Got it
Enterprise
Community Forums Switches
Cannot ping default gatew...

Cannot ping default gateway in LAN segment using router on a stick configuration

Created: Aug 17, 2019 16:11:32Latest reply: Aug 19, 2019 15:10:18 871 5 1 0
  Rewarded HiCoins: 0 (problem resolved)
display all floors #1

In the below topology, CPE interface g0/0/1.100 with ip address 10.1.0.1 is not reachable to any device on the network. All devices with vlanif100 can communicate with one another, but they cannot communicate with the CPE. Please note, vlan 100 is the management vlan and the default vlan for trunk links. Please see CPE and CR1 configuration below.


163433ozu28ihuury9yner.png?image.png


CPE configuration:

#

 sysname cpe

 header shell information "

Property of xxxxxxxxxxxxxxx. Please do not distribute, 

unless for the purpose of education and training."

 header login information "

Please do not attempt unauthorized access to this system."

#

 snmp-agent local-engineid 800007DB03000000000000

 snmp-agent 

#

 clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

 drop illegal-mac alarm

#

vlan batch 100 to 105 201 to 204

#

 wlan ac-global carrier id other ac id 0

#

 set cpu-usage threshold 80 restore 75

#

dhcp enable

#

ip pool store-data

 gateway-list 10.1.1.1 

 network 10.1.1.0 mask 255.255.255.0 

#

ip pool store-pos

 gateway-list 10.1.2.1 

 network 10.1.2.0 mask 255.255.255.0 

#

ip pool store-voice

 gateway-list 10.1.3.1 

 network 10.1.3.0 mask 255.255.255.0 

#

ip pool wireless-store-data

 gateway-list 10.2.1.1 

 network 10.2.1.0 mask 255.255.255.0 

#

aaa 

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default 

 domain default_admin 

 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

 local-user admin service-type http

#

firewall zone Local

 priority 15

#

interface Vlanif100

#

interface GigabitEthernet0/0/0

#

interface GigabitEthernet0/0/1

#

interface GigabitEthernet0/0/1.100

 dot1q termination vid 100

 ip address 10.1.0.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.101

 dot1q termination vid 101

 ip address 10.1.1.1 255.255.255.0 

 arp broadcast enable

 dhcp select global

#

interface GigabitEthernet0/0/1.102

 dot1q termination vid 102

 ip address 10.1.2.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.103

 dot1q termination vid 103

 ip address 10.1.3.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.201

 dot1q termination vid 201

 ip address 10.2.1.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.202

 dot1q termination vid 202

 ip address 10.2.2.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.203

 dot1q termination vid 203

 ip address 10.2.3.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

 ip address 10.10.10.10 255.255.255.255 

#

ospf 1 router-id 2.2.2.2 

 area 0.0.0.0 

  network 10.10.10.10 0.0.0.0 

#

user-interface con 0

 authentication-mode password

 set authentication password cipher %$%$J0|@:TufgUCR:yJF4;rB,2M0A#-cOz=l(&G)Za%-

l%i12M3,%$%$

 idle-timeout 4 50

user-interface vty 0

 authentication-mode password

 set authentication password cipher %$%$J0|@:TufgUCR:yJF4;rB,2M0A#-cOz=l(&G)Za%-

l%i12M3,%$%$

 idle-timeout 4 50

user-interface vty 1 4

user-interface vty 16 20

#

wlan ac

#

return



CR1 configuration:

#

sysname cr1

#

vlan batch 100 to 105 201 to 204

#

stp mode rstp

stp instance 0 priority 0

#

cluster enable

ntdp enable

ndp enable

#

undo nap slave enable

#

drop illegal-mac alarm

#

diffserv domain default

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif100

 ip address 10.1.0.2 255.255.255.0

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 103 201 to 203

#

interface GigabitEthernet0/0/2

#

interface GigabitEthernet0/0/3

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 105 201 to 204

#

interface GigabitEthernet0/0/11

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 105 201 to 204

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

#

interface GigabitEthernet0/0/23

#

interface GigabitEthernet0/0/24

#

interface NULL0

#

header shell information "Property of xxxxxxxxxxxx. Please do not distribute,

unless for the purpose of education and training."

header login information "Please do not attempt unauthorized access to this syst

em."

#

user-interface con 0

 authentication-mode password

 set authentication password cipher ;47lQe!z999P4p;tsqP+YI/#

 idle-timeout 4 50

user-interface vty 0

 set authentication password cipher 6xQp'QM0J/9P4p;tsqP+'I/#

 idle-timeout 4 50

user-interface vty 1 4

#

port-group cr->ds

 group-member GigabitEthernet0/0/10

 group-member GigabitEthernet0/0/11

#

return


InterVLANTrunkeNSP switchensp routervlanif
  • x
  • convention:

I have this problem too (1) Favorite(0) Share Report
Previous: S3328-V100R005C01.cc
Next: L3VPN VPNV6 not forwarding with tnl-policy
Featured Answers

Best answer

Recommended answer

(0) (0)
chenhui
Admin Created Aug 19, 2019 02:36:51 Helpful(0) Helpful(0)

@Kiewit hi,
please undo the command port trunk pvid vlan 100 on the CR1 switch interface g0/0/1.
because this command remove the vlan tag of the packets comes from vlan 100, which makes the router discard these packets.
View more
  • x
  • convention:
All Answers
ster
ster Created Aug 18, 2019 02:18:25 Helpful(0) Helpful(0)

Hi
The G0/0/1 uses the tunk mode, and the other uses the access mode.
View more
  • x
  • convention:
Kiewit
Kiewit Created Aug 18, 2019 08:33:27 Helpful(0) Helpful(0)

Lemme expand the topology so it makes more sense
View more
  • x
  • convention:
Wireless%20Network%20Enthusiast%20working%20for%20the%20ITS%20Network%20Services%20team%20in%20Woolworths%20SA
ster
ster Created Aug 18, 2019 11:00:26 Helpful(0) Helpful(0)

Perfect, you can only see small pictures at the beginning, but you can't judge them. We'll get rid of the problem as soon as possible.
View more
  • x
  • convention:
chenhui
chenhui Admin Created Aug 19, 2019 02:36:51 Helpful(0) Helpful(0)

@Kiewit hi,
please undo the command port trunk pvid vlan 100 on the CR1 switch interface g0/0/1.
because this command remove the vlan tag of the packets comes from vlan 100, which makes the router discard these packets.
View more
  • x
  • convention:
Rudson
Rudson Created Aug 19, 2019 15:10:18 Helpful(1) Helpful(1)


Good afternoon as a friend @chenhui said, remove the pvid command from the interfaces, and for good practice add undo port trunk allow-pass vlan 1, to avoid a possible loop in vlan 1.
View more
  • x
  • convention:
Back to list

Comment

Advanced
B Color Image Link Quote Code Smilies
You need to log in to comment to the post Login | Register
Comment

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."

My Followers

Login and enjoy all the member benefits

Login
Huawei Website Support About Huawei Privacy User Agreement Terms of Use Cookie Settings
Huawei Enterprise Huawei Carrier Forum Training & Certification

Copyright © 2020 Huawei Technologies Co., Ltd. All rights reserved.

APP

Huawei Enterprise Support Community
Huawei Enterprise Support Community
Block
Are you sure to block this user?
Users on your blacklist cannot comment on your post,cannot mention you, cannot send you private messages.
Reminder
Please bind your phone number to obtain invitation bonus.