Network Configuration

Dahamba · ‎06-21-2018

Hello!

I need your help. I configured a Layer 3 Cisco 3560 Switch with VLANs 10,20,30. Each VLAN has been configured to provide DHCP services. They are able to issue IP address to my PC’s but I don’t have internet and they are not able to ping each other. Do I need a router to get internet?

Note: my Layer 3 switch is connected to a Layer 2 Switch that’s serving as ISP.

Richard Burts · ‎06-21-2018

If we knew more about your environment we might be able to provide better responses. You describe having a layer 3 switch. Does that mean that you have used the command ip routing on the switch? If so then it should be able to route between vlans. If you have not used the ip routing command then this would explain why vlans are not able to communicate with each other.

You have not told us what IP addressing and subnets are used on these vlans. Would we be correct in believing that they are private addressing (like 10.0.0.0, 172.16.0.0, and 192.168.0.0)? If so then you need address translation to get internet access. Either you will need a router for that or your ISP must agree that they will provide NAT for your traffic.

HTH

Rick

HTH

Rick

Dahamba · ‎06-21-2018

Hi Rick!

Thank you for your response, I really appreciate it! Yes, I did use IP
routing on the switch.

Here is my configuration:

VLAN10
IP 192.168.10.1 255.255.255.0

VLAN20
IP 192.168.20.1 255.255.255.0

VLAN30
IP 192.168.30.1 255.255.255.0

DHCP Pool

IP DHCP pool vlan 10
Network 192.168.10.0 255.255.255.0
Default-router 192.168.10.1

IP DHCP pool vlan 20
Network 192.168.20.0 255.255.255.0
Default-router 192.168.30.1

IP DHCP pool vlan 30
Network 192.168.30.0 255.255.255.0
Default-router 192.168.30.1

chrihussey · ‎06-21-2018

You need to specify a DNS server in the scopes and the ISP router will need to know the routes to the private IP address space you are using. Not sure of your situation, but that has to happen for things to work. Maybe if you could provide more details we may be able to provide more assistance.

Richard Burts · ‎06-22-2018

I assume that this is a typo but thought we should clarify it

IP DHCP pool vlan 20
Network 192.168.20.0 255.255.255.0
Default-router 192.168.30.1

The original post mentioned two issues 1) not have Internet 2) can not ping each other. I suggest that we work on these separately. Which one would you want to do first?

HTH

Rick

HTH

Rick

Dahamba · ‎06-28-2018

Hi Rick,

I changed my configuration and included a Router in my network. I configure DHCP on the Router and it's able to issue IP addresses to PC's but no Internet access. The PC's are able to ping the router but can not ping other PC's on the network. I have not configure VLAN yet, I want to figure out the internet issue first. Here is a show run from my router:

DHCP-SERVER#show ip interface brief
Interface                  IP-Address      OK? Method Status                Prot                                                                             ocol
Ethernet0/0                10.31.198.14    YES DHCP   up                    up
Ethernet1/0                192.168.1.1     YES manual up                    up

DHCP-SERVER#show running-config
Building configuration...

Current configuration : 1096 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DHCP-SERVER
!
boot-start-marker
boot-end-marker
!
no aaa new-model
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.1.1 192.168.1.9
!
ip dhcp pool Capstone
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   dns-server 192.168.1.2
!
ip audit po max-events 100
!
interface Ethernet0/0
ip address dhcp
ip nat outside
half-duplex
!
interface Ethernet1/0
ip address 192.168.1.1 255.255.255.0
ip nat inside
half-duplex
!
router eigrp 10
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
ip nat inside source list 10 interface Ethernet0/0 overload
ip http server
no ip http secure-server
ip classless
!
access-list 10 permit 192.168.1.0 0.0.0.255

What else should I do?

Thanks for your help, I really appreciate it.

Richard Burts · ‎06-28-2018

Thanks for the information. I agree that we will prioritize solving the issue with Internet access and when that is resolved we will look at issues about pinging between hosts in the network. For Internet access there frequently are two important things in the config. The first is address translation and I see that you have configured address translation with the Ether0/1 as the inside network and Ether0/0 as the outside. The second important thing is a default route. And I do not see a default route in your config. I do see that you are running EIGRP on both interfaces and it might be possible that you are learning a default route via EIGRP. Would you post the output of show ip route? That will clarify whether there is a default route or not.

Also can you tell us what is connected on Ether0/0? Is this your gateway to the Internet?

HTH

Rick

HTH

Rick

Dahamba · ‎06-28-2018

Hi Rick,

thank you for your response. The Ether0/0 is the gateway to the internet.

Here is the show Ip route:

DHCP-SERVER#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static
route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 10.31.198.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.31.198.0 is directly connected, Ethernet0/0
C 192.168.1.0/24 is directly connected, Ethernet1/0
S* 0.0.0.0/0 [254/0] via 10.31.198.1

Richard Burts · ‎06-28-2018

Thank you for the additional information. It does show that the router has a default route. That default route shows as a static route but there is no matching static route in the config that you posted. I am assuming that the default route was learned in the DHCP negotiation for Ether0/0.

As far as you know is the Internet gateway connected to Ether0/0 working?

There are a few things that I would like to check on. Can the router ping the next hop of the default route 10.31.198.1? Can the router ping an address in the Internet (for example ping 8.8.8.8)?

HTH

Rick

HTH

Rick

Dahamba · ‎07-02-2018

Yes, I can ping 8.8.8.8/10.31.198.1.

See attached.

Also, I want to configure 3 VLAN on the switch and connect the PC’s on
different VLAN’s. I want the PC’s to ping each other.

How do I go about?

I appreciate your help.

Richard Burts · ‎07-08-2018

Your post says see attached but I do not see any attachment.

To have three vlans and to have PCs on each vlan and to have the PCs ping each other you would follow these steps:

1) configure the vlans on the switch.

2) assign an IP subnet for each vlan.

3) configure the switch to assign switch ports to each vlan.

4) connect PCs to the vlans.

5) configure each PC so that it has an IP address in the appropriate subnet with the appropriate subnet mask and appropriate gateway. You might configure the PCs manually or you might set up DHCP for this.

6) provide inter vlan routing. Ordinarily I would suggest connecting the switch to the router using a trunk and have the router do the inter vlan routing. But when the router has Ethernet interfaces (instead of FastEthernet) I am not sure that it will support vlan sub interfaces. So it is probably best to enable ip routing on your switch and have the switch do inter vlan routing.

HTH

Rick

HTH

Rick