Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1506
Views
0
Helpful
8
Replies

IP Routing 3850 12s-2

Sadam
Level 1
Level 1

‎01-26-2018 10:56 PM - edited ‎03-05-2019 09:50 AM

Thanks for your help.

I need to connect internet to my network my ISP router IP 192.168.1.1

also share internet to my network vlan's

Vlan details.

Vlan 110 Data,120 IP-Phone,130 IP-CCTV,100 MGMT

 

 

Building configuration...

Current configuration : 4486 bytes
!
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 cisco@123
enable password cisco
!
username amps password 0 cisco
no aaa new-model
switch 1 provision ws-c3850-12s
!
!
!
!
!
ip routing
!
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport mode trunk
!
interface GigabitEthernet1/0/4
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport mode trunk
!
interface GigabitEthernet1/0/6
switchport mode trunk
!
interface GigabitEthernet1/0/7
switchport mode trunk
!
interface GigabitEthernet1/0/8
switchport mode trunk
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan110
ip address 192.168.110.1 255.255.255.0
!
interface Vlan120
ip address 192.168.120.1 255.255.255.0
!
interface Vlan130
ip address 192.168.130.1 255.255.255.0
!
interface Vlan100
ip address 172.168.100.1 255.255.255.0

Labels:
0 Helpful
8 Replies 8

M. G.
Level 1
Level 1

‎01-27-2018 12:56 AM

Hi ,

 

You need a default route pointing to your ISP (ip route 0.0.0.0 0.0 0.0.0.0 192.168.0.1) and your ISP needs to know how to reach you VLANs (needs to configure your switch to be  next hop for you LAN VLANs ). 

Second option is that you do NAT for all local VLANs to your ISP pointing IP. In that case default route is enough. 

regards, 
mg

0 Helpful

Sadam
Level 1
Level 1
In response to M. G.

‎01-27-2018 01:29 AM

Thanks for your help.
Now i can able to ping my router
configuration time i can ping 8.8.8.8 after the configuration done i can't ping 8.8.8.8
but still i can ping my router 192.168.1.1
also my edge sw sf300 not able ping 192.168.1.1

Vlan details.

Vlan 110 Data,120 IP-Phone,130 IP-CCTV,100 MGMT





Building configuration...

Current configuration : 4486 bytes
!
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 cisco@123
enable password cisco
!
username amps password 0 cisco
no aaa new-model
switch 1 provision ws-c3850-12s
!
!
!
!
!
ip routing
!
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport mode trunk
!
interface GigabitEthernet1/0/3
switchport mode trunk
!
interface GigabitEthernet1/0/4
switchport mode trunk
!
interface GigabitEthernet1/0/5
switchport mode trunk
!
interface GigabitEthernet1/0/6
switchport mode trunk
!
interface GigabitEthernet1/0/7
switchport mode trunk
!
interface GigabitEthernet1/0/8
switchport mode trunk
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
description *** Internet ***
no switchport
ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan110
ip address 192.168.110.1 255.255.255.0
!
interface Vlan120
ip address 192.168.120.1 255.255.255.0
!
interface Vlan130
ip address 192.168.130.1 255.255.255.0
!
interface Vlan100
ip address 172.168.100.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
0 Helpful

M. G.
Level 1
Level 1
In response to Sadam

‎01-27-2018 03:28 AM

You still need NAT in order to be able to reach outside with your VLAN ip subnets.  

 

interface GigabitEthernet1/0/x
 no switchport
 ip address x.x.x.x y.y.y.y
 ip nat outside


interface Vlan10x
 ip address x.x.x.x 255.255.255.0
 ip nat inside

interface Vlan11x
 ip address y.y.y.y 255.255.255.0
 ip nat inside

access-list 1 permit <VLAN 1xx IP subnets with wildcard> 

ip default-gateway 192.168.0.1
ip nat inside source list 1 interface GigabitEthernet1/0/x overload
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.254

 

 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎01-27-2018 05:33 AM

Hi, 

Below are the changes in your switch configuration:

 

Route:

IP route 0.0.0.0 0.0.0.0 192.168.1.1

 

Interface configuration on Switch which is connected to ISP router.

 

Interface gig x/x/x

Description "Connected to WAN-ISP router"

no switchport

IP address 192.168.1.2 255.255.255.0 <What is your subnet mask>

no shut

 

------

If no switch command will not work then 

 

VLAN 10

Name WAN Router Connection

!

!

Interface gig x/x/x

Description "Connected to WAN-ISP router"

switchport mode access

switchport access vlan 10

no shut

 

NAT:

I think NAT is already configured on ISP router because of its supply private IP to you. You must add your local subnet in NAT ACL on your ISP modem.  You can't configure NAT on this switch. If you are facing any difficulty then please share the ISP router configuration. We will help you. 

 

Regards,

Deepak Kumar

 

 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Sadam
Level 1
Level 1
In response to Deepak Kumar

‎01-27-2018 05:49 AM

I can't access the ISP router and also request to get the configuration about the ISP router

but i have checked the ISP router directly via laptop that will also ping only ISP router IP, Not able to ping google's DNS 8.8.8.8

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Sadam

‎01-27-2018 06:13 AM

Hi,

Please share the router model number and brand. Is it Cisco router? And reconnect your laptop direct to ISP modem and configure IP on your laptop as 

IP address: 192.168.1.3/255.255.255.0

Gateway: 192.168.1.1

DNS" 192.168.1.1/8.8.8.8

and run a CMD "Tracert 8.8.8.8" and share the Output.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

paul driver
VIP
VIP
In response to Sadam

‎01-27-2018 09:30 AM

Hello

your switch cannot perform NAT

and as such you need to be able to translate your vlan subnets but as your isp is providing the nat then you either need to add your vlan subnets to the isp plus some static routes  OR

 

add a rtr between your isp rtr and your switch and apply Nat on that

 

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Sadam
Level 1
Level 1
In response to paul driver

‎01-30-2018 12:19 AM

Thanks for your kind of replay.

Sorry for the delay frnds,

Now i can able ping 8.8.8.8 in my 3850 sw but not able to ping 8.8.8.8 in my sf300 sw.

 

this my sw conf details.

==================================
Cisco 3850 12s
==================================
Building configuration...

Current configuration : 5202 bytes
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 cisco@123
enable password cisco
!
username amps password 0 cisco@123
no aaa new-model
switch 1 provision ws-c3850-12s
!
!
!
!
!
ip routing
!
ip dhcp excluded-address 192.168.110.1
ip dhcp excluded-address 192.168.110.2 192.168.110.10
!
ip dhcp pool DATA
network 192.168.110.0 255.255.255.0
default-router 172.168.100.1
dns-server 8.8.8.8
!
!
qos queue-softmax-multiplier 100

diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
class non-client-nrt-class
bandwidth remaining ratio 10
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
negotiation auto
!
interface GigabitEthernet1/0/1
description *** Uplink From MEZFLR-SW3 ***
switchport mode trunk
!
interface GigabitEthernet1/0/2
description *** Uplink From GND-FLR-IDF1-SW1 ***
switchport mode trunk
!
interface GigabitEthernet1/0/3
description *** Uplink From GND-FLR-IDF1-SW2 ***
switchport mode trunk
!
interface GigabitEthernet1/0/4
description *** Uplink From GND-FLR-IDF2-SW1 ***
switchport mode trunk
!
interface GigabitEthernet1/0/5
description *** Uplink From 1ST-FLR-IDF3-SW1 ***
switchport mode trunk
!
interface GigabitEthernet1/0/6
description *** Uplink From 1ST-FLR-IDF4-SW1 ***
switchport mode trunk
!
interface GigabitEthernet1/0/7
description *** Uplink From 2ND-FLR-IDF6-SW1 ***
switchport mode trunk
!
interface GigabitEthernet1/0/8
description *** Uplink From 2ND-FLR-IDF5-SW1 ***
switchport mode trunk
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
description *** Internet ***
no switchport
ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan110
ip address 192.168.110.1 255.255.255.0
!
interface Vlan120
ip address 192.168.120.1 255.255.255.0
!
interface Vlan130
ip address 192.168.130.1 255.255.255.0
!
interface Vlan100
ip address 172.168.100.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
line con 0
login local
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login
!
wsma agent exec
profile httplistener
profile httpslistener
!
wsma agent config
profile httplistener
profile httpslistener
!
wsma agent filesys
profile httplistener
profile httpslistener
!
wsma agent notify
profile httplistener
profile httpslistener
!
!
wsma profile listener httplistener
transport http
!
wsma profile listener httpslistener
transport https
!
ap group default-group
end

==========================================
==========================================
Cisco SF300
==================================

config-file-header
MZFLR-IDF1-SW3
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch

file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 110,120,130-132,100
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname MZFLR-IDF1-SW3
enable password level 15 encrypted
username cisco password encrypted privilege 15
ip telnet server
!
interface vlan 100
ip address 172.168.100.2 255.255.255.0
no ip address dhcp
!
interface fastethernet1
switchport mode access
switchport access vlan 120

 

interface fastethernet19
switchport mode access
switchport access vlan 131
!
interface gigabitethernet1
switchport trunk allowed vlan add 110,120,130-132,100
!
interface gigabitethernet2
switchport mode access
switchport access vlan 120
!
interface gigabitethernet3
switchport trunk allowed vlan add 110,120,130-132,100
!
interface gigabitethernet4
switchport mode access
switchport access vlan 100
!
exit
ip default-gateway 172.168.100.1

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card