Solved: vlan routing continued

John Cheetley · ‎01-21-2018

Hi Team,

This is a continued discussion from a previous one that I had answered closed prematurely.

Suspect I have a vlan issue, either on switch or router that is doing my head in, as the phone isn't getting it's IP address or anything else

Can someone please check the switch and router configs to see what isn't happening please?

Much appreciated again. :) :)

Thanks to Mark Malone, Julio Moisa and Paul Driver for their previous helpful comments for which I have used

Router and switch config is attached

John Cheetley · ‎01-26-2018

Hi Georg,
Yes. As it turns out. This is a small business venture that am running on the side of working full time. I have realized this is a double NAT. Unfortunately I never heard about this term until now. So thanks for bringing that up.
Now for a double NAT.
I have taken the cable from the FA0/0 port on the cisco router that was connected to the ISP router and plugged that into port 1 on cisco switch but will have to add a static route to the cisco router for that to connect. And I presume the ISP router will have its own access list via the ISP by way of NAT. So presume would have to remove the access list and IP NAT outside and inside off cisco router too.
I don't think I want to use bridging mode

View solution in original post

paul driver · ‎01-21-2018

Hello

your dhcp pool isn't defined correctly - you have two differing default routes and your nat acl isn't specific enough

Have you created vlans for the data and voice on the switch and is that switch interface trucked to the rtr?

Also You don't say what type of phone are connecting and is cdp or lldp enabled on the access port for the phone to be able to negotiate

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

John Cheetley · ‎01-21-2018

Hi Paul,

Thanks for your quick response.

Will look at the DHCP.

For the default routes.

ip route 0.0.0.0 0.0.0.0 203.1.233.220 (is for the ISP)
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.20.1 (from my 2691 MPS cisco router to the ISP via (ISP supplied router with)

For the nat acl. I could use 192.168.20.0 0.0.0.255

I have created the vlans on the switch as the attached file shows and fa0/24 is trunked to fa0/1 on router

Is a 7940 SIP based Cisco phone that is registered in CUCM 7.2.1 and CDP is enabled on switch

I did have another 7940 SIP based phone that was registered but that was having trouble so thought would use 1 for time being.

paul driver · ‎01-21-2018

Hello

rtr
ip route 0.0.0.0 0.0.0.0 203.1.233.220 < this should be a more specific static route pointing the networks via its next hop < -- ip route x.x.x.x y.y.y.y 203.1.233.220

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.20.1 <--- ???? this should be 192.168.30.x < isp next hop)

conf t
ip dhcp pool Data-Voice
network 192.168.10.0 255.255.255.0
network 192.168.20.0 255.255.255.0 secondary
override default-router 192.168.20.2
default-router 192.168.10.2
dns-server 8.8.8.8 8.8.4.4
option 150 ip x.x.x.x <----- is this option required , are you downloading from tftp?
lease 0 8

SW
conf t
no interface VLAN2
no ip routing

spanning-tree vlan 1 -4092

interface FastEthernet0/24
no switchport access vlan 24
no spanning-tree portfast

interface VLAN1
ip address 192.168.10.x 255.255.255.0 ( not .2 as this is your rtrs ip address)

ip default-gateway 192.168.10.2

vlan 2
name Voice
exit

int x/x
description voice and data port
switchport mode access
switchport voice vlan 2

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

John Cheetley · ‎01-23-2018

Find attached a schematic diagram of network on paper as packet tracer isn't allowed

Hope this helps

John Cheetley · ‎01-23-2018

Hi Team,

Please find attached a schematic diagram of network on paper as packet tracer isn't allowed

Hope this helps

John Cheetley · ‎01-21-2018

Hi Paul,

Thanks for your quick response.

Will look at the DHCP.

For the default routes.

ip route 0.0.0.0 0.0.0.0 203.1.233.220 (is for the ISP)
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.20.1 (from my 2691 MPS cisco router to the ISP via (ISP supplied router with)

For the nat acl. I could use 192.168.20.0 0.0.0.255

I have created the vlans on the switch as the attached file shows and fa0/24 is trunked to fa0/1 on router

Is a 7940 SIP based Cisco phone that is registered in CUCM 7.2.1 and CDP is enabled on switch

I did have another 7940 SIP based phone that was registered but that was having trouble so thought would use 1 for time being.

Julio E. Moisa · ‎01-21-2018

Hi

The phone should be connected to port under the VLAN 2 on the switch but I dont see a port with the VLAN 2. If the f0/24 is a trunk you should not configure vlan and portfast

interface FastEthernet0/24
description Trunk-to-Router
no switchport access vlan 24
switchport trunk encapsulation dot1q
switchport mode trunk
no spanning-tree portfast

Also is the VLAN 2 configured on the switch?

conf t

vlan 2

name VOICE

:-)

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

John Cheetley · ‎01-22-2018

Hi Julio,

Thanks for your response. I added the vlans to the trunkport as a previous tech had suggested. Those entries have been updated now

vlan2 has been created.as shows in the router configuration ie interface vlan2

Phone is connected to port 3

Georg Pauwen · ‎01-21-2018

Hello,

on a side note, is this a lab configuration or a real network ? There are multiple issues with your current configuration, which basically result in nothing working.

The DHCP pool configuration is in incomplete, I don't see how the voice Vlan is supposed to work either.

The NAT doesn't do anything, since you are matching a network that doesn't exist:

access-list 10 permit 192.168.0.0 0.0.0.255

This matches 192.168.0.0/24, a network I do not see configured anywhere. Also, you are NATing to a private address, 192.168.30.2/24, is this what you want to do, double NAT ?

It might be faster if you could provide a schematic drawing of what your network looks like, including the physical connections.

John Cheetley · ‎01-25-2018

Hi Guys,

Updated schematic diagram and router/switch config so far

I tried to update the ip route with below but advised %incorrect ip address

ip route 203.1.233.220 255.255.255.0 192.168.20.1(fa0/0)

First is the ISP. Last is my router that connects to ISP

Didn't understand the comment re placing cisco phone ip address in vlan as when I placed 192.168.20.17 into the vlan 3 I got error of

Switch(config-subif)#ip address 192.168.20.14 255.255.255.0
192.168.20.0 overlaps with VLAN2

But I know that 20.14 is one of the excluded IP's in the range unless it's overlapping with the vlan2 ip address of 192.168.20.0. So I suppose the work around for that is to change the ip address for vlan2 to 21.0?

Thanks again.

John Cheetley · ‎01-25-2018

Furthermore

Don't the vlan ip addresses have to correlate to the router sub interfaces?

John Cheetley · ‎01-26-2018

Hi Georg,
Yes. As it turns out. This is a small business venture that am running on the side of working full time. I have realized this is a double NAT. Unfortunately I never heard about this term until now. So thanks for bringing that up.
Now for a double NAT.
I have taken the cable from the FA0/0 port on the cisco router that was connected to the ISP router and plugged that into port 1 on cisco switch but will have to add a static route to the cisco router for that to connect. And I presume the ISP router will have its own access list via the ISP by way of NAT. So presume would have to remove the access list and IP NAT outside and inside off cisco router too.
I don't think I want to use bridging mode

John Cheetley · ‎01-27-2018

Hi Georg,

Thanks for your comments.

I have already replied but updating further as I believe my previous response is inadequate for your double NAT comment

I think I should cancel these services on MPS Cisco router

-NAT, IP NAT inside and outside, ACL

-the excluded 192.168.20.0 IP address range entries

-(update the ISP router with exclusion ip addresses for what I need)

-take the LAN cable that runs from one of the LAN ports of the ISP router that goes to FA0/0 port on the back of this router and plug the end into FA0/1 port on the 2924 cisco switch

-update 2691 router table with ip route 0.0.0.0 0.0.0.0 x.x.x.x (ISP router address)

I can still have CUCM 7.2.1 access via 192.168.20.2 IP (secured)

My only thing am unsure of is how the sub interfaces on router would go but they interact with switch vlans which used port 24 thats is trunked to FA0/1 on router.

Please let me know your thoughts.

I have also posted the network diagram