09-03-2010 06:44 AM - edited 03-04-2019 09:39 AM
Hi all,
Can someone put through on how to solve this connectivity problem?
I do have about 10 switches inside my LAN with private IP address like. 192.168.12.2 - 11 . The switch is connected on the same network with my router local interface. I am running 7 VLANs and my core switch connection to my router is a trunk port. All the 5 VLANs are working from within. I can get DHCP address from the router and all the VLANs can be seen on all other switches.
If I assign my laptop and ip address (e.g 192.168.12.15) on the same VLAN 1, I can access any of the 10 switches from within the LAN. I can also access the switches the core switch if i connect to the core through a console cable.
I can access the router from a remote location through the WAN port using the public ip address. I can also access the router LAN port (e.g 192.168.12.1) if i am within the LAN.
My problem is now how to access the switches from the router when I connect to to router from a remote location. I cannot ping any of the swtches from the router and I do have to be local to acess the switches all the time. my partial config is as below:
Config:
Router:
===============
interface GigabitEthernet0/0.1
description ADMIN-VLAN1$FW_INSIDE$
encapsulation dot1Q 1 native
ip address 192.25.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
interface GigabitEthernet0/1
description WAN Uplink$ETH-WAN$$FW_OUTSIDE$
ip address 97.54.218.170 255.255.255.248
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
negotiation auto
!
ip http server
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/1 overload
!
access-list 1 permit 192.25.10.0 0.0.0.255
access-list 1 permit 192.25.20.0 0.0.0.255
access-list 1 permit 192.25.30.0 0.0.0.255
access-list 1 permit 192.25.40.0 0.0.0.255
access-list 1 permit 192.25.50.0 0.0.0.255
access-list 1 permit 192.25.60.0 0.0.0.255
access-list 1 permit 192.25.70.0 0.0.0.255
access-list 1 permit 192.25.80.0 0.0.0.255
access-list 1 permit 192.25.90.0 0.0.0.255
access-list 1 permit 192.25.1.0 0.0.0.255
access-list 2 permit 97.54.208.17
access-list 2 permit 97.54.0.0 0.0.255.255
access-list 2 permit 97.54.218.0 0.0.0.255
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 97.54.218.259
!
!
!
line vty 0 4
access-class 2 in
exec-timeout 60 0
privilege level 15
password 7 13dfetgghrrtbferddefffee
logging synchronous
transport input telnet ssh
line vty 5 15
access-class 2 in
exec-timeout 60 0
password 7 eettfgetdtg335636346
logging synchronous
transport input telnet ssh
===================
Switch:
===================
interface Vlan1
ip address 192.25.1.2 255.255.255.0
no shut
no ip redirects
no ip route-cache
no ip mroute-cache
!
!
line vty 0 4
exec-timeout 30 0
password 7 0523053B11437A3C2A44
logging synchronous
transport input ssh
line vty 5 15
exec-timeout 30 0
password 7 132D14263B03301F1865
logging synchronous
transport input ssh
Thanks
Solved! Go to Solution.
09-05-2010 12:42 AM
Look like need to concentrate on NAT config under Router interfaces.
How about NAT translations ? will show any thing useful stuff ?
I mean because of landing using WAN connection and applied "access-class 2 in"
Please compare the ip address when you are accessing Local and trying to access by WAN remotely.
if it does not make sense please ignore. Thanks.
09-03-2010 07:56 AM
canakweze wrote:
Hi all,
Can someone put through on how to solve this connectivity problem?
I do have about 10 switches inside my LAN with private IP address like. 192.168.12.2 - 11 . The switch is connected on the same network with my router local interface. I am running 7 VLANs and my core switch connection to my router is a trunk port. All the 5 VLANs are working from within. I can get DHCP address from the router and all the VLANs can be seen on all other switches.
If I assign my laptop and ip address (e.g 192.168.12.15) on the same VLAN 1, I can access any of the 10 switches from within the LAN. I can also access the switches the core switch if i connect to the core through a console cable.
I can access the router from a remote location through the WAN port using the public ip address. I can also access the router LAN port (e.g 192.168.12.1) if i am within the LAN.
My problem is now how to access the switches from the router when I connect to to router from a remote location. I cannot ping any of the swtches from the router and I do have to be local to acess the switches all the time. my partial config is as below:
===================
Switch:
===================
interface Vlan1
ip address 192.25.1.2 255.255.255.0
no shut
no ip redirects
no ip route-cache
no ip mroute-cache
!
!
line vty 0 4
exec-timeout 30 0
password 7 0523053B11437A3C2A44
logging synchronous
transport input ssh
line vty 5 15
exec-timeout 30 0
password 7 132D14263B03301F1865
logging synchronous
transport input sshThanks
Add this to your switches-
switch(config)# ip default-gateway 192.25.1.1
Jon
09-03-2010 08:41 AM
I just added (ip default-gateway 192.25.1.1) and I am still not able to get to it from the router. I cannot even ping the swtich from the router. Do I need to define an access list since I have none? Thanks
This is the config I have now on the switch:
CoreSwitch#sho run
Building configuration...
Current configuration : 7613 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CoreSwitch
!
!
username xxxxxxxx password 7 xxxxxxxxxxxxxxxxxxxxxxxx
no aaa new-model
switch 1 provision ws-c3750g-48ts
system mtu routing 1500
ip subnet-zero
!
ip igmp snooping querier
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet 0/1
description UPLINK CONNECTION
switchport trunk encapsulation dot1q
duplex full
storm-control action shutdown
!
interface GigabitEtherne0/2
description UPLINK CONNECTION
duplex full
storm-control action shutdown
.
.
interface Vlan1
ip address 192.25.1.2 255.255.255.0
!
ip default-gateway 192.25.1.1
ip classless
ip http server
!
control-plane
!
!
line con 0
exec-timeout 15 0
password 7 xxxxxxxxxxxxxxxxx
logging synchronous
login
stopbits 1
line vty 0 4
exec-timeout 60 0
password 7 xxxxxxxxxxxxxxxxx
logging synchronous
login
transport input telnet
line vty 5 15
exec-timeout 60 0
password 7 xxxxxxxxxxxxxxxxx
logging synchronous
login
transport input telnet
!
ntp clock-period 36029218
ntp server xxx.xx.x.x
ntp server xxx.xx.xx.xx
end
09-03-2010 09:00 AM
Hello,
Can you issue "show arp" on the router and see if it has an entry for
192.25.1.2 address? If not, then I guess there is some issue with the native
vlan configuration on the switch connected to the router. Please make sure
that the native vlan is 1 and you have not enabled tagging for native vlan
on the switch.
Regards,
NT
09-03-2010 09:12 AM
While I agree with Jon that having default-gateway is a best practice and should be added to the switch, since the switches and the router all appear to be within the same subnet then default-gateway is not the issue that is impacting connectivity here.
I very much like the suggestion from NT about checking the ARP table. This is an excellent check to see if there is layer 2/layer 3 connectivity. I would also suggest that show cdp neighbor would be another good check to verify whether or not there is connectivity (and this would focus on layer 2 connectivity).
To the original poster - I notice that the switch vty is configured with transport input ssh. So the only remote access to the switches is via SSH. Can you verify that SSH is enabled on the switches? (what is the output from show ip ssh )
HTH
Rick
09-03-2010 09:14 AM
I do not see entry for 192.25.1.2 address. I am able to see entries for other devices on other VLANs that have access to internet. What can I do to reslove this?
Thanks
09-03-2010 09:19 AM
Hello,
Can you post the configuration of the switch interface that connects to the
router? Also, post the corresponding router interface configuration once
again here.
Regards,
NT
09-03-2010 04:47 PM
Router WAN Port:
===========
interface GigabitEthernet0/1
description WAN Uplink$ETH-WAN$$FW_OUTSIDE$
ip address 97.54.218.170 255.255.255.248
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
media-type rj45
negotiation
Router LAN Port:
=============
interface GigabitEthernet0/0.700
description Network Switches-VLAN 70$FW_INSIDE$
encapsulation dot1Q 700
ip address 172.16.70.1 255.255.255.192
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
Core Switch Uplink Port to the Router:
======================
interface GigabitEthernet 0/1
description UPLINK CONNECTION
switchport trunk encapsulation dot1q
duplex full
All of the switches are connected on trunk ports like the one above.
09-05-2010 12:42 AM
Look like need to concentrate on NAT config under Router interfaces.
How about NAT translations ? will show any thing useful stuff ?
I mean because of landing using WAN connection and applied "access-class 2 in"
Please compare the ip address when you are accessing Local and trying to access by WAN remotely.
if it does not make sense please ignore. Thanks.
09-05-2010 06:11 AM
Thanks Guys.
I had to look at my ip addresses again and the VLAN mapping. I was actually off in my int ip assignment. All the switches are are in the native VLAN 1 while the interface on the router with the same ip address was on vlan 700. I have moved the ip address on VLAN 700 to VLAN 1 and everything works now.
Thanks so much for your suggesstions.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: