VLan issues C2600 Home Lab 3

[WiseGuy35]

Ok...Ive got my Vlan setup and I'm having some issues. I've configured 3 VLans and they can all PING each other perfectly. I have a windows 03 server running DNS, DHCP and Routing/remote access. Problem is any host that is not in the same Vlan (2) as my server cant get to the internet, BUT they can ping websites by Name which means my dns is working i guess...If you have any suggestion, I would like to hear them

Vlan 1 management 192.168.0.1
Vlan 2 server 192.168.1.1 (Server 192.168.1.4 -> internet)
Vlan 10 hosts 192.168.10.1 (H 192.168.10.2 Gw 192.168.10.1)
Vlan 20 Hosts 192.168.20.1 (H 192.168.20.2 Gw 192.168.20.1)

Also my firefox browser says cannot connect instead of cannot find server. IE doesnt work either

Router Config
Building configuration...

Current configuration : 1108 bytes
!
! Last configuration change at 05:24:19 UTC Tue Jun 2 2009
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco2600
!
enable secret
enable password
!
!
!
!
!
ip subnet-zero
ip domain-name Home.local
ip name-server 192.168.1.4
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
router rip
version 2
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0
!
ip default-gateway 192.168.1.4
ip classless
ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
line con 0
line 33 48
line aux 0
line vty 0 4
p
login
!
ntp clock-period 17180585
ntp server 192.168.1.4
end

Switch Config

Building configuration...

Current configuration:
!
version 11.2
no service pad
no service udp-small-servers
no service tcp-small-servers
!
hostname Switch
!
enable
!
!
ip domain-name Home.local
ip name-server 192.168.1.4
!
interface VLAN1
ip address 192.168.0.2 255.255.255.0
no ip route-cache
!
interface FastEthernet0/1
description Connected to Router
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
switchport access vlan 10
!
interface FastEthernet0/10
switchport access vlan 10
!
interface FastEthernet0/11
switchport access vlan 10
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
switchport access vlan 20
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
ip default-gateway 192.168.1.4
banner motd ^C

 

[unclerico]

Are your hosts statically assigned or do they get valid addresses via DHCP??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[WiseGuy35]

THey are statically assigned in this case.

 

[North323]

ip default-gateway 192.168.1.4 is that the IP address of your server? should be going out the internet?? so all traffic is going to the server, whats the default gateway of that server?

 

[unclerico]

you're 100% certain that when you are pinging the addresses that the hosts generating the ICMP traffic are not in VLAN2??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[North323]

if his server can get out to the internet and running DNS, he is pinging the same websites the server went to and is using cached DNS on the server. question i have is how does the server route traffic to the internet from other vlans? looks like the server is trying to route (based on your statements) i would take the default gateway of the server, and put that in the router, see what happens

 

[unclerico]

if his server can get out to the internet and running DNS, he is pinging the same websites the server went to and is using cached DNS on the server

but even then the servers would not get the echo-replies from the website's themselves. he would most definitely get a non-authoritative response as to the IP's of the sites, but the ICMP traffic would still need to be able to get to those IP's and then back again. i am ready to point to the RRAS server as the culprit here just as you are North

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[WiseGuy35]

First of all, thx for all the quick replies..im at work so im typing on my phone. the server is running RRAS with two network cards. the first is plugged into my dsl moden, and the second being connected to port two of the cisco 2524 switch.

port one is conneted to the 2600 router and is trunking for the vlans... so the trunk must be working becuase i can access all host files on each vlan...

Ping was working correctly but i believe that if i tried to do a tracert...it never would get past the host gateway which is the vlan address on the ntwork..i would get ***

oh nd i tried to debug ip and i was getting some kind of unroutable error

hope this helps and ill repond bettter later tonight when i get home

 

[unclerico]

make sure the RRAS server has routes pointing back to the router for the .10 and .20 networks

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[WiseGuy35]

I confirmed the routing table has routes to 192.168.10.1 via 192.168.1.1(Vlan2) Please look at the Debug IP below...

I tried the ping again and this is what it does: ping

http://www.fedex.com.

Notice it finds the ip.

PING origin.fedex.com (199.81.266.155) 56 bytes if data
From (192.168.10.1) icmp_seq=2 Destination Host Unreachable

Now if I try to trace route to fedex from the server Vlan 2 it works fine. But if I tracert from Vlan 10 i get something weird.

Traceroute to

http://www.fedex.com

(199.81.266.155) 30 Hops Max
1. (192.168.10.1) 4.755 ms 5.182 ms
2. * * *
3. * * *
4. (192.168.10.1) 4.873 ms !H *
Not sure why but it starts and ends at its default gateway

*Note this IP debug is me trying to access Fedex.com. You can see here my server 192.168.1.4 communicating with the host 192.168.10.2 in Vlan 10
Cisco2600#
1d05h: IP: s=192.168.1.4 (FastEthernet0/0.2), d=192.168.10.2 (FastEthernet0/0.10
), g=192.168.10.2, len 171, forward
1d05h: UDP src=53, dst=32848
1d05h: IP: s=192.168.10.2 (FastEthernet0/0.10), d=199.81.202.50, len 60, unrouta
ble
1d05h: TCP src=53049, dst=80, seq=600499738, ack=0, win=5840 SYN
1d05h: IP: s=192.168.10.1 (local), d=192.168.10.2 (FastEthernet0/0.10), len 56,
sending
1d05h: ICMP type=3, code=1
1d05h: IP: s=192.168.10.2 (FastEthernet0/0.10), d=199.81.204.50, len 60, unrouta
ble
1d05h: TCP src=56207, dst=80, seq=613291198, ack=0, win=5840 SYNno debug
1d05h: IP: s=192.168.10.2 (FastEthernet0/0.10), d=199.81.204.50, len 60, unrouta
ble
1d05h: TCP src=56207, dst=80, seq=613291198, ack=0, win=5840 SYN
1d05h: IP: s=192.168.10.1 (local), d=192.168.10.2 (FastEthernet0/0.10), len 56,
sending
1d05h: ICMP type=3, code=1
1d05h: IP: s=192.168.10.2 (FastEthernet0/0.10), d=199.81.217.155, len 60, unrout
able
1d05h: TCP src=50750, dst=80, seq=606181351, ack=0, win=5840 SYN all
All possible debugging has been turned off

 

[WiseGuy35]

Ok ya'll I got it working and now all i need to know it why lol

I found out that the Default-gateway command i was using should no be used when using IP routing...I had to setup a gateway of last resort using Ip route 0.0.0.0 0.0.0.0 192.168.1.4

WHat exactly are the differences between the two commands?

 

[North323]

gateway of last resort says it all...basically the device does not know where to send the traffic, so it sends it out the gateway of "LAST" resort. they should call it, "i dont know where to send this traffic so i'll send it here gateway"

 

[burtsbees]

Here's one problem...

interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto

You CANNOT have an IP address on the main interface when you have subinterfaces! I'll bet everyone here thought that it was a 2621...lol

You also need

ip route 0.0.0.0 0.0.0.0 192.168.1.4

Is the server doing NAT?

/

 

[CiscoGuru01]

This is a switch not a router. LOL I don't think Layer 2 devices really care about Ip address' except for management purposes.

 

[WiseGuy35]

burt...

i read the same thing before but somewhere learned that that rule only applies to a certain ios above 12.1 ....i cant use the native command either ..

ill try it when i get home and see what happens

 

[burtsbees]

Gene

What to say...hmmm...

The fa0/0 that I am talking about has subinterfaces under it, so...last time I checked, well...

just...step away from the bottle a little while, eh?

lol

/