cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1053
Views
7
Helpful
8
Replies

Problem with my project (2 switches) (1 router)

st2022350
Level 1
Level 1

Hello everyone,

First and foremost, I apologize for my lack of knowledge in the field, as I am a relatively new student in the networking world with limited experience.

Currently, I am working on a school project in which I need to provide private and internet services to three different VLANs.

The classroom computers are configured to operate on a switch with the network 192.168.36.0/24.

My router is connected to the classroom switch to ensure that the class computers can access the settings of the devices I am working with.

The connection between my router and the switch is made through optical fiber.

Based on this setup, I have three VLANs that are working to provide Public services, private services, and network resources.

- VLAN 10: Private Services
- VLAN 20: Public Services
- VLAN 30: Network Administration

The issue is that my router can ping 8.8.8.8, but my switch cannot.

Additionally, I have tried to configure DHCPv4 for VLAN 1 networks, but it is not functioning.

I can access the switch and router through PuTTY:


- Router: 192.168.36.17
- Switch: 10.10.37.254

Honestly, I would appreciate it if someone could review the configuration of both devices, identify errors (which I'm sure there are many), and assist me in correcting them with the necessary commands.

Thank you very much to anyone who has taken the time to read this.

 

Router Config:

 

Router-G7#show conf

Router-G7#show configuration

Using 2379 out of 262136 bytes

!

! Last configuration change at 13:18:28 UTC Mon Jan 22 2024 by stucom8

!

version 15.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname Router-G7

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 XXXXXXXXXX

!

no aaa new-model

!

!

!

!

!

!

!

!

!

!

!

!

!

!

 

 

!

ip dhcp excluded-address 10.10.10.1 10.10.10.127

ip dhcp excluded-address 10.10.17.1 10.10.17.127

!

ip dhcp pool LAN-Usuarios

 network 10.10.17.128 255.255.255.128

 default-router 10.10.17.1

 dns-server 172.16.2.10

!

!

!

ip domain name stucom8

ip cef

no ipv6 cef

multilink bundle-name authenticated

!

!

cts logging verbose

!

!

license udi pid CISCO1921/K9 sn FCZ19216002

!

!

username stucom8 secret 5 $XXXXXXXX

username userstucom8 privilege 15 password XXXXXXXXXXXX

username cisco password 7 XXXXXXXXXX

!

redundancy

!

!

ip ssh version 2

!

!

!

!

interface Embedded-Service-Engine0/0

 no ip address

 shutdown

!

interface GigabitEthernet0/0

 description Interfaz 0/0 - Conexion aula36

 ip address 192.168.36.17 255.255.255.0

 duplex auto

 speed auto

!

interface GigabitEthernet0/0.10

 shutdown

!

interface GigabitEthernet0/0.20

 shutdown

!

interface GigabitEthernet0/0.30

 shutdown

!

interface GigabitEthernet0/1

 no ip address

 duplex auto

 speed auto

!

interface GigabitEthernet0/0/0

 no ip address

!

interface GigabitEthernet0/0/0.10

 encapsulation dot1Q 10

 ip address 10.10.17.2 255.255.255.0

!

interface GigabitEthernet0/0/0.20

 encapsulation dot1Q 20

 ip address 10.10.27.2 255.255.255.0

!

interface GigabitEthernet0/0/0.30

 encapsulation dot1Q 30

 ip address 10.10.37.2 255.255.255.0

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 192.168.36.1

!

!

!

!

control-plane

!

!

!

line con 0

 exec-timeout 5 0

line aux 0

line 2

 no activation-character

 no exec

 transport preferred none

 transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh

 stopbits 1

line vty 0 4

 login local

 transport input ssh

line vty 5 15

 login local

 transport input ssh

!

scheduler allocate 20000 1000

!

end

 

SWITCH CONFIG:

Switch-G7>ena
Password:
Switch-G7#show confi
Switch-G7#show configuration
Using 3005 out of 65536 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Switch-G7
!
boot-start-marker
boot-end-marker
!
enable secret 5 $XXXXXXXXX
!
username stucom8 secret 5 $XXXXXXXXXX
!
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
ip domain-name G8.com
!
!
crypto pki trustpoint TP-self-signed-811728896
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-811728896
revocation-check none
rsakeypair TP-self-signed-811728896
!
!
crypto pki certificate chain TP-self-signed-811728896
certificate self-signed 01 nvram:IOS-Self-Sig#3638.cer
!
!
!
port-channel load-balance src-dst-ip
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
interface Port-channel1
description ESXi_Host7
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
description ESXi_Host7
switchport access vlan 20
switchport mode access
channel-group 1 mode on
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
description ESXi_Host7
switchport access vlan 20
switchport mode access
channel-group 1 mode on
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
description Interfaz 21 - Conexion Fibra
switchport trunk allowed vlan 10,20,30
switchport mode trunk
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan10
no ip address
no ip route-cache
!
interface Vlan20
no ip address
no ip route-cache
!
interface Vlan30
ip address 10.10.37.254 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.37.2
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
exec-timeout 5 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
end

 

1 Accepted Solution

Accepted Solutions

M02@rt37
VIP
VIP

Hello @st2022350 

When you ping from router 8.8.8.8 your router use thé source IP 192.168.36.17. So, aula36 router perform NAT since packet IP source IS in the range 192.168.36.0/24.

You need to perform NAT on your Router for others subnets. NAT overload on int gig0/0.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

8 Replies 8

you need in router config NAT for mgmt VLAN of SW 
and check RIB of router do you see VLAN mgmt of SW or not ?
MHM

M02@rt37
VIP
VIP

Hello @st2022350 

When you ping from router 8.8.8.8 your router use thé source IP 192.168.36.17. So, aula36 router perform NAT since packet IP source IS in the range 192.168.36.0/24.

You need to perform NAT on your Router for others subnets. NAT overload on int gig0/0.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

So the config I should do due to have internet in my vlans in my switch is something like this?

 

interface GigabitEthernet0/0
ip nat outside

interface GigabitEthernet0/0/0.10
ip nat inside

interface GigabitEthernet0/0/0.20
ip nat inside

interface GigabitEthernet0/0/0.30
ip nat inside

ip nat inside source list 1 interface GigabitEthernet0/0 overload

access-list 1 permit 10.10.17.0 0.0.0.255
access-list 1 permit 10.10.27.0 0.0.0.255
access-list 1 permit 10.10.37.0 0.0.0.255

 

access-list 1 permit 10.10.37.0 0.0.0.255 <- this subnet of vlan of SW 

What othet subnet you add to NAT list ?

Is it for host ?

If Yes then your config correct 

MHM

 

Thanks for the help! Finally, after following the configuration advice you provided, it worked.

The issue was with the main router, which was unable to send data to my interfaces.

Friend you are so welcome 

Have a nice day 

MHM

Hello @st2022350 ,

I don't see any errors in your configurations, but like @MHM Cisco World mentioned you are missing the configuration for NAT/PAT for vlan 30, 10.10.37.0/24, in order to enable this vlan, management IP of the switch included, to access the outside world.

Here is a document that can help you configure this on your router: https://www.cisco.com/c/en/us/support/docs/long-reach-ethernet-lre-digital-subscriber-line-xdsl/asymmetric-digital-subscriber-line-adsl/12905-827spat.html

Regards, LG
*** Please Rate All Helpful Responses ***

Hello,

there are numerous issues with your configs. I marked the changes in bold. 

Router-G7#
Using 2379 out of 262136 bytes
!
! Last configuration change at 13:18:28 UTC Mon Jan 22 2024 by stucom8
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router-G7
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$bjme$V9XR8FCJo86Jfcyjyf0221
!
no aaa new-model
!
ip dhcp excluded-address 10.10.17.1 10.10.17.127
ip dhcp excluded-address 10.10.27.1 10.10.17.127
ip dhcp excluded-address 10.10.37.1 10.10.17.127
ip dhcp excluded-address 10.10.37.254
!
ip dhcp pool LAN10-Usuarios
network 10.10.17.0 255.255.255.0
default-router 10.10.17.2
dns-server 172.16.2.10
!
ip dhcp pool LAN20-Usuarios
network 10.10.27.0 255.255.255.0
default-router 10.10.27.2
dns-server 172.16.2.10
!
ip dhcp pool LAN30-Usuarios
network 10.10.17.0 255.255.255.0
default-router 10.10.37.2
dns-server 172.16.2.10
!
ip domain name stucom8
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
cts logging verbose
!
license udi pid CISCO1921/K9 sn FCZ19216002
!
username stucom8 secret 5 $1$ci9l$URht.M6qWp8tSNXY0fz930
username userstucom8 privilege 15 password 7 001707130754065E
username cisco password 7 14141B180F0B
!
redundancy
!
ip ssh version 2
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Interfaz 0/0 - Conexion aula36
ip address 192.168.36.17 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
shutdown
!
interface GigabitEthernet0/0.20
shutdown
!
interface GigabitEthernet0/0.30
shutdown
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/0.10
encapsulation dot1Q 10
ip address 10.10.17.2 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.20
encapsulation dot1Q 20
ip address 10.10.27.2 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.30
encapsulation dot1Q 30
ip address 10.10.37.2 255.255.255.0
ip nat inside
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.36.1
!
access-list 1 permit 10.10.17.0 0.0.0.255
access-list 1 permit 10.10.27.0 0.0.0.255
access-list 1 permit 10.10.37.0 0.0.0.255
!
control-plane
!
line con 0
exec-timeout 5 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end

SWITCH CONFIG:
Switch-G7>ena
Password:
Switch-G7#show confi
Switch-G7#show configuration
Using 3005 out of 65536 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Switch-G7
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$njYU$UMH9JH3SYNh.hblG3z6pX.
!
username stucom8 secret 5 $1$x6h2$S8EKaEo15nAs2vgEkO6C81
!
no aaa new-model
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
ip domain-name G8.com
!
crypto pki trustpoint TP-self-signed-811728896
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-811728896
revocation-check none
rsakeypair TP-self-signed-811728896
!
crypto pki certificate chain TP-self-signed-811728896
certificate self-signed 01 nvram:IOS-Self-Sig#3638.cer
!
port-channel load-balance src-dst-ip
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
interface Port-channel1
description ESXi_Host7
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
switchport access vlan 30
switchport mode access
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
description ESXi_Host7
switchport access vlan 20
switchport mode access
channel-group 1 mode on
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
description ESXi_Host7
switchport access vlan 20
switchport mode access
channel-group 1 mode on
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
description Interfaz 21 - Conexion Fibra
switchport trunk allowed vlan 10,20,30
switchport mode trunk
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface Vlan1
no ip address
no ip route-cache
!
--> no interface Vlan10
no ip address
no ip route-cache
!
--> no interface Vlan20
no ip address
no ip route-cache
!
interface Vlan30
ip address 10.10.37.254 255.255.255.0
no ip route-cache
!
ip default-gateway 10.10.37.2
!
ip http server
ip http secure-server
ip sla enable reaction-alerts
!
line con 0
exec-timeout 5 0
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
end