• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 609
  • Last Modified:

VLAN routing issues

HI a newbie  here,

I currently have a 2 Vlans created, as we were running out of IP and we will need further vlans in the future.   Apart from the default VLan1, the newly created Vlan 10 with its default Subnet of 192.168.1.10/24 and GW 192.168.1.10 ( the ip on the core switch -HP2800 series). VLAN 10 has the servers and printers on it. The local router has a Def GW of 192.168.1.1/24

VLAN 20 is 192.168.2.0/24 with a GW of 192.168.2.1 on the core switch.It 's for all the dhcp users.

We have created a static route on the router ( 192.168.1.1) of 192.168.2.0 255.255.255.0 through gateway 192.168.1.10.

I have include the router config of 192.1.68.1.1 and the upstream  router 192.168.200.1 in the attachments

My issue is that the users on 192.168.2.0 cannot ping the 192.168.1.1 gateway and beyond.

I am thinking this is due to the vlan1 and Vlan10 are combined in the same subnet. Your help in determining the best way to fix this without reinventing the wheel would be much appreciated

Cheers,




Topology

Default Gateway is 192.168.1.1 /24

-DF GW Router 192.168.1.1 + has static route 
192.168.2.0.255.255.255.0 192.168.1.10
-Servers and printers are on  VLAN 10 with 192.168.1.x/24 gw 192.168.1.10 
(NB: all servers/printer have def gw of 192.168.1.1)
-user on VLAN 20 192.168.2.0 /24 gw 192.168.2.1
( NB:vlans created on core switch-HP 2800 series)

Open in new window

192.168.1.1.txt
192.168.200.1.txt
0
Busa04
Asked:
Busa04
  • 5
  • 4
2 Solutions
 
from_expCommented:
hi!
I have looked through router's 1.1. config and haven't found anything about static route to 2.0/24 subnet.

and I understand your topology as following:

---192.168.200.1_router---192.168.1.1_router---192.168.1.10_L3_switch---102.168.1.0/24_network
                                                                                                    |
                                                                                                    |
                                                                                 192.168.2.0/24 network
right?
0
 
Busa04Author Commented:
sorry exp

Here is the ammended config ( I sent the one prior to the change), below, I've put aa string of Asterix next to it.

Building configuration...

Current configuration : 8601 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ang-parramatta-r01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$q.xv$cxAhJp89yQoTSlGnwhp5u1
!
aaa new-model
!
!
aaa authentication login default group tacacs+ local
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 1 default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
aaa accounting system default start-stop group tacacs+
!
!
aaa session-id common
dot11 syslog
!
!
ip cef
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
!
!
!
username tacacs_backdoor password 7 011456085F120A5F39
archive
 log config
  hidekeys
!
!
!
!
!
interface Loopback0
 ip address 172.25.207.2 255.255.255.255
!
interface FastEthernet0/0
 description UECOMM WAN Interface 10Mbps
 bandwidth 10000
 no ip address
 ip nbar protocol-discovery
 duplex auto
 speed auto
!
interface FastEthernet0/0.1928
 description UECOMM WAN DATA VLAN 1928
 bandwidth 2000
 encapsulation dot1Q 1928
 ip address 172.25.206.98 255.255.255.224
 ip nbar protocol-discovery
 no ip split-horizon eigrp 10
!
interface FastEthernet0/0.1930
 description UECOMM WAN DATA VLAN 1930
 bandwidth 2000
 encapsulation dot1Q 1930
 ip address 172.25.206.130 255.255.255.224
 ip nbar protocol-discovery
 no ip split-horizon eigrp 10
!
interface FastEthernet0/0.1934
 description UECOMM WAN DATA VLAN 1934
 bandwidth 2000
 encapsulation dot1Q 1934
 ip address 172.25.206.66 255.255.255.224
 ip nbar protocol-discovery
 no ip split-horizon eigrp 10
!
interface FastEthernet0/0.1935
 description UECOMM WAN DATA VLAN 1935
 bandwidth 2000
 encapsulation dot1Q 1935
 ip address 172.25.206.34 255.255.255.224
 ip nbar protocol-discovery
 no ip split-horizon eigrp 10
!
interface FastEthernet0/0.1936
 description UECOMM WAN DATA VLAN 1936
 bandwidth 2000
 encapsulation dot1Q 1936
 ip address 172.25.206.2 255.255.255.224
 ip nbar protocol-discovery
 no ip split-horizon eigrp 10
!
interface FastEthernet0/1
 description Customer LAN Interface
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 no snmp trap link-status
!
interface FastEthernet0/0/1
 no snmp trap link-status
!
interface FastEthernet0/0/2
 no snmp trap link-status
!
interface FastEthernet0/0/3
 no snmp trap link-status
!
interface Vlan1
 no ip address
!
router eigrp 10
 offset-list 10 out 10000 FastEthernet0/0
 offset-list 10 out 10000 FastEthernet0/0.1928
 offset-list 10 out 10000 FastEthernet0/0.1930
 offset-list 10 out 10000 FastEthernet0/0.1934
 offset-list 10 out 10000 FastEthernet0/0.1935
 offset-list 10 out 10000 FastEthernet0/0.1936
 network 172.25.206.0 0.0.0.31
 network 172.25.206.32 0.0.0.31
 network 172.25.206.64 0.0.0.31
 network 172.25.206.96 0.0.0.31
 network 172.25.206.128 0.0.0.31
 network 172.25.207.2 0.0.0.0
 network 192.168.1.0
 no auto-summary
 neighbor 172.25.206.103 FastEthernet0/0.1928
 neighbor 172.25.206.102 FastEthernet0/0.1928
 neighbor 172.25.206.101 FastEthernet0/0.1928
 neighbor 172.25.206.100 FastEthernet0/0.1928
 neighbor 172.25.206.99 FastEthernet0/0.1928
 neighbor 172.25.206.97 FastEthernet0/0.1928
 neighbor 172.25.206.135 FastEthernet0/0.1930
 neighbor 172.25.206.134 FastEthernet0/0.1930
 neighbor 172.25.206.133 FastEthernet0/0.1930
 neighbor 172.25.206.132 FastEthernet0/0.1930
 neighbor 172.25.206.131 FastEthernet0/0.1930
 neighbor 172.25.206.129 FastEthernet0/0.1930
 neighbor 172.25.206.72 FastEthernet0/0.1934
 neighbor 172.25.206.71 FastEthernet0/0.1934
 neighbor 172.25.206.70 FastEthernet0/0.1934
 neighbor 172.25.206.69 FastEthernet0/0.1934
 neighbor 172.25.206.68 FastEthernet0/0.1934
 neighbor 172.25.206.67 FastEthernet0/0.1934
 neighbor 172.25.206.65 FastEthernet0/0.1934
 neighbor 172.25.206.35 FastEthernet0/0.1935
 neighbor 172.25.206.36 FastEthernet0/0.1935
 neighbor 172.25.206.37 FastEthernet0/0.1935
 neighbor 172.25.206.38 FastEthernet0/0.1935
 neighbor 172.25.206.39 FastEthernet0/0.1935
 neighbor 172.25.206.40 FastEthernet0/0.1935
 neighbor 172.25.206.41 FastEthernet0/0.1935
 neighbor 172.25.206.42 FastEthernet0/0.1935
 neighbor 172.25.206.43 FastEthernet0/0.1935
 neighbor 172.25.206.33 FastEthernet0/0.1935
 neighbor 172.25.206.11 FastEthernet0/0.1936
 neighbor 172.25.206.10 FastEthernet0/0.1936
 neighbor 172.25.206.9 FastEthernet0/0.1936
 neighbor 172.25.206.8 FastEthernet0/0.1936
 neighbor 172.25.206.7 FastEthernet0/0.1936
 neighbor 172.25.206.6 FastEthernet0/0.1936
 neighbor 172.25.206.5 FastEthernet0/0.1936
 neighbor 172.25.206.4 FastEthernet0/0.1936
 neighbor 172.25.206.3 FastEthernet0/0.1936
 neighbor 172.25.206.1 FastEthernet0/0.1936
!
ip forward-protocol nd
ip route 192.168.2.0 255.255.255.0 192.168.1.10 *********************************************************
!
!
ip http server
no ip http secure-server
ip tacacs source-interface Loopback0
!
access-list 10 remark ***Applied to offset-list to prefer HO Router***
access-list 10 permit 192.168.123.0 0.0.0.255
access-list 10 permit 192.168.113.0 0.0.0.255
access-list 10 permit 192.168.124.0 0.0.0.255
access-list 10 permit 192.168.121.0 0.0.0.255
access-list 10 permit 192.168.125.0 0.0.0.255
access-list 10 permit 192.168.122.0 0.0.0.255
access-list 10 permit 192.168.132.0 0.0.0.255
access-list 10 permit 192.168.119.0 0.0.0.255
access-list 10 permit 192.168.128.0 0.0.0.255
access-list 10 permit 192.168.129.0 0.0.0.255
access-list 10 permit 192.168.126.0 0.0.0.255
access-list 10 permit 192.168.120.0 0.0.0.255
access-list 10 permit 192.168.117.0 0.0.0.255
access-list 10 permit 192.168.116.0 0.0.0.255
access-list 10 permit 192.168.130.0 0.0.0.255
access-list 10 permit 192.168.133.0 0.0.0.255
access-list 10 permit 192.168.134.0 0.0.0.255
access-list 10 permit 192.168.151.0 0.0.0.255
access-list 10 permit 192.168.127.0 0.0.0.255
access-list 10 permit 192.168.131.0 0.0.0.255
access-list 10 permit 192.168.114.0 0.0.0.255
access-list 10 permit 192.168.118.0 0.0.0.255
access-list 10 permit 192.168.115.0 0.0.0.255
access-list 10 permit 192.168.111.0 0.0.0.255
access-list 10 permit 192.168.105.0 0.0.0.255
access-list 10 permit 192.168.102.0 0.0.0.255
access-list 10 permit 192.168.101.0 0.0.0.255
access-list 10 permit 192.168.103.0 0.0.0.255
access-list 10 permit 192.168.106.0 0.0.0.255
access-list 10 permit 192.168.108.0 0.0.0.255
access-list 10 permit 192.168.110.0 0.0.0.255
access-list 10 permit 192.168.107.0 0.0.0.255
access-list 10 permit 192.168.136.0 0.0.0.255
access-list 10 permit 192.168.135.0 0.0.0.255
access-list 89 remark ***The following list is for SNMP management on the IBM NMS Subnet***
access-list 89 permit 203.56.65.96 0.0.0.7
snmp-server community Angl1car3 RO 89
snmp-server ifindex persist
snmp-server trap-source Loopback0
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps envmon
snmp-server host 203.56.65.99 Angl1car3  envmon snmp
!
tacacs-server host 203.56.65.99
tacacs-server key 7 070C00411D25090C12
!
control-plane
!
banner login ^CCC
---------------------------------------------------------------------------
WARNING: It is a criminal offence unde the Cybercrime Act (Cth) 2001 to:
        i.  Obtain access to data without authority
            (penalty 2 years imprisonment)
        ii. Damage, delete, alter or insert data without authority
            (penalty 10 years imprisonment)
---------------------------------------------------------------------------
This device is provided for authorised users only.
If you are not authorised to access this device then log off NOW.
         
Individuals using this computer system without authority, or in excess of
their authority, are subject to having all of their activities on this system
monitored and recorded by system personnel.
         
In the course of monitoring individuals improperly using this system, or in
the course of system maintenance, the activities of authorized users may also
be monitored.
         
Anyone using this system expressly consents to such monitoring and is advised
that if such monitoring reveals possible evidence of criminal activity, system
personnel may provide the evidence of such monitoring to law enforcement officials.
---------------------------------------------------------------------------
^C
!
line con 0
 password 7 130D12130F0D07222E
line aux 0
line vty 0 4
 password 7 011B03055F0A050724
 transport input telnet
!
scheduler allocate 20000 1000
!
end


0
 
Busa04Author Commented:
exp

your topology description is spot on

Thanks
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
from_expCommented:
hi!
let's try to understand the problem:
can you ping from 1.1 let's say 2.1? and from 2.x - 1.10?
0
 
Busa04Author Commented:
Umm don't have direct access to 192.168.1.1 as its a managed router. I have to ask for them to ping it ( i know ....very annoying.

Able to ping 192.168.1.1 from core switch 192.168.1.10 where VLAN 10 and 20 co-exist.

192.168.2.x can ping  192.168.1.10-255. in other words all the servers/printers plugged into VLAN 10 on the switch (192.168.1.208 - HP2610) which is trunked to the core switch 192.168.1.10

I can ping anything on the internet from the servers but they do have a default gw of 192.168.1.1 and can ping 192.168.2.1

Switch config 192.168.1.10, below


Running configuration:

; J4903A Configuration Editor; Created on release #I.08.98

hostname "16PrksHPCorSW"
snmp-server contact "Patrick Vongries"
snmp-server location "16 Parkes St Parramatta"
interface 21
   no lacp
exit
interface 22
   no lacp
exit
interface 23
   no lacp
exit
interface 24
   no lacp
exit
trunk 23-24 Trk1 LACP
trunk 21-22 Trk2 LACP
ip default-gateway 192.168.1.1
ip routing
snmp-server community "public" Unrestricted
vlan 1
   name "VLAN10"
   forbid 9-16
   untagged 1-8,17-20,Trk2
   ip address 192.168.1.10 255.255.255.0
   tagged Trk1
   no untagged 9-16
   ip proxy-arp
   exit
vlan 20
   name "VLAN20"
   untagged 9-16
   ip address 192.168.2.1 255.255.255.0
   tagged Trk1
   ip proxy-arp
   exit
spanning-tree
spanning-tree Trk1 priority 4
spanning-tree Trk2 priority 4
password manager

hope this helps
thanks exp
0
 
from_expCommented:
I would say 1.1 is an issue.
it seems something wrong is there.
let us wait for reply from that team of managers for 1.1
0
 
Busa04Author Commented:
its 2200 hrs here so i will ask the vendor tommorrow morning  at 0900 to ping 192.168.1.1.

I was under the impression 192.168.1.1 was have problems with the default gateway and static route pointing to 192.168.1.10 for the 2.0/24 subnet.

Thanks again for your assistance...will get back to you asap tommorrow
0
 
Busa04Author Commented:
We have solved this problem... It seems we had to create a default ip route on the core switche and 2 other Hp switches ie: 0.0.0.0 .0.0.0.0 192.168.1.1
Also, had to ensure the uplinks for the swithces on VLAN 20 were statically set to 1Gb.
Once the EIGRP toute was added and distributed VLAN 20 was able to see the rest of the WAN


Finally,
0
 
from_expCommented:
my congratulations!
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now