Solved: VLAN Routing problem encountered

francisgamo · ‎05-14-2012

All experts, I need your help with my problem.

My set up in actual world is 1 CISCO 1841 router and Layer 3 CISCO SGE2000-G5 switch

Here are my VLANs in database. - in packet tracer only

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/6, Fa0/7, Fa0/8, Fa0/9

Fa0/10, Fa0/11, Fa0/12, Fa0/13

Fa0/14, Fa0/15, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23, Fa0/24, Gig1/1

Gig1/2

10 Intenet active Fa0/4

20 NO_INTERNET active Fa0/2, Fa0/3

30 PRINTERS active Fa0/5

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

I configured those VLANs in cisco router via trunk/ (router on a stick configuration)

I want VLAN 10 would be the only allowed to connect to WAN, VLAN 20 to users who are not allowed to use internet and VLAN 30 for printers.

i'm planning to create another VLAN for servers as well with internet.

now here are my configuration. in packet tracer only.

ip dhcp excluded-address 77.110.87.113 - VLAN 10

ip dhcp excluded-address 192.168.1.1 - VLAN 20

ip dhcp excluded-address 192.168.1.75 - VLAN 30

!

ip dhcp pool vlan10

network 77.110.87.112 255.255.255.240

default-router 77.110.87.113

ip dhcp pool VLAN20

network 192.168.1.0 255.255.255.192

default-router 192.168.1.1

ip dhcp pool VLAN30

network 192.168.1.64 255.255.255.240

default-router 192.168.1.75

!

spanning-tree mode pvst

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 77.110.87.113 255.255.255.240

ip helper-address 77.110.87.113

ip nat inside

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 192.168.1.1 255.255.255.192

ip helper-address 192.168.1.1

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 192.168.1.75 255.255.255.240

ip helper-address 192.168.1.75

!

interface Serial0/0/0

ip address 10.1.1.2 255.255.255.252

ip nat outside

!

interface Vlan1

no ip address

shutdown

!

router rip

version 2

redistribute static

network 10.0.0.0

network 77.0.0.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.1.1 - asuming this is the ISP

!

end

they are working fine but could anybody tell me what would be the best configuration other that mine because i'm not sure if these configuration are correct and gonna work in actual set up.

thanks in advance

Giuseppe Larosa · ‎05-14-2012

Hello Francis,

NAT configuration is not complete

you would need an ACL and a NAT statement

example:

config t

access-list 101 remark NAT ACL

access-list 101 deny ip 77.110.87.112 0.0.0.0.15 192.168.1.0 0.0.0.63

access-list 101 deny ip 77.110.87.112 0.0.0.0.15 192.168.1.64 0.0.0.15

access-list 101 deny ip 77.110.87.112 0.0.0.0.15

access-list 101 permit ip 77.110.87.112 0.0.0.0.15 any

ip nat inside source list 101 interface ser0/0/0 overload

Note:

also the ip helper-address commands that you have put are useless

Hope to help

Giuseppe

View solution in original post

Giuseppe Larosa · ‎05-14-2012

Hello Francis,

NAT configuration is not complete

you would need an ACL and a NAT statement

example:

config t

access-list 101 remark NAT ACL

access-list 101 deny ip 77.110.87.112 0.0.0.0.15 192.168.1.0 0.0.0.63

access-list 101 deny ip 77.110.87.112 0.0.0.0.15 192.168.1.64 0.0.0.15

access-list 101 deny ip 77.110.87.112 0.0.0.0.15

access-list 101 permit ip 77.110.87.112 0.0.0.0.15 any

ip nat inside source list 101 interface ser0/0/0 overload

Note:

also the ip helper-address commands that you have put are useless

Hope to help

Giuseppe

francisgamo · ‎05-14-2012

Thanks a lot for replying to my post. what does ip helper do in that statement sir? according to my friend this is just for creating dhcp.

by the way how to give cridet to every helpful answer?

Thanks in advance sir

Giuseppe Larosa · ‎05-14-2012

Hello Francis,

thanks for your kind remarks.

the ip helper-address allows a router or multilayer switch to act as a DHCP relay agent.

The DHCP request message sent by clients is sent to address broadcast 255.255.255.255 and cannot be routed to another IP subnet. It can be converted by using the

ip helper-address

command under the SVI interface or router subinterface. This enables the DHCP relay function and allows to convert the unroutable DHCP requests in routable packets with a destination that is the IP address of the remote DHCP server. The DHCP relay agent network device populates an internal field with the IP address of the router subinterface on which the original DHCP request has been received (GI address). In this way the remote DHCP server can use this info to pick up a free IP address ( if any) from the appropriate DHCP pool. The DHCP server answers to the DHCP relay agent that can send out the DHCP offer ( containing the assigned IP address) to the client.

Your router is acting as DHCP server locally so you don't need those ip helper-address commands on router subinterfaces. Also when used the ip helper-address command contains an IP address that is not the same as that of the subinterface on which it is applied but that of a remote server.

Hope to help

Giuseppe

francisgamo · ‎05-15-2012

Thank you very much for that info Sir, your answers are really a big help for me beacuse i'm just a beginner and currently having my training in CCNA. if i encounter new problems I hope that it would still be welcomed.

regards

Francis