Vlan DHCP,Routing and Internet Problem

rsjavahar · ‎05-21-2011

HI

I am trying to configure the VLANs in Cisco 3550( with L2/L3 Image), and my requirment is all the clients should work with DHCP server(with 4 Scopes) which i have created in the servers groop, and i have 1 Mail server(Public) 1 Local Application server, all internet traffic should be through Sonic wall firewall. all the work stations should access the Servers group , i don't want inter vlan communication.

i tryed to configure the vlans in the switch , i am able to ping the yahoo/ any public servers from the switch . able to ping the switch , but not able to access the internet , and please guide me how to enable the DHCP scops for the vlans.

Please find the attaced network diagram and configuration

regards

Switch#sh run
Building configuration...

Current configuration : 5856 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
--More--                           errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause unicast-flood
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
ip subnet-zero
ip routing
ip name-server 125.22.47.125
ip name-server 202.56.250.5
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 40
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 50
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 60
--More--                            switchport mode access
!
interface FastEthernet0/7
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 60
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 70
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport access vlan 80
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 80
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 80
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 80
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 80
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 90
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 10
switchport mode access
--More--                           !
interface FastEthernet0/24
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/25
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/26
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/27
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/28
switchport mode dynamic desirable
!
interface FastEthernet0/48
no switchport
ip address 192.168.1.2 255.255.255.0
!
!
interface Vlan1
no ip address
!
interface Vlan10
description " Directors VLAN"
ip address 192.168.60.1 255.255.255.0
!
interface Vlan20
description " Becon VLAN"
ip address 192.168.40.1 255.255.255.0
!
interface Vlan30
description " TechCAD VLAN"
ip address 192.168.50.1 255.255.255.0
!
interface Vlan40
description " MKTG VLAN"
ip address 192.168.30.1 255.255.255.0
!
interface Vlan50
description " Admin VLAN"
ip address 192.168.80.1 255.255.255.0
!
interface Vlan60
description " Accounts VLAN"
ip address 192.168.90.1 255.255.255.0
!
interface Vlan70
description " Consultency VLAN"
ip address 192.168.20.1 255.255.255.0
!
interface Vlan80
description " HR VLAN"
ip address 192.168.70.1 255.255.255.0
!
interface Vlan90
description " APP VLAN"
ip address 192.168.10.1 255.255.255.0
ip dhcp relay information trusted
!
interface Vlan100
description " SysAdmin & Server VLAN"
ip address 192.168.0.2 255.255.255.0
ip dhcp relay information trusted
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
ip http secure-server
!
!

Reza Sharifi · ‎05-22-2011

Hi,

If you can ping yahoo, and can not access it by name then you may have DNS entery issues.

on your PC, try connecting to yahoo by ip address and test again.

example

http://67.195.160.76/

HTH

rsjavahar · ‎05-22-2011

HI

I tried with IP also .. but its not working .. and plz let me i tried with tracert packets are droping at router routing port. and how to implement the DHCp scops for the vlans

regards

Reza Sharifi · ‎05-22-2011

Do you have a default route an the firewall towards the Internet and specific routes towards the internal networks?

cadet alain · ‎05-23-2011

Hi,

i am able to ping the yahoo/ any public servers from the switch . able to ping the switch , but not able to access the internet

So the sonicwall has a default route and does the nat for the 192.168.1.0/24 subnet.

What is the default gateway of machines? It must be the appropriate int vlan ip address

You must have a default route on the switch pointing towards the sonicwall, which is the case but does the sonicwall know about your vlans?

the sonicwall is natting for 192.168.1.0/24 but it must be also for the vlans.

Try to solve this problem first then we'll take care of dhcp scopes.

Regards.

Alain.

Don't forget to rate helpful posts.

rsjavahar · ‎05-24-2011

HI

as you said i cleard the nat setting in the sonic firewall now i am able to access the internet from the vlan, and please let me now how to get the DHCP ip address from the scops for the clients pc ..

Thanks and regards

cadet alain · ‎05-24-2011

Hi,

for DHCP just get sure the service is enabled to function as a dhcp relay then under each int vlan corresponding to the scopes on the server just put this command: ip helper-address xxx.xxx.xxx.xxx where xxx.xxx.xxx.xxx is the ip address of the server interface connected to your switch.

Regards.

Alain.

Don't forget to rate helpful posts.

rsjavahar · ‎05-24-2011

HI

The server Interface IP address is 192.168.30.2 and in the server i have created 4 scopes .. and for the interface vlan do need to take the interface ip address ...

interface Vlan20
description "VLAN 1"
ip address 192.168.40.1 255.255.255.0
!
interface Vlan30
description "VLAN 2"
ip address 192.168.50.1 255.255.255.0
!
interface Vlan40
description "VLAN 3 Server netowrk "
ip address 192.168.30.1 255.255.255.0

regards

javahar

rsjavahar · ‎05-24-2011

HI

The server Interface IP address is 192.168.30.2 and in the server i have created 4 scopes .. and for the interface vlan do need to take the interface ip address ...

interface Vlan20
description "VLAN 1"
ip address 192.168.40.1 255.255.255.0
!
interface Vlan30
description "VLAN 2"
ip address 192.168.50.1 255.255.255.0
!
interface Vlan40
description "VLAN 3 Server netowrk "
ip address 192.168.30.1 255.255.255.0

regards

javahar

cadet alain · ‎05-24-2011

ok then under int vlan 90,70,80( according to diagram this is where dhcp clients are) you issue ip helper-address 192.168.30.2 command

Regards.

Alain.

Don't forget to rate helpful posts.