Cisco 2800 internet

[techie23]

I have a Cisco 2800 router and I have a bit of a routing dilemma. I need to take the internet I get from my Clearwire modem/router and route through to my switch. I would go directly to the switch but there are VLANs which need to be setup. Anyway, my Cleaerwire box translates its ISP IP address to a private 192.168 address. Is there a way to route this through? I know I am missing something simple and just need someone to point it out. Thanks in advance.

 

[SweetRevelation]

I'm not sure I understand exactly what you're trying to accomplish.

Could you maybe explain in more detail what you need to happen? Also maybe give us an idea of how your network is setup now and what changes you'd like to make?

 

[PuroNica]

I have 2 questions before I can help.

1. What type of switch do you have?

2. If you have cable modem/router why do you need another router?

This is how I would do it. I would purchase a cable modem only without the router built into it. Configure 1 interface on the cisco router as my wan which would connect to my modem. Configure my other interface for my internal lan which would connect to the switch. You will have to trunk your internal interface as well as your uplink port on the switch. Also, you will have to configure your internal interface on your router to route all you vlans on that interface. You will have to configure your internal interface as a router on a stick which is the term for 1 layer 3 interface routes all your vlans for you. Hope this helps.

 

[techie23]

OK, so a few things have changed since my post. Now I am using a Cisco 3750 switch with a DSL link. What I am needing to accomplish is have 2 networks talk to each other (Vlan 10 and Vlan 20) and also have Vlan 20 connect to the internet. I have the vlan information in place but can't figure out how to get them to talk to one another. Normally I would go through a router and address 2 virtual links but not sure how to do this on a 3750 since everything is built into one. The other problem I am having is getting my vlan 20 out to the internet. I put in a route to the DSL address but I can't seem to get out. Any suggestions? Thanks for the replies so far.

 

[imbadatthis]

for internet you will need nat.

for your vlan's talking to each other, where is the gateway for them ?
is the default gateway a vlan interface?
is it on a different switch?

you might need a routing protocol enabled if they are on different switches.

either way post config, easier to see what you've done, where you are going and what you are missing...

above is guess work ;p

cheers,


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[PuroNica]

Is your switch a layer 3 switch if so, you will have to create 2 vlan interface with an ip address and they will be used as your default gateway for your vlans. You won't need any routing protocols because they will be connected directly to your switch. As for internet access you will need a PAT for your internet access. You will want to do many to one so basically all of your internal computers will use only 1 ip address for internet.

 

[techie23]

Posting a config will have to wait until Monday as equipment is on site. To answer all other questions:

Only 1 switch is being used, a 3750. 2 vlans configured, 10 and 20.

1 link from switch to DSL equipment.

NAT and PAT are not my strong suit so may need help getting that configured. Again, going to have to wait until Monday until I can get a config of what has already been done. Thanks guys.

 

[techie23]

OK, here is my config thus far:

Switch#sh run
Building configuration...

Current configuration : 3132 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$i9Yw$AumneOlW0WdWZl3HecQab/
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet1/0/1
no ip address
no mdix auto
!
interface FastEthernet1/0/1.10
!
interface FastEthernet1/0/2
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/3
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/4
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/5
switchport access vlan 10
no ip address
no mdix auto

Switch#en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#no int fa1/0/1.10
% Not all config may be removed and may reappear after reactivating the sub-inte
rface
Switch(config)#del int fa1/0/1.10
^
% Invalid input detected at '^' marker.

Switch(config)#int fa1/0/1.10
Switch(config-subif)#del
% Incomplete command.

Switch(config-subif)#del ?
<1-16777215> Throughput delay (tens of microseconds)

Switch(config-subif)#delete
^
% Invalid input detected at '^' marker.

Switch(config-subif)#no ?
arp Set arp type (arpa, probe, snap) or timeout
bandwidth Set bandwidth informational parameter
bgp-policy Apply policy propogated by bgp community string
cdp CDP interface subcommands
delay Specify interface throughput delay
description Interface specific description
ip Interface Internet Protocol config commands
priority-queue Priority Queue
queue-set Choose a queue set for this queue
service-policy Configure QoS Service Policy
shutdown Shutdown the selected interface
srr-queue Configure shaped round-robin transmit queues
timeout Define timeout values for this interface

Switch(config-subif)#no ip ?
Interface IP configuration subcommands:
access-group Specify access control for packets
address Set the IP address of an interface

Switch(config-subif)#no ip addr
Switch(config-subif)#exit
Switch(config)#no int fa1/0/1.10
% Not all config may be removed and may reappear after reactivating the sub-inte
rface
Switch(config)#exit\
^
% Invalid input detected at '^' marker.

Switch(config)#exit
Switch#exit

































Switch con0 is now available





Press RETURN to get started.


2d16h: %SYS-5-CONFIG_I: Configured from console by console
**************************************************
Unauthorized entrance into Johnson Controls equipment is
strictly prohibited and will be prosecuted to the fullest
extent of the law.
**************************************************

Switch>en
Password:
Switch#
Switch#sh run
Building configuration...

Current configuration : 3099 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$i9Yw$AumneOlW0WdWZl3HecQab/
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
interface FastEthernet1/0/1
no ip address
no mdix auto
!
interface FastEthernet1/0/2
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/3
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/4
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/5
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/6
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/7
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/8
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/9
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/10
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/11
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/12
switchport access vlan 10
no ip address
no mdix auto
!
interface FastEthernet1/0/13
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/14
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/15
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/16
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/17
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/18
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/19
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/20
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/21
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/22
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/23
switchport access vlan 20
no ip address
no mdix auto
!
interface FastEthernet1/0/24
switchport access vlan 20
no ip address
no mdix auto
!
interface GigabitEthernet1/0/1
no ip address
!
interface GigabitEthernet1/0/2
no ip address
!
interface Vlan1
ip address 192.168.2.2 255.255.255.0
!
interface Vlan10
ip address 10.0.0.1 255.255.255.0
!
interface Vlan20
ip address 192.168.1.1 255.255.255.0
!
ip default-gateway 192.168.2.2
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip http server

 

[SweetRevelation]

I don't think you need the ip default-gateway 192.168.2.2

With that config you should be able to route between your vlans already though, since both of those networks are on the same layer 3 switch.

So does that part work? It should.

Now do you just need help with the NAT/PAT portion?

 

[techie23]

I put my IP addresses in on two computers with their respected gateways and I am still unable to ping between them. The responses time out. Do I need to configure virtual interfaces and route between them like I would do with a stand alone router? I have never configured a layer 3 switch before so not sure if it was done automatically.

 

[imbadatthis]

1) can your work station ping its own gateway.
2) if yes, can it ping the gateway of the other vlan.

one of these two should be a NO.
if its first one then cable / configuration issue on your station is what i would look at .

if the answer to the second question is a resounding NO while answer to first one is a YES. then do :

sh ip interfaces brief
sh ip route
sh vlan

and post em here.


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[techie23]

Um, here is something interesting I just found. The computer on the 192.168 network (vlan 20) can ping the computer on the 10.0 (vlan 10) network. The 10.0.0.2 computer can get to the 192.168 gateway but not the PC at 192.168.1.2. I have checked all gateways and local IP addresses and they all match up. Really stumped on this one. After this, I think I will be ready for the NAT config. Much appreciation for everyone's help on this.

 

[techie23]

Another thing I was looking at..the Catalyst 3750 switch does not support NAT. I have a Cisco 2801 router here I can use.

 

[techie23]

Update: Switch is configured with both VLANs and talking to each other. Router was added to the mix to help with NAT which I have to do. The internet comes to me as an already translated address..192.168.1.1. I have a route in place to get to that but I do not have internet access. I am guessing this is where the NAT comes in to place. Any suggestions? Thank you.

 

[SweetRevelation]

Show us the config on the 2800 series router you put on top.

You'll need a default route out of the switch to the router, and a default route out of the router to the internet along with the NAT/PAT commands on the 2800 Router.

 

[techie23]

Here is the current config:

Router#sh run
Building configuration...

Current configuration : 1534 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.7Pk$kAmHv/gYBF972ovlVHwH6.
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.2.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.3.1 255.255.255.0
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 10.0.0.1 255.255.255.0
!
interface Serial0/3/0
no ip address
shutdown
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 192.168.0.0 255.255.0.0 FastEthernet0/0
ip route 192.168.0.0 255.255.255.0 FastEthernet0/0
ip http server
ip nat pool Chad 192.168.3.1 192.168.3.255 prefix-length 24
ip nat inside source list 2 pool Chad
!
!
access-list 2 permit 192.168.3.0 0.0.0.255
!
control-plane

 

[techie23]

On the switch side I have a route out to the router. This has been tested and verified. I am able to ping from a computer through the switch and through the router on where my internet comes in but I still have no internet.

 

[imbadatthis]

ip nat inside source list 2 interface FastEthernet0/0 overload

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[techie23]

I added the overload nat command from above and I still cannot get out. Here is my IP NAT stats and translations I pulled. I do not fully know what is happening on here. Sorry and thanks for all your help.

Router#sh ip nat s
Total active translations: 7 (0 static, 7 dynamic; 7 extended)
Outside interfaces:
FastEthernet0/0
Inside interfaces:
FastEthernet0/1
Hits: 101 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 27
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 2 interface FastEthernet0/0 refcount 7
Queued Packets: 0

Router#sh ip nat t
Pro Inside global Inside local Outside local Outside global
udp 192.168.1.2:427 192.168.3.55:427 192.168.1.79:427 192.168.1.79:427
udp 192.168.1.2:427 192.168.3.55:427 192.168.1.81:427 192.168.1.81:427
udp 192.168.1.2:49812 192.168.3.55:49812 4.2.2.2:53 4.2.2.2:53
udp 192.168.1.2:52512 192.168.3.55:52512 4.2.2.2:53 4.2.2.2:53
udp 192.168.1.2:59455 192.168.3.55:59455 4.2.2.2:53 4.2.2.2:53
udp 192.168.1.2:62469 192.168.3.55:62469 4.2.2.2:53 4.2.2.2:53
Router#

 

[techie23]

Finally got everything working! I do not need the 2801 router as the DSL modem is doing the translations for me. Thanks again for everybody's help, its greatly appreciated.