parramatta"
interface 21
no lacp
exit
interface 22
no lacp
exit
interface 23
no lacp
exit
interface 24
no lacp
exit
trunk 23-24 Trk1 LACP
trunk 21-22 Trk2 LACP
ip default-gateway 192.168.1.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "VLAN10"
forbid 9-16
untagged 1-8,17-20,Trk2
ip address 192.168.1.10 255.255.255.0
tagged Trk1
no untagged 9-16
ip proxy-arp
exit
vlan 20
name "VLAN20"
untagged 9-16
ip address 192.168.2.1 255.255.255.0
tagged Trk1
ip proxy-arp
exit
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
password manager

hope this helps
thanks exp

from_exp

I would say 1.1 is an issue.
it seems something wrong is there.
let us wait for reply from that team of managers for 1.1

Busa04

ASKER

its 2200 hrs here so i will ask the vendor tommorrow morning at 0900 to ping 192.168.1.1.

I was under the impression 192.168.1.1 was have problems with the default gateway and static route pointing to 192.168.1.10 for the 2.0/24 subnet.

Thanks again for your assistance...will get back to you asap tommorrow

ASKER CERTIFIED SOLUTION

Busa04

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

from_exp

my congratulations!