Re: SB6121 cable modem <-- 1921 router <-- SG300 switch | Inter-VLAN router and internet access

Don Zouras · ‎05-19-2019

I am hoping that someone will take pity on me and point out where I went wrong in configuring the following. This is for my home network, but it was an ambitious excuse to teach myself about networking. I'm in this far and I don't want to give up, but I am stuck.

Equipment:

Cisco 1921 router

Cisco SG-300-28 switch

Motorola SB-6121 cable modem

Various devices connected to the switch and depending on DHCP

I simulated all of this in Packet Tracer and I thought I had a pretty good grasp of the concepts, but I seem to be missing something when it comes to configuring my actual equipment. (Of course Packet Tracer doesn't have an SG-300 switch, so I suspect that is where my problem lies.)

I have spent many hours working to solve this myself, so I will try to provide information that will hopefully make this easier for an expert to spot easily.

I have attached the running configs for the router and the switch.

The SB6121 is connected to Comcast. The 1921 is connected to the SB6121 and I am able to get an IP for the router via DHCP.

I am trying to setup a router on a stick configuration even though the SG300 is a layer3 device. I have defined several VLANs, but interVlan routing is not working the way they did in Packet Tracer. Unless I put all switchports on VLAN 99, the devices cannot ping each other.

From 1921 router:

I can ping an external IP address

router-bsmnt-1921#ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/12 ms

DNS seems to be working as well.

router-bsmnt-1921#ping google.com

Translating "google.com"...domain server (1.1.1.1) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 216.58.192.206, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/9/12 ms

From switch:

I can ping an external IP address

switch-bsmnt-sg300#ping 216.58.192.206

Pinging 216.58.192.206 with 18 bytes of data:

18 bytes from 216.58.192.206: icmp_seq=1. time=0 ms

18 bytes from 216.58.192.206: icmp_seq=2. time=0 ms

18 bytes from 216.58.192.206: icmp_seq=3. time=0 ms

18 bytes from 216.58.192.206: icmp_seq=4. time=0 ms

----216.58.192.206 PING Statistics----

4 packets transmitted, 4 packets received, 0% packet loss

round-trip (ms) min/avg/max = 0/0/0

But DNS is not working from the switch.

switch-bsmnt-sg300#ping google.com

% Host not found in DNS database

From a Mac connected to VLAN 99, with DHCP IP assigned from POOL-MANAGEMENT

I can ping 216.58.192.206

Traceroute makes an attempt to get to an external IP, but it is really slow.

{52} ~->traceroute 172.217.6.4

traceroute to 172.217.6.4 (172.217.6.4), 64 hops max, 52 byte packets

1 192.168.99.1 (192.168.99.1) 1.243 ms 1.053 ms 0.539 ms

2 96.120.25.189 (96.120.25.189) 9.171 ms 9.506 ms 8.980 ms

3 162.151.90.133 (162.151.90.133) 9.618 ms 9.735 ms 9.308 ms

4 68.86.188.82 (68.86.188.82) 9.438 ms 9.565 ms 9.494 ms

etc,

So the 1921 can connect to the internet and I can ping router interfaces from the SG300, but things are fundamentally broken internally.

1. Why can't the switch use DNS?

2. Why can't any device attached to the switch do anything beyond ping? I even tried putting IP addresses into the web browser, but that traffic doesn't seem to flow.

3. What did I do wrong with the inter-VLAN routing?

4. Why does the 1921 only serve DHCP when switchports are assigned to VLAN 99? Any other VLAN does not get an IP address. This is probably related to #3.

I know this is a lot to ask and I greatly appreciate any assistance you are willing to offer. I'm willing to do the work to learn this, but this is my first time and my mistakes are not yet obvious to me.

Thanks,

Don Zouras

Georg Pauwen · ‎05-20-2019

Hello,

set the SG300 to 'switch' mode, make sure the link to the 1921 is a trunk, and then make the changes marked in bold to the 1921 configuration:

interface GigabitEthernet0/0
description LAN
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.30.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.40.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
ip address 192.168.50.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0.60
encapsulation dot1Q 60
ip address 192.168.60.1 255.255.255.0
interface GigabitEthernet0/0.99
encapsulation dot1Q 99 native
ip address 192.168.99.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
no ip address
shutdown
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 50 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
access-list 50 permit 192.168.0.0 0.0.255.255

Don Zouras · ‎05-20-2019

Thanks for the quick response. I will try this after work today.

Don Zouras · ‎05-20-2019

I realized as I was preparing to try this that I need to wipe out the config on the SG300 in order to change to Layer 2. And if it doesn't work, the whole house will be without a network. I will have to prepare to do a complete restore before I attempt this.

Don Zouras · ‎05-27-2019

Changing the switch to layer 2 brought a whole different set of problems for me. I'm not saying there is anything wrong with the advice that was given, but I just don't know what I am doing apparently.

I reset the switch to L2 which wiped the config clean. I tried recovering back to the config that I had saved, but it just hung and I lost all connectivity to the switch.
So I reset the switch again and entered the configuration piece by piece. Sometimes I lose connectivity to the switch. Sometimes I lose connectivity to the router. I tried over and over, carefully trying to understand which commands caused the problems for me.

This was one of them...

interface vlan 99

name MANAGEMENT

ip address 192.168.99.2 255.255.255.0

When I executed the ip address command, I lost connectivity to the switch and could not get back to it.

Another time it was when I tried to assign the switchport to which my computer was connected to VLAN 99. I tried this because I couldn't access the router and I couldn't get an IP address from the router. But as soon as I did that I lost the switch and couldn't connect again. That was the final straw for today.

I have reset the switch back to vanilla and managed to get internet access again via an Airport Extreme router.
I guess I am in over my head. I will need to come up with a different plan to get this equipment working.