12-06-2017 09:00 PM - edited 03-05-2019 09:36 AM
I would like to ask some help to fix my configuration by using Multiple DHCP with internet access.
Currently my configuration below is connected to multiple dhcp unfortunately unsuccessful Internet access.
Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat outside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
username fair password 0 fairship
!
!
interface FastEthernet0/0
description Link_to_ISP$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat inside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat outside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
ip http server
!
control-plane
!
line con 0
password fairshipping
logging synchronous
login
line aux 0
line vty 0 4
password fairshipping
logging synchronous
login local
!
end
Solved! Go to Solution.
12-07-2017 01:10 AM
Hello,
I have made a few additions to your configuration (in bold):
Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
username fair password 0 fairship
!
interface FastEthernet0/0
description Link_to_ISP$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat inside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
access-list 1 permit 192.168.10.0
access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
password fairshipping
logging synchronous
login
line aux 0
line vty 0 4
password fairshipping
logging synchronous
login local
12-08-2017 05:36 AM
Hello,
do your clients get an IP address ? You might want to add:
interface FastEthernet0/17
switchport access vlan 10
description access-port
spanning-tree portfast
to all the access ports.
12-07-2017 01:10 AM
Hello,
I have made a few additions to your configuration (in bold):
Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
username fair password 0 fairship
!
interface FastEthernet0/0
description Link_to_ISP$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat inside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
access-list 1 permit 192.168.10.0
access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
password fairshipping
logging synchronous
login
line aux 0
line vty 0 4
password fairshipping
logging synchronous
login local
12-08-2017 04:11 AM
I already applied the configuration unfortunately still not working, but i try it again tomorrow. Thanks for your response i hope you can reply my inquiries until i success this configuration. I also include my Switch config below.
Switch
Building configuration...
Current configuration : 5369 bytes
!
! Last configuration change at 14:25:32 GMT+8 Tue Aug 18 2015
! NVRAM config last updated at 14:13:48 GMT+8 Tue Aug 18 2015
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname fair_switch
!
boot-start-marker
boot-end-marker
!
enable password f@1r
!
no aaa new-model
clock timezone GMT+8 8 0
!
!
crypto pki trustpoint TP-self-signed-2967729024
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2967729024
revocation-check none
rsakeypair TP-self-signed-2967729024
!
crypto pki certificate chain TP-self-signed-2967729024
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393637 37323930 3234301E 170D3933 30333031 30303030
35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363737
32393032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A994 D09FA408 93DB36BB EB73F0E5 7B4E8FEE A19B52D4 345628F8 C1E7967D
1E4B5AFD B5B4CB26 9E80D684 8CE610CA A2313E38 04E053BC 21CC4660 B7694029
7E8FA283 65B72EFE 6D884BF1 1111F005 92734180 34B7C4F8 35F7DFD8 41D40037
668EEB24 23430096 8AF4C5B7 926E09A8 0C17E30B CD95A0DE 3F68D3EE 2FE75B5B
0A710203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 143DD2B4 5967CBE7 F732A40D 05A6F94D 1564072A 54301D06
03551D0E 04160414 3DD2B459 67CBE7F7 32A40D05 A6F94D15 64072A54 300D0609
2A864886 F70D0101 05050003 8181009F D800E049 CEC8977B F8C672B6 AB6F791E
5DD70B9D 1BA8E7D5 65326C3A 32CE5A19 1328B4C7 AEEF2386 E787B996 DF904E86
AC347DF1 0BAA1B8C 8B75667C 8A990367 1E8C2DC2 0C5789C4 214717C2 DCD50244
5B30FD76 3FB9E159 2B472F6A 3509676C 5FCEACD7 F20FDC10 9FE3B1A5 1EAA223E
24F57C5E E3CF6D35 743F50F1 2F6E96
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet0/1
switchport mode trunk
description access-port
speed 100
duplex full
!
interface FastEthernet0/2
switchport access vlan 10
description access-port
!
interface FastEthernet0/3
switchport access vlan 10
description access-port
!
interface FastEthernet0/4
switchport access vlan 10
description access-port
!
interface FastEthernet0/5
switchport access vlan 10
description access-port
!
interface FastEthernet0/6
switchport access vlan 10
description access-port
!
interface FastEthernet0/7
switchport access vlan 10
description access-port
!
interface FastEthernet0/8
switchport access vlan 10
description access-port
!
interface FastEthernet0/9
switchport access vlan 10
description access-port
!
interface FastEthernet0/10
switchport access vlan 10
description access-port
!
interface FastEthernet0/11
switchport access vlan 10
description access-port
!
interface FastEthernet0/12
switchport access vlan 10
description access-port
!
interface FastEthernet0/13
switchport access vlan 10
description access-port
!
interface FastEthernet0/14
switchport access vlan 10
description access-port
!
interface FastEthernet0/15
switchport access vlan 10
description access-port
!
interface FastEthernet0/16
switchport access vlan 10
description access-port
!
interface FastEthernet0/17
switchport access vlan 10
description access-port
!
interface FastEthernet0/18
switchport access vlan 10
description access-port
!
interface FastEthernet0/19
switchport access vlan 10
description access-port
!
interface FastEthernet0/20
switchport access vlan 10
description access-port
!
interface FastEthernet0/21
switchport access vlan 10
description access-port
!
interface FastEthernet0/22
switchport access vlan 10
description access-port
!
interface FastEthernet0/23
switchport access vlan 10
description access-port
!
interface FastEthernet0/24
switchport access vlan 10
description access-port
!
interface FastEthernet0/25
switchport access vlan 10
description access-port
!
interface FastEthernet0/26
switchport access vlan 10
description access-port
!
interface FastEthernet0/27
switchport access vlan 10
description access-port
!
interface FastEthernet0/28
switchport access vlan 10
description access-port
interface FastEthernet0/29
switchport access vlan 20
description access-port
!
interface FastEthernet0/30
switchport access vlan 20
description access-port
!
interface FastEthernet0/31
switchport access vlan 20
description access-port
!
interface FastEthernet0/32
switchport access vlan 20
description access-port
!
interface FastEthernet0/33
switchport access vlan 20
description access-port
!
interface FastEthernet0/34
switchport access vlan 20
description access-port
!
interface FastEthernet0/35
switchport access vlan 20
description access-port
!
interface FastEthernet0/36
switchport access vlan 20
description access-port
!
interface FastEthernet0/37
switchport access vlan 20
description access-port
!
interface FastEthernet0/38
switchport access vlan 20
description access-port
!
interface FastEthernet0/39
switchport access vlan 20
description access-port
!
interface FastEthernet0/40
switchport access vlan 20
description access-port
!
interface FastEthernet0/41
switchport access vlan 20
description access-port
!
interface FastEthernet0/42
switchport access vlan 20
description access-port
!
interface FastEthernet0/43
switchport access vlan 20
description access-port
!
interface FastEthernet0/44
switchport access vlan 20
description access-port
!
interface FastEthernet0/45
switchport access vlan 20
description access-port
!
interface FastEthernet0/46
switchport access vlan 20
description access-port
!
interface FastEthernet0/47
switchport access vlan 20
description access-port
!
interface FastEthernet0/48
switchport access vlan 20
description access-port
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
!
ip http server
ip http secure-server
!
snmp-server community bl4ckf1b37 RO 99
snmp-server location FairShipping, Malate, Manila
snmp-server contact noc@blackfibersolutions.com
snmp-server chassis-id Cisco 2960
snmp-server enable traps tty
!
!
line con 0
line vty 0 4
password fairs
login
line vty 5 15
login
!
end
12-08-2017 05:36 AM
Hello,
do your clients get an IP address ? You might want to add:
interface FastEthernet0/17
switchport access vlan 10
description access-port
spanning-tree portfast
to all the access ports.
12-08-2017 07:14 PM
Thanks for your response, i will do your suggestion for my problem. I hope you still response my inquiry until i success this case.
Thank you again
12-09-2017 12:14 AM
My client got IP address even without spanning-tree portfast but as per your advise i include the spanning-tree portfast. Unfortunately upon applying this config below i still having bad result. Please see below my config for Router and Switch. And please correct my config.
==========
ROUTER
Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat outside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat outside
username fairs password 0 fairs
!
policy-map DROP
class BLOCKED
drop
!
interface FastEthernet0/0
description Link_to_BlackFiber$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat inside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat outside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
access-list 1 permit 192.168.10.0
access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
password fairs
logging synchronous
login
line aux 0
line vty 0 4
password fairs
logging synchronous
login local
!
end
==========
SWITCH
Switch
Building configuration...
Current configuration : 5369 bytes
!
! Last configuration change at 14:25:32 GMT+8 Tue Aug 18 2015
! NVRAM config last updated at 14:13:48 GMT+8 Tue Aug 18 2015
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname fair_switch
!
boot-start-marker
boot-end-marker
!
enable password f@1rs
!
no aaa new-model
clock timezone GMT+8 8 0
!
!
crypto pki trustpoint TP-self-signed-2967729024
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2967729024
revocation-check none
rsakeypair TP-self-signed-2967729024
!
crypto pki certificate chain TP-self-signed-2967729024
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393637 37323930 3234301E 170D3933 30333031 30303030
35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363737
32393032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A994 D09FA408 93DB36BB EB73F0E5 7B4E8FEE A19B52D4 345628F8 C1E7967D
1E4B5AFD B5B4CB26 9E80D684 8CE610CA A2313E38 04E053BC 21CC4660 B7694029
7E8FA283 65B72EFE 6D884BF1 1111F005 92734180 34B7C4F8 35F7DFD8 41D40037
668EEB24 23430096 8AF4C5B7 926E09A8 0C17E30B CD95A0DE 3F68D3EE 2FE75B5B
0A710203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 143DD2B4 5967CBE7 F732A40D 05A6F94D 1564072A 54301D06
03551D0E 04160414 3DD2B459 67CBE7F7 32A40D05 A6F94D15 64072A54 300D0609
2A864886 F70D0101 05050003 8181009F D800E049 CEC8977B F8C672B6 AB6F791E
5DD70B9D 1BA8E7D5 65326C3A 32CE5A19 1328B4C7 AEEF2386 E787B996 DF904E86
AC347DF1 0BAA1B8C 8B75667C 8A990367 1E8C2DC2 0C5789C4 214717C2 DCD50244
5B30FD76 3FB9E159 2B472F6A 3509676C 5FCEACD7 F20FDC10 9FE3B1A5 1EAA223E
24F57C5E E3CF6D35 743F50F1 2F6E96
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet0/1
switchport mode trunk
description access-port
speed 100
duplex full
!
interface FastEthernet0/2
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/25
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/26
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/27
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/28
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/29
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/30
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/31
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/32
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/33
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/34
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/35
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/36
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/37
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/38
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/39
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/40
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/41
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/42
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/43
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/44
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/45
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/46
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/47
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/48
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
!
ip http server
ip http secure-server
!
snmp-server community bl4ckf1b37 RO 99
snmp-server location FairS, Malate, Manila
snmp-server contact noc@blackfibersolutions.com
snmp-server chassis-id Cisco 2960
snmp-server enable traps tty
!
line con 0
line vty 0 4
password fairs
login
line vty 5 15
login
!
end
==========
12-09-2017 12:23 AM
Hello,
the 'ip nat inside' and 'ip nat outside' statements on your router are reversed. Change them to what I marked in bold below:
ROUTER
Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
username fairs password 0 fairs
!
policy-map DROP
class BLOCKED
drop
!
interface FastEthernet0/0
description Link_to_BlackFiber$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat inside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
access-list 1 permit 192.168.10.0
access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
password fairs
logging synchronous
login
line aux 0
line vty 0 4
password fairs
logging synchronous
login local
!
end
12-12-2017 06:03 PM
After configuration I ping my DNS 8.8.8.8 and 103.225.36.238 using telnet all has success rate 100 but my network connection still limited, i noticed while ping the DNS using cmd my result is "request time out" unlike before "unreachable". Also in my research, I recognized that our configuration for router/switch are correct but i can't understand the configuration still no internet access?
=ROUTER=
Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
username fairs password 0 fairs
!
interface FastEthernet0/0
description Link_to_BlackFiber$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat inside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
Access-list 1 permit 192.168.10.0
Access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
password fairs
logging synchronous
login
line aux 0
line vty 0 4
password fairs
logging synchronous
login local
!
end
=SWITCH=
Current configuration : 5369 bytes
!
! Last configuration change at 14:25:32 GMT+8 Tue Aug 18 2015
! NVRAM config last updated at 14:13:48 GMT+8 Tue Aug 18 2015
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname fair_switch
!
boot-start-marker
boot-end-marker
!
enable password f@1rsh1pp1ng
!
no aaa new-model
clock timezone GMT+8 8 0
!
!
crypto pki trustpoint TP-self-signed-2967729024
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2967729024
revocation-check none
rsakeypair TP-self-signed-2967729024
!
crypto pki certificate chain TP-self-signed-2967729024
certificate self-signed 01
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363737
32393032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
D800E049 CEC8977B F8C672B6 AB6F791E
5DD70B9D 1BA8E7D5 65326C3A 32CE5A19 1328B4C7 AEEF2386 E787B996 DF904E86
AC347DF1 0BAA1B8C 8B75667C 8A990367 1E8C2DC2 0C5789C4 214717C2 DCD50244
5B30FD76 3FB9E159 2B472F6A 3509676C 5FCEACD7 F20FDC10 9FE3B1A5 1EAA223E
24F57C5E E3CF6D35 743F50F1 2F6E96
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet0/1
switchport mode trunk
description access-port
speed 100
duplex full
!
interface FastEthernet0/2
switchport access vlan 10
description access-port
spanning-tree portfast
!
interface FastEthernet0/47
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1 (telnet)
ip address 103.225.36.250 255.255.255.252
!
ip http server
ip http secure-server
!
snmp-server community bl4ckf1b37 RO 99
snmp-server location FairShipping, Malate, Manila
snmp-server contact noc@blackfibersolutions.com
snmp-server chassis-id Cisco 2960
snmp-server enable traps tty
!
!
line con 0
line vty 0 4
password fairs
login
line vty 5 15
login
!
end
12-12-2017 10:40 PM
I share the details i had so can easily understand what i want supposed to do in my network.
1. Router= 1841 (1800 series)
2. Switch= 2960SF Catalyst
3. I need a separated network with both INTERNET ACCESS.
a. Network 1 = 192.168.10.1
b. Network 2 = 192.168.20.1
4. ISP Details(modem) - Direct
IP Address: 103.225.36.242
SM: 255.255.255.252
GW: 103.225.36.241
5. Router to Modem=fa0/0, Router to Switch=fa0/1
12-13-2017 12:11 AM
Hello,
the config looks good. If you can ping 8.8.8.8 you (obviously) have Internet access. What is the output of 'ipconfig /all' from one of the PCs on Vlan 10 or Vlan 20 ?
12-13-2017 12:33 AM
But if you ping 8.8.8.8 or 103.225.36.238 you have result "Request Time Out" also i noticed while checking the packet sent/received the sent was simultaneously responded unlike received has no responded. even google.com has rto result.
ipconfig /all for Vlan10
192.168.10.11
255.255.255.0
192.168.10.1
8.8.8.8
103.225.36.238
ipconfig /all for Vlan20
192.168.20.11
255.255.255.0
192.168.20.1
8.8.8.8
103.225.36.238
12-13-2017 01:00 AM
Hello,
you have this configured:
interface FastEthernet0/0
description Link_to_BlackFiber$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 103.225.36.241
Can you ping 103.225.36.241 from your router ?
12-13-2017 02:44 AM
After configuring please see the below ping result for 8.8.8.8, 103.225.36.238, 103.225.36.241, 103.225.36.242. What do you say about this result?
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/48/48 ms
========================================================
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 103.225.36.238, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
========================================================
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 103.225.36.241, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
========================================================
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 103.225.36.242, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
12-13-2017 04:02 AM
I was thinking the IP Address provided by our ISP is not allowed for DHCP Server maybe because the IP Address provided use for static IP address per workstation. Our current configuration having installed Static IP Address due to the 103.225.36.242 was distributed to 30 usable IP Addresses and but the installed static ip address we are using please see this below.
IP: 103.225.37.131 - my pc
SM: 255.255.255.224
GW: 103.225.37.129
DNS1:103.225.36.238
DNS2:103.225.36.226
Current Configuration (Static IP Address per workstation)
Building configuration...
Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
!
ip name-server 103.225.36.238
ip name-server 103.225.36.226
ip name-server 8.8.8.8
!
username fairs password 0 fairs
!
interface FastEthernet0/0
description Link_to_BlackFiber$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip address 103.225.36.249 255.255.255.252 secondary
ip address 103.225.37.129 255.255.255.224
ip nbar protocol-discovery
speed 100
full-duplex
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
ip http server
!
!
control-plane
!
!
line con 0
password fairs
logging synchronous
login
line aux 0
line vty 0 4
password fairs
logging synchronous
login local
!
end
12-13-2017 04:20 AM
Hello,
if these are routable public IP addresses of course you can statically assign them to your host. The only limitation is that the number of hosts is now limited to the number of public IP addresses you have available.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide