Greetings community,

I am having trouble getting my cable modem, 2801, and 3550 to play nice together.

SOHO Comcast cable modem set in bridge mode --> Cisco 2801  -->  Cisco 3550

I am using my router as both the gateway for my home lan and a gateway for my Unified Communications Manager setup, also running on this network.

Issue:  I have two VLANS on the network, one for data(vlan 50) and the other for voice(vlan 10), routed through 2 sub-interfaces(FA0/1.1 and FA0/1.2)  Interface FA0/0 is connected to my cable modem and has no problem pulling DHCP [See example one].  Pings to the internet from the router work fine.

Example one

#show ip dhcp lease

Temp IP addr: 66.41.95.20  for peer on Interface: FastEthernet0/0

Temp  sub net mask: 255.255.255.0

   DHCP Lease server: 68.87.77.10, state: 5 Bound

   DHCP transaction id: 2429

   Lease: 345600 secs,  Renewal: 172800 secs,  Rebind: 302400 secs

Temp default-gateway addr: 66.41.95.1

   Next timer fires after: 1d23h

   Retry count: 0   Client-ID: cisco-0018.ba12.b7c0-Fa0/0

   Client-ID hex dump: 636973636F2D30

Two DHCP Scopes 192.168.3.0/24(data vlan) and 192.168.4.0/24(voice vlan) include the import all command to pass DNS from ISP through to clients via DHCP lease.

NAT

Two access lists for the 3.x and 4.x subnets

fa0/0 has nat outside and fa0/1 has nat inside.

With the current config, both vlans hand out ip addresses, but NOT public DNS information.  I can ping around inside the network, but can't get DNS to work.  (This works when subinterfaces are not involved.)

Am I doing something fundementally wrong ?  Is there another way to approach Nat and public(DHCP) dns distribution besides the method I have used? 

Any help is appreciated.  This works fine without subinterfaces using only one VLAN and one internal LAN interface(Fa0/1 instead of subints fa0/1.1 and fa0/1.2)

and yes, all interfaces involved have been checked and are NOT shutdown(including the sub-int's)

Bottom line:  I just want my cable modem, router, switch, and lan to play nice together.

Thanks in advance if anyone see's anything obvious or can help.   

You will find the router and switch configs attatched.

-Brian W

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Router config followed by Switch config

hostname home_router

!

boot-start-marker

boot-end-marker

!

! card type command needed for slot/vwic-slot 0/1

!

no aaa new-model

dot11 syslog

ip source-route

no ip dhcp conflict logging

ip dhcp excluded-address 192.168.3.1 192.168.3.10

ip dhcp excluded-address 192.168.4.1 192.168.4.10

!

ip dhcp pool home_data_scope

   import all (<-----  This is the command to pass dhcp options through to internal DHCP clients along with their IP info)

   network 192.168.3.0 255.255.255.0

   default-router 192.168.3.1

   option 150 ip 192.168.3.150

!

ip dhcp pool home_voip_scope

   import all (<-----  This is the command to pass dhcp options through to internal DHCP clients along with their IP info)

   network 192.168.4.0 255.255.255.0

   default-router 192.168.4.1

   option 150 ip 192.168.3.150

!

!

ip cef

no ipv6 cef

multilink bundle-name authenticated

!

voice-card 0

!

crypto pki token default removal timeout 0

license udi pid CISCO2801 sn FTX1036Z04L

username cisco privilege 15 secret 5 $1$tyIO$gT6FlfQsaCU5TTGx1cxG80

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface FastEthernet0/1.1

description Home Data Vlan

encapsulation dot1Q 50 (<------- Adding "native" to this command((as recommended by cisco)) kills my DHCP reachablility, not certain why)

ip address 192.168.3.1 255.255.255.0

!

interface FastEthernet0/1.2

description Home Voice VLAN

encapsulation dot1Q 10

ip address 192.168.4.1 255.255.255.0

!

interface Serial0/3/0

no ip address

shutdown

no fair-queue

!

ip forward-protocol nd

no ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/0 overload (<----NAT)

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

logging esm config

access-list 1 permit 192.168.3.0 0.0.0.255 (<----NAT)

access-list 1 permit 192.168.4.0 0.0.0.255 (<----NAT)

!

snmp-server community public RO

control-plane

voice-port 0/0/0

voice-port 0/0/1

voice-port 0/0/2

voice-port 0/0/3

voice-port 0/2/0

voice-port 0/2/1

voice-port 0/2/2

voice-port 0/2/3

!

line con 0

logging synchronous

login local

line aux 0

line vty 0 4

logging synchronous

login local

transport input all

---------------------------------------------SWITCH CONFIG------------------------------------------

Home_Switch02#show run

Building configuration...

Current configuration : 5686 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Home_Switch02

!

enable secret 5 $1$Jfeq$d0YW9khJCnz98DUAdBIRm/

!

no aaa new-model

ip subnet-zero

!

!

!

crypto pki trustpoint TP-self-signed-3976201216

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3976201216

revocation-check none

rsakeypair TP-self-signed-3976201216

!

!

crypto pki certificate chain TP-self-signed-3976201216

certificate self-signed 01

  30820246 308201AF A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33393736 32303132 3136301E 170D3933 30333031 30303030

  35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39373632

  30313231 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100B569 93A35078 D47296AB 6B947E6D B203BB56 75731A41 E821C905 8D05FF27

  DF3CB88E 30337635 E0F1C8FD DC5DB79A 0D9FF48F 4E277DC4 77E85BBA 1D8F116C

  9013D45B E492889B 721DCCF9 F4AE21D4 661D8590 448F7BAF FA1C6FE7 9D23D87F

  08833CD8 DE68298A 733EBD0D E2057D65 204F6265 8AB5A3AC 6C2756A0 3EE4A91E

  4B490203 010001A3 6E306C30 0F060355 1D130101 FF040530 030101FF 30190603

  551D1104 12301082 0E486F6D 655F5377 69746368 30322E30 1F060355 1D230418

  30168014 06989916 3158CD67 1A5D1704 CBA1B0D0 F651DA71 301D0603 551D0E04

  16041406 98991631 58CD671A 5D1704CB A1B0D0F6 51DA7130 0D06092A 864886F7

  0D010104 05000381 8100196E A8593CB6 81EA9222 C61C654C 6AFE3E2D 44CAC483

  6E72BF18 BD275E10 C385DC45 996E34EF 9B162A53 FD254959 4C76D110 430E57AE

  6E823C61 302A463B 58561DE4 2029737D 8024EC2A 6CC757C8 442C9AFD D63632A3

  B7730549 E457CE98 A8FDB381 EB1933AB 567A8752 00FCC45C 7B14038D 2D94C4A6

  70DE679E 0318D92B A397

  quit

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

!

!

!

interface FastEthernet0/1

switchport access vlan 50

switchport mode access

switchport voice vlan 10

spanning-tree portfast

**************omited**************

!

interface FastEthernet0/24

description Uplink to Home_Switch01

switchport trunk encapsulation dot1q

switchport mode trunk

((Do I need to add the allowed vlans command here?  So far it has not made a difference during my troubleshooting))

spanning-tree portfast

!

interface GigabitEthernet0/1

switchport mode access

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

no ip address

!

interface Vlan20

no ip address

!

interface Vlan50

ip address 192.168.3.202 255.255.255.0

!

ip classless

ip http server

ip http secure-server

!

!

snmp-server community public RO

!        

control-plane

!

!

line con 0

password cisco

logging synchronous

login

line vty 0 4

password cisco

logging synchronous

login

line vty 5 15

password cisco

logging synchronous

login

!

end