Solved: hahahaha Good to know it was

heiko.sterner · ‎08-08-2017

Dear Techies,

I have built a switch3550 and router2811 configuration for Inter Vlan routing with NAT to my ISP

from the switch/router themselves i can ping anything inside the vlans and any other configured IPs on the switch/router side,

my only problem is that i cant ping outside addresses with my two clients which are connected on separate vlans.

1st i will list up the used ports on the devices then you will find the startup-config for 2811/3550, thanks in advance,

2811:

int fa0/0 goes to ISP network which is a usual LAN with Gateway 192.168.1.1

int fa0/1 is trunk to switch 3550

int fa0/1.1 is sub Int Vlan2

int fa0/1.2 is sub int Vlan3

3550:

int fa0/1 Mng. Port

int fa0/2 Vlan2, win10 Laptop, static address 192.168.2.100/24 default Gateway 192.168.2.10

int fa0/47 Vlan3, Laptop, static address 192.168.3.100/24 default Gateway 192.168.3.10

int fa0/48 Trunk to 2811 - sub int

2811:

Current configuration : 1163 bytes
!
version 12.3
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname hjs2811
!
boot-start-marker
boot-end-marker
!
no logging console
!
no network-clock-participate aim 0
no network-clock-participate aim 1
no aaa new-model
ip subnet-zero
!
!
ip cef
!
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex full
speed auto
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.1
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.2
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
ip nat inside
!
interface Serial0/2/0
no ip address
shutdown
clockrate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip nat inside source list 101 interface FastEthernet0/1 overload
!
!
access-list 101 permit ip any any
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
!
end

3550:

Current configuration : 6719 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
!
no logging console

!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
crypto pki trustpoint TP-self-signed-696064512
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-696064512
revocation-check none
!
!

!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
no switchport
ip address 192.168.1.131 255.255.255.0
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 2
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/25
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/26
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/27
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/28
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/29
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/30
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/31
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/32
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/33
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/34
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/35
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/36
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/37
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/38
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/39
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/40
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/41
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/42
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/43
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/44
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/45
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/46
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/47
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/48
switchport access vlan 3
switchport trunk encapsulation dot1q
switchport trunk native vlan 80
switchport trunk allowed vlan 2,3
switchport mode trunk
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.168.4.1 255.255.255.0
!
interface Vlan2
description T61
ip address 192.168.2.10 255.255.255.0
!
interface Vlan3
description X230
ip address 192.168.3.10 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.2.0 255.255.255.0 192.168.1.0
ip route 192.168.2.0 255.255.255.0 192.168.1.1
ip route 192.168.3.0 255.255.255.0 192.168.1.0
ip route 192.168.3.0 255.255.255.0 192.168.1.1
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
login
line vty 5
login
!
end

Julio E. Moisa · ‎08-08-2017

Are you able to ping the respective gateways from the computers?

I think I found the problem, you ip nat outside is configured under the interface fa0/0 but you have configured the NAT statement with f0/1

ip nat inside source list 101 interface FastEthernet0/1 overload
!

so you should have

ip nat inside source list 101 interface FastEthernet0/0 overload
!

remove the previous NAT statement and create the new one with FastEthernet 0/0.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

Reza Sharifi · ‎08-08-2017

Hi,

int fa0/2 Vlan2, win10 Laptop, static address 192.168.2.100/24 default Gateway 192.168.2.10

int fa0/47 Vlan3, Laptop, static address 192.168.3.100/24 default Gateway 192.168.3.10

According to your post, the router sub-interfaces are 2.1 and 3.1, so why are the Laptops default gateways pointed to 2.10 and 3.10?

Can you clarify?

HTH

heiko.sterner · ‎08-08-2017

I used 2.10, 3.10 as default gateway for testing the InterVlan Routing on my Layer 3 Switch,

changing the default gateways from 2.10 >2.1 and 3.10 >3.1 does not bring any changes

please find bellow ---sh ip route--- and --sh ip int brief-- from the 3550/2811

BIG THX for your quick reply,

hjs3550#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

C    192.168.1.0/24 is directly connected, FastEthernet0/1
C    192.168.2.0/24 is directly connected, Vlan2
C    192.168.3.0/24 is directly connected, Vlan3
S*   0.0.0.0/0 [1/0] via 192.168.1.1
_________________________________________________

Vlan1 192.168.4.1 YES manual up down
Vlan2 192.168.2.10 YES NVRAM up up
Vlan3 192.168.3.10 YES NVRAM up up
FastEthernet0/1 192.168.1.131 YES NVRAM up up
FastEthernet0/2 unassigned YES unset up up
FastEthernet0/3 unassigned YES unset down down
FastEthernet0/4 unassigned YES unset down down
FastEthernet0/5 unassigned YES unset down down
FastEthernet0/6 unassigned YES unset down down
FastEthernet0/7 unassigned YES unset down down
FastEthernet0/8 unassigned YES unset down down
FastEthernet0/9 unassigned YES unset down down
FastEthernet0/10 unassigned YES unset down down
FastEthernet0/11 unassigned YES unset down down
FastEthernet0/12 unassigned YES unset down down
FastEthernet0/13 unassigned YES unset down down
FastEthernet0/14 unassigned YES unset down down
FastEthernet0/15 unassigned YES unset down down
FastEthernet0/16 unassigned YES unset down down
FastEthernet0/17 unassigned YES unset down down
FastEthernet0/18 unassigned YES unset down down
FastEthernet0/19 unassigned YES unset down down
FastEthernet0/20 unassigned YES unset down down
FastEthernet0/21 unassigned YES unset down down
FastEthernet0/22 unassigned YES unset down down
FastEthernet0/23 unassigned YES unset down down
FastEthernet0/24 unassigned YES unset down down
FastEthernet0/25 unassigned YES unset down down
FastEthernet0/26 unassigned YES unset down down
FastEthernet0/27 unassigned YES unset down down
FastEthernet0/28 unassigned YES unset down down
FastEthernet0/29 unassigned YES unset down down
FastEthernet0/30 unassigned YES unset down down
FastEthernet0/31 unassigned YES unset down down
FastEthernet0/32 unassigned YES unset down down
FastEthernet0/33 unassigned YES unset down down
FastEthernet0/34 unassigned YES unset down down
FastEthernet0/35 unassigned YES unset down down
FastEthernet0/36 unassigned YES unset down down
FastEthernet0/37 unassigned YES unset down down
FastEthernet0/38 unassigned YES unset down down
FastEthernet0/39 unassigned YES unset down down
FastEthernet0/40 unassigned YES unset down down
FastEthernet0/41 unassigned YES unset down down
FastEthernet0/42 unassigned YES unset down down
FastEthernet0/43 unassigned YES unset down down
FastEthernet0/44 unassigned YES unset down down
FastEthernet0/45 unassigned YES unset down down
FastEthernet0/46 unassigned YES unset down down
FastEthernet0/47 unassigned YES unset up up
FastEthernet0/48 unassigned YES unset up up
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down

_______________________________________________________

hjs2811>sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

C    192.168.1.0/24 is directly connected, FastEthernet0/0
C    192.168.2.0/24 is directly connected, FastEthernet0/1.1
C    192.168.3.0/24 is directly connected, FastEthernet0/1.2
S*   0.0.0.0/0 [1/0] via 192.168.1.1
hjs2811>

__________________________________________________________________________

hjs2811>sh ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.118 YES DHCP up up
FastEthernet0/1 unassigned YES NVRAM up up
FastEthernet0/1.1 192.168.2.1 YES NVRAM up up
FastEthernet0/1.2 192.168.3.1 YES NVRAM up up
Serial0/2/0 unassigned YES NVRAM administratively down down
hjs2811>

____________________________________________________________________

Julio E. Moisa · ‎08-08-2017

Hi

Please check my comment above.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Julio E. Moisa · ‎08-08-2017

Additional to Reza's comment, if you are trying to ping a domain example: www.domain.com, check the DNSs configured on the computers, otherwise you could try ping with the public IP, example: 8.8.8.8.

Also you could remove the following lines, because your switch is working as layer 2 ony.

ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.2.0 255.255.255.0 192.168.1.0
ip route 192.168.2.0 255.255.255.0 192.168.1.1
ip route 192.168.3.0 255.255.255.0 192.168.1.0
ip route 192.168.3.0 255.255.255.0 192.168.1.1

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

heiko.sterner · ‎08-08-2017

i only can ping public IPs direct from my switch/router cli !

my switch has ip routing enabled and processes as layer 3 device,

can it cause conflicts with sub-int?

configured the DNS on my clients with IP 192.168.1.1 which is my ISP Router,

i guess thats correct?

Julio E. Moisa · ‎08-08-2017

Hi

No, the IP routing could not generate any problem, but if the router is making the routing you dont need the ip routing enabled and static routes either, because you have a router-in-a-stick scheme.

So I recommend to use the following DNS for testing.

Primary 8.8.8.8
Secondary 4.2.2.2

They are Public Google DNS

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

heiko.sterner · ‎08-08-2017

if i make google dns entries to my clients it doesnt change anything,

the 1st Problem is that i cant ping my ISP home router from my clients,

that has nothing to do with DNS entrie so far

static Ip - netmask - dfltgway entries should be enough to ping the ISP router,

like i said before i can ping public domains like www.google.com

from my Cisco Switch / Router,

Julio E. Moisa · ‎08-08-2017

Are you able to ping the respective gateways from the computers?

I think I found the problem, you ip nat outside is configured under the interface fa0/0 but you have configured the NAT statement with f0/1

ip nat inside source list 101 interface FastEthernet0/1 overload
!

so you should have

ip nat inside source list 101 interface FastEthernet0/0 overload
!

remove the previous NAT statement and create the new one with FastEthernet 0/0.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

heiko.sterner · ‎08-08-2017

good boy ;-P

inverse/reverse thinking error by me!!!

ip nat inside source list 101 interface FastEthernet0/0 overload

is the correct answer !!!

piiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiing :))))

Julio E. Moisa · ‎08-08-2017

hahahaha Good to know it was resolved :-)

have a great day my friend.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Inter Vlan Routing NAT