How to create separate subnets in network

Answered Question
Apr 16th, 2010

Hi all,

I have home newtorl of 2 routes 3 layer 2 and 1 layer 3 switch.

Right now they all are in 1 network --means same subnet.

how can i create different subnets and make inter vlan routing any ideas

thanks

mahesh

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 6 years 7 months ago

Mahesh

You only have one DHCP pool configured on the 3550 switch -

ip dhcp pool Cisco
   import all
   network 192.168.1.0 255.255.255.0
!

you need one for each vlan subnet so you will need a pool for -

192.168.10.0/24

192.168.20.0/24

192.168.30.0/24

also you don't need this -

ip dhcp excluded-address 192.168.5.2
ip dhcp excluded-address 192.168.5.1

because you are not handing out any IPs from the 192.168.5.0 pool.

In addition for each pool you need to add a default router so your config should look like -

ip dhcp pool vlan10

   import all

   network 192.168.10.0 255.255.255.0

   default-router 192.168.10.1

ip dhcp pool vlan20

   import all

   network 192.168.20.0 255.255.255.0

   default-router 192.168.20.1

and one for vlan 30 as well.

If you are not allocating any end devices eg. PCs etc. into vlan 1 then you don't need the Cisco DHCP pool. You only need pools for the vlans you are allocating end devices into.

Your NAT -

You currently have this -

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

you will need to add extra lines for each new address range eg.

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.5.0  0.0.0.3 any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

etc..

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Reza Sharifi Fri, 04/16/2010 - 13:13

mahesh18 wrote:

Hi all,

I have home newtorl of 2 routes 3 layer 2 and 1 layer 3 switch.

Right now they all are in 1 network --means same subnet.

how can i create different subnets and make inter vlan routing any ideas

thanks

mahesh

Hi Mahesh,

The simplest one is to create to different vlans (10 and 20) on the layer 2 switch and since the layer 2 switch is connected to the layer 3 switch create trunk between the 2 switches and add vlan 10 and 20 to it.  on the layer 3 switch create 2 SVIs,one for vlan 10 and one for vlan 20. Then connect a PC to each vlan access port on the layer 2 switch and configure one with IP and default gateway for vlan 10 and the other PC for vlan 20.  Now you are doing inter vlan routing

HTH

Reza

mahesh18 Fri, 04/16/2010 - 14:10

Hi reza,

thanks for reply.

so you mean to say that vlan 10 an 1 switch and vlan 20 on other switch?

or you mean to say that vlan 10 and 20 on all  3 layer  2 switches.?

right now my router is doing nat and it is connected to isp cable modem.

how will is do natting ?

Reza Sharifi Fri, 04/16/2010 - 14:25

You can do it with 2 switches (one vlan per switch) or both vlans on the same switch. If you use 2 different switches you don't even have to trunk your uplinks since they are just one vlan coming from each switch.

HTH

Reza

mahesh18 Fri, 04/16/2010 - 14:31

Hi Reza

so you mean to say vlan 10 and 20 on each layer 2 switch  then connect these 3 switches as non trunk port and connect it to layer 3 switch?

but how will i do ip adressing right now router is doing the dhcp stuff for 192.168.1.0 network

so can  same router do dhcp for 3 different networks?

thanks

mahesh

Reza Sharifi Fri, 04/16/2010 - 14:52

Yes, just extend the vlans from all later-2 switches to the router and create a sub-interafce for each vlan on the router and let DHCP assign IPs to all the VLANs.

Reza

Jon Marshall Fri, 04/16/2010 - 14:54

mahesh18 wrote:

Hi Reza

so you mean to say vlan 10 and 20 on each layer 2 switch  then connect these 3 switches as non trunk port and connect it to layer 3 switch?

but how will i do ip adressing right now router is doing the dhcp stuff for 192.168.1.0 network

so can  same router do dhcp for 3 different networks?

thanks

mahesh

Mahesh

You can either have a vlan per L2 switch or both vlans on each L2 switch.

You can set up DHCP pools on the 3750 L3 switch for each vlan ie. move it from the router to the 3750 switch.

Natting you need to leave on your router because 3750 switches don't support NAT.

You will need to then have a L3 link between your 3750 and the router eg.

router

=====

LAN interface

int fa0/0

ip address 192.168.5.1 255.255.255.252

L3 switch

=======

interface connecting to router

int gi0/1

no switchport

ip address 192.168.5.2 255.255.255.252

then on the 3750 add a default-route for the internet -

ip route 0.0.0.0 0.0.0.0 192.168.5.1 

Finally on the router you will need to add routes for the vlans on your 3750 switch eg.

ip route 192.168.5.2

etc.. for each vlan on your 3750

Jon

mahesh18 Fri, 04/16/2010 - 15:25

Hi Jon

Thanks for reply

so i can create DHCP pool like this in layer 3 switch

ip dhcp pool Add_Pool
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1

so by giving this pool in layer 3 switch i can have different subnets for example

192.168.5.1

192.168.3.1??

thanks

mahesh

Jon Marshall Fri, 04/16/2010 - 15:32

mahesh18 wrote:

Hi Jon

Thanks for reply

so i can create DHCP pool like this in layer 3 switch

ip dhcp pool Add_Pool
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1

so by giving this pool in layer 3 switch i can have different subnets for example

192.168.5.1

192.168.3.1??

thanks

mahesh

Mahesh

Correct. Don't forget to exlude addresses used from the pool eg. the IP address assigned to the L3 vlan interfaces on the 3750 eg.

ip dhcp excluded-address 192.168.5.1

etc..

Jon

Reza Sharifi Fri, 04/16/2010 - 15:33

mahesh,

Yes, can have multiple vlan/subnet on a layer-3 switch. As a matter of fact if you have a 24 or 48 port switch you can put each port in a different vlan.

Example:

port 1 vlan 10 ip address 192.168.10.0/24

port 2 vlan 20 ip address 192.168.20.0/24

port 3 vlan 30 ip address 192.168.30.0/24

and so on.

yes, you can configure the DHCP pool on the switch just like the router.

HTH

Reza

mahesh18 Sat, 04/17/2010 - 09:46

Hi,

On layer 3 switch right now i have this config

4/4/4 ms
3550SMI#sh run
Building configuration...

Current configuration : 4656 bytes
!
! Last configuration change at 10:09:40 MST Sat Apr 17 2010 by manveer
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname 3550SMI
!
logging buffered informational
no logging console
enable secret 5 $1$V6fq$0aGqXLjuWwT8/d.C7S5qI1
!
username manveer password 7 020201580E0B0D245E1C59495C
no aaa new-model
clock timezone MST -7
clock summer-time MST recurring
ip subnet-zero
ip routing
!
ip dhcp pool Cisco
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.60
!
ip dhcp snooping vlan 1
ip dhcp snooping
!
!
crypto pki trustpoint TP-self-signed-683474304
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-683474304
revocation-check none
rsakeypair TP-self-signed-683474304
!
!
crypto pki certificate chain TP-self-signed-683474304
certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 36383334 37343330 34301E17 0D313030 34313432 30323230
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3638 33343734
  33303430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  A13A7461 7BCA7E65 258D00AF DA3AC971 25E34ACE E6AD2464 463610AD 661FAB37
  CA6A2034 4616F42E 056178FA 2895C85B D033BF91 95E3C7ED A7E4D858 E396A288
  A88E2BAF 00AAA287 F631A437 2684B50B 696B9D44 A769E689 F4106921 7C34343C
  B85745E9 67FFF8E1 E0DA019F 436A5054 C3BD95D6 787AE732 D50B16F0 73D852CB
  02030100 01A36830 66300F06 03551D13 0101FF04 05300301 01FF3013 0603551D
  11040C30 0A820833 35353053 4D492E30 1F060355 1D230418 30168014 F522B5C2
  E52D04AE C5D07BA5 9273AD70 FF4BC058 301D0603 551D0E04 160414F5 22B5C2E5
  2D04AEC5 D07BA592 73AD70FF 4BC05830 0D06092A 864886F7 0D010104 05000381
  81006920 749AF95C 403C8729 753E86B7 177DF346 0BD352D5 7E96AB24 708F682F
  E727DF95 C43E9364 1EDE37EB 29858745 2FBFEB0A 62D2753F E5CCA329 4351D08B
  37F25E79 0001D65F 1D434919 F67548CF FB2CCAFD 35A8F3CD 57815912 0160FB8B
  AAF41A96 2E2728CC EE363866 A295E03B 81EA3EB6 686505D2 E7382D96 F3B19AA7 86FF
  quit
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
ip dhcp snooping trust
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.168.1.60 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
!
router rip
version 2
network 192.168.1.0
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
exec-timeout 60 0
login local
length 500
escape-character 3
line vty 5 15
login
!
ntp clock-period 17180279
ntp server 192.168.1.1
end

so here i can make 2 vlans and assign them IP  as

vlan 10 ip address 192.168.10.0/24

vlan 20 ip address 192.168.20.0/24

vlan 30 ip address 192.168.30.0/24

and also Please check my dhcp config is right for this switch?

many thanks

mahesh

mahesh18 Sun, 04/18/2010 - 06:46

Hi Jon,

Here is config of layer 3 switch

version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
!
hostname 3550SMI
!
logging buffered informational
no logging console
enable secret 5 $1$V6fq$0aGqXLjuWwT8/d.C7S5qI1
!

no aaa new-model
clock timezone MST -7
clock summer-time MST recurring
ip subnet-zero
ip routing
!
ip dhcp pool Cisco
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.60
!
ip dhcp snooping vlan 1
ip dhcp snooping
!
!
crypto pki trustpoint TP-self-signed-683474304
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-683474304
revocation-check none
rsakeypair TP-self-signed-683474304
!
!
crypto pki certificate chain TP-self-signed-683474304
certificate self-signed 01
  3082023E 308201A7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 36383334 37343330 34301E17 0D313030 34313432 30323230
  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3638 33343734
  33303430 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  A13A7461 7BCA7E65 258D00AF DA3AC971 25E34ACE E6AD2464 463610AD 661FAB37
  CA6A2034 4616F42E 056178FA 2895C85B D033BF91 95E3C7ED A7E4D858 E396A288
  A88E2BAF 00AAA287 F631A437 2684B50B 696B9D44 A769E689 F4106921 7C34343C
  B85745E9 67FFF8E1 E0DA019F 436A5054 C3BD95D6 787AE732 D50B16F0 73D852CB
  02030100 01A36830 66300F06 03551D13 0101FF04 05300301 01FF3013 0603551D
  11040C30 0A820833 35353053 4D492E30 1F060355 1D230418 30168014 F522B5C2
  E52D04AE C5D07BA5 9273AD70 FF4BC058 301D0603 551D0E04 160414F5 22B5C2E5
  2D04AEC5 D07BA592 73AD70FF 4BC05830 0D06092A 864886F7 0D010104 05000381
  81006920 749AF95C 403C8729 753E86B7 177DF346 0BD352D5 7E96AB24 708F682F
  E727DF95 C43E9364 1EDE37EB 29858745 2FBFEB0A 62D2753F E5CCA329 4351D08B
  37F25E79 0001D65F 1D434919 F67548CF FB2CCAFD 35A8F3CD 57815912 0160FB8B
  AAF41A96 2E2728CC EE363866 A295E03B 81EA3EB6 686505D2 E7382D96 F3B19AA7 86FF
  quit
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree bpduguard disable
ip dhcp snooping trust
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/3
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/7
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/8
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
spanning-tree bpduguard enable
!
interface FastEthernet0/9
switchport access vlan 10
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/10
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/11
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/12
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/13
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/14
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/15
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/16
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/17
switchport access vlan 20
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/18
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/19
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/20
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/21
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/22
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/23
switchport access vlan 30
switchport mode dynamic desirable
spanning-tree bpduguard enable
!
interface FastEthernet0/24
switchport access vlan 30
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 192.168.1.60 255.255.255.0
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
interface Vlan30
ip address 192.168.30.1 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 192.168.1.0 0.0.0.255 area 0
!
router rip
version 2
network 192.168.1.0
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
exec-timeout 60 0
login local
length 500
escape-character 3
line vty 5 15
login
!
ntp clock-period 17180281
ntp server 192.168.1.1
end

  so i will connect 2 layer 2 switches to this

so on each layer 2 switch i can make up default vlan 1  and assign ip to that right?

and which default gateway should i assign to layer to switches?  vlan 10 or 20  or 30 ip from layer 3?

thanks

mahesh

Jon Marshall Sun, 04/18/2010 - 07:11

Mahesh

so i will connect 2 layer 2 switches to this

so on each layer 2 switch i can make up default vlan 1  and assign ip to that right?

and which default gateway should i assign to layer to switches?  vlan 10 or 20  or 30 ip from layer 3?

If you use vlan 1 interface on the L2 switches then you need to use the vlan 1 IP address from your L3 switch as the default-gateway on your L2 switches.

Remember on a L2 switch the vlan interface is only used to manage the traffic.

Cisco recommend using a vlan for managing your switches other than vlan 1 and not used by any clients/servers etc.

Jon

mahesh18 Sun, 04/18/2010 - 12:34

Hi Jon,

Sorry for late reply.

so in my layer 2 switch i want to config t vlan 10 and 20 each on both switches

then which IP should i asisgn to vlan 10 and 20 on layer 2 switch and can i use vlan 10 ip for both gateways  on layer 2 switches

thanks

mahesh

Jon Marshall Sun, 04/18/2010 - 12:41

mahesh18 wrote:

Hi Jon,

Sorry for late reply.

so in my layer 2 switch i want to config t vlan 10 and 20 each on both switches

then which IP should i asisgn to vlan 10 and 20 on layer 2 switch and can i use vlan 10 ip for both gateways  on layer 2 switches

thanks

mahesh

Mahesh

You can have multiple vlans on a L2 switch at L2 but you can only one L3 vlan interface and this is used for managing the switch. So on your L2 switch you have multiple vlans ie.

if you run this command "sh vlan brief" you should see vlan 10 & 20 and any others you want.

You can only have one L3 vlan interface though. This vlan interface is never used as a default-gateway on PCs/servers etc. The default-gateway for PCs etc. in vlan 10 and 20 will the respective IP address on the L3 switch for vlan 10 and vlan 20.

For your L2 switch default-gateway, whichever L3 vlan interface you use ie. vlan 1, vlan 10 or vlan 20, then you should set the default-gateway to be the L3 IP address of the same vlan on the L3 switch.

Jon

mahesh18 Sun, 04/18/2010 - 13:17

Hi Jon,

Thanks for reply.

so right no i am doing 1 step at time as below

i connected my layer 3 switch with router

3550SMI#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.5.1 to network 0.0.0.0

C    192.168.30.0/24 is directly connected, Vlan30
C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet0/11
S*   0.0.0.0/0 [1/0] via 192.168.5.1

3550SMI#sh run int fa0/11
Building configuration...

Current configuration : 166 bytes
!
interface FastEthernet0/11
description Lan connection to 2650XM Router
no switchport
ip address 192.168.5.2 255.255.255.252
spanning-tree bpduguard enable
end

i am able to ping the router ip as below but can not ping the internet and also not getting ip address from layer 3 switch

3550SMI#ping 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
3550SMI#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
3550SMI#

DHCP config

ip routing
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.30.1
ip dhcp excluded-address 192.168.5.2
ip dhcp excluded-address 192.168.5.1
!
ip dhcp pool Cisco
   import all
   network 192.168.1.0 255.255.255.0
!
!

thanks

mahesh

mahesh18 Sun, 04/18/2010 - 13:20

Hi jon

here is router config

2650xm#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet1/0
2650xm#ping 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
2650xm#ping 192.168.5.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
2650xm#

Jon Marshall Sun, 04/18/2010 - 13:31

mahesh18 wrote:


3550SMI#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.5.1 to network 0.0.0.0

C    192.168.30.0/24 is directly connected, Vlan30
C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet0/11
S*   0.0.0.0/0 [1/0] via 192.168.5.1

3550SMI#sh run int fa0/11
Building configuration...

Current configuration : 166 bytes
!
interface FastEthernet0/11
description Lan connection to 2650XM Router
no switchport
ip address 192.168.5.2 255.255.255.252
spanning-tree bpduguard enable
end

i am able to ping the router ip as below but can not ping the internet and also not getting ip address from layer 3 switch

3550SMI#ping 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
3550SMI#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
3550SMI#


Mahesh

You will need to make sure the router is setup correctly. You will need to setup NAT on the router for your private addressing. Also you need a default-route on your router pointing to the next-hop for the internet. Can you ping an internet address from the router ?

Jon

mahesh18 Sun, 04/18/2010 - 13:48

Ho jon

'

fro router i can ping the internet

2650xm#ping 4.2.2.2****************************************************************************ping to internet IP

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 ms

2650xm#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

S    192.168.30.0/24 [1/0] via 192.168.5.2
S    192.168.10.0/24 [1/0] via 192.168.5.2
S    192.168.20.0/24 [1/0] via 192.168.5.2
     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet1/0
2650xm#'

problem is

1> from switch no ping to internet

3550SMI#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
3550SMI#ping 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
3550SMI#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.5.1 to network 0.0.0.0

C    192.168.30.0/24 is directly connected, Vlan30
C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet0/11
S*   0.0.0.0/0 [1/0] via 192.168.5.1
3550SMI#

2>>>>>>>from layer 3 switch no ip is assigned to PC  so not working as dhcp

here is nat on router config

interface FastEthernet0/0
description WAN Connection to ISP modem
ip address dhcp
ip access-group 102 in
no ip redirects
ip accounting output-packets
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet1/0
ip address 192.168.5.1 255.255.255.252
ip access-group 103 out
ip nat inside
ip virtual-reassembly
duplex auto
speed auto 

ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 deny   icmp any any echo log
access-list 102 permit ip any any
!

Let me know how we can solve these 2 issues for time being

many thanks  jon

Correct Answer
Jon Marshall Sun, 04/18/2010 - 14:14

Mahesh

You only have one DHCP pool configured on the 3550 switch -

ip dhcp pool Cisco
   import all
   network 192.168.1.0 255.255.255.0
!

you need one for each vlan subnet so you will need a pool for -

192.168.10.0/24

192.168.20.0/24

192.168.30.0/24

also you don't need this -

ip dhcp excluded-address 192.168.5.2
ip dhcp excluded-address 192.168.5.1

because you are not handing out any IPs from the 192.168.5.0 pool.

In addition for each pool you need to add a default router so your config should look like -

ip dhcp pool vlan10

   import all

   network 192.168.10.0 255.255.255.0

   default-router 192.168.10.1

ip dhcp pool vlan20

   import all

   network 192.168.20.0 255.255.255.0

   default-router 192.168.20.1

and one for vlan 30 as well.

If you are not allocating any end devices eg. PCs etc. into vlan 1 then you don't need the Cisco DHCP pool. You only need pools for the vlans you are allocating end devices into.

Your NAT -

You currently have this -

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

you will need to add extra lines for each new address range eg.

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.5.0  0.0.0.3 any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

etc..

Jon

mahesh18 Sun, 04/18/2010 - 15:04

Hi Jon,

thanks for great reply

i did exactly as you mentioned   for ip dhcp pool for 3 vlans

but for access -list i did 192.168.0.0 0.0.255.255

after this i am able to ping the internet from switch and pc but not able to open web sites.

many thanks

mahesh

mahesh18 Sun, 04/18/2010 - 16:24

Hi Jon,

I am able to ping internet sites from switch router and pc but unable to open internet sites.

also when i do ipconfig /all on pc it do  not show ip address

from switch and router i am able to ping the internet sites with www.yahoo.com   but not from pc.

i also try to add the isp dns servers with command

ip name server in switch still same thing?

any thoughts

mahesh

mahesh18 Sun, 04/18/2010 - 21:02

Hi Jon,

Now internet is working fine on all pcs.I can access the websites.

this is what is did under  each  Vlan 10,20, and 30  in layer 3 switch  i add the command

dns-server 64.59.135.143

Now when i do ipconfig on pc i see DNS  server as  64.59.135.143.

Many Many thanks for all your help during this all work.

I learned lot of stuff from  you still lot to learn!!.

Best regards

Mahesh

Actions

This Discussion