Solved: Re: routing primary and secondary ip in cisco router

Ikenna1992 · ‎12-20-2018

I have this attached network I want to configure, this is my first configuration, I am hoping if I can get some help. My major problem is to configure this id and make them communicate and access the internet through an ISP DSL modem. The modem IP 192.168.0.1, and my router learn using IP address DHCP at fa0/0, my internal network core switch is connected to router fa0/1, with IP address 10.192.112.1/24 and 10.196.113.1/24 secondary.

The hp core switch has VLAN 112 with the IP address 10.196.112.40, VLAN 113 10.196.113.40. I have some devices connected to VLAN 113 and some to VLAN 112.

I want them to be able to communicate and get internet, as there are some servers with IP 10.196.113.135/24, gw 10.196.113.40, DNS 10.192.112.18, and other servers in 10.196.112.130/24, gw 10.196.112.40, DNS 10.192.112.18.

I have attached a diagram here

Richard Burts · ‎12-21-2018

If I am understanding the post correctly the router is connected to port 25 on the switch and that switch port is configured as an access port in vlan 112. If I am understanding correctly users in vlan 112 are working ok but users in vlan 113 are not working. I believe that the switch is operating as a layer 3 switch with ip routing enabled. As I see it the major problem is the router configuration which attempts to make 113 as a secondary address. When configured this way the router will believe that this subnet is locally connected and will attempt to arp for those destinations. But since those destinations are in a vlan on the switch they never see the arp request from the router. The solution would be to remove the secondary address from the configuration and to create a static route on the router for the subnet for vlan 113 with the switch as the next hop.

If I am not understanding correctly then please clarify.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎12-22-2018

No you do not want to configure a router interface with an IP address in the vlan 113 range. That is what you did with the secondary address and that causes a problem. You want the router to see the vlan as a remote subnet reached via the switch interface in vlan 112. You would want the static route to look something like this

ip route 10.196.113.0 0.0.0.255 10.196.112.40

There are a couple other things I would mention.

1) You have configured the router to run router rip version 2. We have only a very partial configuration from the switch. So we can not tell if the switch is also configured to run router rip version 2. If the switch is running router rip version 2 on both vlan 112 and vlan 113 then you should not need the static route on the router. Once you remove the secondary address for the vlan 113 address then the router will no longer regard that subnet as locally connected and could use the rip entry in the routing table.

2) you have configured the router for address translation using access list 1. But I do not see access list 1 in the configuration. I believe that you told us that users in vlan 112 are able to access the Internet. If they are able to access the Internet then that indicates that address translation is working. But I am puzzled how it is working if the access list is not in the configuration.

HTH

Rick

HTH

Rick

View solution in original post

Joseph W. Doherty · ‎12-20-2018

If your core switch is a L3 switch (the one shown as a 3560), you would route on it and have a p2p link with your external router. You would route traffic between the two devices. Unknown network traffic would be route to the external router.

The external router will need to be configured to NAT, and route unknown traffic to the DSL modem.

Ikenna1992 · ‎12-20-2018

Router

!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.196.113.1 255.255.255.0 secondary
ip address 10.196.112.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
router rip
version 2
network 192.168.112.0
network 192.168.113.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end

Switch to Router
Running configuration:

; J9086A Configuration Editor; Created on release #R.11.22

hostname "ProCurve Switch 2610-24/12PWR"
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 20-24,26-28
no ip address
no untagged 1-19,25
exit
vlan 112
name "VLAN112"
untagged 1-15,25
ip address 10.196.112.40 255.255.255.0
tagged 26-28
exit
vlan 113
name "VLAN113"
untagged 16-19
ip address 10.196.113.40 255.255.255.0
tagged 26-28
exit
spanning-tree
spanning-tree config-name "she"
spanning-tree config-revision 1
ip ssh

The router is connected to switch port 25, and am able to get internet on the ip range 10.196.112.2-254

but any device connected to ip range 10.196.113.2-254 is unable to get internet.

The device in 10.196.112.2-254 range can ping 10.196.113.1 and 10.196.112.1

@Joseph W. Doherty

Ikenna1992 · ‎12-20-2018

Router

!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.196.113.1 255.255.255.0 secondary
ip address 10.196.112.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
router rip
version 2
network 192.168.112.0
network 192.168.113.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end

Switch to Router
Running configuration:

; J9086A Configuration Editor; Created on release #R.11.22

hostname "ProCurve Switch 2610-24/12PWR"
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 20-24,26-28
no ip address
no untagged 1-19,25
exit
vlan 112
name "VLAN112"
untagged 1-15,25
ip address 10.196.112.40 255.255.255.0
tagged 26-28
exit
vlan 113
name "VLAN113"
untagged 16-19
ip address 10.196.113.40 255.255.255.0
tagged 26-28
exit
spanning-tree
spanning-tree config-name "she"
spanning-tree config-revision 1
ip ssh

The router is conected to switch port 25, and am able to get internet on the ip range 10.196.112.2-254

but any device connected to ip range 10.196.113.2-254 is unable to get internet.

The device in 10.196.112.2-254 range can ping 10.196.113.1 and 10.196.112.1 getway, but can not ping each other.

@Joseph W. Doherty

Richard Burts · ‎12-21-2018

If I am understanding the post correctly the router is connected to port 25 on the switch and that switch port is configured as an access port in vlan 112. If I am understanding correctly users in vlan 112 are working ok but users in vlan 113 are not working. I believe that the switch is operating as a layer 3 switch with ip routing enabled. As I see it the major problem is the router configuration which attempts to make 113 as a secondary address. When configured this way the router will believe that this subnet is locally connected and will attempt to arp for those destinations. But since those destinations are in a vlan on the switch they never see the arp request from the router. The solution would be to remove the secondary address from the configuration and to create a static route on the router for the subnet for vlan 113 with the switch as the next hop.

If I am not understanding correctly then please clarify.

HTH

Rick

HTH

Rick

Ikenna1992 · ‎12-21-2018

@Richard Burts You understand the question. Before doing the static route on the router, do I need to configure the router with an iP address in vlan113 range.

Please how will the static route look like.

Richard Burts · ‎12-22-2018

No you do not want to configure a router interface with an IP address in the vlan 113 range. That is what you did with the secondary address and that causes a problem. You want the router to see the vlan as a remote subnet reached via the switch interface in vlan 112. You would want the static route to look something like this

ip route 10.196.113.0 0.0.0.255 10.196.112.40

There are a couple other things I would mention.

1) You have configured the router to run router rip version 2. We have only a very partial configuration from the switch. So we can not tell if the switch is also configured to run router rip version 2. If the switch is running router rip version 2 on both vlan 112 and vlan 113 then you should not need the static route on the router. Once you remove the secondary address for the vlan 113 address then the router will no longer regard that subnet as locally connected and could use the rip entry in the routing table.

2) you have configured the router for address translation using access list 1. But I do not see access list 1 in the configuration. I believe that you told us that users in vlan 112 are able to access the Internet. If they are able to access the Internet then that indicates that address translation is working. But I am puzzled how it is working if the access list is not in the configuration.

HTH

Rick

HTH

Rick

Ikenna1992 · ‎12-23-2018

Thanks @ Richard Burts. Your suggestion solved the problem.

Richard Burts · ‎12-23-2018

I am glad that the problem is resolved and that my suggestions have pointed you in the right direction. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

HTH

Rick