Connecting Cisco Catalyst 3560 to ADSL modem

begad.nashaat · ‎02-18-2015

I'm setting up a lab switch, 3560 to a DSL router/modem and i cannot seem to get the routing from VLAN100 to the DSL router/ modem to work.

int g0/1 is connected to the DSL router/ modem
int g0/10 is connect to the client (10.10.100.10)

From the 3560, I can ping the DSL router (192.168.1.1), the client (10.10.100.10) and I can ping the internet.

From the client connected to to the 3560, I can ping the g0/1 interface IP address (192.168.1.201), but not the DSL router (192.168.1.1).

From the DSL router, I can ping the internet and the 3560 g0/1 ip address (192.168.1.201) but cannot ping the client (10.10.100.10)

Client Configuration:

IP address :10.10.100.10

Subnet Mask: 255.255.255.0

Default Gateway:10.10.100.1

DNS :8.8.8.8

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 3560Lab1-DLS2

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1500

vtp domain TestLab

vtp mode transparent

ip routing

ip name-server 4.2.2.2

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 100

name Home_VLAN

!

interface GigabitEthernet0/1

description To DSL

no switchport

ip address 192.168.1.201 255.255.255.0

!

<snip>

!

interface GigabitEthernet0/10

description Client

switchport access vlan 100

switchport mode access

!

interface Vlan1

no ip address

shutdown

!

interface Vlan100

ip address 10.10.100.1 255.255.255.0

!

ip http server

ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Appreciate your help!!

Aaron Harrison · ‎02-19-2015

Hi

Your switch config looks fine. I would check these two things:

1) Your DSL router will need a route for 192.168.1.0 255.255.255.0 via 192.168.1.201

2) Your client will need it's default gateway set to 10.10.100.1.

I imagine 1) is your problem, as you said you can ping 192.168.1.201.

192.168.1.1 will not know where the 10.10.100.0 subnet is, so will send traffic to it to it's default gateway.

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Roberto Kippins · ‎02-19-2015

Hi, the dsl router will need a route back to the client network on the switch and if you are trying to get out to the internet from the client through the switch you got to make sure that the dsl router supports network address translation for the client network, the switch will be able to ping the internet because it is using it's g0/1 interface as the source address to send the ping.

begad.nashaat · ‎02-19-2015

After I have configured back route on the DSL modem (10.10.100.0/24 via 192.168.1.201), I can ping the ADSL modem (192.168.1.1) from the client (10.10.100.10), but I'm still couldn't access the internet.

Can you please share with me how to check if the ADSL modem supports network address translation for the client network (10.10.100.0/24) or not.

Best Regards,

Begad Ahmed

Jon Marshall · ‎02-19-2015

You need to login to the ADSL device and see what settings are available.

A lot of these modems will only NAT for directly connected networks. If that's the case you won't be able to get this to work because your switch does not support NAT.

If your modem doesn't do NAT for non connected networks you either need a router or you would have to have all your clients in the same vlan, the one that connects your switch to the modem.

Jon

begad.nashaat · ‎02-19-2015

I have three options under NAT configuration in the ADSL modem as shown in attached snapshots:

Virtual Server
DMZ Host

Can you please check them and let me know if they are useful to configure the NAT rules to match on 10.X.X.X subnet.

Jon Marshall · ‎02-19-2015

You say three but only have two snapshots attached.

The short answer is I don't know as this is a Cisco support site and that isn't a Cisco device.

The virtual server looks like it is used to present internal devices to the internet so users on the internet can access some of your devices.

But that isn't what you need.

You didn't include the port triggering screenshot so I can't comment on that

If you want to add it then i'll have a look.

Jon

Roberto Kippins · ‎02-19-2015

John is correct, most routers don't support address translation for non connected networks, and if they did support the feature you wouldn't see the option to nat the non connected networks but you would get out to the internet from the switch, the router's ability to nat all networks will be built in to the code. if you get a cisco router it would work :)