Hi,

I have this config on the router. I masked the Public IP for security reasons.

interface FastEthernet4
description ***To Internet***
ip address 123.1.2.3 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description ***Local Network***
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
--More--

ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 123.1.2.2 255.255.255.252
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default

Router#sh ip int br
Interface                IP-Address         OK? Method              Status           Protocol
FastEthernet0       unassigned          YES unset                 up                 up
FastEthernet1       unassigned          YES unset                 up                 down
FastEthernet2       unassigned          YES unset                 up                 down
FastEthernet3       unassigned          YES unset                 down             down
FastEthernet4      123.1.2.3               YES NVRAM            up                  up
NVI0                     123.1.2.3               YES unset                 up                 up
Vlan1                    192.168.1.1           YES NVRAM            up                  up

Router#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is 123.1.2.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 123.1.2.2
37.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 123.1.2.1/30 is directly connected, FastEthernet4
L 123.1.2.3/32 is directly connected, FastEthernet4
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.1/32 is directly connected, Vlan1

So i need to create a sub-interface on the router?

Thank you for your help.

Hello

Just like to add-

Dont forget to amend the acl also for the NAT!

access-list 1 permit 10.2.11.0 0.0.0.255

res
Paul

Hi,

I have configured the router as suggested:

interface Vlan40
ip address 10.2.11.254 255.255.255.0
ip nat inside
ip virtual-reassembly in

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.2.11.0 0.0.0.255

VLAN40 is showing down:

Router#sh ip int br
Interface         IP-Address   OK? Method Status Protocol
FastEthernet0 unassigned YES unset     up        up
FastEthernet1 unassigned YES unset     up        down
FastEthernet2 unassigned YES unset     up        down
FastEthernet3 unassigned YES unset     down    down
FastEthernet4 123.1.2.3    YES NVRAM up         up
NVI0                123.1.2.3    YES unset      up        up
Vlan1               192.168.1.1 YES NVRAM up        up
Vlan40             10.2.11.254 YES manual   down   down

Router#sh int vlan 40
Vlan40 is down, line protocol is down
Hardware is EtherSVI, address is 843d.c636.69f8 (bia 843d.c636.69f8)
Internet address is 10.2.11.254/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 1 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

Also, on the SG200 i connect my PC on a port member as VLAN40.

SG200 port GE48 is configured as trunk and connected to the router.

I set a static ip on my PC

IP: 10.2.11.2/24

GW: 10.2.11.254

Still no internet.

ok lets work back from your router , your vlan is down/down at layer 3 so somethings not right

do you have a spare port on the router to connect your laptop direct ?

if you do set the port as

interface f x 

switchport mode access

switchport access vlan 40

..............

This should bring the vlan up/up and then test the internet from the router for that vlan

ping 8.8.8.8 source int vlan 40

can you also post the show int trunk off the router please as it is now

Hi,

I have spare port and i configured as what you suggested and VLAN 40 went up/up and on the PC connected to the switch port member on VLAN 40 i can access the internet. However VLAN 1 is down and all workstation on VLAN 1 don't have internet access anymore.

So i revert back because VLAN 1 is on production.

 what need to check?

Hi Mark,

when i did "show int trunk" there is no output.

Thanks.

Hi Mark,

I have configured the router

interface f0

  description trunk
  switchport mode trunk

  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan all

Router#sh interfaces trunk

Port   Mode    Encapsulation     Status         Native vlan
Fa0    on         802.1q                trunking      1

Port     Vlans allowed on trunk
Fa0      1-4094

Port     Vlans allowed and active in management domain
Fa0      1,40

Port     Vlans in spanning tree forwarding state and not pruned
Fa0      1,40

The VLAN went up/up now:

Router #sh ip int br
Interface                IP-Address           OK?    Method    Status   Protocol
FastEthernet0       unassigned           YES    unset       up          up
FastEthernet1       unassigned           YES    unset       up          down
FastEthernet2       unassigned           YES    unset       up          down
FastEthernet3       unassigned            YES   unset       up          down
FastEthernet4       123.1.2.3               YES   NVRAM   up          up
NVI0                      123.1.2.3               YES    unset      up          up
Vlan1                     192.168.1.1           YES   NVRAM   up          up
Vlan40                   10.2.11.254            YES  NVRAM   up         up

I can ping the DNS - 8.8.8.8 on router on VLAN 40:

Router#ping 8.8.8.8 source vlan 40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.2.11.254
!!!!!

I have this DHCP pool on the router:

ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.1
!
ip dhcp pool VLAN40
network 10.2.11.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.2.11.254

Then i connected my PC on SG200 port GE24 which member on VLAN 40 but i can obtain IP address on VLAN1 - 192.168.1.X and not on VLAN40 - 10.2.11.X.

Thank you for helping. What i need to check?

ok cool so now you have internet on vlan 40 if you can ping google dns , so the router side is working

now I don't use these SMB switches at all I use catalyst cli only , the trunk looks correct on the router side allowing vlan 1 and 40 , so the far end of it on the switch must be too as they have to match

what way is the port set on the sg200 where your pc is , if you set static does it work ok ? is the port set as access ?

Hi Mark,

If i set the PC with static IP and DNS within VLAN 40 (10.2.11.x) i don't have internet access. But if i set to DHCP i will have internet access but the IP that I obtained is 192.168.1.X which is on VLAN 1. My PC is connected to SG200 port GE24 which is member of VLAN40 configured as trunk. Changing to access mode still same problem.

This is how the SG200 configured. See screenshots:

1. Add VLAN 40 on the switch.

2. Interface GE24 port configuration:

3. Member port GE24 tagged to VLAN 40

Thank you so much for helping me out.

regards,

Sy

Hi

im looking at the docs here as im not familiar with these gui switches, what you have looks right , I see one extra section in the docs below the port vlan membership table , is the vlan added to the port in that section ?

http://sbkb.cisco.com/CiscoSB/GetArticle.aspx?docid=67844b99e2da4a7f88db0c588197487d_Creating_VLANs_on_Cisco_Managed_Switches.xml&pid=2&converted=0

Hi Mark,

I can see the VLAN is added on the port.

VLAN1 - Untagged

VLAN40 - Tagged

Thanks.

Hi Mark,

Could you check my attached router config if there is missing?

Thank you.

Sy