03-03-2019 10:09 AM
Hi all,
Currently studying for my ICND1 (it's actually tomorrow) and have a pretty decent running home lab.
I have set up a few vlans spanning three switches with a ROAS. I'm looking to use a second 1841 ISR as an edge router between my home lab and my personal network running off an Apple Airport Extreme.
The two biggest issues I'm facing are the inability to ping the outbound interface of the edge router and secondly how to configure said interface.
I am able to ping all R1 interfaces from any host, but have no connectivity to R2 and therefore the internet.
My thought process is to have ROAS for the vlan switching and management and use the other router for NAT purposes, I'm still learning so please go easy on me.
Below are the running configs:
R1#sh run
Building configuration...
Current configuration : 2664 bytes
!
! Last configuration change at 17:19:56 UTC Sun Mar 3 2019
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
ip dhcp smart-relay
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.0
ip dhcp excluded-address 192.168.0.2
ip dhcp excluded-address 192.168.1.0
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.2.0
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
ip dhcp excluded-address 192.168.3.0
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.3.2
!
ip dhcp pool VLAN101
network 192.168.1.0 255.255.255.0
default-router 192.168.1.2
dns-server 8.8.8.8
!
ip dhcp pool VLAN102
network 192.168.2.0 255.255.255.0
default-router 192.168.2.2
dns-server 8.8.8.8
!
ip dhcp pool VLAN103
network 192.168.3.0 255.255.255.0
default-router 192.168.3.2
dns-server 8.8.8.8
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FTX0951Z126
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.100.100 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.0.2 255.255.255.0
ip helper-address 192.168.100.100
!
interface FastEthernet0/0.100
ip helper-address 192.168.100.100
!
interface FastEthernet0/0.101
encapsulation dot1Q 101
ip address 192.168.1.2 255.255.255.0
ip helper-address 192.168.100.100
!
interface FastEthernet0/0.102
encapsulation dot1Q 102
ip address 192.168.2.2 255.255.255.0
ip helper-address 192.168.100.100
!
interface FastEthernet0/0.103
encapsulation dot1Q 103
ip address 192.168.3.2 255.255.255.0
ip helper-address 192.168.100.100
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface Serial0/0/0
ip address 192.168.101.100 255.255.255.0
no fair-queue
clock rate 128000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 125000
!
interface Serial0/1/0
no ip address
shutdown
!
router rip
version 2
network 192.168.0.0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
ip route 0.0.0.0 0.0.0.0 192.168.101.101
ip route 192.168.0.0 255.255.0.0 Serial0/0/0
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end
___________________________________________________________
R2#sh run
Building configuration...
Current configuration : 1518 bytes
!
! Last configuration change at 18:15:50 UTC Sun Mar 3 2019
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$tJVL$gmhxR78bNQysJmSDTtJJS.
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FTX1005Y23V
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
ip address 192.168.101.101 255.255.255.0
ip nat inside
ip virtual-reassembly in
no fair-queue
!
interface Serial0/0/1
no ip address
shutdown
clock rate 125000
!
interface Serial0/1/0
no ip address
shutdown
!
router rip
version 2
network 10.0.0.0
network 192.168.0.0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT_ADDRESSES interface FastEthernet0/1 overload
ip route 192.168.0.0 255.255.0.0 10.0.1.200
!
ip access-list standard NAT_ADDRESSES
permit 192.168.0.0 0.0.255.255
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
!
line con 0
password 7 094F471A1A0A
logging synchronous
line aux 0
line vty 0 4
password 7 094F471A1A0A
login
transport input all
!
scheduler allocate 20000 1000
end
_____________________________________________________________________________
S3#sh run
Building configuration...
Current configuration : 5533 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$OHZX$4j9XZbH631qM2Een/5rH21
!
!
!
no aaa new-model
system mtu routing 1500
vtp interface fa0/2
no ip domain-lookup
!
!
!
!
crypto pki trustpoint TP-self-signed-97243904
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-97243904
revocation-check none
rsakeypair TP-self-signed-97243904
!
!
crypto pki certificate chain TP-self-signed-97243904
certificate self-signed 01
[output cut]
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 103
!
interface FastEthernet0/4
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/5
switchport access vlan 103
!
[output cut]
!
interface FastEthernet0/48
switchport access vlan 103
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
!
interface Vlan101
description S1
ip address 192.168.1.1 255.255.255.0
!
interface Vlan102
description S2
ip address 192.168.2.1 255.255.255.0
!
interface Vlan103
description S3
ip address 192.168.3.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
!
vstack
banner motd ^UNAUTHORIZED USE PROHIBITED^
!
line con 0
password 7 060506324F41
login
line vty 0 4
password 7 060506324F41
login
line vty 5 15
login
!
end
03-03-2019 10:26 AM - edited 03-03-2019 10:28 AM
You have a default route on R1 pointing to 192.168.101.101 which is fine but on R2 you have a route for 192.168.0.0 255.255.0.0 pointing to 10.0.1.200.
What is 10.0.1.200 because R2 does not have an interface in that subnet ?
Also your RIP configuration, be aware that entering 192.168.0.0 does not include all the 192.168.x.x subnets because RIP is classful so that only covers 192.168.0.0/24 and not the other 192.168.x.0/24 subnets you have used on R1.
Jon
03-07-2019 08:53 AM
03-03-2019 11:09 AM
Here are things that I notice in your configs:
1) on R1 you have dhcp excluded addresses that include .0 such as
ip dhcp excluded-address 192.168.0.0
These addresses are the base address of the network and not host addresses and as such you do not need to exclude them. Excluding them does not create a problem. But they do not do any good and you should remove them.
2) you exclude addresses for 192.168.0.0. But I do not see any dhcp scope for 192.168.0.0.
3) You have 2 different interfaces which are trying to process for the native vlan
interface FastEthernet0/0
ip address 192.168.100.100 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.0.2 255.255.255.0
The physical interface has an IP address and so it would process for untagged frames from the native vlan. But you also configure F0/0.1 for the native vlan and give it a different IP address. You should not have 2 different interfaces both trying to process the native vlan. Decide which one you want to really process the native vlan and remove the other.
4) You have several sub interfaces configured with ip helper-address
ip helper-address 192.168.100.100
the helper address is used when the dhcp server is remote and the router needs to forward dhcp requests. But your router has the scopes and is acting as the dhcp server. So you do not need helper address on the router interfaces.
5) You configure this sub interface which suggests that it should have a vlan
interface FastEthernet0/0.100
ip helper-address 192.168.100.100
but there is no encapsulation command. So there is no vlan on this sub interface. I am not sure what you intended here but either you need to correct it or you need to remove it.
I also note that the IP address configured here duplicates the address of the physical interface. IOS should not allow that.
6) Under router rip you have a single network statement
network 192.168.0.0
I am not sure if you were thinking of this as 192.168.0.0/16 (to include each of the private address subnets). But IOS will treat it as 192.168.0.0/24. That network might or might not exist depending on how your solve 3). You want rip to advertise the networks on your vlans. So you need to have a network statement for each vlan network. And you certainly want rip to run on the serial interface. So you need to have a network statement for that network.
7) You have 2 static default routes configured that do the same thing. I don't know why you have both. You should remove one of them.
8) You have a static route for 192.168.0.0
ip route 192.168.0.0 255.255.0.0 Serial0/0/0
I am not clear where other networks in 192.168.0.0 are. But since this route sends them to the same place as the default route this route is not needed.
9) On R2 under router rip you have 2 network statements
network 10.0.0.0
network 192.168.0.0
I do not see a network 10.0.0.0 on this router. What is it supposed to be? If it is not real then remove it. My comment here about 192.168.0.0 is the same as 6) You need rip running at least on the serial interface and so need a network statement for that network.
10) you have this static route
ip route 192.168.0.0 255.255.0.0 10.0.1.200
My comment sort of relates to 8) asking where are these other networks supposed to be? And where is this next hop of 10.0.1.200?
11) On S3 I see multiple trunks and a few ports assigned to vlan 103. Are the vlans created correctly and are ports assigned to them?
12) You have 4 vlan interfaces configured on this switch. I am not sure why. It is not clear whether this switch is a layer 2 switch or a layer 3 switch. But I do not see ip routing enabled so it is certainly acting like a layer 2 switch. In which case it should have only a single vlan interface with an IP address.
HTH
Rick
03-07-2019 10:00 AM
03-07-2019 03:06 PM
Both Jon and I have asked about 10.0.1.200. In one response you say that
10.0.1.200 puts R2 on my home network
and in this most recent response you say that
The 10.0.1.200 address was assigned to R2
How is that address assigned to R2? Is it possibly the address learned by DHCP on Fa0/1? If not then neither Jon nor I can see how R2 would know how to relate to that address.
You have made a lot of changes. Perhaps it would be helpful if you post a fresh copy of show run so that we can see what is current in the config. It would also be helpful if you would post the output of the commands show ip route and of show arp.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide