0

I'm having troubles routing from two VLANs on Cisco Router here is the config:

interface FastEthernet0/1.13
 encapsulation dot1Q 13
 ip address 192.168.13.254 255.255.255.0
 ip nat inside
 no ip virtual-reassembly
!
interface FastEthernet0/1.21
 encapsulation dot1Q 21
 ip address 10.10.10.29 255.255.255.0
 ip nat outside
 no ip virtual-reassembly
!

And the routing part:

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 <ISP GW IP>
ip route 10.10.5.0 255.255.255.0 10.10.10.90

There are other things going one on the router, specially a big access list and also a lot of NAT's but nothing related with this VLANs.

If I'm on a VLAN 13 host and try to ping for instance a VLAN21 Address shouldn't it work?

EDIT #1

Result of sh ip route

Gateway of last resort is <ISP GW> to network 0.0.0.0

C    192.168.12.0/24 is directly connected, FastEthernet0/1.12
C    192.168.13.0/24 is directly connected, FastEthernet0/1.13
     <ISP subnet> is subnetted, 2 subnets
C       <ISP IP> is directly connected, FastEthernet0/0.120
C       <ISP IP> is directly connected, FastEthernet0/1.16
C    192.168.11.0/24 is directly connected, FastEthernet0/1.11
     10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S       10.10.5.0/20 [1/0] via 10.10.10.90
C       10.10.10.1/24 is directly connected, FastEthernet0/1.21
C    192.168.0.0/24 is directly connected, FastEthernet0/1.10
S*   0.0.0.0/0 [1/0] via <ISP GW>
rgomez
  • 143
  • 1
  • 2
  • 10
  • it really depends on what your nat config, and host setup is. What's the output of `show run | s nat`? Do the hosts you are trying to ping between have the 192.168.13.254 and 10.10.10.29 configured as their default gateway addresses? what is the purpose of setting the nat statements on your interfaces? – HostBits Jan 10 '17 at 23:47
  • The output for that reveals a lot of public IPs and it's a lot of lines but if it's needed I will hide them and post. The interfaces have nat cause they do NAT some IPs. The VLAN 13 hosts do have 192.168.13.254 as the GW but the VLAN 21 hosts have 10.10.10.90 as the gateway. – rgomez Jan 10 '17 at 23:54
  • 1
    It's probably because I don't do this stuff on a regular enough basis, but your interface config and your routing statements look funny to me. `1.` The routing statement: ip route 10.10.5.0 255.255.240.0 10.10.10.90 would presume that 10.10.10.90 is another router or possibly an SVI on a Layer 3 switch. What device is at 10.10.10.90? `2.` The routing statement: ip route 172.16.0.0 255.255.0.0 172.16.10.1 makes no sense to me at all. How is the router supposed to route traffic to 172.16.10.1 in the first place? What's the output of `sh ip route` look like? – joeqwerty Jan 11 '17 at 00:55
  • At 10.10.10.90 it's a Layer 3 device which routes traffic for all 10.10.5.0 255.255.240.0 network. Look at edit please – rgomez Jan 11 '17 at 01:01
  • OK, now it's making more sense. You shouldn't need this statement: `ip route 172.16.0.0 255.255.0.0 172.16.10.1` as the router is directly connected to the 172.16.0.0/16 network. Is your switch configured correctly with an SVI for each VLAN that corresponds to each subnet? Are the hosts in each VLAN/subnet configured with the correct DG? Is the switch port that uplinks to the router configured as a trunk port and has the correct VLAN's allowed? – joeqwerty Jan 11 '17 at 01:18
  • Yes everything is correct switching part as I can reach the VLAN interfaces IP from the respective network. I don't know if the 10.10.10.90 is blocking anything inside it's own subnet. If this this was a problem related with VLAN 13 host accessing a 10.10.11.29 for instance it would make sense the problem is on the 10.10.10.90 L3 device. In this case it doesn't. Should work – rgomez Jan 11 '17 at 01:23

1 Answers1

1

You have a problem with this command:

ip route 10.10.5.0 255.255.240.0 10.10.10.90

You do not have a route to the 10.10.10.90 next hop:

     10.0.0.0/8 is variably subnetted, 3 subnets, 3 masks
S       10.10.5.0/20 [1/0] via 10.10.10.90

If the router doesn't know how to get to the next hop, then it cannot route to the 10.10.5.0/20 network, and the traffic will be dropped. The router needs to know how to get to the next hop address for any route, but the router has the ip address 10.10.10.29 255.255.255.192 directly connected network that only goes up to 10.10.10.63, and it is not up for some reason. There is no interface that directly connects to the network of the 10.10.10.90 next hop address.

You really should not have an outside (WAN) interface as a VLAN interface. Normally, you want to use a physical address as an outside (WAN) interface.

Also, you show the directly connected route:

C    172.16.0.0/16 is directly connected, FastEthernet0/1.21

Unfortunately, that doesn't match what you show for the configuration of that interface.

Never, ever include a static route for directly connected networks.

Ron Maupin
  • 3,158
  • 1
  • 11
  • 16
  • `but the router has the ip address 10.10.10.29 255.255.255.192` - I missed the subnet mask on that. – joeqwerty Jan 11 '17 at 05:36
  • The router does not have that network on that interface. The routing table tells you otherwise: `C 172.16.0.0/16 is directly connected, FastEthernet0/1.21`. – Ron Maupin Jan 11 '17 at 05:39
  • I was just referring to the fact that I didn't pay close enough attention to the subnet masks on the interfaces or in the routing table. – joeqwerty Jan 11 '17 at 06:04
  • Your configuration, routing table, and static routes do not match in a way that works. You need to fix that to have a chance of things working. – Ron Maupin Jan 11 '17 at 06:07
  • I'm not the OP. I was just commenting that I misread the details in the question and that you had read the question more carefully than I did. – joeqwerty Jan 11 '17 at 06:16
  • Sorry, I'm a network guy, and I obviously read the configurations closer than the authors. – Ron Maupin Jan 11 '17 at 06:17
  • Yes. Good catch. I glossed over those details in the OP's question. – joeqwerty Jan 11 '17 at 06:23
  • Please take a look at first post, I've edited the whole question, I think it should be better now. It was missing lines due to changing the public IP stuff – rgomez Jan 11 '17 at 08:41
  • If you give us incorrect information to begin with, then we cannot help. Really what you need to do is to include the entire router and switch configurations. There can be things not included in your configurations that seemingly do not affect this, but they really do.The question is also probably better asked on [networkengineering.se]. – Ron Maupin Jan 11 '17 at 15:33