Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

router-on-a-stick intervlan no internet connectivity 1

Status
Not open for further replies.

WillDTech

Technical User
Jan 22, 2011
6
US
Hello, I am a newbie in Cisco routers/switches. I am trying to configured a router with VLANs and act as a DHCP server. So far these two configurations have worked fine, but I can not get internet access in any VLAN. Here is my switch and router config:
User Access Verification

Password:
CORESWITCH>enable
Password:
CORESWITCH#show running-config
Building configuration...

Current configuration : 2151 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CORESWITCH
!
enable secret 5 $1$/B2R$o7Ex4h0zNDaDFmK3EeHFQ0
!
ip subnet-zero
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 4
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 5
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 6
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 7
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 8
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 9
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 90
switchport mode access
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
banner motd ^C

*****************************************************************************

WARNING!!!! UNAUTHORIZED ACCESS PROHIBITED
ACCESS IS GRANTED TO THE TSIDKENU NETWORK ADMINISTRATORS ONLY !!!!!

*****************************************************************************

^C
!
line con 0
password 7 073F20080A1E491713
login
line vty 0 4
password 7 073F20080A1E491713
login
line vty 5 15
password 7 073F20080A1E491713
login
!
!
end

CORESWITCH#show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/11, Fa0/12, Fa0/13
Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
2 STAFF active Fa0/2
3 E-LAB active Fa0/3
4 AUDIO active Fa0/4
5 VIDEO active Fa0/5
6 TRANSLATION active Fa0/6
7 SECURITY-STAFF active Fa0/7
8 W-LAN active Fa0/8
9 VOICE-VLAN active Fa0/9
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CORESWITCH#show vlan summary
Number of existing VLANs : 13
Number of existing VTP VLANs : 13
Number of existing extended VLANs : 0

CORESWITCH#show interface trunk

CORESWITCH#show ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
Vlan1 unassigned YES NVRAM administratively down down

FastEthernet0/1 unassigned YES unset down down

FastEthernet0/2 unassigned YES unset down down

FastEthernet0/3 unassigned YES unset down down

FastEthernet0/4 unassigned YES unset down down

FastEthernet0/5 unassigned YES unset down down

FastEthernet0/6 unassigned YES unset down down

FastEthernet0/7 unassigned YES unset down down

FastEthernet0/8 unassigned YES unset down down

FastEthernet0/9 unassigned YES unset down down

FastEthernet0/10 unassigned YES unset down down

FastEthernet0/11 unassigned YES unset administratively down down

FastEthernet0/12 unassigned YES unset administratively down down

FastEthernet0/13 unassigned YES unset administratively down down

FastEthernet0/14 unassigned YES unset administratively down down

FastEthernet0/15 unassigned YES unset administratively down down

FastEthernet0/16 unassigned YES unset administratively down down

FastEthernet0/17 unassigned YES unset administratively down down

FastEthernet0/18 unassigned YES unset administratively down down

FastEthernet0/19 unassigned YES unset administratively down down

FastEthernet0/20 unassigned YES unset administratively down down

FastEthernet0/21 unassigned YES unset administratively down down

FastEthernet0/22 unassigned YES unset administratively down down

FastEthernet0/23 unassigned YES unset administratively down down

FastEthernet0/24 unassigned YES unset administratively down down


CORESWITCH#show interface f0/1
FastEthernet0/1 is down, line protocol is down (notconnect)
Hardware is Fast Ethernet, address is 0018.7313.0e01 (bia 0018.7313.0e01)
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Auto-duplex, Auto-speed, media type is 100BaseTX
input flow-control is unsupported output flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 1d11h, output 1d11h, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
584 packets input, 68875 bytes, 0 no buffer
Received 108 broadcasts (0 multicast)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 96 multicast, 0 pause input
0 input packets with dribble condition detected
24417 packets output, 1761470 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 PAUSE output
0 output buffer failures, 0 output buffers swapped out


CORESWITCH#show interface trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1-9

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1-9

CORESWITCH#show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
2 STAFF active Fa0/2
3 E-LAB active Fa0/3
4 AUDIO active Fa0/4
5 VIDEO active Fa0/5
6 TRANSLATION active Fa0/6
7 SECURITY-STAFF active Fa0/7
8 W-LAN active Fa0/8
9 VOICE-VLAN active Fa0/9
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0

Router:
GTWY#show running-config
Building configuration...

Current configuration : 5507 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname GTWY
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$/OpS$Xw6UpNxo2Y4zPEMkqoXSe1
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.1 10.10.1.5
ip dhcp excluded-address 10.10.2.1 10.10.2.5
ip dhcp excluded-address 10.10.3.1 10.10.3.5
ip dhcp excluded-address 10.10.4.1 10.10.4.5
ip dhcp excluded-address 10.10.5.1 10.10.5.5
ip dhcp excluded-address 10.10.6.1 10.10.6.5
ip dhcp excluded-address 10.10.7.1 10.10.7.5
ip dhcp excluded-address 10.10.8.1 10.10.8.5
ip dhcp excluded-address 10.10.9.1 10.10.9.5
!
ip dhcp pool MANAGEMENT
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 68.87.72.134
!
ip dhcp pool STAFF
network 10.10.2.0 255.255.255.0
default-router 10.10.2.1
dns-server 68.87.72.134
!
ip dhcp pool E-LAB
network 10.10.3.0 255.255.255.0
default-router 10.10.3.1
dns-server 68.87.72.134
!
ip dhcp pool AUDIO
network 10.10.4.0 255.255.255.0
default-router 10.10.4.1
dns-server 68.87.72.134
!
ip dhcp pool VIDEO
network 10.10.5.0 255.255.255.0
default-router 10.10.5.1
dns-server 68.87.72.134
!
ip dhcp pool TRANSLATION
network 10.10.6.0 255.255.255.0
default-router 10.10.6.1
dns-server 68.87.72.134
!
ip dhcp pool SECURITY-STAFF
network 10.10.7.0 255.255.255.0
default-router 10.10.7.1
dns-server 68.87.72.134
!
ip dhcp pool W-LAN
network 10.10.8.0 255.255.255.0
default-router 10.10.8.1
dns-server 68.87.72.134
!
ip dhcp pool VOICE-VLAN
network 10.10.9.0 255.255.255.0
default-router 10.10.9.1
dns-server 68.87.72.134
!
!
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
interface FastEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/0.1
description MANAGEMENT
encapsulation dot1Q 1 native
ip address 10.10.1.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/0.2
description STAFF
encapsulation dot1Q 2
ip address 10.10.2.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/0.3
description E-LAB
encapsulation dot1Q 3
ip address 10.10.3.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/0.4
description AUDIO
encapsulation dot1Q 4
ip address 10.10.4.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/0.5
description VIDEO
encapsulation dot1Q 5
ip address 10.10.5.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/0.6
description TRANSLATION
encapsulation dot1Q 6
ip address 10.10.6.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/0.7
description SECURITY-STAFF
encapsulation dot1Q 7
ip address 10.10.7.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/0.8
description W-LAN
encapsulation dot1Q 8
ip address 10.10.8.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/0.9
description VOICE-VLAN
encapsulation dot1Q 9
ip address 10.10.9.1 255.255.255.0
ip virtual-reassembly
no ip route-cache
!
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
duplex auto
speed auto
no cdp enable
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 68.87.72.44
!
!
ip http server
no ip http secure-server
ip nat inside source list 102 interface FastEthernet0/1 overload
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source list 104 interface FastEthernet0/1 overload
ip nat inside source list 105 interface FastEthernet0/1 overload
ip nat inside source list 106 interface FastEthernet0/1 overload
ip nat inside source list 107 interface FastEthernet0/1 overload
ip nat inside source list 108 interface FastEthernet0/1 overload
ip nat inside source list 109 interface FastEthernet0/1 overload
ip nat inside source list 110 interface FastEthernet0/1 overload
ip nat inside source list 111 interface FastEthernet0/1 overload
ip nat inside source list 112 interface FastEthernet0/1 overload
!
access-list 102 permit ip 10.10.0.0 0.0.0.255 any
access-list 103 permit ip 10.10.1.0 0.0.0.255 any
access-list 104 permit ip 10.10.2.0 0.0.0.255 any
access-list 105 permit ip 10.10.3.0 0.0.0.255 any
access-list 106 permit ip 10.10.4.0 0.0.0.255 any
access-list 107 permit ip 10.10.5.0 0.0.0.255 any
access-list 108 permit ip 10.10.6.0 0.0.0.255 any
access-list 109 permit ip 10.10.7.0 0.0.0.255 any
access-list 110 permit ip 10.10.8.0 0.0.0.255 any
access-list 111 permit ip 10.10.9.0 0.0.0.255 any
access-list 112 permit ip 10.10.10.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
banner motd ^C
********************************************************************

WARNING!!! UNAUTHORIZED ACCESS IS PROHIBITED
ACCESS IS GRANTED TO THE TSIDKENU NETWORK ADMINISTRATORS ONLY !!!!

********************************************************************
^C
!
line con 0
password 7 15220A48403D7B362C
login
line aux 0
line vty 0 4
password 7 097C4F4D5D1247000F
login
!
!
end

GTWY#show ip route
Gateway of last resort is 68.87.72.44 to network 0.0.0.0

68.0.0.0/32 is subnetted, 1 subnets
S 68.87.72.44 [254/0] via 24.12.100.1, FastEthernet0/1
24.0.0.0/23 is subnetted, 1 subnets
C 24.12.100.0 is directly connected, FastEthernet0/1
10.0.0.0/24 is subnetted, 9 subnets
C 10.10.1.0 is directly connected, FastEthernet0/0.1
C 10.10.2.0 is directly connected, FastEthernet0/0.2
C 10.10.3.0 is directly connected, FastEthernet0/0.3
C 10.10.4.0 is directly connected, FastEthernet0/0.4
C 10.10.5.0 is directly connected, FastEthernet0/0.5
C 10.10.6.0 is directly connected, FastEthernet0/0.6
C 10.10.7.0 is directly connected, FastEthernet0/0.7
C 10.10.8.0 is directly connected, FastEthernet0/0.8
C 10.10.9.0 is directly connected, FastEthernet0/0.9
S* 0.0.0.0/0 [1/0] via 68.87.72.44


GTWY#show ip interface brief
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0/0 unassigned YES manual up up

FastEthernet0/0.1 10.10.1.1 YES manual up up

FastEthernet0/0.2 10.10.2.1 YES manual up up

FastEthernet0/0.3 10.10.3.1 YES manual up up

FastEthernet0/0.4 10.10.4.1 YES manual up up

FastEthernet0/0.5 10.10.5.1 YES manual up up

FastEthernet0/0.6 10.10.6.1 YES manual up up

FastEthernet0/0.7 10.10.7.1 YES manual up up

FastEthernet0/0.8 10.10.8.1 YES manual up up

FastEthernet0/0.9 10.10.9.1 YES manual up up

FastEthernet0/1 24.12.100.90 YES DHCP up up

NVI0 24.12.100.90 YES unset up up

GTWY#show vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.1

This is configured as native Vlan for the following interface(s) :
FastEthernet0/0

Protocols Configured: Address: Received: Transmitted:
IP 10.10.1.1 547 124
Other 0 138

920 packets, 381338 bytes input
262 packets, 195826 bytes output

Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.2

Protocols Configured: Address: Received: Transmitted:
IP 10.10.2.1 52 6
Other 0 2

52 packets, 7759 bytes input
8 packets, 1096 bytes output

Virtual LAN ID: 3 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.3

Protocols Configured: Address: Received: Transmitted:
IP 10.10.3.1 245 21
Other 0 6

245 packets, 30187 bytes input
27 packets, 3262 bytes output

Virtual LAN ID: 4 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.4

Protocols Configured: Address: Received: Transmitted:
IP 10.10.4.1 458 43
Other 0 31

458 packets, 40720 bytes input
458 packets, 40720 bytes input
74 packets, 6380 bytes output

Virtual LAN ID: 5 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.5

Protocols Configured: Address: Received: Transmitted:
IP 10.10.5.1 0 0

0 packets, 0 bytes input
0 packets, 0 bytes output

Virtual LAN ID: 6 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.6

Protocols Configured: Address: Received: Transmitted:
IP 10.10.6.1 0 0

0 packets, 0 bytes input
0 packets, 0 bytes output

Virtual LAN ID: 7 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.7

Protocols Configured: Address: Received: Transmitted:
IP 10.10.7.1 0 0

0 packets, 0 bytes input
0 packets, 0 bytes output

Virtual LAN ID: 8 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.8

Protocols Configured: Address: Received: Transmitted:
IP 10.10.8.1 0 0

0 packets, 0 bytes input
0 packets, 0 bytes output

Virtual LAN ID: 9 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.9
Protocols Configured: Address: Received: Transmitted:
IP 10.10.9.1 0 0

0 packets, 0 bytes input
0 packets, 0 bytes output
 
on the router move ip nat inside from the physical interface down into each logical interface. also, you only need a single NAT ACL that contains individual ACEs for each private network that you'd like to have access outbound.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)
 
Hi, and thank you for your reply. Your help is much appreciated. I also forgot to mention that I've already remove Nat inside from F0/0 and applied that command to the sub interfaces instead. Still no internet access. I can ping my gateway tough in each vlan but I cannot ping the outside. Thoughts? Again I'm just learning how to play with cisco toys and have no experience as you can see, one more time, your help is much appreciated.
 
there is one problem,
most DHCP's inject a default route, just take the line out
Code:
ip route 0.0.0.0 0.0.0.0 [b]68.87.72.44[/b]

FastEthernet0/1            [b]24.12.100.90[/b]    YES DHCP   up                    up

execute:
no ip route 0.0.0.0 0.0.0.0 68.87.72.44


also what Unclerico said - change this:
Code:
!
!
ip http server
no ip http secure-server
ip nat inside source list 102 interface FastEthernet0/1 overload
ip nat inside source list 103 interface FastEthernet0/1 overload
ip nat inside source list 104 interface FastEthernet0/1 overload
ip nat inside source list 105 interface FastEthernet0/1 overload
ip nat inside source list 106 interface FastEthernet0/1 overload
ip nat inside source list 107 interface FastEthernet0/1 overload
ip nat inside source list 108 interface FastEthernet0/1 overload
ip nat inside source list 109 interface FastEthernet0/1 overload
ip nat inside source list 110 interface FastEthernet0/1 overload
ip nat inside source list 111 interface FastEthernet0/1 overload
ip nat inside source list 112 interface FastEthernet0/1 overload
!
access-list 102 permit ip 10.10.0.0 0.0.0.255 any
access-list 103 permit ip 10.10.1.0 0.0.0.255 any
access-list 104 permit ip 10.10.2.0 0.0.0.255 any
access-list 105 permit ip 10.10.3.0 0.0.0.255 any
access-list 106 permit ip 10.10.4.0 0.0.0.255 any
access-list 107 permit ip 10.10.5.0 0.0.0.255 any
access-list 108 permit ip 10.10.6.0 0.0.0.255 any
access-list 109 permit ip 10.10.7.0 0.0.0.255 any
access-list 110 permit ip 10.10.8.0 0.0.0.255 any
access-list 111 permit ip 10.10.9.0 0.0.0.255 any
access-list 112 permit ip 10.10.10.0 0.0.0.255 any

with

Code:
access-list 102 remarks NAT list
access-list 102 permit ip 10.10.0.0 0.0.15.255 any

ip nat inside source list 102 interface FastEthernet0/1 overload

if you are nit picking, or are you using 10.10.11.0 - 10.10.15.0 in a different network, then you might want to correct ACL to only include only subnets you are using...

We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.
 
If 68.87.72.44 is your default route how is it getting there as you have no interfaces on the router within that range at all so how does it know how to get to that address ?
 
Tagging on to vipergg, if 68.87.72.44 is your default route, is there a return route from the ISP back to you?

I'd suggest you change your default route statement to something like: ip route 0.0.0.0 0.0.0.0 f0/1

That way you're using a connected interface that will allow the dhcp address to change from the service provider w/o you having to update your route. Also, the ISP should know about the IP on the F0/1 since they are assigning it so they will have a return route to that address.

HTH
 
Thank you very much for all your comments, its been awesome how to see that each one of your tips have improved the settings on the my router and on my switch. Please notice that I have made the changes already to both devices. (unlerico)I change the nat inside from the physical interface F0/0 to: nat inside in all sub-interfaces. (imbadatthis)I change the ip route 0.0.0.0 0.0.0.0 68.87.72.44 command to: no ip route 0.0.0.0 0.0.0.0 68.87.72.44. (clebird/vipergg)I will proceed to change the default my default route to ip route 0.0.0.0 0.0.0.0 f0/1. Please check this new configurations on both devices, so far I am able to ping between VLANS and to ping to the default-gateways from any VLAN. However, I only get internet connectivity on VLAN 2 or port f0/2 in the switch.

GTWY#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
GTWY(config)#interface f0/0
GTWY(config-if)#no ip address
GTWY(config-if)#no shutdown
GTWY(config-if)#end
GTWY#
*Mar 1 00:22:48.759: %SYS-5-CONFIG_I: Configured from console by console
*Mar 1 00:22:49.603: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state t
o up
GTWY#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
GTWY(config)#interface f0/0
GTWY(config-if)#no ip route-cache
GTWY(config-if)#no cdp enable
GTWY(config-if)#exit

GTWY(config)#interface f0/1
GTWY(config-if)#ip address dhcp
GTWY(config-if)#ip nat outside
GTWY(config-if)#no shutdown
GTWY(config-if)#no ip route-cache
GTWY(config-if)#no cdp enable
GTWY(config-if)#ip nat inside source list 100 interface F0/1 overload
GTWY(config)#ip classless
GTWY(config)#ip route 0.0.0.0 0.0.0.0 64.53.100.1
GTWY(config)#ip http server
GTWY(config)#access-list 100 permit ip 10.10.0.0 0.0.10.255 any
GTWY(config)#access-list 100 ?
deny Specify packets to reject
dynamic Specify a DYNAMIC list of PERMITs or DENYs
permit Specify packets to forward
remark Access list entry comment
GTWY(config)#access-list 100 remark NAT list
GTWY(config)#line con 0
GTWY(config-line)#exec-timeout 120 0
GTWY(config-line)#stopbits 1
GTWY(config-line)#line vty 0 4
GTWY(config-line)#login local
GTWY(config-line)#end
GTWY#
*Mar 1 00:31:51.059: %SYS-5-CONFIG_I: Configured from console by console

GTWY#
GTWY#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
GTWY(config)#interface f0/0.1
GTWY(config-subif)#description VLAN-1
GTWY(config-subif)#encapsulation dot1q 1
GTWY(config-subif)#ip address 10.10.1.1 255.255.255.0
GTWY(config-subif)#ip nat inside
GTWY(config-subif)#exit

GTWY(config)#interface f0/0.2
GTWY(config-subif)#description VLAN-2
GTWY(config-subif)#encapsulation dot1q 2
GTWY(config-subif)#ip address 10.10.2.1 255.255.255.0
GTWY(config-subif)#ip nat inside
GTWY(config-subif)#exit

GTWY#ping 64.53.184.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64.53.184.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms
GTWY#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms

GTWY#show dhcp server
DHCP server: ANY (255.255.255.255)
Leases: 2
Offers: 1 Requests: 2 Acks: 2 Naks: 0
Declines: 0 Releases: 0 Bad: 0
DNS0: 64.233.207.8, DNS1: 64.233.207.9
TIME0 : 172.31.20.248
Subnet: 255.255.254.0 DNS Domain: wowway.com

GTWY#ping 10.10.4.6

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.4.6, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64.53.184.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/10/12 ms
GTWY#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/16 ms

Switch#ping 10.10.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/202/1000 ms
Switch#ping 10.10.3.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/203/1000 ms
Switch#ping 10.10.4.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.4.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Switch#ping 10.10.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Switch#ping 10.10.6.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.6.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Switch#ping 10.10.7.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.7.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
Switch#ping 10.10.8.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.8.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
Switch#ping 10.10.9.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.9.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
Switch#


Also notice that there is an ip address that I have no idea from where is coming from:

GTWY#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 64.53.184.1 to network 0.0.0.0

64.0.0.0/23 is subnetted, 1 subnets
C 64.53.184.0 is directly connected, FastEthernet0/1
172.31.0.0/32 is subnetted, 1 subnets
S 172.31.20.248 [254/0] via 64.53.184.1, FastEthernet0/1

10.0.0.0/24 is subnetted, 9 subnets
C 10.10.1.0 is directly connected, FastEthernet0/0.1
C 10.10.2.0 is directly connected, FastEthernet0/0.2
C 10.10.3.0 is directly connected, FastEthernet0/0.3
C 10.10.4.0 is directly connected, FastEthernet0/0.4
C 10.10.5.0 is directly connected, FastEthernet0/0.5
C 10.10.6.0 is directly connected, FastEthernet0/0.6
C 10.10.7.0 is directly connected, FastEthernet0/0.7
C 10.10.8.0 is directly connected, FastEthernet0/0.8
C 10.10.9.0 is directly connected, FastEthernet0/0.9
S* 0.0.0.0/0 [254/0] via 64.53.184.1

GTWY#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
GTWY(config)#no ip route 0.0.0.0 0.0.0.0 64.53.100.1
GTWY(config)#exit

GTWY#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 64.53.184.1 to network 0.0.0.0

64.0.0.0/23 is subnetted, 1 subnets
C 64.53.184.0 is directly connected, FastEthernet0/1
172.31.0.0/32 is subnetted, 1 subnets
S 172.31.20.248 [254/0] via 64.53.184.1, FastEthernet0/1
10.0.0.0/24 is subnetted, 9 subnets
C 10.10.1.0 is directly connected, FastEthernet0/0.1
C 10.10.2.0 is directly connected, FastEthernet0/0.2
C 10.10.3.0 is directly connected, FastEthernet0/0.3
C 10.10.4.0 is directly connected, FastEthernet0/0.4
C 10.10.5.0 is directly connected, FastEthernet0/0.5
C 10.10.6.0 is directly connected, FastEthernet0/0.6
C 10.10.7.0 is directly connected, FastEthernet0/0.7
C 10.10.8.0 is directly connected, FastEthernet0/0.8
C 10.10.9.0 is directly connected, FastEthernet0/0.9
S* 0.0.0.0/0 [254/0] via 64.53.184.1

As I mentioned earlier the new router/switch configurations that I've change are the ones suggested from all of you, the next thing that I'll proceed to do is to change the: ip route 0.0.0.0 0.0.0.0 f0/1, hopefully this will solve the problem. Again Thank you very much for making this training very enjoyable for my self as my only goal is to learn more and prepare my self to a new carrier path. Best Regards.
 
Minor point, but why are the interfaces on the switches showing down/down (not connect)? Do you even have cables plugged in to those ports?

Also, you can verify things are working from the router perspective by using an extended ping and sourcing from each subinterface. For example: Router#ping 4.2.2.2 repeat 3 source fastethernet0/0.1

You should get nat translations: show ip nat trans
If not, you focus on your NAT. If translations exist and pings are failing, you have a routing issue.

BUT, if the switch interfaces going to the VLANs aren't up/up, your workstations won't have any connectivity.
 
Thanks for your reply cluebird, as for the interfaces on the switch only the ports that are not being in used are administrative down. The VLANs ports are showing down because I'm only using one or two VLANs from all 9 VLANs for testing. I will have to make some changes on the ip route as you suggested before. I have not try to ping the outside world from the sub-interfaces though. I will do that after college this afternoon. Thank you very much clubird your tips and guidence are much appreciated. One more thing, how would you explain that only port two (VLAN 2) on the switch is getting access to the internet?
 
ok, I just notice something that caught my attention. When I choose to have the; ip route 0.0.0.0 0.0.0.0 f0/1, I can ping my gateway from the router (64.233.210.1) but I can't ping 4.42.2.2 and when I choose to have: no ip route 0.0.0.0 0.0.0.0 f/1 I'm able to ping both my gateway and 4.2.2.2 why? Also I just checked the: show ip nat trans but shows nothing. Can you also teach me how to ping from the sub-interfaces in the router? I really appreciate that you're taking from your valuable time to help me achieve this thing, as I mention earlier this is helping me to learn as I know that very soon we are going to start getting deep into networking concepts in my college. Thank you very much.

 
I spoke to my ISP last night and told them about my IP address on f0/1 in my 2600 router: ip address 64.233.211.215. They release the IP address and renew it back again. When I made the config in the router as follows: ip route 0.0.0.0. 0.0.0.0 f0/1, I was able to ping my gateway but not 4.2.2.2. I made a minor change on this interface: f0/1 ip route 0.0.0.0 0.0.0.0 64.233.210.1 which is my ISP default-gateway and enable the: router rip / network 10.10.0.0 64.233.0.0 and I was able to ping my gateway and 4.2.2.2. from the router but still no internet access on my VLANs. I can ping the VLANs interfaces from the router and I can ping the VLANs default gateways from the switch but unable to ping 64.233.210.1 nor 4.2.2.2, I did the show ip nat translations command but there is none. Should I remove the ip addresses from each VLAN interface? Any suggestions? Once again your thoughts are greatly appreciated.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top