Solved: 2821 and 3550 with DHCP

shimabuku · ‎08-31-2013

For some reason I am unable to get o fut to the internet with my laptop. From the 2821 I can ping out just fine. I enabled DHCP on the 3550 and am able to pull a proper ip address. I also can ping the default gateway and router from my laptop but not any further. Currently I am stumped and have no clue what to do from here. Any help would be greatly appreciated. Below are the running configs for the switch and router.

----------------------------------------------------

WS-C3550-48-EMI

Building configuration...

Current configuration : 4341 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname SWITCH

!

username pepsi privilege 15 password 7 095F5B130C0E1E445E

no aaa new-model

ip subnet-zero

ip routing

ip dhcp excluded-address 10.0.2.1 10.0.2.99

!

ip dhcp pool VLAN100

network 10.0.2.0 255.255.255.0

default-router 10.0.2.1

dns-server 8.8.8.8

!

vtp mode transparent

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 99

name VLAN99

!

vlan 100

name VLAN100

!

interface FastEthernet0/47

switchport access vlan 100

switchport mode access

spanning-tree portfast

!

interface FastEthernet0/48

no switchport

ip address 10.0.1.2 255.255.255.0

!

interface Vlan1

no ip address

shutdown

!

interface Vlan100

ip address 10.0.2.2 255.255.255.0

no ip redirects

standby 1 ip 10.0.2.1

standby 1 preempt

!

ip default-gateway 10.0.1.1

ip classless

ip http server

ip http secure-server

----

SWITCH#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 2 subnets

C 10.0.2.0 is directly connected, Vlan100

C 10.0.1.0 is directly connected, FastEthernet0/48

----------------------------------------

CISCO2821

Building configuration...

Current configuration : 1471 bytes

!

! Last configuration change at 07:01:26 UTC Thu Aug 29 2013 by nohara

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ROUTER

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

dot11 syslog

ip source-route

!

ip cef

!

no ipv6 cef

!

multilink bundle-name authenticated

!

voice-card 0

!

crypto pki token default removal timeout 0

!

license udi pid CISCO2821 sn FTX1112A4EE

username pepsi privilege 15 password 7 105D1C03101C1B5D59

!

redundancy

!

interface GigabitEthernet0/0

description <==WAN==>

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/1

description <==LAN==>

ip address 10.0.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 1 interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

ip route 10.0.2.0 255.255.255.0 GigabitEthernet0/1

!

logging esm config

access-list 1 permit 10.0.1.0 0.0.0.255

access-list 1 permit 10.0.2.0 0.0.0.255

-----

Router#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 10.0.1.0/24 is directly connected, GigabitEthernet0/1

L 10.0.1.1/32 is directly connected, GigabitEthernet0/1

S 10.0.2.0/24 is directly connected, GigabitEthernet0/1

S 10.100.0.1/32 [254/0] via 99.91.24.1, GigabitEthernet0/0

99.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 99.91.24.0/21 is directly connected, GigabitEthernet0/0

L 99.91.29.77/32 is directly connected, GigabitEthernet0/0

Peter Paluch · ‎08-31-2013

Hi,

There are a few configuration issues in your network.

On the switch, remove the ip default-gateway command and replace it with ip route 0.0.0.0 0.0.0.0 10.0.1.1. As soon as you activate IP routing on your switch, the ip default-gateway command is ignored. You can also see in the show ip route output on the switch that there is no default gateway/default route present. The ip default-gateway command is used only when the IP routing is disabled on a device.
On the router, the routing is configured improperly. It is not recommended to define static routes that point out Ethernet (or any other multi-access) interfaces. This makes the router rely on ProxyARP functionality in the neighboring routers which may not be activated, and increases the ARP load and cache size. Therefore, on the router, remove both ip route 10.0.2.0 255.255.255.0 gi0/1 and ip route 0.0.0.0 0.0.0.0 gi0/0 commands, and replace them with:

ip route 10.0.2.0 255.255.255.0 10.0.1.2
ip route 0.0.0.0 0.0.0.0 dhcp

Try it out and let us know please.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎08-31-2013

Hi,

I've spotted one more configuration error on your router - the NAT is configured incorrectly. Remove the line

ip nat inside source list 1 interface GigabitEthernet0/1 overload

and replace it with

ip nat inside source list 1 interface GigabitEthernet0/0 overload

You do not need to change the DHCP server settings - they have no impact on your current connectivity.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎08-31-2013

Hi,

There are a few configuration issues in your network.

On the switch, remove the ip default-gateway command and replace it with ip route 0.0.0.0 0.0.0.0 10.0.1.1. As soon as you activate IP routing on your switch, the ip default-gateway command is ignored. You can also see in the show ip route output on the switch that there is no default gateway/default route present. The ip default-gateway command is used only when the IP routing is disabled on a device.
On the router, the routing is configured improperly. It is not recommended to define static routes that point out Ethernet (or any other multi-access) interfaces. This makes the router rely on ProxyARP functionality in the neighboring routers which may not be activated, and increases the ARP load and cache size. Therefore, on the router, remove both ip route 10.0.2.0 255.255.255.0 gi0/1 and ip route 0.0.0.0 0.0.0.0 gi0/0 commands, and replace them with:

ip route 10.0.2.0 255.255.255.0 10.0.1.2
ip route 0.0.0.0 0.0.0.0 dhcp

Try it out and let us know please.

Best regards,

Peter

shimabuku · ‎08-31-2013

Still no dice, unable to ping out via fa0/47 on the switch. Would it make a difference if I moved DHCP service to the router instead and have the switch relay it via helper-address?

shimabuku · ‎08-31-2013

ROUTER#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

+ - replicated route, % - next hop override

Gateway of last resort is 99.91.24.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 99.91.24.1

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C 10.0.1.0/24 is directly connected, GigabitEthernet0/1

L 10.0.1.1/32 is directly connected, GigabitEthernet0/1

S 10.0.2.0/24 [1/0] via 10.0.1.2

S 10.100.0.1/32 [254/0] via 99.91.24.1, GigabitEthernet0/0

99.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 99.91.24.0/21 is directly connected, GigabitEthernet0/0

L 99.91.29.77/32 is directly connected, GigabitEthernet0/0

---------------------------

SWITCH#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.0.1.1 to network 0.0.0.0

10.0.0.0/24 is subnetted, 2 subnets

C 10.0.2.0 is directly connected, Vlan100

C 10.0.1.0 is directly connected, FastEthernet0/48

S* 0.0.0.0/0 [1/0] via 10.0.1.1

Peter Paluch · ‎08-31-2013

Hi,

I've spotted one more configuration error on your router - the NAT is configured incorrectly. Remove the line

ip nat inside source list 1 interface GigabitEthernet0/1 overload

and replace it with

ip nat inside source list 1 interface GigabitEthernet0/0 overload

You do not need to change the DHCP server settings - they have no impact on your current connectivity.

Best regards,

Peter

shimabuku · ‎08-31-2013

Spot on Peter! Appreciate the help! Just for the practice, I adjusted the switch to be the DHCP relay and the router as the DHCP server. This also worked by removing the ip dhcp statements and removing the standby statements from VLAN 100. I just added the helper-address to VLAN 100 and put the ip dhcp statements on the router. Which is the preferred method? Switch as the dhcp relay or switch as dhcp server?

Peter Paluch · ‎08-31-2013

Hi,

It is good to know things are working! Thank you

Which is the preferred method? Switch as the dhcp relay or switch as dhcp server?

I do not have any definitive answer. In my opinion, this depends strongly on the topology of your network - how many LANs with DHCP clients you have and where are they located. The usage of DHCP Relay basically leads towards the concept of a centralized DHCP - have a single DHCP server for multiple (V)LANs at some central location where it is accessible from all (V)LANs. If you have only a single VLAN, or only a handful of VLANs that are all terminated on a single L3 distribution switch then it is easiest to create the DHCP server on that switch. If you have a number of VLANs spread over more L3 distribution switches, it is easier to maintain a central DHCP server and use the DHCP Relay feature.

Would this answer your question? Please feel welcome to ask further!

Best regards,

Peter

Syed Aman Hussain · ‎09-01-2013

first create your network digram and understand it , then you can take any decision as per your network diagram,

regarding your network , DHCP relay basically leads towards the concept of a centralized DHCO.

Single DHCP server for multiple vlans at some central locatio.

Rate the helpfull post

Peter Paluch · ‎09-01-2013

Hello Aman,

Thank you for joining the discussion.

I have noticed you have recently joined multiple discussions on Cisco Support Community. Each time, you have simply quoted parts of other poster's responses and asked for rating. I am, honestly speaking, confused about the reason you are doing this. I apologize if this remark is offending but the way you are behaving gives an impression that you are basically stealing other people's ideas and ask to be rated for them - and that would be most rude and inappropriate. I am not accusing you of doing that - I am only telling you how your postings look like.

If you want to direct others to the answers you personally consider correct and ask people to rate those posters who gave correct answers, then by all means - they all deserve their ratings. However, it is sufficient to simply write whose answer you consider to be correct, and it is neither required nor useful to quote what others have written. Taking out parts of other poster's answers and presenting them as your own along with asking for rating, however, would be the height of impudence.

Once again, I apologize if I misunderstood your intentions, and I do not want to offend you in any way, nor discourage you from posting on CSC. You are always welcome to join and discuss things from your own view, standpoint, experiences and ideas.

Best regards,

Peter