Cannot ping default gateway in LAN segment using router on a stick configuration

Created: Aug 17, 2019 16:11:32Latest reply: Aug 19, 2019 15:10:18 140 5 1 0
  Rewarded Hi-coins: 0 (problem resolved)

In the below topology, CPE interface g0/0/1.100 with ip address 10.1.0.1 is not reachable to any device on the network. All devices with vlanif100 can communicate with one another, but they cannot communicate with the CPE. Please note, vlan 100 is the management vlan and the default vlan for trunk links. Please see CPE and CR1 configuration below.


163433ozu28ihuury9yner.png?image.png


CPE configuration:

#

 sysname cpe

 header shell information "

Property of xxxxxxxxxxxxxxx. Please do not distribute, 

unless for the purpose of education and training."

 header login information "

Please do not attempt unauthorized access to this system."

#

 snmp-agent local-engineid 800007DB03000000000000

 snmp-agent 

#

 clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

 drop illegal-mac alarm

#

vlan batch 100 to 105 201 to 204

#

 wlan ac-global carrier id other ac id 0

#

 set cpu-usage threshold 80 restore 75

#

dhcp enable

#

ip pool store-data

 gateway-list 10.1.1.1 

 network 10.1.1.0 mask 255.255.255.0 

#

ip pool store-pos

 gateway-list 10.1.2.1 

 network 10.1.2.0 mask 255.255.255.0 

#

ip pool store-voice

 gateway-list 10.1.3.1 

 network 10.1.3.0 mask 255.255.255.0 

#

ip pool wireless-store-data

 gateway-list 10.2.1.1 

 network 10.2.1.0 mask 255.255.255.0 

#

aaa 

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default 

 domain default_admin 

 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

 local-user admin service-type http

#

firewall zone Local

 priority 15

#

interface Vlanif100

#

interface GigabitEthernet0/0/0

#

interface GigabitEthernet0/0/1

#

interface GigabitEthernet0/0/1.100

 dot1q termination vid 100

 ip address 10.1.0.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.101

 dot1q termination vid 101

 ip address 10.1.1.1 255.255.255.0 

 arp broadcast enable

 dhcp select global

#

interface GigabitEthernet0/0/1.102

 dot1q termination vid 102

 ip address 10.1.2.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.103

 dot1q termination vid 103

 ip address 10.1.3.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.201

 dot1q termination vid 201

 ip address 10.2.1.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.202

 dot1q termination vid 202

 ip address 10.2.2.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/1.203

 dot1q termination vid 203

 ip address 10.2.3.1 255.255.255.0 

 arp broadcast enable

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

 ip address 10.10.10.10 255.255.255.255 

#

ospf 1 router-id 2.2.2.2 

 area 0.0.0.0 

  network 10.10.10.10 0.0.0.0 

#

user-interface con 0

 authentication-mode password

 set authentication password cipher %$%$J0|@:TufgUCR:yJF4;rB,2M0A#-cOz=l(&G)Za%-

l%i12M3,%$%$

 idle-timeout 4 50

user-interface vty 0

 authentication-mode password

 set authentication password cipher %$%$J0|@:TufgUCR:yJF4;rB,2M0A#-cOz=l(&G)Za%-

l%i12M3,%$%$

 idle-timeout 4 50

user-interface vty 1 4

user-interface vty 16 20

#

wlan ac

#

return



CR1 configuration:

#

sysname cr1

#

vlan batch 100 to 105 201 to 204

#

stp mode rstp

stp instance 0 priority 0

#

cluster enable

ntdp enable

ndp enable

#

undo nap slave enable

#

drop illegal-mac alarm

#

diffserv domain default

#

drop-profile default

#

aaa

 authentication-scheme default

 authorization-scheme default

 accounting-scheme default

 domain default

 domain default_admin

 local-user admin password simple admin

 local-user admin service-type http

#

interface Vlanif1

#

interface Vlanif100

 ip address 10.1.0.2 255.255.255.0

#

interface MEth0/0/1

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 103 201 to 203

#

interface GigabitEthernet0/0/2

#

interface GigabitEthernet0/0/3

#

interface GigabitEthernet0/0/4

#

interface GigabitEthernet0/0/5

#

interface GigabitEthernet0/0/6

#

interface GigabitEthernet0/0/7

#

interface GigabitEthernet0/0/8

#

interface GigabitEthernet0/0/9

#

interface GigabitEthernet0/0/10

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 105 201 to 204

#

interface GigabitEthernet0/0/11

 port link-type trunk

 port trunk pvid vlan 100

 port trunk allow-pass vlan 100 to 105 201 to 204

#

interface GigabitEthernet0/0/12

#

interface GigabitEthernet0/0/13

#

interface GigabitEthernet0/0/14

#

interface GigabitEthernet0/0/15

#

interface GigabitEthernet0/0/16

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

#

interface GigabitEthernet0/0/21

#

interface GigabitEthernet0/0/22

#

interface GigabitEthernet0/0/23

#

interface GigabitEthernet0/0/24

#

interface NULL0

#

header shell information "Property of xxxxxxxxxxxx. Please do not distribute,

unless for the purpose of education and training."

header login information "Please do not attempt unauthorized access to this syst

em."

#

user-interface con 0

 authentication-mode password

 set authentication password cipher ;47lQe!z999P4p;tsqP+YI/#

 idle-timeout 4 50

user-interface vty 0

 set authentication password cipher 6xQp'QM0J/9P4p;tsqP+'I/#

 idle-timeout 4 50

user-interface vty 1 4

#

port-group cr->ds

 group-member GigabitEthernet0/0/10

 group-member GigabitEthernet0/0/11

#

return


  • x
  • convention:

Featured Answers
chenhui
Admin Created Aug 19, 2019 02:36:51 Helpful(0) Helpful(0)

@Kiewit hi,
please undo the command port trunk pvid vlan 100 on the CR1 switch interface g0/0/1.
because this command remove the vlan tag of the packets comes from vlan 100, which makes the router discard these packets.
  • x
  • convention:

All Answers
ster
ster Created Aug 18, 2019 02:18:25 Helpful(0) Helpful(0)

Hi
The G0/0/1 uses the tunk mode, and the other uses the access mode.
  • x
  • convention:

Kiewit
Kiewit Created Aug 18, 2019 08:33:27 Helpful(0) Helpful(0)

Lemme expand the topology so it makes more sense
  • x
  • convention:

Wireless%20Network%20Enthusiast%20working%20for%20the%20ITS%20Network%20Services%20team%20in%20Woolworths%20SA
ster
ster Created Aug 18, 2019 11:00:26 Helpful(0) Helpful(0)

Perfect, you can only see small pictures at the beginning, but you can't judge them. We'll get rid of the problem as soon as possible.
  • x
  • convention:

chenhui
chenhui Admin Created Aug 19, 2019 02:36:51 Helpful(0) Helpful(0)

@Kiewit hi,
please undo the command port trunk pvid vlan 100 on the CR1 switch interface g0/0/1.
because this command remove the vlan tag of the packets comes from vlan 100, which makes the router discard these packets.
  • x
  • convention:

Rudson
Rudson Created Aug 19, 2019 15:10:18 Helpful(1) Helpful(1)


Good afternoon as a friend @chenhui said, remove the pvid command from the interfaces, and for good practice add undo port trunk allow-pass vlan 1, to avoid a possible loop in vlan 1.
  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login