×
all 15 comments

[–]zanfarCCENT 1 point2 points  (4 children)

99% of the time, ping fails because there is no bi-directional route between the two hosts. Your host interface either needs to be on the same subnet as the SVI, or the switch needs to know how to route between your subnet and the VLAN1 subnet.

  • What is the config of interface FastEthernet0/2?
  • What is the config of your local NIC(s)?
  • What subnet is configured on interface Vlan1?
  • What is the output of show vlan brief?
  • What is the output of a traceroute in both directions?

[–]SecurityFailure[S] 0 points1 point  (3 children)

here are the outputs, my assumption is because its on a different subnet...if i change the vlan to 10.0.0.3, im assuming that would work?

traceroute
Protocol [ip]: 10.1.1.3
% Unknown protocol - "10.1.1.3", type "trace ?" for help

here are the outputs, https://imgur.com/a/YsRMj

also, my biggest question is that how is this guy able to ping using the same device that i have with only the vlan1 configured? https://imgur.com/a/N6jP3

[–]zanfarCCENT 1 point2 points  (1 child)

my assumption is because [it's] on a different subnet

Correct.

if [I] change the [VLAN] to 10.0.0.3, [I'm] assuming that would work?

I think I get what you are asking, in which case the answer is "likely." This is a case where precision in terms is important.


A VLAN is an L2 concept. It is commonly understood as splitting a physical switch into one or more virtual switches internally--each referred to as a VLAN and given a number.

A VLAN Interface or int vlan or an SVI is an L3+ interface that is virtually attached to a VLAN. It links the control plane to the data plane at a specific L3 address and in a specific VLAN.

A Subnet is a range of addresses, and so is always expressed as an address and a mask. The address is, by convention, the first address in the range, and the mask is either a binary mask (255.255.255.0) or a CIDR mask (/24) which is simply a shorthand for the number of 1s in the binary mask.


Your Windows NIC (image 1) has an address in the 10.0.0.0/24 subnet. If the ping destination is in the same subnet, then your host will ARP for the MAC and send the ping directly. Because your destination is in a different subnet, your ping is being sent to your default gateway which has no idea how to get to 10.1.1.0/24 (because it only exists on the switch).

Yes, the easiest solution is to give the VLAN 1 Interface an address in the 10.0.0.0/24 subnet.

how is this guy able to ping [using the] same device that i have with only the vlan1 configured?

His host is likely in the 10.1.1.0/24 subnet, unlike yours.

[–]SecurityFailure[S] 0 points1 point  (0 children)

Thank you so much for the detailed explanation! It's starting to be a lot more crystal clear for me. I gave the VLAN1 interface an IP of 10.0.0.230 instead and was able to mimic exactly what he did.

[–]herolurkerCCENT 0 points1 point  (0 children)

Ok different subnets, won’t work, unless you got a router or a layer 3 switch with the global command ip unicast-routing

[–]herolurkerCCENT 0 points1 point  (4 children)

is your PC ip in the same subnet as the vlan?

[–]SecurityFailure[S] 0 points1 point  (3 children)

no...actually that may be the reason why? vlan is on .1. subnet and pc is on .0

[–]herolurkerCCENT 0 points1 point  (2 children)

If it’s not in the same subnet you’ll need a router to communicate between different subjects.

Im not sure what that.1 and .0 mean, can you tell us the full ip and mask?

[–]c1sc0n00b 0 points1 point  (1 child)

Herolurker is right. You would need to have the Host and the Vlan IP addresses on the same subnet. Otherwise I believe it is not going to work. You could always create a new VLAN for the network the PC is on. However you would then need to create a trunk port from the switch to the router. On the router you would need to create sub interfaces for each of the VLAN and assign the default gateway addresses appropriately.

I would then try to ping the switch to see if your configurations are set correctly. If they fail then use the tracert followed by the switch VLAN ip address. There it will show you were the error is occurring and fix it accordingly.

[–]SecurityFailure[S] 0 points1 point  (0 children)

so i ended up figuring it out. i think its due to having one of the ports in L3. i disabled it, changed the VLAN1 to the same subnet as my home network (10.0.0.230) and was able to ping to it perfectly fine!

thank you /u/herolurker, /u/c1sc0n00b for your help! its starting to make a lot more sense now

[–]c1sc0n00b 0 points1 point  (2 children)

Could be that your PC might not have a IP address. If you could send us a snippet of the IP configuration that would be helpful. Also make sure to configure the Line VTY. If you need to SSH and telnet. You need to use the transport command. I believe you might also need to set a password for telnet for it to work

[–]SecurityFailure[S] 0 points1 point  (1 child)

yep, i did the line vty part here's a snippet: https://imgur.com/a/YsRMj

[–]c1sc0n00b 0 points1 point  (0 children)

Your computer is on a 10.0.0.0 network because you declared the subnet mask to be 255.255.255.0

Your Vlan switch is on a 10.1.1.0 network if you set the subnet mask to 255.255.255.0

So what you need to do in order to fix this is either two things

  1. Set up a router and configure the default gateway so that your computer can reach it. Remember that a routers main purpose is to allow hosts to reach other networks. Switches are unable to do this unless they are layer three. Layer three switches have routing capabilities.

  2. Or you could change the subnet mask to 255.0.0.0 on the Vlan1 and also the PC. This would probably be the quickest and easiest solution. Of course it wouldn’t be the easiest in a real world situation. But for your lab exercise it should do.

Also if you are wanting to SSH into the switch. Make sure you set up a ip domain along with a Username and password. Some line vty sub configuration will also be needed. I have seen the CBT Nuggets videos with Jeremy and they are very helpful. Continue to look back at the videos and follow him step by step and you should be gold.

[–]CannibalAngelJNCIA-Junos 0 points1 point  (1 child)

Does the switch have a default gateway set?

[–]SecurityFailure[S] 0 points1 point  (0 children)

yup, its set with my router