Yes, Internet is working on phones I think.  Unless it is bypassing internet and just working on the FXO port, which now that I think about it, this is probably what it is doing.

Here is a general topology of my setup:

Cable Modem <---> Linksys router <----> Cisco Router <---> Cisco Switch <---> Cisco Phones

- Linksys is using a 192.168.1.0/24 network

- Cisco Router has nat setup, and is able to do pings on the internet and seems to connect well with the Linksys router.

- I believe the switch has 10.10.10.10.0 network and is assigning the phones IPs from that network range.  I am not sure how the 10.10.20.0/24 and 10.10.30.0/24 networks are setup working as I am new and still learning what VLAN and NAT are configured and do exactly.  I understand the basic theory of it.

Computers are hooked up to the Linksys Router directly, but I would like to hookup devices to switch when it is working.

My configs are attached.

On Router change the config as below to work :

interface GigabitEthernet0/1

no ip address 

no shutdown

!

interface GigabitEthernet0/1.30

ip address 10.10.30.1 255.255.255.0

encapsulation dot1Q 30

ip nat inside

!

interface GigabitEthernet0/1.10

description ROUTER INTERFACE FOR DATA VLAN$FW_INSIDE$

encapsulation dot1Q 10

ip address 10.10.10.1 255.255.255.0

ip nat inside

!

interface GigabitEthernet0/1.20

description ROUTER INTERFACE FOR CME VOICE VLAN$FW_INSIDE$

encapsulation dot1Q 20

ip address 10.10.20.1 255.255.255.0

ip nat inside

I will also change ACCESS List as below for NAT

access-list 10 permit 10.10.10.0 0.0.0.255

access-list 10 permit 10.10.20.0 0.0.0.255

access-list 10 permit 10.10.30.0 0.0.0.255

no ip nat inside source list 1 interface GigabitEthernet0/0 overload

ip nat inside source list 10 interface GigabitEthernet0/0 overload

Then connect to PC to one of port and test and let us know.

Note : on the switch add VLAN 30 to trunk allowed list.

Hello,

make the changes marked in bold to your router configuration:

Current configuration : 8352 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
enable secret 8 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
aaa new-model
!
aaa session-id common
!
clock timezone EST -5 0
clock summer-time EDT recurring
no network-clock-participate wic 0
!
dot11 syslog
ip source-route
!
ip cef
!
ip dhcp excluded-address 10.10.20.1 10.10.20.12
ip dhcp excluded-address 10.10.10.1 10.10.10.12
!
ip dhcp pool DATA_SCOPE
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1

dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool VOICE_SCOPE
import all
network 10.10.20.0 255.255.255.0
default-router 10.10.20.1

option 150 ip 10.10.20.1
!
ip domain name r1.xxx.com
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-XXXXXXXXXX
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-XXXXXXXXXX
revocation-check none
rsakeypair TP-self-signed-XXXXXXXXXX
!
crypto pki certificate chain TP-self-signed-XXXXXXXXXX
certificate self-signed 01
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX XXXXXXXX
XXXXXXXX XXXXXXXX XXXXXXXX XXXX
quit
!
license udi pid CISCO3825 sn XXXXXXXX
username acetech privilege 15 secret 8 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
redundancy
!
controller T1 0/0/0
!
controller T1 0/0/1
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 10.10.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.10
description ROUTER INTERFACE FOR DATA VLAN$FW_INSIDE$
encapsulation dot1Q 10
ip address 10.10.10.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.20
description ROUTER INTERFACE FOR CME VOICE VLAN$FW_INSIDE$
encapsulation dot1Q 20
ip address 10.10.20.1 255.255.255.0
ip nat inside
!
interface Async0/1/0
no ip address
encapsulation slip
!
ip forward-protocol nd
ip http server
ip http access-class 1
ip http authentication aaa
ip http secure-server
ip http path flash:/gui
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
access-list 1 permit 10.10.0.0 0.0.255.255
!
line con 0
line aux 0
line 0/1/0
stopbits 1
speed 115200
flowcontrol hardware
line vty 0 4
exec-timeout 60 0
transport input ssh
line vty 5 15
exec-timeout 60 0
transport input ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp server pool.ntp.org
end

I made the changes that you suggested to the router but it seems the switch is still unreachable from the router and the switch is not able to get access to the Internet.

If I ping google.com from the switch, it is using the domain server as 255.255.255.255.  I am not sure that is right and the ping is failing.

If I ping google.com from the router it is successful.

What is the proper way to connect to the switch from the router?  I assume it is something like ssh 10.10.30.1, correct?

Another thing that may be of interest is if I try to SSH to 10.10.10.1 or 10.10.20.1 from the router, it does a loopback and gives me a login to the router but not the switch.  I am not really sure what the IP of the switch is or how to access it.  Is it possible that it is now setup correctly and I am just not accessing the switch in the right manner?

Hello

---

@jpanzica747 wrote:

I made the changes that you suggested to the router but it seems the switch is still unreachable from the router and the switch is not able to get access to the Internet.

 

If I ping google.com from the switch, it is using the domain server as 255.255.255.255.  I am not sure that is right and the ping is failing.

 

If I ping google.com from the router it is successful.

 

What is the proper way to connect to the switch from the router?  I assume it is something like ssh 10.10.30.1, correct?

 

Another thing that may be of interest is if I try to SSH to 10.10.10.1 or 10.10.20.1 from the router, it does a loopback and gives me a login to the router but not the switch.  I am not really sure what the IP of the switch is or how to access it.  Is it possible that it is now setup correctly and I am just not accessing the switch in the right manner?

 

 

---

Sw
conf t
int vlan 1
no ip address

int vlan 10
ip address 10.10.10.248 255.255.255.0

no ip route 0.0.0.0 0.0.0.0 192.168.1.128
no ip default-gateway 192.168.1.1
no ip routing
ip default-gateway 10.10.10.1

line vty 0 15
login local
privilege level 15

You sir are awesome, thank you for the help.  I can now SSH from the router to the switch, by SSH'ing to the router from computer, then to switch via an SSH 10.10.30.248 command.  This makes working on the equipment so much easier without having to use a console cable.  I am able to ping 10.10.30.248 from my computer but not able to SSH to it directly.  It would be nice if I could just SSH directly to the switch from computer, do you have any recommendations on how to do this?

I hooked up laptop to a port on the switch and it is getting an IP and Internet is working on the laptop.  So that is a big progress.

I still am not able to do pings from IOS on the switch.  If I ping google.com it is trying to do so through 255.255.255.255.  Not sure if that is correct way it should be doing it or how to fix this or if it even needs to be fixed.

I also am not able to reach hosts on the switch from hosts on the linksys router.  For example, I have the laptop working on a port hooked up to the switch with IP of 10.10.10.14 and computer on linksys router with IP of 192.168.1.2 and a traceroute from the 192.168.1.2 shows it reaching the cisco router at 192.168.1.128, but times out from there.

Hello,

I might have missed that, but where in your topology is the Linksys router ? How is it connectec (to the switch I assume) ?

For the SSH access, have you generated the RSA key ?

S1(config)# crypto key generate rsa 1024

And for the domain name pinging, try and configure:

S1(config)#ip name-server 8.8.8.8
S1(config)#ip domain lookup

Can you post again full modified config to verify.

Hey guys, I redid the network setup some thinking it would help to get everything working and it took me a while to get back to the point I was before.  I re-read your posts and it seems you guys are suggesting that I have my router hooked up to the switch.  I actually have the following topology:

Cable Modem <=> Linksys Router <=> Cisco Router <=> Cisco Switch

I have most of my hosts connected to the Linksys router.  When I get more familiar with Cisco equipment may migrate hosts over to the Cisco router.  I am able to ping the internet from the switch IOS interface.  I beleive that is because NAT is working.  I am however not able to communicate to hosts from the Linksys router to the Cisco router, or vice versa.  The traceroute from a host on the linksys router reaches the cisco router and is dropped from there.  The traceroute from the cisco switch, to a host on the linksys router, seems to not even make it to the next hop, which is the cisco router.  Sorry if that is long winded, I am just trying to explain all the details of what is going on.  I think it is some kind of routing issue, I am just not sure what though.

Here is some of the relevant config on my switch:

!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending

interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 20
spanning-tree portfast

interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,55,77
switchport mode trunk

interface Vlan1
ip address 10.10.30.248 255.255.255.0
!
interface Vlan10
ip address 10.10.10.248 255.255.255.0
!
ip default-gateway 10.10.30.248
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.1.100
ip http server
ip http secure-server

And relevant config on the router:

interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
ip address 10.10.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.10.1.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
access-list 1 permit any
access-list 1 permit 10.10.0.0 0.0.255.255

The IP of the Linksys router is 10.10.1.1/24.

Any help to get this working so hosts between devices can talk to each other is appreciated.  I imagine I am missing a static route somewhere.  I am also learning about RIP and OSPF but don't know how to use it very well and imagine that could possibly get things working.