Solved: Hi, adrian_tiamson1.

Adrian_T · ‎12-26-2016

Hi guys, I want to ask for your expertise to help me troubleshooting my simple topology, kindly refer to the image.

I have a connectivity from my DHCP pool but when I try to search in the internet it failed to reach google and I decided to capture connection in wireshark.

I tried to check the connectivity(ping) two WAN IP from our core network
120.189.31.133 : OK
120.189.31.134: Failed

Ping from Switch to
120.189.31.133 : Ok

8.8.8.8 : Ok

I have attached the trace file.

Thanks guys.

AllertGen · ‎01-09-2017

Hi, adrian_tiamson1.

The configuration of the swithc and the router should work. I see an error at the traceroute. The error code is referring to the problem with TCP/IP stack at the windows and to this solution: https://kb.datto.com/hc/en-us/articles/200555675-PING-transmit-failed-error-code-1231

Could you try it?

Also, could you do this 2 lines at the windows cmd?

ping 192.168.1.1
arp -a

Best Regards, Aleksander.

View solution in original post

paul driver · ‎01-09-2017

Hello

Apply nat to you subinterfaces on the rtr
Disable ip routing on the switch remove and two of the SVI interfaces for vlan 10/30 ( chose these two as they were in shutdown state)

RTR
interface FastEthernet0/1.10
ip nat inside

interface FastEthernet0/1.20
ip nat inside

interface FastEthernet0/1.30
ip nat inside

Switch
no interface Vlan10
no interface Vlan30
no ip routing
ip default-gateway 192.168.20.1

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

AllertGen · ‎12-26-2016

Hi, adrian_tiamson1.

Could you try this commands on Cisco router?

int fa0/0.10
 ip nat inside
int fa0/0.20
 ip nat inside
int fa0/0.30
 ip nat inside

And it would be better to not create vlan interfaces at the switch if your're using router as default gateway at the each vlan.

Best Regards.

Adrian_T · ‎12-26-2016

Hi AllertGen

I will execute the commands you suggests tomorrow, I would like also to know more what do you mean by

And it would be better to not create vlan interfaces at the switch if your're using router as default gateway at the each vlan.

Thank you and regards,

AllertGen · ‎12-26-2016

Hi, adrian_tiamson1.

It was about interfaces "interface vlan ##" at the swith. Somebody could use switch IP address in each vlan as gateway and get access to another vlan via it.

Best Regards.

Adrian_T · ‎12-27-2016

Thanks for that info, btw, I did try to execute the command and still not working.

I tried to ping from my WAN IP

router to .133 = Ok

Switch to .134 = ok

switch to .133 = failed

I will try to configure NAT in the router.

AllertGen · ‎12-28-2016

Hi.

Am I right that you did try to ping .133 and .134 from router and switch? What about dhcp client? I'm not sure that your switch could ping anything, because I don't see any routes at the switch configuration.

Best Regards.

Adrian_T · ‎12-28-2016

Hi AllertGen

Yes, I also did try to ping from my PC to

.134 = Ok

.133 = failed

I would welcome any correction in my configuration to make my topology work.

Regards,

Adrian

AllertGen · ‎12-29-2016

Hi.

Could you show output of the commands bellow?

route print - at the PC

tracert -d 120.189.31.133 - from PC

sh run - from router and swith (you can mask your IP addresses, passwords and any other sensetive information).

Edited:

btw, could you alslo give output of "ipconfig /all" from PC?

Adrian_T · ‎12-30-2016

Hi AllertGen

I'll give you and update for that one.

Adrian_T · ‎01-05-2017

Happy new year!

Sorry for the late reply,

Kindly refer to the attached file AllertGen

Router Config

ip subnet-zero
!
!
ip dhcp excluded-address 192.168.20.1 192.168.20.10
ip dhcp excluded-address 192.168.30.1 192.168.30.10
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool vlan20
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
   dns-server 203.211.152.66 210.193.2.66 8.8.8.8 8.8.4.4
!
ip dhcp pool vlan30
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1
   dns-server 203.211.152.66 210.193.2.66 8.8.8.8 8.8.4.4
!
ip dhcp pool vlan10
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 203.211.152.66 210.193.2.66 8.8.8.8 8.8.4.4
!
ip cef
mpls ldp logging neighbor-changes
!
interface FastEthernet0/0
description WAN
ip address 120.189.31.134 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.10
description to public lan
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/1.20
description to LOCAL LAN
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/1.30
description to WIFI
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
!
ip nat inside source list NAT_ADD interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 120.189.31.133
no ip http server
!
!
!
ip access-list extended NAT_ADD
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
!
end

Switch Config

Building configuration...
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 10,20,30
!
interface FastEthernet0/1
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/24
switchport trunk allowed vlan 10,20,30
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan10
ip address 192.168.1.2 255.255.255.0
no ip route-cache
shutdown
!
interface Vlan20
description lan
ip address 192.168.20.2 255.255.255.0
no ip route-cache
!
interface Vlan30
description Wifi
ip address 192.168.30.2 255.255.255.0
no ip route-cache
shutdown
!
ip http server
!
end

Tracert -d

Microsoft Windows [Version 10.0.14393]
(c) 2016 Microsoft Corporation. All rights reserved.

C:\Users\ets>tracert -d 120.189.31.133

Tracing route to 120.189.31.133 over a maximum of 30 hops

1 Transmit error: code 1231.

Trace complete.

Route Print

route print
===========================================================================
Interface List
5...f4 4d 30 90 e3 45 ......Realtek PCIe GBE Family Controller
1...........................Software Loopback Interface 1
4...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.210     35
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1 255.255.255.255         On-link         127.0.0.1    331
127.255.255.255 255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link     192.168.1.210    291
    192.168.1.210 255.255.255.255         On-link     192.168.1.210    291
    192.168.1.255 255.255.255.255         On-link     192.168.1.210    291
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link     192.168.1.210    291
255.255.255.255 255.255.255.255         On-link         127.0.0.1    331
255.255.255.255 255.255.255.255         On-link     192.168.1.210    291
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
1    331 ::1/128                  On-link
5    291 fe80::/64                On-link
5    291 fe80::e8e6:219b:b69b:7acb/128
                                    On-link
1    331 ff00::/8                 On-link
5    291 ff00::/8                 On-link
===========================================================================
Persistent Routes:
None

Thanks and regards,

Adrian

AllertGen · ‎01-09-2017

Hi, adrian_tiamson1.

The configuration of the swithc and the router should work. I see an error at the traceroute. The error code is referring to the problem with TCP/IP stack at the windows and to this solution: https://kb.datto.com/hc/en-us/articles/200555675-PING-transmit-failed-error-code-1231

Could you try it?

Also, could you do this 2 lines at the windows cmd?

ping 192.168.1.1
arp -a

Best Regards, Aleksander.

paul driver · ‎01-09-2017

Hello

Apply nat to you subinterfaces on the rtr
Disable ip routing on the switch remove and two of the SVI interfaces for vlan 10/30 ( chose these two as they were in shutdown state)

RTR
interface FastEthernet0/1.10
ip nat inside

interface FastEthernet0/1.20
ip nat inside

interface FastEthernet0/1.30
ip nat inside

Switch
no interface Vlan10
no interface Vlan30
no ip routing
ip default-gateway 192.168.20.1

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Intervlan Troubleshooting w/ Trace file wireshark