Inter-vlan routing con cisco 2901 e 2 gigabit ethernet

[vincenzo4mini]

Buona sera a tutti,
Vorrei porvi un quesito, forse un po' banale.
Ho configurato uno switch catalyst 2960 con 3 vlans + 1 vlan:
10
20
30
99 management
Ho impostato sempre sullo switch una porta in modalitá trunk verso una porta del router, ed un'altra in modalitá di accesso alla vlan20 verso l'altra porta del router.

Naturalmente sul 2901 sulla gi0/0 ho creato le subinterface per le vlan 10,30,99; mentre sulla gi0/1 ho semplicemente configurato l'indirizzo della subnet della vlan 20.

Ora arriviamo ai problemi, i terminali sulle stesse vlan si vedono e pingano tranquillamente, dalla vlan 30 pingo e vedo la vlan 10, e sempre da essa riesco a pingare tutte le interface e subinterface del router. Il problema é che non riesco assolutamente ad entrare nella vlan 20, e la cosa mi sembra alquanto assurda...
Mi sembra di perdermi in un bicchier d'acqua, ma qualche lume in più da chi esperienza ne ha da vendere sarebbe ben accetta...

[vincenzo4mini]

Ho pensato che possa servire una rotta statica tra una porta e l'altra dello stesso router, anche se mi sembra illogico visto che sono parte dello stesso apparato... Credo più in un errore di configurazione...

Vi posterò le conf al più presto...

[vincenzo4mini]

CONFIG ROUTER 2901

Codice: Seleziona tutto

Router#sh run
Building configuration...

Current configuration : 5150 bytes
!
! Last configuration change at 07:12:00 UTC Tue Apr 15 2014 by vincenzo
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
!
!
!
ip domain name yourdomain.com
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-672430249
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-672430249
 revocation-check none
 rsakeypair TP-self-signed-672430249
!
!
crypto pki certificate chain TP-self-signed-672430249
 certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 36373234 33303234 39301E17 0D313430 32313830 38313235
  385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3637 32343330
  32343930 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  A52AED0E FDA27577 2BA0104C 3350AAFC 9CDBF77B 6B07CD17 BC3C07D3 58D5E5FC
  163617E0 FBF2B239 6EFB17CC D79FBB2A 1E13C468 FA24DED4 B661EF52 F1AD23E5
  D91BDECD EF35F315 DAE48DAA C10D23D3 AAECEA66 7D0008AD 00EBAEA6 8587A7E9
  F569D19A D9A180D8 348403AF 9F7808F2 C9BE9FA6 0C028D2B 48B6B889 E011FB39
  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
  23041830 1680142B EB797E1E 59446F52 0CE93A76 A1787160 62FEB230 1D060355
  1D0E0416 04142BEB 797E1E59 446F520C E93A76A1 78716062 FEB2300D 06092A86
  4886F70D 01010505 00038181 0032D0B5 15502C68 0711BA73 F8E17B74 476BB8B9
  048524B1 B9E4A761 3660BD0C 9C8A4A66 31ACD296 918F1F88 F988DF87 C1E9BC6F
  B4206921 8A0FD1EA 41672422 66222514 4B57AF6A 8872A59B BE8697AF CB39D7A2
  070FF8DF BD9948F0 B317ABDD DF9BF34F 56EADD36 A8570B73 62CDB139 8C06AA3F
  9DE7A647 9C053D4A B9E126DA EB
        quit
license udi pid CISCO2901/K9 sn FCZ1808C0X8
!
!
username vincenzo privilege 15 secret 5 $1$9Vut$yPCMnUD01fYxXolVaYiVg/
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
!
interface GigabitEthernet0/0.99
 encapsulation dot1Q 99 native
 ip address 192.168.99.1 255.255.255.0
!
interface GigabitEthernet0/1
 ip address 192.168.20.1 255.255.255.0
 duplex auto
 speed auto
 vlan-id dot1q 20
  exit-vlan-config
 !
!
ip default-gateway 192.168.99.1
no ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN
CREDENTIALS


Here are the Cisco IOS commands.


username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco


Replace <myuser> and <mypassword> with the username and password you want
to use.


IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

CONFIG SWITCH 2960S

Codice: Seleziona tutto

Switch#sh run
Building configuration...

Current configuration : 5576 bytes
!
! Last configuration change at 01:29:12 UTC Wed Mar 30 2011
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$v.0F$eJpmr5tRXHvQlKEoQbwXW1
!
username utente privilege 15 password 7 101F5B4A5142
no aaa new-model
switch 1 provision ws-c2960s-24ps-l
!
!
ip domain-name switch.quattromini
ip device tracking
!
!
crypto pki trustpoint TP-self-signed-2251700352
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2251700352
 revocation-check none
 rsakeypair TP-self-signed-2251700352
!
!
crypto pki certificate chain TP-self-signed-2251700352
 certificate self-signed 01
  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32323531 37303033 3532301E 170D3933 30333031 30303032
  33375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 32353137
  30303335 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100EBAF 9A8E20EE DC90A806 29FB0194 06126E79 AEE07D0F 6C0FE974 52F972C8
  60EA7EC9 1900931D 50AEAF1C 23A39474 E963C0F7 B09B33A6 F4FB3C43 87615C75
  DA904579 544CAAB3 86D8D06A F93A5477 EBB020C5 3D814309 418104C6 CCDC28DC
  299089C5 1FA67F1D CCA51671 4395F8A1 0DDC10B1 BE7C02CA 0D7FF8C1 CD3C5B94
  076F0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
  551D1104 0B300982 07537769 7463682E 301F0603 551D2304 18301680 149F1C65
  9090034A A83B440B FBD8B738 6747080C 99301D06 03551D0E 04160414 9F1C6590
  90034AA8 3B440BFB D8B73867 47080C99 300D0609 2A864886 F70D0101 04050003
  818100B3 E3D199C7 77AAA28A FA08C606 FD8421FE 1F50763B 0C3EBB17 263BB0EA
  D8B18F37 0541F5F3 3C1D51BC 756E870E E37CF4A5 FBB558CC B08C98EC 57996318
  34FBCE4F A03B9143 C5AD392C D7B2788E BB6CD8A4 1E066C94 98CB716C 0CE9C30C
  1932D77F DF6B1335 6BF3C6BA F8EC6321 BC915FAB 01646C72 D269F24F D5E4D601 09089E
        quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh authentication-retries 5
ip ssh version 2
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet1/0/1
 switchport trunk native vlan 99
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/3
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/4
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/5
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/6
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/7
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/8
 description Modulo Scenari BTicino MH200N (domotica)
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/9
 description Touch Screen BTicino (domotica)
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/10
 description Web Server BTicino F454 (domotica)
 switchport access vlan 10
 switchport mode access
!
interface GigabitEthernet1/0/11
 description Presa n.1 (ingresso 2 nicchia)
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/12
 description Presa n.2 (ingresso 2 nicchia)
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/13
 description Presa n.3 (ingresso 2)
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/14
 description Presa n.4 (ingresso 1)
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/15
 description Presa n.5 (ingresso 1)
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/16
 description Presa n.6 (seminterrato)
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/17
 description Presa n.7 (seminterrato)
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/18
 description Presa n.8 (antibagno)
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/19
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/20
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/21
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/22
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/23
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/24
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 no ip address
!
interface Vlan10
 description RETE PER LA DOMOTICA
 no ip address
!
interface Vlan20
 description RETE PER LA VIDEOSORVEGLIANZA
 no ip address
!
interface Vlan30
 description RETE PRIVATA AZIENDALE
 no ip address
!
interface Vlan99
 description RETE DI GESTIONE
 ip address 192.168.99.2 255.255.255.0
!
ip default-gateway 192.168.99.1
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
line con 0
 password 7 01100F175804
 login
line vty 0 4
 password 7 01100F175804
 login local
 monitor
 transport input ssh
line vty 5 15
 login
!
end

[roton]

Se la porta dello switch è in modalità access sulla vlan 20, sulla porta del router devi togliere il tag della vlan 20.