Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Westi on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

EtherChannel and 802.1Q Trunking Between Router and Switch 1

Status
Not open for further replies.
yemaya

yemaya

Technical User
Sep 13, 2006
140
CA
Hi.

This is the first time i do this and before apply this configuration to the route/switch, i need some advice, this is the configuration in both:


Router 2621
Code: 
!
!
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.2.100 255.255.255.0
!         
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.3.100 255.255.255.0
!
interface FastEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.4.100 255.255.255.0
!
interface FastEthernet0/0.40
 encapsulation dot1Q 40
 ip address 192.168.5.100 255.255.255.0
!
interface FastEthernet0/0.50
 encapsulation dot1Q 50
 ip address 192.168.6.100 255.255.255.0
!
interface FastEthernet0/0.180
 encapsulation dot1Q 180
 ip address 192.168.150.100 255.255.255.0
!
ip http server
ip classless
!         
!
!

Switch 2950
Code: 
!
!
interface Port-channel1
 switchport mode trunk
 flowcontrol send off
!
interface FastEthernet0/1
 description "ROUTER-TRUNK"
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet0/2
 switchport access vlan 10
!
interface FastEthernet0/3
 switchport access vlan 10
!
interface FastEthernet0/4
 switchport access vlan 10
!
interface FastEthernet0/5
 switchport access vlan 10
!
interface FastEthernet0/6
 switchport access vlan 20
!
interface FastEthernet0/7
 switchport access vlan 20
!
interface FastEthernet0/8
 switchport access vlan 20
!
interface FastEthernet0/9
 switchport access vlan 20
!
interface FastEthernet0/10
 switchport access vlan 30
!         
interface FastEthernet0/11
 switchport access vlan 30
!
interface FastEthernet0/12
 switchport access vlan 30
!
interface FastEthernet0/13
 switchport access vlan 30
!
interface FastEthernet0/14
 switchport access vlan 40
!
interface FastEthernet0/15
 switchport access vlan 40
!
interface FastEthernet0/16
 switchport access vlan 40
!
interface FastEthernet0/17
 switchport access vlan 40
!
interface FastEthernet0/18
 switchport access vlan 50
!
interface FastEthernet0/19
 switchport access vlan 50
!
interface FastEthernet0/20
 switchport access vlan 50
!
interface FastEthernet0/21
 switchport access vlan 50
!
interface FastEthernet0/22
 switchport access vlan 180
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
 ip address 192.168.1.200 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan10
 ip address 192.168.2.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan20
 ip address 192.168.3.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan30
 ip address 192.168.4.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan40
 ip address 192.168.5.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan50
 ip address 192.168.6.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan180
 ip address 192.168.150.100 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
no ip http server
no cdp run
!

The router is connected to internet with the interface 0/0 and i have running DHCP and NAT on the same router, i created 6 VLANs for differents PCs, 2 servers, 5 Workstations and VLAN 180 goes to one linksys wireless router to provide internet to two laptops.

Thanks in advanced
 
Sort by date Sort by votes
Hi.

Sorry i forgot something:

Router:
Code: 
!
!
!
interface FastEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 192.168.1.200 255.255.255.0
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.2.100 255.255.255.0
!         
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.3.100 255.255.255.0
!
interface FastEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.4.100 255.255.255.0
!
interface FastEthernet0/0.40
 encapsulation dot1Q 40
 ip address 192.168.5.100 255.255.255.0
!
interface FastEthernet0/0.50
 encapsulation dot1Q 50
 ip address 192.168.6.100 255.255.255.0
!
interface FastEthernet0/0.180
 encapsulation dot1Q 180
 ip address 192.168.150.100 255.255.255.0
!
ip http server
ip classless
!         
!
!

Thanks.
 
Upvote 0 Downvote
Hi.

I was looking the config and doing some changes that i want to share here, please, i need help to complete this.

Here is the config:

Switch:

Code: 
Switch-Server#sh run
Building configuration...

Current configuration : 3138 bytes
!
version 12.1
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Switch-Server
!
logging console critical
enable secret 5 $XXXXXXXXXXXXXXXXXXXXX.
!
clock timezone EST -5
clock summer-time EST recurring 1 Sun Mar 2:00 2 Sun Nov 2:00
ip subnet-zero
no ip source-route
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface Port-channel1
 switchport access vlan 5
 switchport trunk native vlan 5
 switchport mode trunk
 flowcontrol send off
!
interface FastEthernet0/1
 switchport access vlan 5
 switchport trunk native vlan 5
 switchport mode trunk
 channel-group 1 mode on
!
interface FastEthernet0/2
 switchport access vlan 10
!
interface FastEthernet0/3
 switchport access vlan 10
!         
interface FastEthernet0/4
 switchport access vlan 10
!
interface FastEthernet0/5
 switchport access vlan 10
!
interface FastEthernet0/6
 switchport access vlan 20
!
interface FastEthernet0/7
 switchport access vlan 20
!
interface FastEthernet0/8
 switchport access vlan 20
!
interface FastEthernet0/9
 switchport access vlan 20
!
interface FastEthernet0/10
 switchport access vlan 30
!
interface FastEthernet0/11
 switchport access vlan 30
!
interface FastEthernet0/12
 switchport access vlan 30
!
interface FastEthernet0/13
 switchport access vlan 30
!
interface FastEthernet0/14
 switchport access vlan 40
!
interface FastEthernet0/15
 switchport access vlan 40
!
interface FastEthernet0/16
 switchport access vlan 40
!
interface FastEthernet0/17
 switchport access vlan 40
!
interface FastEthernet0/18
 switchport access vlan 50
!
interface FastEthernet0/19
 switchport access vlan 50
!
interface FastEthernet0/20
 switchport access vlan 50
!
interface FastEthernet0/21
 switchport access vlan 50
!
interface FastEthernet0/22
 switchport access vlan 180
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
 no ip address
 no ip route-cache
 shutdown
!
interface Vlan2
 ip address 192.168.8.200 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan5
 ip address 192.168.2.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan10
 ip address 192.168.3.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan20
 ip address 192.168.4.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan30
 ip address 192.168.5.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan40
 ip address 192.168.6.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan50
 ip address 192.168.7.100 255.255.255.0
 no ip route-cache
 shutdown
!
interface Vlan180
 ip address 192.168.50.100 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
no ip http server
no cdp run
!
line con 0
 exec-timeout 0 0
 password 7 XXXXXXXXXXXXXXXXXXXXX
 logging synchronous
 login
line vty 0 4
 exec-timeout 5 0
 password 7 XXXXXXXXXXXXXXXXXXXXX
 logging synchronous
 login
line vty 5 15
 exec-timeout 5 0
 password 7 XXXXXXXXXXXXXXXXXXXXX
 logging synchronous
 login
!
!
end

Switch-Server#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/23, Fa0/24
2    VLAN0002                         active    
5    VLAN0005                         active    
10   VLAN0010                         active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
20   VLAN0020                         active    Fa0/6, Fa0/7, Fa0/8, Fa0/9
30   VLAN0030                         active    Fa0/10, Fa0/11, Fa0/12, Fa0/13
40   VLAN0040                         active    Fa0/14, Fa0/15, Fa0/16, Fa0/17
50   VLAN0050                         active    Fa0/18, Fa0/19, Fa0/20, Fa0/21
180  VLAN0180                         active    Fa0/22
1002 fddi-default                     act/unsup 
1003 trcrf-default                    act/unsup 
1004 fddinet-default                  act/unsup 
1005 trbrf-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
2    enet  100002     1500  -      -      -        -    -        0      0   
5    enet  100005     1500  -      -      -        -    -        0      0   
10   enet  100010     1500  -      -      -        -    -        0      0   
          
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
20   enet  100020     1500  -      -      -        -    -        0      0   
30   enet  100030     1500  -      -      -        -    -        0      0   
40   enet  100040     1500  -      -      -        -    -        0      0   
50   enet  100050     1500  -      -      -        -    -        0      0   
180  enet  100180     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 trcrf 101003     4472  1005   3276   -        -    srb      0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trbrf 101005     4472  -      -      15       ibm  -        0      0   


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7       7       off

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Switch-Server#sh vtp status
VTP Version                     : 2
Configuration Revision          : 10
Maximum VLANs supported locally : 128
Number of existing VLANs        : 13
VTP Operating Mode              : Server
VTP Domain Name                 : HOME-LAB
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xC4 0x42 0xD9 0xE8 0x8D 0xAB 0xAF 0x27 
Configuration last modified by 192.168.1.200 at 2-27-07 18:09:19
Local updater ID is 192.168.50.100 on interface Vl180 (lowest numbered VLAN interface found)
Switch-Server#

router:

Code: 
!
!
!
interface FastEthernet0/0
 description "Private LAN"
 ip address 192.168.1.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 no ip mroute-cache
 load-interval 30
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface FastEthernet0/0.2
 encapsulation dot1Q 2
 ip address 192.168.8.200 255.255.255.0
!
interface FastEthernet0/0.5
 encapsulation dot1Q 5
 ip address 192.168.2.100 255.255.255.0
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.3.100 255.255.255.0
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.4.100 255.255.255.0
!
interface FastEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.5.100 255.255.255.0
!
interface FastEthernet0/0.40
 encapsulation dot1Q 40
 ip address 192.168.6.100 255.255.255.0
!
interface FastEthernet0/0.50
 encapsulation dot1Q 50
 ip address 192.168.7.100 255.255.255.0
!
interface FastEthernet0/0.180
 encapsulation dot1Q 180
 ip address 192.168.50.100 255.255.255.0
!
ip http server
ip classless
!
!
 
Upvote 0 Downvote
Ok, Your 2950 series switch is not a L3 switch so the purpose of having an IP on your SVI is not correct here.

Also, you have a port-channel but only one interface assigned to it. This defeats the importance of an etherchannel. An etherchannel is at L2 (could be L3) and STP looks at one channel with up to 8 interfaces as one STP link. This is beneficial because all ports will be forwarding and you will maximize your bandwidth. With only 1 link assigned to the port-channel you are not using the benefits of an etherchannel. I also see that your are using vlan 5 as your native vlan. Not a problem with that, just ensure that on your router you specify that 5 is native.

Need to specify on your router that vlan 5 is native. Also as i said above, your L3 SVI on your 2950 is not used (can only have 1) but your addresses are the same on both devices. I would delete all SVIs on the 2950 except the one used for management (5).

Your IP address on the physical interface needs to go. You need to assign that IP to a sub-interface and associate it with a vlan.

Also your nat statements need to be on your subinterfaces.

hopefully these comments are useful

 
Upvote 0 Downvote
try googling "router on a stick" that should help you know the basic understanding what needs to be done.

also you mention that you are running DHCP on the router. i don't see any DHCP pool created?

you might need to grab an CCNA book, read and understand a little more about router and switches.

looks like you know a little about the command but lacking the understanding and theory behind what it does.
 
Upvote 0 Downvote
I think his router excerpt is just of the that interface, but I do agree. There seems to be a lack of understanding on how router on a stick works. I prefer L3 switching myself.
 
Upvote 0 Downvote
I do have on question, and without putting it in a lab, Would you need an ip-helper on your subinterface even though your DHCP server is the local router? I have never configured a router with subinterfaces as a DHCP server. NOt saying that this practice is discouraged, just that i have never done it. I know that the broadcast is sent to your default gateway, but would you need to use the helper address or would the dhcp server (aka: your router) recognize and issue an address dyanmically?

Anybody who can answer this would save me time from labbing it up and finding out myself.
 
Upvote 0 Downvote
Hi.

Thank you guys for the replays, i got the config almost done, i only need to to know how can i config DHCP to lease ip addresses to the VLANs, i was reading about "ip-helper" cmd but i'm not sure how to apply the cmd, has anyone done this before ?, i'll apreciate any info about that.

About NAT, do i have to apply the "ip nat inside" to all the subinterfaces and not to the internal interface?.

Here is the switch config, i'm using VLAN 1 as native and i'm only using trunk between fa0/1 and the router interface:

Code: 
Server-Switch#sh run
Building configuration...

Current configuration : 2576 bytes
!
! Last configuration change at 18:39:31 EST Tue Feb 27 2007
! NVRAM config last updated at 18:40:41 EST Tue Feb 27 2007
!
version 12.1
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Server-Switch
!
no logging console
enable secret 5 XXXXXXXXXXXXXXXXXXX
!
clock timezone EST -5
clock summer-time EST recurring 1 Sun Mar 2:00 2 Sun Nov 2:00
ip subnet-zero
no ip source-route
no ip gratuitous-arps
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 10
!
interface FastEthernet0/3
 switchport access vlan 10
!
interface FastEthernet0/4
 switchport access vlan 10
!
interface FastEthernet0/5
 switchport access vlan 10
!
interface FastEthernet0/6
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 20
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport access vlan 30
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 40
!
interface FastEthernet0/15
 switchport access vlan 40
!
interface FastEthernet0/16
 switchport access vlan 40
!
interface FastEthernet0/17
 switchport access vlan 40
!
interface FastEthernet0/18
 switchport access vlan 50
!
interface FastEthernet0/19
 switchport access vlan 50
!
interface FastEthernet0/20
 switchport access vlan 50
!
interface FastEthernet0/21
 switchport access vlan 50
!
interface FastEthernet0/22
 switchport access vlan 180
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
 ip address 192.168.1.50 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.1.1
no ip http server
no cdp run
!
line con 0
 exec-timeout 0 0
 password 7 XXXXXXXXXXXXXXXXXXX
 logging synchronous
 login
line vty 0 4
 exec-timeout 5 0
 password 7 XXXXXXXXXXXXXXXXXXX
 logging synchronous
 login
line vty 5 15
 exec-timeout 5 0
 password 7 XXXXXXXXXXXXXXXXXXX
 logging synchronous
 login
!
!
end

Server-Switch#sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/23, Fa0/24
10   VLAN0010                         active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
20   VLAN0020                         active    Fa0/6, Fa0/7, Fa0/8, Fa0/9
30   VLAN0030                         active    Fa0/10, Fa0/11, Fa0/12, Fa0/13
40   VLAN0040                         active    Fa0/14, Fa0/15, Fa0/16, Fa0/17
50   VLAN0050                         active    Fa0/18, Fa0/19, Fa0/20, Fa0/21
180  VLAN0180                         active    Fa0/22
1002 fddi-default                     act/unsup 
1003 trcrf-default                    act/unsup 
1004 fddinet-default                  act/unsup 
1005 trbrf-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
10   enet  100010     1500  -      -      -        -    -        0      0   
20   enet  100020     1500  -      -      -        -    -        0      0   
30   enet  100030     1500  -      -      -        -    -        0      0   
40   enet  100040     1500  -      -      -        -    -        0      0   
50   enet  100050     1500  -      -      -        -    -        0      0   
          
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
180  enet  100180     1500  -      -      -        -    -        0      0   
1002 fddi  101002     1500  -      -      -        -    -        0      0   
1003 trcrf 101003     4472  1005   3276   -        -    srb      0      0   
1004 fdnet 101004     1500  -      -      -        ieee -        0      0   
1005 trbrf 101005     4472  -      -      15       ibm  -        0      0   


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7       7       off

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

Server-Switch#sh vtp status
VTP Version                     : 2
Configuration Revision          : 8
Maximum VLANs supported locally : 128
Number of existing VLANs        : 11
VTP Operating Mode              : Server
VTP Domain Name                 : HOME-LAB
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xAF 0xC8 0x4D 0x12 0x51 0x00 0xEF 0x3C 
Configuration last modified by 192.168.1.50 at 3-1-93 00:09:21
Local updater ID is 192.168.1.50 on interface Vl1 (lowest numbered VLAN interface found)
Server-Switch#

 
Upvote 0 Downvote
Hi.

Here is the router's config, i can ping from the router vlan 1 ( 192.168.1.50 ) but the PC's connected in the vlans don't take ip address fron the DHCP, do i need to add or change something in the router config?.

Thanks in advance.

Code: 
2611-DHCP#sh run
Building configuration...

Current configuration : 5679 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname 2611-DHCP
!
boot-start-marker
boot system flash c2600-advsecurityk9-mz.124-8.bin
boot-end-marker
!
logging buffered 4096 debugging
logging console critical
enable secret 5 XXXXXXXXXXX
!
no aaa new-model
!         
resource policy
!
clock timezone EST -5
clock summer-time EST recurring 1 Sun Mar 2:00 2 Sun Nov 2:00
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip inspect audit-trail
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect one-minute high 400
ip inspect tcp max-incomplete host 35 block-time 5
ip inspect name FIREWALL cuseeme timeout 3600
ip inspect name FIREWALL ftp alert on audit-trail on timeout 3600
ip inspect name FIREWALL h323 timeout 3600
ip inspect name FIREWALL icmp timeout 3600
ip inspect name FIREWALL rcmd timeout 3600
ip inspect name FIREWALL realaudio timeout 3600
ip inspect name FIREWALL rtsp timeout 3600
ip inspect name FIREWALL sqlnet timeout 3600
ip inspect name FIREWALL streamworks timeout 3600
ip inspect name FIREWALL tftp timeout 30
ip inspect name FIREWALL tcp timeout 3600
ip inspect name FIREWALL udp timeout 15
ip inspect name FIREWALL vdolive timeout 3600
ip inspect name FIREWALL fragment maximum 256 timeout 1
ip inspect name FIREWALL sip timeout 3600
ip inspect name FIREWALL http java-list 2 alert on audit-trail on timeout 3600
ip inspect name FIREWALL smtp alert on audit-trail on timeout 3600
ip inspect name FIREWALL rpc program-number 1000022 alert off audit-trail on
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool 2611-DHCP
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server XXXXXXXXXXX 
   lease 8
   update arp
!         
!
!
!
!
!
!
! 
!
!
!
interface Ethernet0/0
 description "The Big Door WAN "
 ip address dhcp
 ip access-group 101 in
 ip verify unicast source reachable-via rx allow-default 100
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect FIREWALL in
 ip nat outside
 ip virtual-reassembly
 no ip mroute-cache
 load-interval 30
 half-duplex
 no cdp enable
 no mop enabled
!
interface Ethernet0/1
 description "Private LAN"
 ip address 192.168.1.1 255.255.255.0
 ip access-group 100 in
 no ip unreachables
 no ip proxy-arp
 no ip mroute-cache
 load-interval 30
 half-duplex
 no cdp enable
 no mop enabled
!
interface Ethernet0/1.1
 encapsulation dot1Q 1 native
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.3.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.4.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.30
 encapsulation dot1Q 30
 ip address 192.168.5.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!         
interface Ethernet0/1.40
 encapsulation dot1Q 40
 ip address 192.168.6.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.50
 encapsulation dot1Q 50
 ip address 192.168.7.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.180
 encapsulation dot1Q 180
 ip address 192.168.8.1 255.255.255.0
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
no ip forward-protocol udp tftp
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Ethernet0/0 overload
!
logging trap debugging
access-list 1 remark *******NAT*******
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark *******JAVA_FILTERING*******
access-list 2 permit any
access-list 100 remark *******LAN_INSIDE*******
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark *******WAN_OUTSIDE*******
access-list 101 deny   ip 192.168.100.0 0.0.0.255 any
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 4577
access-list 101 permit udp any any eq 42337
access-list 101 permit gre any any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 0.0.0.0 0.255.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 169.254.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 224.0.0.0 0.15.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
no cdp run
!
!
control-plane
!
!         
!
!
line con 0
 exec-timeout 0 0
 password 7 XXXXXXXXXXX
 logging synchronous
 login
line aux 0
line vty 0 4
 exec-timeout 5 0
 password 7 XXXXXXXXXXX
 logging synchronous
 login
!
!
end

2611-DHCP#
 
Upvote 0 Downvote
For your DHCP, I only see one scope set up. You will need a scope set up for each vlan that you set up.

Also per cisco, depending on what IOS ver you are using, Ethernet is not supposed to support dot1q trunking, only Fast Ethernet. But it could still work, its a flaky process, just something to think about.

Also you have your native vlan with a subinterface, but no ip. You need to move your IP from your physical interface down to your subinterface. Your physical interface should not have any config except no shut, duplex and speed. All other NAT, ip-helper, and encapsulation commands need to be on subinterface.

Also your NAT statement that translates list 1, only specifies your 192.168.1.0 network. What about 3,4,5,6,7,8 networks? you have a NAT in command but your specified list does not identify them. You should read up on NAT and ACLs. A easy way to change your ACL is to just to permit 192.168.0.0 0.0.255.255. This will allow all of your networks.

About the ip-helper, I guess you could just try it both ways and see what works. I would think that since the router is the DHCP server then you would not need it, but i have been wrong before.

You did take your SVIs off of your switch. Good job! Your switch config from an initial glance looks fine.

Hope this information is of some help.
 
Upvote 0 Downvote
Hi globalchicken;

First i want to thank you for your post and all the other guys, very helpfully, i did change a few things you mentioned, right now all the vlans have ip addressess asigned by DHCP, all seems good but those vlans can't connect to internet, here is the DHCP configuration:

Code: 
2611-DHCP#sh run
Building configuration...

Current configuration : 7004 bytes
!
! Last configuration change at 14:02:30 EST Wed Feb 28 2007
! NVRAM config last updated at 14:03:16 EST Wed Feb 28 2007
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname 2611-DHCP
!
boot-start-marker
boot system flash c2600-advsecurityk9-mz.124-8.bin
boot-end-marker
!
logging buffered 4096 debugging
logging console critical
enable secret 5 XXXXXXXXXXXXXXX
!         
no aaa new-model
!
resource policy
!
clock timezone EST -5
clock summer-time EST recurring 1 Sun Mar 2:00 2 Sun Nov 2:00
no ip source-route
no ip gratuitous-arps
ip cef
!
!
ip inspect audit-trail
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect one-minute high 400
ip inspect tcp max-incomplete host 35 block-time 5
ip inspect name FIREWALL cuseeme timeout 3600
ip inspect name FIREWALL ftp alert on audit-trail on timeout 3600
ip inspect name FIREWALL h323 timeout 3600
ip inspect name FIREWALL icmp timeout 3600
ip inspect name FIREWALL rcmd timeout 3600
ip inspect name FIREWALL realaudio timeout 3600
ip inspect name FIREWALL rtsp timeout 3600
ip inspect name FIREWALL sqlnet timeout 3600
ip inspect name FIREWALL streamworks timeout 3600
ip inspect name FIREWALL tftp timeout 30
ip inspect name FIREWALL tcp timeout 3600
ip inspect name FIREWALL udp timeout 15
ip inspect name FIREWALL vdolive timeout 3600
ip inspect name FIREWALL fragment maximum 256 timeout 1
ip inspect name FIREWALL sip timeout 3600
ip inspect name FIREWALL http java-list 2 alert on audit-trail on timeout 3600
ip inspect name FIREWALL smtp alert on audit-trail on timeout 3600
ip inspect name FIREWALL rpc program-number 1000022 alert off audit-trail on
no ip dhcp use vrf connected
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.5
ip dhcp excluded-address 192.168.3.1 192.168.3.5
ip dhcp excluded-address 192.168.4.1 192.168.4.5
ip dhcp excluded-address 192.168.5.1 192.168.5.5
ip dhcp excluded-address 192.168.6.1 192.168.6.5
ip dhcp excluded-address 192.168.7.1 192.168.7.5
ip dhcp excluded-address 192.168.8.1 192.168.8.5
!
ip dhcp pool 2611-DHCP
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-10
   import all
   network 192.168.3.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-20
   import all
   network 192.168.4.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!         
ip dhcp pool VLAN-30
   import all
   network 192.168.5.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-40
   import all
   network 192.168.6.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-50
   import all
   network 192.168.7.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-180
   import all
   network 192.168.8.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
!
!
!
!
!
!
! 
!
!
!
interface Ethernet0/0
 description "The Big Door WAN "
 ip address dhcp
 ip access-group 101 in
 ip verify unicast source reachable-via rx allow-default 100
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip inspect FIREWALL in
 ip nat outside
 ip virtual-reassembly
 no ip mroute-cache
 load-interval 30
 full-duplex
 no cdp enable
 no mop enabled
!
interface Ethernet0/1
 description "Private LAN"
 no ip address
 full-duplex
!
interface Ethernet0/1.1
 encapsulation dot1Q 1 native
 ip address 192.168.1.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.3.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.4.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.30
 encapsulation dot1Q 30
 ip address 192.168.5.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.40
 encapsulation dot1Q 40
 ip address 192.168.6.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.50
 encapsulation dot1Q 50
 ip address 192.168.7.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface Ethernet0/1.180
 encapsulation dot1Q 180
 ip address 192.168.8.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
no ip forward-protocol udp tftp
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
!
no ip http server
no ip http secure-server
ip nat inside source list 1 interface Ethernet0/0 overload
!
logging trap debugging
access-list 1 remark *******NAT*******
access-list 1 permit 192.168.0.0 0.0.255.255
access-list 2 remark *******JAVA_FILTERING*******
access-list 2 permit any
access-list 100 remark *******LAN_INSIDE*******
access-list 100 deny   ip host 255.255.255.255 any
access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark *******WAN_OUTSIDE*******
access-list 101 deny   ip 192.168.1.0 0.0.0.255 any
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq 4577
access-list 101 permit udp any any eq 42337
access-list 101 permit gre any any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny   ip 0.0.0.0 0.255.255.255 any
access-list 101 deny   ip 10.0.0.0 0.255.255.255 any
access-list 101 deny   ip 169.254.0.0 0.0.255.255 any
access-list 101 deny   ip 172.16.0.0 0.15.255.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 deny   ip 224.0.0.0 0.15.255.255 any
access-list 101 deny   ip 127.0.0.0 0.255.255.255 any
access-list 101 deny   ip host 255.255.255.255 any
access-list 101 deny   ip any any log
no cdp run
!
!
control-plane
!
!
!
!
line con 0
 exec-timeout 0 0
 password 7 XXXXXXXXXXXXXXX
 logging synchronous
 login
line aux 0
line vty 0 4
 exec-timeout 5 0
 password 7 XXXXXXXXXXXXXXX
 logging synchronous
 login
!         
!
end

2611-DHCP#

Code: 
2611-DHCP#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0/0                74.XX.XX.XX     YES DHCP   up                    up    
Ethernet0/1                unassigned      YES manual up                    up      
Ethernet0/1.1              192.168.1.1     YES manual up                    up      
Ethernet0/1.10             192.168.3.1     YES manual up                    up      
Ethernet0/1.20             192.168.4.1     YES manual up                    up      
Ethernet0/1.30             192.168.5.1     YES manual up                    up      
Ethernet0/1.40             192.168.6.1     YES manual up                    up      
Ethernet0/1.50             192.168.7.1     YES manual up                    up      
Ethernet0/1.180            192.168.8.1     YES manual up                    up      
NVI0                       unassigned      NO  unset  up                    up      
2611-DHCP#

Thanks in advance.

 
Upvote 0 Downvote
Default gateway on your DHCP pools need to be the ip address on the subinterface to the related VLAN. Other than that, is your DNS servers resolving as well?
 
Upvote 0 Downvote
Hi.

Like this:

Code: 
ip dhcp pool 2611-DHCP
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-10
   import all
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1 
   dns-server 192.168.1.1 
   lease 8
   update arp
!
ip dhcp pool VLAN-20
   import all
   network 192.168.4.0 255.255.255.0
   default-router 192.168.4.1 
   dns-server 192.168.1.1 
   lease 8
   update arp
!         
ip dhcp pool VLAN-30
   import all
   network 192.168.5.0 255.255.255.0
   default-router 192.168.5.1 
   dns-server 192.168.1.1 
   lease 8
   update arp
!
ip dhcp pool VLAN-40
   import all
   network 192.168.6.0 255.255.255.0
   default-router 192.168.6.1 
   dns-server 192.168.1.1 
   lease 8
   update arp
!
ip dhcp pool VLAN-50
   import all
   network 192.168.7.0 255.255.255.0
   default-router 192.168.7.1 
   dns-server 192.168.1.1 
   lease 8
   update arp
!
ip dhcp pool VLAN-180
   import all
   network 192.168.8.0 255.255.255.0
   default-router 192.168.8.1 
   dns-server 192.168.1.1 
   lease 8
   update arp
 
Upvote 0 Downvote
no your DNS servers were right the first time. I was just asking if you were sure they were showing up in an ipconfig /all..if you are running windows. but your default router is right now for your pools. It should be getting addresses now, just start pinging your devices and see how it works
 
Upvote 0 Downvote
Hi.

Oh ok, i got it, all the vlans have ip address assigned by the DHCP, the thing is i can't connect to internet from those vlans, here is a pic to show all the info but i'm not sure about the DHCP address it shows, i think have to be 192.168.1.1:


Thanks.
 
Upvote 0 Downvote
If you are getting DHCP addresses then your DHCP server is correct. the ip-helper command just changes the broadcast DHCP request into a unicast request to the dhcp server. If your dhcp server is sending addresses then its configured properly. Is your DNS functioning correctly? Have you taken off your access lists and tried accessing the internet without them to ensure thats not causing the problem. you have a long way to go my friend, but i commend you on your effort to learn...Keep it up!
 
Upvote 0 Downvote
Another thing you might want to set up is exclusions on your dhcp pool excluding your subinterfaces IP.
 
Upvote 0 Downvote
Looking at ACL 101 you are denying the 192.168.1.0 network. If you dont want that one to access the WAN then thats fine, but the only permit statements you have is for ports
1723, 4577, 42337, gre, and ping. I dont know what services you are using when you specify those ports, but i know that http is port 80 and there is no permit statement for that.
 
Upvote 0 Downvote
Hi guys;

After a day working with this, i think i know what is the problem, after 10-15 min working everything fine, i lose internet connection and the only way i can get online is rebooting the router, the thing is the DHCP stop working for some reason, i reboot the PCs behind the vlans and no one get ip address again until i reboot the router and the same again,10-15 min and no internet, i tried with a linksys router and that didn't happen so is not my cable connection, i took the ACL out and same problem, i have the same config in the other cisco router and it works very stable but only have one DHCP pool and this has 7 DHCP pools; this is my DHCP config in the router:

Code: 
2611-DHCP#sh run
Building configuration...

Current configuration : 5753 bytes
!
version 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname 2611-DHCP
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
logging console critical
no logging monitor
enable secret 5 xxxxxxxxxxxxxxxx
!
clock timezone EST -5
clock summer-time EST recurring 1 Sun Mar 2:00 2 Sun Nov 2:00
no aaa new-model
ip subnet-zero
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip domain lookup
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.1.1 192.168.1.5
ip dhcp excluded-address 192.168.3.1 192.168.3.5
ip dhcp excluded-address 192.168.4.1 192.168.4.5
ip dhcp excluded-address 192.168.5.1 192.168.5.5
ip dhcp excluded-address 192.168.6.1 192.168.6.5
ip dhcp excluded-address 192.168.7.1 192.168.7.5
ip dhcp excluded-address 192.168.8.1 192.168.8.5
!
ip dhcp pool 2611-DHCP
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-10
   import all
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-20
   import all
   network 192.168.4.0 255.255.255.0
   default-router 192.168.4.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-30
   import all
   network 192.168.5.0 255.255.255.0
   default-router 192.168.5.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-40
   import all
   network 192.168.6.0 255.255.255.0
   default-router 192.168.6.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-50
   import all
   network 192.168.7.0 255.255.255.0
   default-router 192.168.7.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
ip dhcp pool VLAN-180
   import all
   network 192.168.8.0 255.255.255.0
   default-router 192.168.8.1 
   dns-server 64.71.255.198 
   lease 8
   update arp
!
no ip bootp server
ip inspect audit-trail
ip inspect max-incomplete low 300
ip inspect max-incomplete high 400
ip inspect one-minute low 300
ip inspect one-minute high 400
ip inspect tcp max-incomplete host 35 block-time 5
ip inspect name FIREWALL cuseeme timeout 3600
ip inspect name FIREWALL ftp alert on audit-trail on timeout 3600
ip inspect name FIREWALL h323 timeout 3600
ip inspect name FIREWALL icmp timeout 3600
ip inspect name FIREWALL rcmd timeout 3600
ip inspect name FIREWALL realaudio timeout 3600
ip inspect name FIREWALL rtsp timeout 3600
ip inspect name FIREWALL sqlnet timeout 3600
ip inspect name FIREWALL streamworks timeout 3600
ip inspect name FIREWALL tftp timeout 30
ip inspect name FIREWALL tcp timeout 3600
ip inspect name FIREWALL udp timeout 15
ip inspect name FIREWALL vdolive timeout 3600
ip inspect name FIREWALL fragment maximum 256 timeout 1
ip inspect name FIREWALL sip timeout 3600
ip inspect name FIREWALL http java-list 2 alert on audit-trail on timeout 3600
ip inspect name FIREWALL smtp alert on audit-trail on timeout 3600
ip inspect name FIREWALL rpc program-number 1000022 alert off audit-trail on
ip audit po max-events 100
!
!
!
!         
!
interface Ethernet0/0
 description "The Big Door WAN "
 ip address dhcp
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip inspect FIREWALL in
 no ip mroute-cache
 load-interval 30
 half-duplex
 no cdp enable
!
interface Ethernet0/1
 description "Private LAN"
 no ip address
 half-duplex
!
interface Ethernet0/1.1
 encapsulation dot1Q 1 native
 ip address 192.168.1.1 255.255.255.0
 ip access-group 100 in
 ip nat inside
 no cdp enable
!
interface Ethernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.3.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 no cdp enable
!
interface Ethernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.4.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 no cdp enable
!
interface Ethernet0/1.30
 encapsulation dot1Q 30
 ip address 192.168.5.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 no cdp enable
!
interface Ethernet0/1.40
 encapsulation dot1Q 40
 ip address 192.168.6.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 no cdp enable
!
interface Ethernet0/1.50
 encapsulation dot1Q 50
 ip address 192.168.7.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 no cdp enable
!
interface Ethernet0/1.180
 encapsulation dot1Q 180
 ip address 192.168.8.1 255.255.255.0
 ip access-group 100 in
 ip helper-address 192.168.1.1
 ip nat inside
 no cdp enable
!
ip nat inside source list 1 interface Ethernet0/0 overload
no ip http server
no ip http secure-server
ip classless
no ip forward-protocol udp tftp
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
!
!
access-list 1 remark *******NAT*******
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 2 remark *******JAVA_FILTERING*******
access-list 2 permit any
no cdp run
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 password 7 xxxxxxxxxxxxxxxx
 logging synchronous
 login
line aux 0
line vty 0 4
 exec-timeout 5 0
 password 7 xxxxxxxxxxxxxxxx
 logging synchronous
 login
!         
!
end

2611-DHCP#


I'l appreciate any help is this, Thanks.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
395
madwok
madwok
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
273
Lccarter
Lccarter
khashyar2021
  • Locked
  • Question
Problem with cisco switch after upgrading
Replies
1
Views
257
Geraldine Souza
Geraldine Souza
bfordz
  • Locked
  • Question
new help on setting up third party VoIP phones through Catalyst 2960x switch
Replies
0
Views
196
bfordz
bfordz
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
148
NavinNet
NavinNet

Part and Inventory Search

Sponsor

Back
Top