Right.

So the next thing is to tidy up the existing 3750 configuration.

First remove these routes so -

"no ip default-gateway 192.168.1.1"
"no ip route 172.23.1.0 255.255.255.0 192.168.1.5"
"no ip route 172.24.53.0 255.255.255.0 192.168.1.1"

because you only need the default route.

Then on your 1900 can you make these changes -

int gi0/1
no ip access-group 101 in

"no ip route 10.53.198.0 255.255.255.0 192.168.1.3"
"no ip route 172.23.1.0 255.255.255.0 192.168.1.5"
"ip route 172.23.1.0 255.255.255.0 192.168.1.2"

After you have done this can you make sure you can still get to the internet from existing subnets ie. not the AP one yet.

Your NAT configuration also needs updating but I don't want to change everything at once.

One other question.

If we needed to could you reboot the 1900 ?

Jon

all those in - i can reboot the 1900 if needed - i did get an ip

Okay, so almost there.

You are currently use vlan 2 to connect the existing 3750 to the 1900 but I would usually do a L3 connection.

However it will still work as is so up to you really but it may mean temporarily do a shut and no shut on the gi0/1 interface on the 1900.

So outstanding things -

1) don't know whether you have done this but on the new 3750 you need to allocate the AP ports into vlan 56 ie.

int gi<x/y>
switchport mode access
switchport access vlan 56
spanning-tree portfast

2) the acl 101 on the 1900 needs changing so -

no access-list 101

access-list 101 permit ip 172.23.1.0 0.0.0.255 any
access-list 101 permit ip 172.24.53.0 0.0.0.255 any

you need to add any other lines to the above acl for any other subnets you have internally although I am not sure there are any ?

You do not need a line for 192.168.1.0/24.

Once you have redone the acl can you do a "sh run" and make sure this line is still there -

"ip nat inside source list 101 interface gi0/0 overload"

The only thing left to do after this is to create a management vlan for your switches so you can remotely log into the new 3750.

Which vlan we use depends on whether we make the connection between the existing 3750 and the 1900 a L3 port or leave it as it and that is really up to you.

Jon

ok - made the acl changes - still nothing from the new switch - lets go with the l3 if you have time

I have the time if you do but what do you mean nothing from the new switch ?

If you are trying ping or anything from the switch itself it won't work as the switch does not have an IP yet.

How are you testing ?

Jon

you are right - forgot - was thinking the vlan handled it - using my laptop on a port on vlan 56

Okay if you are using a laptop in vlan 56 you should be working.

If not then -

1) can you ping the vlan 56 IP address on the existing 3750 ?

If not on that switch do a "sh ip int brief | inc Vlan" and see if it is up/up which it should be.

2) if you can ping that IP then from your laptop can you ping 192.168.1.5 ?

Jon

from the old (existing) and new switch my sh ip int brief | inc Vlan returns nothing

no 192.168.1.5 anywhere

Sorry I meant 192.168.1.1.

On the existing 3750 just do a "sh ip int br" and scroll down to the vlan entries.

You should see entries for the vlan interfaces you have created.

Did you use 172.23.1.0/24 for the new vlan 56 ?

Jon

old switch 

XWALGOMA-Entrance#sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up up
Vlan2 192.168.1.2 YES NVRAM up up
Vlan22 172.23.1.1 YES NVRAM administratively down down
Vlan53 172.24.53.1 YES NVRAM up up
FastEthernet2/0/1 unassigned YES unset up up

new switch

Vlan1 unassigned YES unset up up
Vlan56 172.23.150.1 YES manual up up

Okay I should have explained more clearly.

You don't create the vlan 56 L3 interface on the new switch or the DHCP pool if that is where you have configured it.

So -

1) delete the vlan 56 interface on the new switch -

"no int vlan 56"

and remove the DHCP pool if it is on there.

See last post for details.

Jon

ok

old switch

Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up up
Vlan2 192.168.1.2 YES NVRAM up up
Vlan53 172.24.53.1 YES NVRAM up up
Vlan56 172.23.1.1 YES manual up up

new switch

Vlan1                  unassigned      YES unset  up                    up 

That's better.

So is your laptop getting a 172.23.1.x IP ?

If so can you ping 172.23.1.1 ?

If you can then 192.168.1.1 ?

If yes can you ping an IP beyond the router ?

Jon

So is your laptop getting a 172.23.1.x IP ? - yes

If so can you ping 172.23.1.1 ? - yes

If you can then 192.168.1.1 ? - yes

If yes can you ping an IP beyond the router ? - no