Setting up a Cisco 1921 router and a Catalyst 3550 switch

mrlombada93 · ‎12-27-2018

Hello, I am fairly new to the networking field, and I am trying to design a network setup using a Cisco 1921 router and a Cisco Catalyst 3550 switch. After doing lots of research and running into multiple road blocks, I had some questions for the Cisco Community in the hopes that I would receive some guidance.

For reference, this is the setup I am trying to achieve:

My "incoming" network connection is provided by a Cat5 wall outlet that connects to the main internet in the building. I have a cord running from this to the router, and I have the router configured to DHCP on that specific port (gi0/0). When configuring the router, I set up multiple VLAN subinterfaces (using the enable>config t>int g0/1.1, 2, etc.) to trunk encapsulation dot1q, putting a 1-4 for each VLAN, and inputting the IP addresses shown on the chart above, with subnet masks of 255.255.255.0. On the Catalyst 3550, I have a WS-G5483 GBIC transceiver connected into the gi0/1 interface, and I have configured it to switchport mode trunk, dot1q encapsulation, and to allow vlan1-4. However, when testing this today, I was not able to connect my computer to the internet.

Here are my main questions:

Am I going about this the right way? Should I be using a router to communicate with the switch, and can the router translate the incoming internet connection on the undesired IP address into a connection using the desired IP address? If so, where am I going wrong with the configuration? Another thing that I've been considering is purchasing a 4-port WAN interface module, or a serial module and a cable for the router, which will go into the gi0/1 slot on the switch; would either of these help?
How do I ensure that, say, 2 computers plugged into a generic hub that is connected to a VLAN port on the switch will have different IP addresses? Will trunking ensure that IP addresses that come off of a specific port will be different for each device, or should I just get rid of the generic hubs completely, and wire everything into specific ports?

Thank you very much to anyone who takes the time to read this and/or provide answers. Again, I am new to this field, and if you do have any sort of suggested reading or information that I can refer to, please feel free to share it with me. I've been reading through a lot of Cisco manuals and following tutorials, but I've fallen short somewhere.

Thanks again!

P.S. If I have placed this in the wrong board, please let me know. I apologize in advance if I do!

Leo Laohoo · ‎12-27-2018

Catalyst 1900 & 3550. Yup. This is going to be ... not so fun.
Toss in a few hubs along the way and it's instant nightmare-on-elm-street.

Just exactly what is being achieved or accomplished here?

Why not start with a router, a switch and PCs?

jalejand · ‎12-28-2018

Very old equipment running here :P

As you are running hubs, I would start working with the users attached on the Catalyst 1900., from the 10.111.120.x subnet in Vlan x.
By looking at your diagram, It seems that the C1900 acts as a gateway for all the vlans as it has encapsulation subinterfaces.

Users from 10.111.120.x that are trying to get into the internet, can these ping the default gateway? if so, is this default gateway located on the 1921 Router?
What kind of link are you using for outside traffic? It is using BGP?

I would highly suggest you to get rid of the hubs, not only the medium will change to half duplex, collitions will occur. However, even with hubs, DHCP can work without creating duplicated entries on the server side, as DHCP client-to-server messages have the client souce-mac on its frame structure, the DHCP server will provide addresses based on that.

Richard Burts · ‎01-01-2019

For a beginner this is a fairly extensive project. I suggest that the original poster approach this as a project in at least 2 phases. First get things working internally in the network and then worry about getting connectivity to the outside networks. To get things working internally I suggest that these are the steps to work through:

- make sure that you have a clear and consistent plan about vlans and subnets that will be used in the network.

- decide how devices in your network will operate - will they use DHCP to learn addresses, masks, and gateways or will they use manual/fixed configuration.

- on the router

- configure appropriate interface and sub-interface to support the vlans and configure addresses and masks for the subnets.

- make sure that routing between the subnets is working. At this point all networks will be locally connected networks and there should not be need for static routes or dynamic routing protocol

- on the 3550

- configure appropriate vlans

- for ports that will be access ports assign switch ports to appropriate vlans

- for ports that will connect to other switches configure the port as a trunk and make sure that it carries appropriate vlans

- configure the switch port connecting to the router as a trunk and make sure that the trunk carries all of the vlans

- decide which vlan will be your management vlan and configure a vlan interface with an appropriate IP address and subnet mask so that you can access the switch. You should not need vlan interfaces for other vlans at this point.

Once you have that phase working successfully you are ready to work on external connectivity. There are a couple of important parts to this

- configure the outside interface with appropriate IP address and mask

- decide whether you will use a routing protocol for outside connectivity or will use static routing.

- implement the appropriate routing method.

- verify connectivity with the outside networks. verify that the router can ping various IP addresses in the outside networks

- configure address translation for the various networks on the inside of this network.

HTH

Rick

HTH

Rick

mrlombada93 · ‎01-05-2019

Thank you very much for this guideline, Rick!

I have successfully made it through the first phase; I followed your advice, and I am able to ping one device with another on the same VLAN, and the router can ping the device as well.

I'm having issues with the second phase, and I'm hoping you can tell me where I'm going wrong. I tried to set up a NAT, and with the NAT in place, I am able to ping an outside DNS server (8.8.8.8, Google's public DNS), but my computer is still unable to access the internet. I'll provide my configuration, if that will help:

Using 2412 out of 262136 bytes
!
! Last configuration change at 14:48:03 UTC Sat Jan 5 2019
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname TXM0601ROUTE1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$rwTD$gVlFka0slxSyg2YEpKLEm.
enable password cisco1
!
no aaa new-model
!
!
!
!
!
ip dhcp pool TEST
network 10.111.103.0 255.255.255.0
!
ip dhcp pool TESST
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FJC1922E0D2
!
!
vtp mode transparent
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
encapsulation dot1Q 10
ip address 10.111.110.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 20
ip address 10.111.120.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 30
ip address 10.111.130.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 40
ip address 10.111.140.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 50
ip address 10.111.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Serial0/1/0
no ip address
shutdown
!
router rip
network 192.168.136.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat pool testpool 192.168.136.155 192.168.136.255 prefix-length 24
ip nat inside source list 7 pool testpool
ip route 0.0.0.0 0.0.0.0 192.168.136.1
!
access-list 7 permit 10.111.110.0 0.0.0.255
access-list 7 permit 10.111.120.0 0.0.0.255
access-list 7 permit 10.111.130.0 0.0.0.255
access-list 7 permit 10.111.140.0 0.0.0.255
access-list 7 permit 10.111.150.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password cisco
login
transport input all
!
scheduler allocate 20000 1000
!
end

Richard Burts · ‎01-05-2019

I am glad that you are making progress. At this point do you have more than one vlan working? Are you testing access to outside from the router itself or from a device connected in your network? Your config shows one pool for DHCP and it lacks several parameters that are commonly used. Am I correct in assuming that at this point you are using manual configuration for the devices in your network? To help us understand the environment would you post the output of these commands on the router

show ip interface brief

show ip route

show arp

I have a few comments about the config that you posted

- you have configured both enable password and enable secret. You need only one, and the better one is enable secret. enable password was the original approach and enable secret was introduced to provide better security. When both are present then enable password is ignored. If it is not being used you might as well remove it.

- you have a partial config for a DHCP pool. But the network mentioned in it does not match to any of the networks in the vlans configured on the router. So for now lets concentrate on getting other things to work and use manual configuration for your network devices. You can come back later and get DHCP to work.

- the configuration of the interfaces looks appropriate, assuming that the switch has configured its connection to the router as a trunk, and has configured vlans 10, 20, 30,, 40, and 50 and carries those vlans on the trunk.

- You have configured router rip to process network 192.168.136.0. Would I be correct in assuming that this is the outside network that you connect to? Does that network run router rip on that network? If it does and if they advertise a default route then you do not need the static default route that you connected.

- you are using addresses in that network as your nat pool. Is that consistent with the processing of that outside network?

HTH

Rick

HTH

Rick

mrlombada93 · ‎01-05-2019

Here are the outputs you requested:

TXM0601ROUTE1#show ip int brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 192.168.136.116 YES DHCP up up
GigabitEthernet0/1 unassigned YES NVRAM up up
GigabitEthernet0/1.1 10.111.110.1 YES NVRAM up up
GigabitEthernet0/1.2 10.111.120.1 YES NVRAM up up
GigabitEthernet0/1.3 10.111.130.1 YES NVRAM up up
GigabitEthernet0/1.4 10.111.140.1 YES NVRAM up up
GigabitEthernet0/1.5 10.111.150.1 YES NVRAM up up
Serial0/1/0 unassigned YES NVRAM administratively down down
NVI0 unassigned YES unset administratively down down

TXM0601ROUTE1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 192.168.136.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.136.1
10.0.0.0/8 is variably subnetted, 10 subnets, 2 masks
C 10.111.110.0/24 is directly connected, GigabitEthernet0/1.1
L 10.111.110.1/32 is directly connected, GigabitEthernet0/1.1
C 10.111.120.0/24 is directly connected, GigabitEthernet0/1.2
L 10.111.120.1/32 is directly connected, GigabitEthernet0/1.2
C 10.111.130.0/24 is directly connected, GigabitEthernet0/1.3
L 10.111.130.1/32 is directly connected, GigabitEthernet0/1.3
C 10.111.140.0/24 is directly connected, GigabitEthernet0/1.4
L 10.111.140.1/32 is directly connected, GigabitEthernet0/1.4
C 10.111.150.0/24 is directly connected, GigabitEthernet0/1.5
L 10.111.150.1/32 is directly connected, GigabitEthernet0/1.5
192.168.136.0/24 is variably subnetted, 6 subnets, 2 masks
C 192.168.136.0/24 is directly connected, GigabitEthernet0/0
L 192.168.136.116/32 is directly connected, GigabitEthernet0/0
L 192.168.136.155/32 is directly connected, GigabitEthernet0/0
L 192.168.136.156/32 is directly connected, GigabitEthernet0/0
L 192.168.136.157/32 is directly connected, GigabitEthernet0/0
L 192.168.136.158/32 is directly connected, GigabitEthernet0/0

TXM0601ROUTE1#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.111.110.1 - 84b8.0239.03e1 ARPA GigabitEthernet0/1.1
Internet 10.111.110.24 18 782b.cb89.242e ARPA GigabitEthernet0/1.1
Internet 10.111.110.35 18 f01f.af04.19d1 ARPA GigabitEthernet0/1.1
Internet 10.111.120.1 - 84b8.0239.03e1 ARPA GigabitEthernet0/1.2
Internet 10.111.130.1 - 84b8.0239.03e1 ARPA GigabitEthernet0/1.3
Internet 10.111.130.24 12 782b.cb89.242e ARPA GigabitEthernet0/1.3
Internet 10.111.130.35 12 f01f.af04.19d1 ARPA GigabitEthernet0/1.3
Internet 10.111.140.1 - 84b8.0239.03e1 ARPA GigabitEthernet0/1.4
Internet 10.111.140.24 9 782b.cb89.242e ARPA GigabitEthernet0/1.4
Internet 10.111.140.35 9 f01f.af04.19d1 ARPA GigabitEthernet0/1.4
Internet 10.111.150.1 - 84b8.0239.03e1 ARPA GigabitEthernet0/1.5
Internet 10.111.150.24 0 782b.cb89.242e ARPA GigabitEthernet0/1.5
Internet 10.111.150.35 0 f01f.af04.19d1 ARPA GigabitEthernet0/1.5
Internet 192.168.136.1 26 64d1.5457.9d77 ARPA GigabitEthernet0/0
Internet 192.168.136.2 2 64d1.5457.9d77 ARPA GigabitEthernet0/0
Internet 192.168.136.116 - 84b8.0239.03e0 ARPA GigabitEthernet0/0
Internet 192.168.136.155 - 84b8.0239.03e0 ARPA GigabitEthernet0/0
Internet 192.168.136.156 - 84b8.0239.03e0 ARPA GigabitEthernet0/0
Internet 192.168.136.157 - 84b8.0239.03e0 ARPA GigabitEthernet0/0
Internet 192.168.136.158 - 84b8.0239.03e0 ARPA GigabitEthernet0/0

The thing about your last 2 questions is, yes, that is the outside network, but I have no control of it, and that connection is being distributed through a router I can't configure or log into, so I have no idea if that is the rip it's using. I pulled the 192.168.136.1 ip from having a device connected to it, and discovering that to be the gateway ip. My assumption was that I could build the pool off of ip addresses inside that range, so it would line up with what the DHCP would offer if I were to connect that many devices directly to the network. Was I wrong in that assumption?