Hello ACE_9,

there are two main issues that need to be fixed

A)

The switch interface to Router should be in access mode as you are not using a subinterface on the router

interface GigabitEthernet1/0/1

description Trunk to Router

switchport access vlan 99

switchport mode trunk

!

change it to

interface gi1/0/1

switchport mode access

Because the router has the following configuration

interface gi0/0

ip address 192.168.1.4 255.255.255.0

This will allow the PCs to ping the 192.168.1.4 IP address,

PCs need to use 192.168.1.4 as their default gateway for the reasons explained below.

B)

You have an address overlapping on the router between gi0/0 and gi0/1.

This configuration is not allowed

Your gi0/1 must have an IP address that is not part of 192.168.1.0/24 subnet that is associated to gi0/0.

for example

interface gi0/1

ip address 155.160.2.1 255.255.255.0

C)

you need a default route on R1 pointing to the internet for example

ip route 0.0.0.0 0.0.0.0 155.160.2.2

D)

Your internal LAN is a private RFC 1918 IP subnet that cannot be routed to the internet.

You would need to deploy NAT Network address Translation

int gi0/0

ip nat inside

int gi0/1

ip nat outside

exit

access-list 11 permit 192.168.1.0 0.0.0.255

ip nat inside source list 11 interface gi0/1 overload

Note:

I have used on gi0/1 a public IP address 155.160.2.0/24 consider this just an example you actually need to use the appropriate IP address for your scenario. The mask will likely be more specific like /30.

All internal addresses are translated to the gi0/1 IP address with the NAT configuration above,

Multiple hosts can access the internet because the overload keyword allows for PAT port based NAT

Hope to help

Giuseppe

Hi Giuesppe,

all devices can ping each-other now so its very close to working. But the issue is still with the hosts not being able to get out on the internet via 0/1. Like i said, i have been provided 192.168.1.1 as a way out to the internet through the production network and when i do the following config on a signle Win10 IP4 config:

192.168.1.2 / 24 - DG 192.168.1.1 i get internet out of that port, i want to supply that to the other machines within the small network i have built. Below is the config as per your notes:

!

! Last configuration change at 13:57:47 UTC Fri Jun 21 2019

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip name-server 8.8.8.8

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

cts logging verbose

!

!

license udi pid CISCO1921/K9 sn FCZ1928924S

!

!

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 ip address 192.168.1.4 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 ip address 155.160.2.1 255.255.255.0

 ip nat outside

 ip virtual-reassembly in

 shutdown

 duplex auto

 speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 11 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

!

!

access-list 11 permit 192.168.1.0 0.0.0.255

!

control-plane

!

!

!

line con 0

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 login

 transport input none

!

scheduler allocate 20000 1000

!

End

------------------------------------------------------------------------------------

-----------------------------------------------------------------------------------

SW1#show running-config

Building configuration...

Current configuration : 2073 bytes

!

! Last configuration change at 21:37:41 UTC Tue May 23 2000

! NVRAM config last updated at 16:04:54 UTC Tue May 23 2000

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SW1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

switch 1 provision ws-c2960x-24ts-l

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

!

!

vlan internal allocation policy ascending

!

!

!

!

!

!

interface FastEthernet0

 no ip address

!

interface GigabitEthernet1/0/1

 description Trunk to Router

 switchport access vlan 99

 switchport mode access

!

interface GigabitEthernet1/0/2

 switchport access vlan 99

!

interface GigabitEthernet1/0/3

 switchport access vlan 99

!

interface GigabitEthernet1/0/4

 switchport access vlan 99

!

interface GigabitEthernet1/0/5

 switchport access vlan 99

 switchport mode access

 spanning-tree portfast

!

interface GigabitEthernet1/0/6

 switchport access vlan 99

!

interface GigabitEthernet1/0/7

 switchport access vlan 99

 switchport mode access

 spanning-tree portfast

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

!

interface GigabitEthernet1/0/24

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface Vlan1

 no ip address

!

interface Vlan22

 ip address 24.17.2.2 255.255.255.0

!

interface Vlan99

 ip address 192.168.1.6 255.255.255.0

!

ip default-gateway 192.168.1.4

ip http server

ip http secure-server

!

!

!

!

line con 0

line vty 5 15

!

end

Hello ACE_9,

if IP address 192.168.1.1 is your next-hop to the internet you need to change the configuration of the router as follows

interface gi0/0

description internal network

ip nat inside

ip address 192.168.24.1 255.255.255.0

interface gi0/1

description link to the internet

ip nat outside

ip address 192.168.1.2 255.255.255.0

ip route 0.0.0.0 0.0.0.0 192.168.1.1

access-list 12 permit 192.168.24.0 0.0.0.255

! change NAT configuration

no ip nat inside source list 11 interface gi0/1 overload

! add

ip nat inside source list 12 interface gi0/1 overload

You need also to change IP addresses and DG on all the PCs to use a 192.168.24.x/24 IP address and DG 192.168.24.1

You need also to change the Vlan 99 IP address on switch

interface vlan 99

ip address 192.168.24.6 255.255.255.0

exit

no ip default-gateway 192.168.1.4

ip default-gateway 192.168.24.1

The reason as I have explained before is that the router interfaces need to be in different IP subnets.

If we move 192.168.1.0/24 on the external gi0/1 interface the internal network on gi0/0 must be different like the one I proposed 192.168.24.0/24.

Hope to help

Giuseppe

Hi Giuseppe,

Your help has been upstanding, and it is all working with the hosts!! They all have connectivity. My next task will be to put them onto a windows 2019 server, I may need your help with this for DHCP but I will let you know once I got that installed. Have a great weekend!

Thanks,

ACE