Solved: 1760 with WIC-4ESW and 3550

jasonshaffner · ‎06-27-2013

I have had 2 3550's connected to my home router, they've been working fantastically together with a trunk on gi0/2, a printer, computer and some NAS drives on various fa ports on both switches. I've been using one VLAN for everything and have had no issues.

Now I'm trying to add a 1760 with a WIC-4ESW card to the network in place of my home router. I've set up fa0/0 as my WAN port, directly connected to my cable modem and I am able to ping out to the internet. I've set up fa1/1 as a trunk, carrying the VLAN I had set up on my switches. I am able to ping all devices on the switches from the router.

Now the issue I'm having is that I cannot access the internet from anything on the other side of the router. I'm a little baffled at this time as I figure if I can access the internet from the router, and I can access the router from the switches and my PC, I should be able to access the internet from my PC. My end goal is to be able to set this up, and attach my home router to one of the switches to use for Wi-Fi, and have my web server, printers and NAS drives in separate VLANs... of course I need to sort this issue out first. Here are my current configs:

1760 Router:

Current configuration : 1818 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname rtr1

!

boot-start-marker

boot-end-marker

!

aaa new-model

!

aaa session-id common

!

resource policy

!

clock timezone est -5

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip cef

!

ip dhcp update dns both

no ip domain lookup

ip domain name shaffner.us

ip name-server 8.8.8.8

!

interface FastEthernet0/0

ip address dhcp

ip access-group 110 in

ip access-group 101 out

ip nat outside

ip nat enable

speed 100

full-duplex

vlan-range dot1q 1 1005

bridge-group 24

exit-vlan-config

!

no cdp enable

!

interface Serial0/0

no ip address

shutdown

!

interface FastEthernet1/1

switchport trunk native vlan 24

switchport mode trunk

!

interface FastEthernet1/2

switchport access vlan 24

switchport mode trunk

!

interface FastEthernet1/3

switchport mode trunk

shutdown

!

interface FastEthernet1/4

shutdown

!

interface Vlan1

no ip address

!

interface Vlan24

ip address 10.0.1.30 255.255.255.0

ip nat inside

ip nat enable

ip route-cache policy

!

interface Vlan55

no ip address

!

ip default-gateway 10.0.1.1

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

no ip http server

!

access-list 101 permit ip any any

access-list 110 deny tcp any host 173.194.5.0 eq www

access-list 110 deny tcp 173.194.55.0 0.0.0.255 eq www any

access-list 110 deny tcp 206.111.0.0 0.0.255.255 eq www any

access-list 110 permit tcp any any eq www

access-list 110 permit icmp any any

access-list 110 permit ip any any

!

control-plane

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password

transport input telnet

!

end

3550 Switch 1:

Current configuration : 2598 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname swt1

!

ip subnet-zero

ip name-server 10.0.1.1

!

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk native vlan 24

switchport trunk allowed vlan 1-1005

switchport mode trunk

no ip address

!

interface FastEthernet0/2

switchport access vlan 24

no ip address

!

interface FastEthernet0/3

switchport access vlan 24

no ip address

!

interface FastEthernet0/4

switchport access vlan 24

no ip address

!

interface FastEthernet0/5

switchport access vlan 24

no ip address

!

interface FastEthernet0/6

switchport access vlan 24

no ip address

!

interface FastEthernet0/7

switchport access vlan 24

no ip address

!

interface FastEthernet0/8

switchport access vlan 24

no ip address

!

interface FastEthernet0/9

switchport access vlan 24

no ip address

!

interface FastEthernet0/10

switchport access vlan 24

no ip address

!

interface FastEthernet0/11

switchport access vlan 24

no ip address

!

interface FastEthernet0/12

switchport access vlan 24

no ip address

!

interface FastEthernet0/13

switchport access vlan 24

no ip address

interface FastEthernet0/14

switchport access vlan 24

no ip address

!

interface FastEthernet0/15

switchport access vlan 24

no ip address

!

interface FastEthernet0/16

switchport access vlan 24

no ip address

!

interface FastEthernet0/17

switchport access vlan 24

no ip address

!

interface FastEthernet0/18

switchport access vlan 24

no ip address

!

interface FastEthernet0/19

switchport access vlan 24

no ip address

!

interface FastEthernet0/20

switchport access vlan 24

no ip address

!

interface FastEthernet0/21

switchport access vlan 24

no ip address

!

interface FastEthernet0/22

switchport access vlan 24

no ip address

!

interface FastEthernet0/23

switchport access vlan 24

no ip address

!

interface FastEthernet0/24

switchport access vlan 24

no ip address

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk native vlan 24

switchport trunk allowed vlan 1-1005

switchport mode trunk

no ip address

!

interface Vlan1

no ip address

!

interface Vlan24

ip address 10.0.1.20 255.255.255.0

!

ip default-gateway 10.0.1.30

ip classless

ip http server

!

line con 0

password

login

line vty 0 4

password

login

line vty 5 15

password

login

!

end

3550 Switch 2:

Current configuration : 3390 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname swt2

!

no aaa new-model

ip subnet-zero

ip routing

ip name-server 10.0.1.1

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 24

switchport trunk encapsulation dot1q

switchport trunk native vlan 24

switchport mode trunk

!

interface FastEthernet0/2

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport access vlan 24

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/6

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/7

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/8

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/9

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/11

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/13

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/14

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/15

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport access vlan 24

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/22

switchport access vlan 24

switchport mode access

switchport nonegotiate

duplex full

!

interface FastEthernet0/23

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface FastEthernet0/24

switchport access vlan 24

switchport mode access

switchport nonegotiate

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

description swt1

switchport trunk encapsulation dot1q

switchport trunk native vlan 24

switchport trunk allowed vlan 1-1005

switchport mode trunk

!

interface Vlan1

no ip address

!

interface Vlan5

no ip address

!

interface Vlan24

ip address 10.0.1.10 255.255.255.0

!

interface Vlan55

no ip address

!

ip default-gateway 10.0.1.1

ip classless

ip http server

ip http secure-server

!

control-plane

!

line con 0

line vty 0 4

password

login

line vty 5 15

password

login

!

end

Seb Rupik · ‎06-27-2013

Hi Jason,

Looks like a NAT issue. You have defined the interfaces, but not the NAT (PAT). The piece of config you need on the 1760 is:

ip nat inside source interface fa0/0 overload

...this should translate all outbound traffic onto a port of the fa0/0 interface using the IP address it was asigned via DHCP.

Once configred run :

sh ip nat trans

...and you should see the translations in action.

cheers,

Seb.

View solution in original post

Seb Rupik · ‎06-27-2013

Hi Jason,

Looks like a NAT issue. You have defined the interfaces, but not the NAT (PAT). The piece of config you need on the 1760 is:

ip nat inside source interface fa0/0 overload

...this should translate all outbound traffic onto a port of the fa0/0 interface using the IP address it was asigned via DHCP.

Once configred run :

sh ip nat trans

...and you should see the translations in action.

cheers,

Seb.

jasonshaffner · ‎06-27-2013

Thank you, worked perfectly!