Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4012
Views
0
Helpful
18
Replies

Routing from 3560 to DSL modem not working

Go to solution
dblair
Level 1
Level 1

‎08-25-2012 08:17 AM - edited ‎03-07-2019 08:32 AM

I'm setting up a lab switch, 3560 to a DSL router/modem and i cannot seem to get the routing from VLAN100 to the DSL router/ modem to work.

  • int g0/1 is connected to the DSL router/ modem
  • int g0/10 is connect to the client (10.10.100.10)

From the 3560, I can ping the DSL router (192.168.1.1), the client (10.10.100.10) and I can ping the internet.

From the client connected to to the 3560, I can ping the g0/1 interface IP address (192.168.1.201), but not the DSL router (192.168.1.1).

From the DSL router, I can ping the internet and the 3560 g0/1 ip address (192.168.1.201) but cannot ping the client (10.10.100.10)

Config from 3560 follows:

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 3560Lab1-DLS2

!

boot-start-marker

boot-end-marker

!

no aaa new-model

system mtu routing 1500

vtp domain TestLab

vtp mode transparent

ip routing

ip name-server 4.2.2.2

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 100

name Home_VLAN

!

!

!

!

interface GigabitEthernet0/1

description To DSL

no switchport

ip address 192.168.1.201 255.255.255.0

!

<snip>

!

interface GigabitEthernet0/10

description Client

switchport access vlan 100

switchport mode access

!

interface Vlan1

no ip address

shutdown

!

interface Vlan100

ip address 10.10.100.1 255.255.255.0

!

!

router eigrp 100

network 10.10.100.0 0.0.0.255

network 192.168.1.0 0.0.0.255

!

ip http server

ip http secure-server

!

!

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Any help would be greatly appreciated!

Labels:
0 Helpful
18 Replies 18

Go to solution
John Blakley
VIP Alumni
VIP Alumni

‎08-25-2012 02:39 PM

Does your modem nat? Your other problem could be that the modem is only natting the 192 subnet. Can you set it to also nat the 10 subnet?

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
dblair
Level 1
Level 1
In response to John Blakley

‎08-25-2012 03:52 PM

Looks like the NAT feature is for specific applications.  I created a rule in the "NAT -> virtual servers" section of the modem.

Server NameExternal Port StartExternal Port EndProtocolInternal Port StartInternal Port EndServer IP AddressRemote HostRemove
switch165535TCP/UDP165535192.168.1.20110.10.100.1

When creating a NAT rule on the modem, there is a "select a service" radio button gives you a number of different applications (games, tftp, etc) to select from.  I selected Custom Server, gave it the vlan1 IP address.  set the port range from 1--65535, TCP/UDP and put in the vlan 100 address as the remote host. 

There is also another option, which i'm not entirely sure what it's supposed to be.

NAT -- DMZ Host

The DSL router will forward IP packets from the WAN that do not belong to any of the applications configured in the Virtual Servers table to the DMZ host computer.

Enter the computer's IP address and click "Apply" to activate the DMZ host.

Clear the IP address field and click "Apply" to deactivate the DMZ host.

DMZ Host IP Address:

Not sure if i made the rule correctly - any ideas? 

      

Edit:  I can't make the NAT rule an entire subnet 0 it will only let me use a single IP

0 Helpful

Go to solution
John Blakley
VIP Alumni
VIP Alumni
In response to dblair

‎08-25-2012 04:55 PM

I'm actually not sure. I have uverse and the modem that they supply allows you to put all of your traffic into a dmz. I had my router on the dmz interface which allowed my public address to be assigned to my router instead of the modem. The problem with that in this situation is that the 3560 doesn't support natting as far as I know, so it doesn't make sense to put your public ip on you switch.

So, another test that you could do if you wanted is to put your lan side ip on your dsl modem on the 10 subnet. Then you'd have to change the ip on vlan 10, but you'd be able to see if your 10.x.x.x host could get on the internet. I'm almost sure that's what this is. Now it doesn't explain why you couldn't ping between devices on the same switch in different vlans earlier though. You have the vlan created and a l3 svi attached with routing on, so those subnets are locally connected and should be able to route between vlans with no issue. Through all of this, I'm not sure if that part was ever fixed. Have you checked the ios version that you're on to see if you're running the latest?

If you decide to do the internal lan side address change on the dsl modem and it works, I'm afraid that you may not be able to segment your network into different subnets if you can't nat them via the modem. You could still create your vlans for internal testing, but they wouldn't be able to get on the internet because of the natting issue. This is one reason a lot of people on the forums will put a cisco router in between their dsl modem and switches. You could also do this with an ASA as well.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful

Go to solution
dblair
Level 1
Level 1
In response to John Blakley

‎08-26-2012 04:30 PM

Thanks again for the help.  I've got an 1841 and a 5505 laying around here somewhere.  I'll set one of 'em up - was hoping to not have to jack with that but you're correct, 3560s don't support NAT as far as i know.  I think the only l3 switch that does is the 6500. 

Thanks again for the help - sadly consumer grade equipment fails again

0 Helpful
Customers Also Viewed These Support Documents