Solved: Cant get internet access to home lab.

walkerb4 · ‎08-04-2023

Beginner here. I have a network lab that consists of a Cisco 1841 and a Catalyst 2950. I have a basic configuration that allows everything to communicate with each other. When a device is connected to the switch, I am able to ping every device and get a response. My next step is to get internet access to all the devices that are connected via the switch. I live on a college campus so I use the ethernet port in the dorms to plug this in to my router interface. The connections are wall port to

Router fa0/0, Router 0/1 to switch 0/24 (trunk)

and devices able to be connected via Switch ports

fa0/1-23

I assumed it wouldn't be plug and play and I was correct. I attempted some configurations I saw on the internet, but I wasn't sure if it was exactly what I needed and it didn't work anyway. What would be the correct way to go about this?

(Also let me know if more information is needed)

Flavio Miranda · ‎08-04-2023

Hi @walkerb4

The first question I would ask you is if you plug a computer on this ethernet port in the dorms , does the computer gets access to the internet?

If does, do you use a static IP address or it comes automatic via DHCP?

I will assume yes, you can access the internet and the IP comes automatic via DHCP. Then, you need to get on the router interface that connects to this ethernet port in the dorms and issue the command

conf t

int  fa0/0

 ip address dhcp

Now, mostly probably the interface

fa0/0

have an IP address provided by the Campus nework. After that, you need to identify who is the gateway. You can find that by using the command

show ip arp

on the router. You are going to see the router´s IP and at least one more IP on the same network. Use that IP as you gateway.

Another way to figure this out is using a PC connected to the Campus network directly and issue the command

ipconfig

considering you use windows.

Once identified the gateway, you need to add a

default route

on the router sending all the traffic to this gateway

ip route 0.0.0.0 0.0.0.0 <gateway´s ip address>

Now, you will be probably able to acccess the internet from the router. You can try to

ping 8.8.8.8

which is the google DNS. If you succeed, you have internet access.

For the interface

fa 0/1

connected to the switch, you have two possibility. You can put an IP address on this interface like this

conf t

interface fa0/1

ip add 192.168.1.1 255.255.255.0 (example)

For the lan part will depend on the switch and how you want to setup.If you want just to have internet connectivity and does not matter the

vlan

you can simply keep all interface in on

vlan

Usually switch comes with all interfaces in

vlan1

and that´s fine.

You can create a more complex topology with more than one

vlan

on the switch and use subinterface on the router to route between

vlans

but you may want to make it work in the simples way first after try more complex stuff.

Let me know you progress on it.

View solution in original post

Flavio Miranda · ‎08-07-2023

@walkerb4 the config is fairly right. The only thing I believe you can change is this config right here.

int fa0/1
no shutdown
no ip address
ip nat inside

You dont need to use

ip nat inside

on the interface, only on the subinterface. But, I wonder if you need NAT at all. I would make a test with no NAT present. You just need to remove the

ip nat inside and ip nat outside

config.

As the router receives internal IP address from the Campus, NAT would be not required.

But, what concern me most is the information you shared below. If when you connect a Laptop directly to the campus port and you get not internet, there is no reason to believe you will get connecting the router.

"To test if

fa0/1

was getting any internet at all, I directly connected

fa0/1

to my laptop to test. It says unidentified network with no internet."

When you say "I directly connected

fa0/1

to my laptop to test." do you mean the connection to Campus right?

Make sure the Campus admin dont need to allow something on their side.

View solution in original post

Flavio Miranda · ‎08-07-2023

The DHCP part is pretty easy.

Not sure if you can do this on the switch. If the switch is only layer2 it will not support DHCP service. But you can surelly do it on the router.

Let me share a script for you.

ip dhcp excluded-address 192.168.10.254

ip dhcp excluded-address 192.168.20.254




!

ip dhcp pool VLAN10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.254

dns-server 8.8.8.8

!

!

!

ip dhcp pool VLAN20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.254

dns-server 8.8.8.8

!

!

Thw

ip helper-address

would be required if you had a external DHCP server, for example. On this case, on the subinterface you should add this command pointing to the DHCP server.

But, by using the router as DHCP server, it would not be necessary.

View solution in original post

Flavio Miranda · ‎08-04-2023

Hi @walkerb4

The first question I would ask you is if you plug a computer on this ethernet port in the dorms , does the computer gets access to the internet?

If does, do you use a static IP address or it comes automatic via DHCP?

I will assume yes, you can access the internet and the IP comes automatic via DHCP. Then, you need to get on the router interface that connects to this ethernet port in the dorms and issue the command

conf t

int  fa0/0

 ip address dhcp

Now, mostly probably the interface

fa0/0

have an IP address provided by the Campus nework. After that, you need to identify who is the gateway. You can find that by using the command

show ip arp

on the router. You are going to see the router´s IP and at least one more IP on the same network. Use that IP as you gateway.

Another way to figure this out is using a PC connected to the Campus network directly and issue the command

ipconfig

considering you use windows.

Once identified the gateway, you need to add a

default route

on the router sending all the traffic to this gateway

ip route 0.0.0.0 0.0.0.0 <gateway´s ip address>

Now, you will be probably able to acccess the internet from the router. You can try to

ping 8.8.8.8

which is the google DNS. If you succeed, you have internet access.

For the interface

fa 0/1

connected to the switch, you have two possibility. You can put an IP address on this interface like this

conf t

interface fa0/1

ip add 192.168.1.1 255.255.255.0 (example)

For the lan part will depend on the switch and how you want to setup.If you want just to have internet connectivity and does not matter the

vlan

you can simply keep all interface in on

vlan

Usually switch comes with all interfaces in

vlan1

and that´s fine.

You can create a more complex topology with more than one

vlan

on the switch and use subinterface on the router to route between

vlans

but you may want to make it work in the simples way first after try more complex stuff.

Let me know you progress on it.

walkerb4 · ‎08-06-2023

I have done what you said to do and my router is correctly receiving an IP from the campus subnet, but I do not have internet access through any switch ports on any

vlans

Before asking for help I had already configured

vlans

so I went with it. I made sure the static default route was the correct IP. To test if

fa0/1

was getting any internet at all, I directly connected

fa0/1

to my laptop to test. It says unidentified network with no internet. I will attach my configuration here for you to see. I have been attempting to do numerous amounts of different things with this setup, so if you see anything off, not just with the portion being helped with, please let me know. Also, keep in mind I am a beginner, so please bear with me.

!--Switch Config--!
hostname Switch_01
no ip domain-lookup
enable secret password
line console 0
password xxx
login
ip domain-name example.com
crypto key generate rsa
1024
line vty 0 1
login local
transport input ssh
banner motd "Unauthorized access not allowed"

!--Switch Remote access--!
!--
interface vlan 30
ip address 192.168.30.253 255.255.255.0
no shutdown
exit-
--!

!--DHCP pool configuration for each vlan--!
ip dhcp excluded-address 192.168.10.254
ip dhcp excluded-address 192.168.20.254
ip dhcp excluded-address 192.168.10.253
ip dhcp excluded-address 192.168.20.253
ip dhcp pool v10pool
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 8.8.8.8
ip dhcp pool v20pool
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
dns-server 8.8.8.8
exit

!--Switch Configuring VLANs and physical interfaces--!
int vlan 10
name Sub_1-8
ip address 192.168.10.253
int vlan 20
name Sub_9-16
ip address 192.168.20.253
int vlan 30
name Sub_17-23
exit
interface range fa0/1 - 8
switchport mode access
switchport access vlan 10
interface range fa0/9 - 16
switchport mode access
switchport access vlan 20
interface range fa0/17 - 23
switchport mode access
switchport access vlan 30
interface fa0/24
switchport mode trunk
switchport trunk native vlan 888


-----------------------Router-------------------------------


!--Router Config--!
hostname Router_01
no ip domain-lookup
enable secret password
line console 0
password xxx
login
ip domain-name example.com
crypto key generate rsa
1024
line vty 0 1
login local
transport input ssh
banner motd "Unauthorized access not allowed"

!--Router Config--!
int fa0/0
no shutdown
ip address dhcp
ip nat outside
ip route 0.0.0.0 0.0.0.0 x.x.x.x
int fa0/1
no shutdown
no ip address
ip nat inside
interface fa0/1.10
description "Sub 1-8"
encapsulation dot1q 10
ip address 192.168.10.254 255.255.255.0
ip nat inside
interface fa0/1.20
description "Sub 9-16"
encapsulation dot1q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
interface fa0/1.30
description "Sub 17-23"
encapsulation dot1q 30
ip address 192.168.30.254 255.255.255.0
ip nat inside
ip nat inside source list 1 interface fa0/0 overload
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.30.0 0.0.0.255

Flavio Miranda · ‎08-07-2023

@walkerb4 the config is fairly right. The only thing I believe you can change is this config right here.

int fa0/1
no shutdown
no ip address
ip nat inside

You dont need to use

ip nat inside

on the interface, only on the subinterface. But, I wonder if you need NAT at all. I would make a test with no NAT present. You just need to remove the

ip nat inside and ip nat outside

config.

As the router receives internal IP address from the Campus, NAT would be not required.

But, what concern me most is the information you shared below. If when you connect a Laptop directly to the campus port and you get not internet, there is no reason to believe you will get connecting the router.

"To test if

fa0/1

was getting any internet at all, I directly connected

fa0/1

to my laptop to test. It says unidentified network with no internet."

When you say "I directly connected

fa0/1

to my laptop to test." do you mean the connection to Campus right?

Make sure the Campus admin dont need to allow something on their side.

walkerb4 · ‎08-07-2023

I will test with both no

ip nat inside

on the primary, and no

ip nat inside

at all and reply with the results.
My wiring goes, wall port to router

fa0/0

then router

fa0/1

to switch

fa0/24

When talking about port

fa0/1

I was mentioning the port on my router.

Fa0/1

is the port I connect to my switch with. I was testing to see if router

fa0/0

was giving internet to

fa0/1

This should rule out if it is a switch issue or not.
Also, could you explain the use of

ip nat inside/outside

? I understand it's like differentiating LAN from WAN, or public from private, but when is it appropriate to use this if this is a situation where I don't need it?

walkerb4 · ‎08-07-2023

Initially, I removed the

ip nat inside

from the

fa0/1

interface and that seemed to be the issue. I am now able to connect to the internet through my switch. Just to test whether I needed that at all like you said, I removed it from the sub interfaces as well and was no longer getting a connection. So

ip nat inside

is needed for the sub interfaces but not the interface being split by VLANs.

Flavio Miranda · ‎08-07-2023

Did you succeed connecting to the internet from the PC ?

walkerb4 · ‎08-07-2023

Yes I did. WiFi turned off with full wired connection. I appreciate your help very much.
The only other question I have would be why my DHCP configuration for my switch is not working correctly? I have to set my IP statically through control panel because when DHCP is turned on, I am given an address not in the VLANs range. Could my configuration be incorrect? I have seen some things regarding

ip helper-address

through my research but do not know how that would be used.

Flavio Miranda · ‎08-07-2023

The DHCP part is pretty easy.

Not sure if you can do this on the switch. If the switch is only layer2 it will not support DHCP service. But you can surelly do it on the router.

Let me share a script for you.

ip dhcp excluded-address 192.168.10.254

ip dhcp excluded-address 192.168.20.254




!

ip dhcp pool VLAN10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.254

dns-server 8.8.8.8

!

!

!

ip dhcp pool VLAN20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.254

dns-server 8.8.8.8

!

!

Thw

ip helper-address

would be required if you had a external DHCP server, for example. On this case, on the subinterface you should add this command pointing to the DHCP server.

But, by using the router as DHCP server, it would not be necessary.

walkerb4 · ‎08-07-2023

Script was applied to the router and It is working perfectly. I greatly appreciate your help! Thank you once again.

Flavio Miranda · ‎08-07-2023

You are welcome @walkerb4

If all is good from your side, please, accpect the solution and help others with similar doubts.

But you can keep asking in case you need more assistance.

Good job!