Solved: Re: switch, router and vlans

John Cheetley · ‎11-22-2017

Evening Cisco team,

Suspect I have a vlan issue, either on switch or router that is doing my head in. Another set of eyes would be great please.....

Environment

Switch is 2900 XL series

Router is 2691 MPS having CUCM 7.2.1

Switch IP 192.168.0.2 for vlan 1

Port 1 on switch goes to ISP gateway router LAN4

Port 3 is connected to 7940 IP phone via eth

Port 24 is connected to FA0/1 on 2691 MPS router (CUCM) for the trunk via eth

FA0/0 is connected to ISP gateway router via eth LAN3

MPS router can ping and tracert to ISP via FA0/0 so that is working

7940 SIP based phone isn't getting IP address but DHCP is active (with 192.168.20.3 - 20 available) with option 150 enabled as CUCM verifies

I have run show cdp neighbors on switch and can view routers details, 7940 mac address of the phone and port extra attachment labelled show cdp neighbors & show arp shows

Can someone please check the switch and router configs to see what isn't happening please?

Much appreciated again. :) :)

Any other info required..please let me know...

Mark Malone · ‎11-27-2017

Hi
There shouldn't be an ip on the main interface , when your doing router on a stick ,ips should be on the sub interface and associated with the dot1q for its vlan

interface FastEthernet0/1
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1.1
description Voice vlan 30
encapsulation dot1Q 3
ip address 192.168.21.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.2
description Data vlan 40
encapsulation dot1Q 4
ip address 192.168.1.12 255.255.255.0
ip nat inside

interface FastEthernet0/1.3
description Data vlan 20
encapsulation dot1Q 4
ip address 192.168.20.2 255.255.255.0
ip nat inside

And again this doesn't look right ,the default-router address , should it no be 192.168.1.12

ip dhcp pool Data_Scope
network 192.168.1.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8 4.2.2.2

have a look at this its similar design with examples and explanations of router on stick setup

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/336-cisco-router-8021q-router-stick.html

The only ip you need on your switch is a MGMT address so its reachable , just make sure the vlans are all allowed on the trunk from the switch side

View solution in original post

Julio E. Moisa · ‎11-22-2017

Hi John,

Could you please provide more details about the problem? I see on your configuration you have applied NAT under the interface but there is no a PAT statement. Do you have a topology or draw about the network?

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Mark Malone · ‎11-22-2017

default gateway looks wrong in dhcp scope for data and wheres the vlan id for the 192.168.20.x subnet under the fa0/1 the dot1q

as Julio noted you have half a NAT setup configured , inside statements , outside statement on non ip interface and no actual NAT rule

Don't see the switch config is the phone in the correct vlan 3 , if you put a laptop in the port on DHCP does it pick up an ip address as at test , incase its a phone issue

John Cheetley · ‎11-23-2017

Hi Julio, Mark Malone, paul driver,

Thanks for your response guys. Sorry but I gave you some outdated config for the router

I did already have the ip nat part done. Will re-post once i get home. Sorry again

paul driver · ‎11-22-2017

Hello

Just like to add a few more things...

Swtich P1 is connected to ISP ( why? - not sure this is required when you have MPS Fa0/0 is connected to ISP
Fa0/0 has no valid ip address so no next-hop address
no nat statement for inside networks
static routes are incorrect - Default route should be pointing towards your ISPs LAN facing interface( or your mps wan interface which is fa0/0
dhcp scope for you voip vlan isn't int the same network as your voip sub-interface

res

Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

John Cheetley · ‎11-26-2017

Hi Julio, Mark Malone and Paul Driver,

Thanks guys for your input. Sorry taken so long to get back from my post 4 days ago....

Please find attached updated switch and router configs.

Julio. If you still need more details. Let me know.

To Paul, am confused by your point 5 of DHCP scope for voip vlan isn't in the same network as voip sub interface

DHCP is on router holding ip address of 192.168.20.2.

Gateway router is 192.168.20.1

When I try to make sub-interface on fa0/1.1 on router on the same network as the rest I get
"% 192.168.20.0 overlaps with FastEthernet0/1"

So I made fa0/1.1 192.168.21.1. Would that mean I have to make the voip vlan on the switch that address?

FA0/1 is 192.168.20.2

Mark Malone · ‎11-27-2017

Hi
There shouldn't be an ip on the main interface , when your doing router on a stick ,ips should be on the sub interface and associated with the dot1q for its vlan

interface FastEthernet0/1
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1.1
description Voice vlan 30
encapsulation dot1Q 3
ip address 192.168.21.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.2
description Data vlan 40
encapsulation dot1Q 4
ip address 192.168.1.12 255.255.255.0
ip nat inside

interface FastEthernet0/1.3
description Data vlan 20
encapsulation dot1Q 4
ip address 192.168.20.2 255.255.255.0
ip nat inside

And again this doesn't look right ,the default-router address , should it no be 192.168.1.12

ip dhcp pool Data_Scope
network 192.168.1.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8 4.2.2.2

have a look at this its similar design with examples and explanations of router on stick setup

http://www.firewall.cx/cisco-technical-knowledgebase/cisco-routers/336-cisco-router-8021q-router-stick.html

The only ip you need on your switch is a MGMT address so its reachable , just make sure the vlans are all allowed on the trunk from the switch side

John Cheetley · ‎11-27-2017

Thanks for the reply Mark.
No. Supposed to be 192.168.20.2 that I connect to. As the gateway is 20.1

John Cheetley · ‎11-27-2017

Sorry Mark. And the management of the router IP/CUCM becomes the sub interface IP then I presume?

John Cheetley · ‎01-20-2018

Hi Paul,

Sorry about the long absence. I finally got a new PSU for the server that router and switch connect to.

I have made necessary changes as requested.

I have attempted to make changes on switch re the vlan id's under fa0/24 for the trunkport. saved the changes twice but when doing sh run..the changes don't appear. I powered switch off/on to no success. Unless I have to remove the other vlan entries for vlan 3 and 4.

Find attached the switch config and router config

Thanks again.