Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1890
Views
0
Helpful
11
Replies

3750 Setup with Windows DHCP and DNS

ponyboy22
Level 1
Level 1

‎01-10-2018 06:55 PM - edited ‎03-08-2019 01:22 PM

Good afternoon Everyone,

Im an exchange admin by trade, and taking the cisco plunge to help our company grow into their new location they have just bought.

 

Issue:

Currently i am able to access everything (RDP, Ping, File Share, and Printing) internally.

The switch is unable to talk out to the Internet. Computers / Servers are showing the network connection with issue, and they are unable to connect to Internet or ping 8.8.8.8

Trying to get the computers connect to the switch to be able to access the Internet.

 

Setup:

Windows DNS - 10.110.34.21

Windows DHCP - 10.110.34.21

Cisco 3750 24PoE - 10.110.34.6

Two Testing  Computers

TP-Link AC1750 (This was used as a stand in router if needed)

Cisco Routers are available, but will need to be configured

 

Currently the Setup is as follows:

ISP Modem --> Cisco 3750 --> Computer

I have also tried

ISP Modem --> TP-Link AC1750 --> Cisco 3750 --> Computer

 

IP Config Information for Servers:

Domain Controller: 10.110.34.21

DHCP: 10.110.34.21

Range Start: 10.110.34.61

Range End: 10.110.34.220

Default Gateway: 10.110.34.2

3750 IP: 10.110.34.6

 

Config:

Current configuration : 1569 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Switch5010
!
enable secret 5 $1$nNrJ$2jDwTLOEFGTTu4kLgluVl/
!
no aaa new-model
switch 1 provision ws-c3750-24p
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet1/0/1
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
 ip address 10.110.34.6 255.255.255.0
 ip helper-address 10.110.34.21
!
ip default-gateway 10.110.34.2
ip classless
ip http server
!
!
control-plane
!
!
line con 0
 exec-timeout 30 0
 password 7 05080F1C2243
 logging synchronous
line vty 0 4
 exec-timeout 30 0
 password 7 05080F1C2243
 logging synchronous
 login
line vty 5 15
 login
!
end

 

 

Thank you in advance for any pointers on this one

Cheers!

Labels:
0 Helpful
11 Replies 11

Julio E. Moisa
VIP
VIP

‎01-10-2018 07:27 PM - edited ‎01-10-2018 07:28 PM

Hi

If the DHCP server is over the same network at the same device, this line could be remove:  ip helper-address 10.110.34.21 

 

Now in order to get Internet access you need a router or firewall doing NAT. How is your topology? The switches dont support NAT.




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

ponyboy22
Level 1
Level 1
In response to Julio E. Moisa

‎01-10-2018 08:09 PM

Thanks for the reply Julio

 

I threw that IP helper line in to see if it would make  a difference. So i will remove that one.

 

(The past Company left us a pallet of old gear)

For the Router Side:

Cisco 4431

Cisco 2620XM

Cisco 1841

Ubiquity EdgeRouter Lite

 

With this router it will be placed in the following spot:

ISP Cable Modem --> Router --> Cisco 3750 --> Computer / Server

or could it run like this

ISP Cable Modem --> Cisco 3750 --> Router (In another building)--> Cisco 3750 --> Computer/server

 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎01-10-2018 09:07 PM

Hi,

As I am checking, this is based flat network with almost default Cisco switch configuration. 

Please login to Switch and your System (which is connected to this switch) verify some basic network connectivity:

 

A. From your Desktop or Laptop

1. Is it getting proper IP from DHCP server?

    If yes, It Good otherwise Please checks DHCP Server is having a static IP, and DHCP poll is active and configured properly. If an issue with DHCP then Assign a Static IP this system.

2. Are you reaching to Default Gateway (10.110.34.2)?

    Ping from your system and check. If not then try to ping Switch VLAN 1 IP address (10.110.34.6). 

3. Switch IP reachable but Gateway not reachable

    Login to Switch, and Check the Port status, which is connected to Gateway Router (Show interface description). If the port is showing down then login to Router and run no Shutdown command the interface. 

4. Gateway is reachable but the Internet is not working. 

Check Gateway configuration as (NAT, Static Routing, WAN configuration etc.).

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

ponyboy22
Level 1
Level 1
In response to Deepak Kumar

‎01-11-2018 12:22 PM

Thanks for the reply Deepak

in regards to your questions

1. The IP was assigned to this switch manual from CLI

 

2. From the Switch i am able to ping both 10.110.34.2 and 10.110.34.6

    2a. Currently i am offsite, and will try to get user at the site to ping from a computer.

 

3. The current switch is not connected to a Cisco router. It is connected to the ISP Modem.

    3a. i will need to configure a router from the list above to see if i can get it to work

 

4. The Gateway can be reached from the switch, and as Julio stated above he belives the issue to be NAT related.

 

Would you be able to point me in the direction of  KB that might go over NAT Setup for a cisco router?

 

0 Helpful

paul driver
VIP
VIP
In response to ponyboy22

‎01-11-2018 01:15 PM - edited ‎01-11-2018 01:25 PM

Hello

As rightly stated by Julio, you will require a router for Network Translation, As this is a Cisco forum I would be bias and suggest to use the 4431 rtr.


Connect this between you ISP and the Cisco switch.

 

Basic config for internet connectivity-  note you can also add static addressing for your servers if you require but I will not add the config for this here yet, Also a lot is assumption of your addressing but this can be amended to your own specification

4431

 

conf t
no service udp-small-servers
no service tcp-small-servers
service tcp-keepalives-in
service tcp-keepalives-out

service password-encryption
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone

security passwords min-length 6
security authentication failure rate 10 log

enable secret <password>
username XXXX privilege 15 secret XXXXXX

 

ip inspect name RTR-CBAC inspect tcp
ip inspect name RTR-CBAC inspect udp

ip inspect name RTR-CBAC inspect icmp

 

ip access-list extended wan_acl
permit udp any any eq bootpc
deny ip any any


ip access-list extended lan_acl
permit ip 10.110.34.0 0.0.0.255 any

int xx
description ISP connection
ip address dhcp <  This is a guess, it could be you have assigned public addressing>
ip nat enable
no ip redirects
no ip unreachables
no ip proxy-arp
ip inspect RTR-CBAC out
ip access-group wan_acl in

 

int xx
description LAN connection to switch
ip address 10.110.34.2 255.255.255.0
ip nat enable
ip access-group lan_acl in

access-list 10 permit ip 10.110.32.0 0.0.0.255
ip nat source list 10 interface xxx overload


ip route 0.0.0.0 0.0.0.0 interface x/x dhcp <-or the isp nexthop address>

 

3750
no ip routing

int x/x
description link to 4431 rtr
switchport host
no shut

res
Paul

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ponyboy22
Level 1
Level 1
In response to paul driver

‎01-16-2018 06:20 PM

Thanks for the info im onsite now. and working with this config

Also thew a different router into the mix, and still cant get it to talk.

 

Looks like the router is getting a 192.168.44.14 address. and when putting 192.168.44.1 into my browser i get the cable modem ubee page.

 

So could this be a double NAT issue from the ISP?

0 Helpful

paul driver
VIP
VIP
In response to ponyboy22

‎01-17-2018 01:14 AM - edited ‎01-17-2018 01:16 AM

Hello

Double nat will work , Just confirm you've added the router between the modem and switch?

 

The switch isnt performing any routing , it should be set as a host switch ( no ip routing) and have a access port assigned to the port the rtr lan facing interface is attached to?

 

Can you post the current config of the rtr please?

res

Paul

 

 

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ponyboy22
Level 1
Level 1
In response to paul driver

‎01-17-2018 06:24 AM

Here you go paul.

Had a late night last night working no this so i cleared the nvram and went back to steps your said

Nat commands didnt seem to work, but here is what i got in place so far

 

 

Building configuration...
 
Current configuration : 2223 bytes
!
! Last configuration change at 14:27:21 UTC Wed Jan 17 2018
!
version 15.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
security authentication failure rate 10 log
security passwords min-length 6
enable secret 5 $1$Qz5d$0n7H1cas05v1suvE4rOuF0
!
no aaa new-model
!
!
!
!
!
!
!
!
!
 
 
 
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0/1
 no watchdog
!
voice-card 0/4
 no watchdog
!
license udi pid ISR4331/K9 sn FDO201213EF
spanning-tree extend system-id
!
username admin privilege 15 secret 5 $1$C9No$nxzz7iz7kiEBnCGQ0eH700
!
redundancy
 mode none
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 description ISP Connection
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip access-group wan_acl in
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/1
 description Lan COnnection to Switch
 ip address 10.110.34.2 255.255.255.0
 ip access-group lan_acl in
 shutdown
 negotiation auto
!
interface GigabitEthernet0/0/2
 no ip address
 shutdown
 negotiation auto
!
interface Service-Engine0/1/0
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 no ip address
 shutdown
 negotiation auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
ip tftp source-interface GigabitEthernet0
!
!
ip access-list extended lan_acl
 permit ip 10.110.34.0 0.0.0.255 any
ip access-list extended wan_acl
 permit udp any any eq bootpc
 deny   ip any any
!
!
!
!
control-plane
!
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
 !
 !
 !
 !
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 login
!
!
end

 

 

 

Thank you and regards

0 Helpful

paul driver
VIP
VIP
In response to ponyboy22

‎01-17-2018 07:22 AM

Hello
For the time being remove the acl from the interfaces and enable the router interfaces also

Res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ponyboy22
Level 1
Level 1
In response to paul driver

‎01-18-2018 06:33 AM - edited ‎01-18-2018 06:45 AM

Good Morning,

 

After trying what you said gave the ISP a call the tech never fully put the cable modem into bridge mode.

(This has now been resolved) my isp modem will give a network connection to my test computer when plugged directly in

 

After trying to redo the cisco swich im unable to run this cmdlt

ip inspect name RTR-CBAC inspect tcp
ip inspect name RTR-CBAC inspect udp

ip inspect name RTR-CBAC inspect icmp

 

also when running ip nat enable i get that its not a command when doing the ?

i can select

- allow static host

- inside

- Outside

 

is their a step i am missing?

0 Helpful

paul driver
VIP
VIP
In response to ponyboy22

‎01-18-2018 07:30 AM

Hello
Cbac is for the rtr not for the switch

Res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card