04-19-2018 08:32 AM - edited 03-08-2019 02:43 PM
I am trying to build a new network using a 3560G and a C3900, from the 3900 I can reach directly to the internet however after connecting the switch I cannot ping the router from the switch nor can I reach the internet..... I have posted both configs below. Please let me know what you think.
Router:
Building configuration...
Current configuration : 6724 bytes
!
! Last configuration change at 15:34:16 UTC Thu Apr 19 2018 by canadmin
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CR-B0007a-CS18
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$YtML$MNJnxH7HE0xkDkU2TlMfS.
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
!
!
aaa session-id common
ethernet lmi ce
bsd-client server url https://cloudsso.cisco.com/as/token.oauth2
!
!
!
vlan ifdescr detail
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 172.16.0.3
ip dhcp excluded-address 172.16.0.2
ip dhcp excluded-address 172.16.3.255
ip dhcp excluded-address 172.16.0.1
ip dhcp excluded-address 172.16.0.1 172.16.0.3
!
ip dhcp pool ****
network 172.16.0.0 255.255.252.0
default-router 172.16.0.1
dns-server 208.67.222.222 208.67.220.220
domain-name CS18.mil
lease 30
!
!
!
no ip domain lookup
ip domain name ******
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
cts logging verbose
voice-card 0
!
!
!
!
!
!
!
!
license udi pid C3900-SPE150/K9 sn FOC16424LBF
license accept end user agreement
license boot module c3900 technology-package securityk9
license boot module c3900 technology-package datak9
hw-module pvdm 0/0
!
hw-module sm 1
!
hw-module sm 2
!
hw-module sm 3
!
hw-module sm 4
!
!
!
username ******** privilege 15 secret 5 $1$cS84$PmnbLUZ2j6IfGRmlSxA.n/
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Tunnel0
no ip address
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description connected to
ip address 192.24.111.2 255.255.255.240
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.16
encapsulation dot1Q 16
ip address 172.16.0.3 255.255.252.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
!
router ospf 10
network 172.16.0.0 0.0.3.255 area 0
!
router bgp 8888
bgp log-neighbor-changes
network 172.16.0.0 mask 255.255.252.0
!
ip default-gateway 172.16.0.1
ip forward-protocol nd
!
no ip http server
ip http authentication aaa
no ip http secure-server
!
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip default-network 172.16.0.0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 192.24.111.1
ip route 172.16.0.0 255.255.252.0 172.16.0.1
ip route 172.16.0.0 255.255.252.0 172.16.0.2
ip route 172.16.0.0 255.255.252.0 192.24.111.1
!
!
nls resp-timeout 1
cpd cr-id 1
!
access-list 101 permit ip 172.16.0.0 0.0.3.255 any
access-list 110 permit ip 172.16.0.0 0.0.3.255 any
access-list 111 deny udp any any eq domain
access-list 111 permit ip any any
access-list 111 permit udp any host 208.67.222.222 eq domain
access-list 111 permit udp any host 208.67.220.220 eq domain
!
!
!
control-plane
!
!
!
!
mgcp
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
!
line con 0
login authentication admins
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
session-timeout 15
access-class INSIDE_RANGE in
exec-timeout 15 0
transport input ssh
line vty 5 15
session-timeout 15
exec-timeout 15 0
transport input none
!
scheduler allocate 20000 1000
!
end
Switch:
CS-B007A-0003#sho run
Building configuration...
Current configuration : 6012 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service unsupported-transceiver
!
hostname CS-B007A-0003
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$xx.y$GfdfE.y/7SMvY3n6A4sm40
!
username ****** privilege 15 password 7 072C01626E0D144419
!
!
!
aaa new-model
!
!
!
!
!
aaa session-id common
system mtu routing 1500
vtp mode transparent
no ip subnet-zero
ip dhcp excluded-address 172.16.0.1 172.16.0.3
ip dhcp excluded-address 172.16.3.255
ip dhcp excluded-address 172.16.0.3
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1-700 priority 8192
!
vlan internal allocation policy ascending
!
vlan 28
name MGMNT
!
vlan 99
name CS18
!
ip scp server enable
!
!
!
interface GigabitEthernet0/1
description AP2C31.24C2.3E20:GigabitEthernet0
switchport access vlan 99
switchport mode access
shutdown
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/2
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/3
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/4
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/5
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/6
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/7
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/8
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/9
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/10
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/11
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/12
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/13
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/14
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/15
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/16
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/17
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/18
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/19
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/20
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/21
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/22
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/23
switchport access vlan 99
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/24
description CR-B0007a-CS18:GigabitEthernet0/1
switchport access vlan 99
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,28,99
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,28,99
switchport mode trunk
!
interface GigabitEthernet0/26
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,28,99
switchport mode trunk
!
interface GigabitEthernet0/27
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,28,99
switchport mode trunk
!
interface GigabitEthernet0/28
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,28,99
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan28
description MGMNT
ip address 10.10.10.2 255.255.255.252
no ip route-cache
!
interface Vlan99
description CS18
ip address 172.16.0.4 255.255.0.0
no ip route-cache
!
ip default-gateway 172.16.0.1
ip classless
no ip http server
no ip http secure-server
!
!
ip sla enable reaction-alerts
!
snmp-server community CAN RO
snmp-server community CAIN RW
snmp-server location CAIN Building
!
alias exec sc show config
alias exec sis sho interfaces status
alias exec wm write mem
alias exec ct config term
!
line con 0
login authentication admins
line vty 0 4
session-timeout 15
exec-timeout 15 0
transport input ssh
transport output ssh
line vty 5 15
session-timeout 15
exec-timeout 15 0
transport input ssh
transport output ssh
!
ntp authenticate
event manager applet update-port-description
event neighbor-discovery interface regexp GigabitEthernet.* cdp add
action 1.0 cli command "enable"
action 2.0 cli command "config t"
action 3.0 cli command "interface $_nd_local_intf_name"
action 4.0 cli command "description $_nd_cdp_entry_name:$_nd_port_id"
!
end
Solved! Go to Solution.
04-19-2018 09:17 AM
interface GigabitEthernet0/1.16
encapsulation dot1Q 16
ip address 172.16.0.3 255.255.252.0
ip nat inside
ip virtual-reassembly in
Your lan interface is configured with 172.16.0.3 but you are pointing the default gateway on the switch to 172.16.0.1
ip default-gateway 172.16.0.1
Also, the DHCP gateway is pointed to .1
default-router 172.16.0.1
HTH
04-19-2018 09:17 AM
interface GigabitEthernet0/1.16
encapsulation dot1Q 16
ip address 172.16.0.3 255.255.252.0
ip nat inside
ip virtual-reassembly in
Your lan interface is configured with 172.16.0.3 but you are pointing the default gateway on the switch to 172.16.0.1
ip default-gateway 172.16.0.1
Also, the DHCP gateway is pointed to .1
default-router 172.16.0.1
HTH
04-19-2018 09:54 AM
This worked! Also I had to change my dot1q to show the correct vlan id
04-19-2018 10:02 AM
Glad to know it is all working for you now.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: