06-21-2019 04:39 AM - edited 06-21-2019 04:40 AM
Hi,
I have a basic set up that does not seem to be working as expected.
this is all physical set up which consist of:
Cisco Router - 1900
Switch - 2960-X
2 Win 10 Machines
Set up:
Router 1 - Fast0/0 - Ip 192.168.1.4 / 24
VLAN 99 - DG Ip 192.168.1.4
PC 1 - 192.168.1.3 / 24 / DG 192.168.1.1
PC 2 - 192.168.1.5 / 24 / DG 192.168.1.1
On the switch i have put all the interfaces on Vlan 99 with a DG of 192.168.1.4.
Each host can ping the each other but not the Router.
What i want to happen is on interface 0/1 on the router to connect to the internet via 192.168.1.1 - A dedicated RND IP for internet access so that the connected hosts in VLAN 99 can get out onto the internet via that route.
Can anyone shed some light on what the issue is.
Thanks.
A
06-21-2019 04:47 AM
SW1#show running-config
Building configuration...
Current configuration : 2072 bytes
!
! Last configuration change at 18:48:54 UTC Tue May 23 2000
! NVRAM config last updated at 16:04:54 UTC Tue May 23 2000
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ts-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
description Trunk to Router
switchport access vlan 99
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport access vlan 99
!
interface GigabitEthernet1/0/3
switchport access vlan 99
!
interface GigabitEthernet1/0/4
switchport access vlan 99
!
interface GigabitEthernet1/0/5
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 99
!
interface GigabitEthernet1/0/7
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
!
interface Vlan22
ip address 24.17.2.2 255.255.255.0
!
interface Vlan99
ip address 192.168.1.6 255.255.255.0
!
ip default-gateway 192.168.1.4
ip http server
ip http secure-server
!
!
!
!
line con 0
line vty 5 15
!
end
----------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
R1#show running-config
Building configuration...
Current configuration : 1088 bytes
!
! Last configuration change at 11:35:12 UTC Fri Jun 21 2019
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FCZ1928924S
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.4 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end
06-21-2019 05:08 AM - edited 06-21-2019 05:10 AM
Hello ACE_9,
there are two main issues that need to be fixed
A)
The switch interface to Router should be in access mode as you are not using a subinterface on the router
interface GigabitEthernet1/0/1
description Trunk to Router
switchport access vlan 99
switchport mode trunk
!
change it to
interface gi1/0/1
switchport mode access
Because the router has the following configuration
interface gi0/0
ip address 192.168.1.4 255.255.255.0
This will allow the PCs to ping the 192.168.1.4 IP address,
PCs need to use 192.168.1.4 as their default gateway for the reasons explained below.
B)
You have an address overlapping on the router between gi0/0 and gi0/1.
This configuration is not allowed
Your gi0/1 must have an IP address that is not part of 192.168.1.0/24 subnet that is associated to gi0/0.
for example
interface gi0/1
ip address 155.160.2.1 255.255.255.0
C)
you need a default route on R1 pointing to the internet for example
ip route 0.0.0.0 0.0.0.0 155.160.2.2
D)
Your internal LAN is a private RFC 1918 IP subnet that cannot be routed to the internet.
You would need to deploy NAT Network address Translation
int gi0/0
ip nat inside
int gi0/1
ip nat outside
exit
access-list 11 permit 192.168.1.0 0.0.0.255
ip nat inside source list 11 interface gi0/1 overload
Note:
I have used on gi0/1 a public IP address 155.160.2.0/24 consider this just an example you actually need to use the appropriate IP address for your scenario. The mask will likely be more specific like /30.
All internal addresses are translated to the gi0/1 IP address with the NAT configuration above,
Multiple hosts can access the internet because the overload keyword allows for PAT port based NAT
Hope to help
Giuseppe
06-21-2019 06:43 AM
Hi Giuesppe,
all devices can ping each-other now so its very close to working. But the issue is still with the hosts not being able to get out on the internet via 0/1. Like i said, i have been provided 192.168.1.1 as a way out to the internet through the production network and when i do the following config on a signle Win10 IP4 config:
192.168.1.2 / 24 - DG 192.168.1.1 i get internet out of that port, i want to supply that to the other machines within the small network i have built. Below is the config as per your notes:
!
! Last configuration change at 13:57:47 UTC Fri Jun 21 2019
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
!
!
license udi pid CISCO1921/K9 sn FCZ1928924S
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.4 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 155.160.2.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 11 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
access-list 11 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
End
------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
SW1#show running-config
Building configuration...
Current configuration : 2073 bytes
!
! Last configuration change at 21:37:41 UTC Tue May 23 2000
! NVRAM config last updated at 16:04:54 UTC Tue May 23 2000
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960x-24ts-l
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
description Trunk to Router
switchport access vlan 99
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 99
!
interface GigabitEthernet1/0/3
switchport access vlan 99
!
interface GigabitEthernet1/0/4
switchport access vlan 99
!
interface GigabitEthernet1/0/5
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 99
!
interface GigabitEthernet1/0/7
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
!
interface Vlan22
ip address 24.17.2.2 255.255.255.0
!
interface Vlan99
ip address 192.168.1.6 255.255.255.0
!
ip default-gateway 192.168.1.4
ip http server
ip http secure-server
!
!
!
!
line con 0
line vty 5 15
!
end
06-21-2019 08:00 AM - edited 06-21-2019 08:02 AM
Hello ACE_9,
if IP address 192.168.1.1 is your next-hop to the internet you need to change the configuration of the router as follows
interface gi0/0
description internal network
ip nat inside
ip address 192.168.24.1 255.255.255.0
interface gi0/1
description link to the internet
ip nat outside
ip address 192.168.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.1.1
access-list 12 permit 192.168.24.0 0.0.0.255
! change NAT configuration
no ip nat inside source list 11 interface gi0/1 overload
! add
ip nat inside source list 12 interface gi0/1 overload
You need also to change IP addresses and DG on all the PCs to use a 192.168.24.x/24 IP address and DG 192.168.24.1
You need also to change the Vlan 99 IP address on switch
interface vlan 99
ip address 192.168.24.6 255.255.255.0
exit
no ip default-gateway 192.168.1.4
ip default-gateway 192.168.24.1
The reason as I have explained before is that the router interfaces need to be in different IP subnets.
If we move 192.168.1.0/24 on the external gi0/1 interface the internal network on gi0/0 must be different like the one I proposed 192.168.24.0/24.
Hope to help
Giuseppe
06-21-2019 08:33 AM
Hi Giuseppe,
Your help has been upstanding, and it is all working with the hosts!! They all have connectivity. My next task will be to put them onto a windows 2019 server, I may need your help with this for DHCP but I will let you know once I got that installed. Have a great weekend!
Thanks,
ACE
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide