Switch ping to router with trunk port

Question

If I have a switch port trunk directly connect to a router with the follow scenario below:

-------- g1/0/1 (Trunk)                      g1/0/1                    |------|
|switch| Native VLAN 1 SVI=192.168.1.1  ==>  IP=192.168.1.254          |Router|
-------- Tagged VLAN 2 SVI=192.168.2.1       Secondary IP=192.168.2.254|------|

Assuming no ACL is set & IP is within /24, why do VLAN 1 SVI can ping .254 but not VLAN 2?

Can someone explain the process going in behind?

My colleague told me because (I was using a FW at the time) that by default L3 device interface is using native and they don't see tag. My view is L3 device will strip the L2 frame regardless so it shouldn't matter tagged or not? I also noted with my lab testing above scenario, VLAN 2 is actually down and even if I make it to "up" with assigning the VLAN 2 elsewhere the above result stay the same.

Answer 1

Your diagram is a bit unclear, but let's try.

tagged VLAN 2 SVI=192.168.2.1 =trunk= Secondary IP=192.168.2.254

A secondary address on the router's native interface doesn't work. The router needs to use 802.1q tagging, that's usually done by configuring a subinterface (possibly with explicit 802.1q configuration, depending on the model).

If the router doesn't support 802.1q tagging you can't trunk and need to use a separate L3 port. Connect it to an untagged switch port (access mode) configured with just native/untagged VLAN 2.

Generally a good check for L2 connectivity is examining the switch's MAC table for the desired VLAN - if the router's MAC doesn't show up there's something wrong.

Another possible cause for your problem might be an invalid source address for the ping over VLAN 2 (an unroutable loopback address or such).