03-05-2014 07:44 AM - edited 03-07-2019 06:32 PM
Hello, I recently purchased some used Cisco routers and switches to learn with. My first goal was to try and setup a small network that would connect back to my home network.
The setup, I am currently using is 2 2610 Cisco Routers and 1 2950 Switch, the following is the topology I have setup
I have Router1 connected via its single Ethernet port back to my home Aris Home Modem / Router. I then have Router1 connected via Serial0 to Router2, and Router2 Ethernet is connected to Switch1 on port fa0/1. And the PC is connected to the switch.
I have configured the follow IP address
Router1
Ethernet0
ip address 192.168.0.125 255.255.255.0 (This is an IP address on my home network, the Arris router is 192.168.0.1)
Serial0
ip address 192.168.1.1 255.255.255.0
DCE with Clock Rate 64000
Router2
Serial0
ip address 192.168.1.2 255.255.255.0
Ethernet0
ip address 192.168.3.1 255.255.255.0
Switch1
VLAN
ip address 192.168.3.10 255.255.255.0
Default-Gateway 192.168.3.1
PC1
ip address 192.168.3.10 255.255.255.0
Default-Gateway 192.168.3.1
I then have the following IP Routes setup
On Router1 Static Route
ip route 192.168.3.0 255.255.255.0 192.168.1.2
On Router2 Static Route
ip route 192.168.0.0.255.255.255.0 192.168.1.1
With this setup, I get traffic through all the devices I.E. PC can ping back to Router1 and Router1 can ping PC
But I cannot ping domain names, and the PC cannot browse the web.
I am thinking I need to setup DNS servers, but I tried that with
ip name-server 209.18.47.61 (DNS my home PC gets from Time Warner)
I had at one point had Routes such as
ip route 0.0.0.0 0.0.0.0
But that didnt seem to help, I think at one point I was able to ping domain names, but still couldnt browse, not sure what I had changed or setup that made that work but I undid everything also.
I think I am just missing something that I need to configure on the Routers but not sure what, to make it so that the Laptop could browse the web. My goal once I at least work that out is to play more with different Vlans, and such but want to get this first hurdle out of the way.
Any Assistance would be greatly appreciated.
Solved! Go to Solution.
03-05-2014 07:59 PM
Andrew
Sorry, it's been a long day here. Your NAT statement on Router1.
Can you remove the current NAT statement and add this -
ip nat inside source list 101 interface e0/0 overload
then retest.
Jon
03-05-2014 11:04 AM
Andrew
Firstly you will need default routes on both routers so -
R1
===
ip route 0.0.0.0 0.0.0.0 192.168.0.1
R2
===
no need for the 192.168.0.0/24 route as the default will cover it so -
no ip route 192.168.0.0.255.255.255.0 192.168.1.1
then add -
ip route 0.0.0.0 0.0.0.0 192.168.1.1
next you need to take of NAT and return routing from the Aris router. So you have two options -
1) add a route to the Aris router for the 192.168.3.0/24 network pointing to 192.168.0.125
and
setup NAT on the Aris router for the 192.168.3.x IP addresses
or
2) i assume the Aris will NAT automatically any 192.168.0.x addresses but it may not allow you to add other networks to NAT or it might not be that easy to add routes. So instead you can do NAT on R1 -
int s0
ip nat inside
int e0
ip nat outside
access-list 101 permit ip 192.168.3.0 0.0.0.255 any
ip nat inside source list 101 interface e0 overload
what this does is NAT all 192.168.3.x addresses to the IP assigned to e0 so there is no need for routes on the Aris as it is connected to that network.
Note that you need to test all this from a 192.168.3.x address as it both 1) and 2) are only setup for that subnet.
You do also need a DNS server setting on your PC.
Jon
03-05-2014 12:34 PM
UPDATE: The switch now does ping all the way to the Arris Route and the Routers IP external IP, but does not ping google.com or even the IP address that I get for Google.com when Router1 pings it. So it appears to be making it out most of the way.
Thanks much for the reply, I got alot closer before your post but still hitting one stump.
I got router1 and router2 configured to where they were both able to at least ping google.com so they were getting out through my network and the dns information.
I then started working on the switch itself and configured the ethernet port on r2 with
interface Ethernet0/0
description Ethernet Connection to Switch
ip address 192.168.3.1 255.255.255.0
and configured the switch with
interface Vlan1
ip address 192.168.3.2 255.255.255.0
and
ip name-server 209.18.47.61
On the switch, but the Switch is not getting through, I figure I am just missing some information or a route for the switch to know how to get from Router2 to Router1 and out to the internet.
Couple notes of test.
Switch can ping 192.168.3.1 (R2 Ethernet) and 192.168.1.2 (R2 Serial) but cannot ping 192.168.1.1 (R1 Serial) so its not getting from R2 to R1 I figure which is why it also cannot ping google.com
I am also attaching the 3 Running-Configs
Router1
TestRouter1#show running-config
Building configuration...
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname TestRouter1
!
enable secret 5 $1$6hFo$XZoYSHmIaUdUSReMw4h5l.
enable password ******
!
ip subnet-zero
ip name-server 209.18.47.61
!
!
!
!
!
interface Ethernet0/0
description Broadband Internet
ip address 192.168.0.125 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Serial0/0
description Home Lan
ip address 192.168.1.1 255.255.255.0
no ip directed-broadcast
ip nat inside
no ip mroute-cache
no fair-queue
clockrate 64000
!
interface Serial0/1
no ip address
no ip directed-broadcast
shutdown
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 101 permit ip 192.168.3.0 0.0.0.255 any
!
line con 0
password ******
login
transport input none
line aux 0
line vty 0 4
password ******
login
!
no scheduler allocate
end
Router2
TestRouter2#show running-config
Building configuration...
Current configuration : 866 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname TestRouter2
!
enable secret 5 $1$v7rI$VvodDIcoDfDEobMA2vOmi.
enable password ********
!
!
!
!
!
ip subnet-zero
ip name-server 209.18.47.61
!
!
!
!
interface Ethernet0/0
description Ethernet Connection to Switch
ip address 192.168.3.1 255.255.255.0
!
interface Serial0/0
description Serial Connection to TestRouter1
ip address 192.168.1.2 255.255.255.0
ip nat outside
!
interface Serial0/1
no ip address
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.0.0 255.255.255.0 Serial0/0
ip http server
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
line con 0
password ******
login
line aux 0
line vty 0 4
password ******
login
!
end
Switch1
TestSwitch1#show running-config
Building configuration...
Current configuration : 2020 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname TestSwitch1
!
enable secret 5 $1$UNF2$aeL4mqEf0EJyMpbspJZVb0
enable password ******
!
ip subnet-zero
!
ip name-server 209.18.47.61
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 192.168.3.2 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
password ******
login
line vty 0 4
password ******
login
line vty 5 15
login
!
!
end
Also thinking maybe I got something configured wrong on the switch, I need to do alot more reading on the Vlans part as with this I dont understand does there need to be an address on Port Fa0/1 where the router comes into the switch I would think
03-05-2014 12:49 PM
Andrew
On your switch add this -
"ip default-gateway 192.168.3.1"
I need to do alot more reading on the Vlans part as with this I dont understand does there need to be an address on Port Fa0/1 where the router comes into the switch I would think
it depends on whether the switch is a L2 switch or a L3 switch which is routing vlans.
It looks like your switch is L2 so you use the "ip default-gateway ..." command as you would a end device eg. a PC. If the switch is L2 you can only have one SVI (interface vlan
If the switch is L3 then you can have multiple SVIs on it and it can route between vlans. Then you would not add a default-gateway but you would use routes instead.
Jon
03-05-2014 12:57 PM
Thanks for all the help, I have narrowed it down a little more.
I added what you just mentioned for the default gateway on the switch, and messed with the routes on the routers also.
What I am at now, is Swith1 can ping
192.168.3.1 - Router2 - Ethernet interface
192.168.1.2 - Router2 - Serial interface
192.168.1.1 - Router1 - Serial Interface
192.168.0.125 - Router1 - Ethernet Interface
192.168.0.1 - Arris Router
75.178.6.* - IP Address Arris router is getting from Time Warner
But the Switch cannot ping google.com or 74.125.228.39 (IP Address Router 1 gets when pinging google.com)
The switch reports
TestSwitch1#ping google.com
Translating "google.com"...domain server (209.18.47.61)
% Unrecognized host or address, or protocol not running.
So appears to me its not getting the DNS information as it doesnt even translate google.com to an IP Address
Thanks again
03-05-2014 01:10 PM
Andrew
To be honest i have never done this from a switch as usually there is no need for an internal switch to resolve external hostnames.
That is why i said you should be testing from a PC to get it all working as this is really what you are trying to sort out.
Try adding -
ip domain-name
Jon
03-05-2014 01:14 PM
Ok, I will try that when I get home. From work I only currently have access to the 2 Routers and the Switch, as the laptop that is currently hooked up isnt configured right I cant connect to it.
The overall goal is just that the Laptop will be able to browse the web while connected to the switch.
I will update this thread when I get home and configure the PC and let you know what I see from that device, with pings and such.
Thanks again for all the help you have given me today.
03-05-2014 04:21 PM
Ok, Update now that at house with the equipment.
PC Hooked up through the Switch with following configuration
IP: 192.168.3.10
SN: 255.255.255.0
GW: 192.168.3.1
DNS: 209.18.47.61
PC Can ping, everything on network, Switch, R2 Serial and Ethernet, R1 Serial and Ethernet, and the Arris Router internet and external address. But cannot ping google, does not get the DNS resolution to know the IP to ping.
Removed switch from the scenrio, and plugged the PC directly into R2 ethernet, with same IP address and other information, and get same result.
I can ping all the stuff on network, including the 75. ip given by Time Warner, but cannot ping google.com or browse to that page.
Not sure what can be missing as I can ping all the way to the external IP from Time warner, but nothing else beyond that, I thought maybe something the internet is blocking but being the routers can ping google.com im not sure. Unless its cause the switch and now PC are on the 192.168.3. subnet while R1 is on the same network as Internet but R2 is not but it can also ping google.com
Somewhere DNS is not functioning on devices connected to R2
Thanks
03-05-2014 04:30 PM
Andrew
From the PC can you ping an IP address on the internet as opposed to a DNS name ?
Jon
03-05-2014 04:33 PM
No those fail also, basically cannot reach anything past my internet IP address all time out
03-05-2014 04:42 PM
Andrew
On Router1 can you do -
1) "clear ip nat translations"
2) "sh ip nat translations" should then show an empty table
3) ping from the PC
4) "sh ip nat translations" on the router again.
Do you see anything in the NAT table ?
Jon
03-05-2014 04:46 PM
Andrew
Also on Router2 can you remove these things from the configuration -
1) remove the "ip nat outside" from the s0/0 interface
2) remove the following routes ie.
no ip route 0.0.0.0 0.0.0.0 192.168.0.1
and
no ip route 192.168.0.0 255.255.255.0 s0/0
Jon
03-05-2014 05:05 PM
Ok on the first post
sh ip nat translations was an empty table from the start.
When trying to clear it wanted alot more information but being the table was empty I dont think I could type anything there
Next I removed the routes, and now when pinging from the PC I am getting a mixture of time out and reply from 192.168.3.10 Destination Host unreachable
Also after removing those I now get timeouts and destination unreachable When trying to ping 192.168.1.2 or 192.168.1.1 for the other routers.
Thanks
03-05-2014 05:09 PM
You did leave in -
ip route 0.0.0.0 0.0.0.0 192.168.1.1
on Router2 ?
What device is 192.168.3.10 as i can't see that anywhere in your configurations ?
Jon
03-05-2014 05:12 PM
Yes that route is still there
and 192.168.3.10 is the PC itself
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide