cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1640
Views
0
Helpful
10
Replies

Cisco 1861 ISR

vhahonbaltar
Level 1
Level 1

I am tasked to configure this router and deploy to our remote office in Samoa but I am having difficulty gettting the switchpart to work. From the router console, I can ping outside but a pc plugin to the switchport is not seeing outside. Is there a specific config for the switchports other than VLAN, speed and duplex?

See config below:

interface FastEthernet0/0
description Trunk to Router
ip address xx.xx.xx.xx 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/0.100
description WORKSTATION VLAN
encapsulation dot1Q 100
ip address xx.xx.xx.xx 255.255.255.0
ip helper-address xx.xx.xx.xx
!
interface FastEthernet0/1/0
switchport access vlan 100
duplex full

I appreciate any help on this. I have until tomorrow morning to figure this out.

Ray

10 Replies 10

gatlin007
Level 4
Level 4

Ray,

I think you may want to delete the sub-interface on fa0/0 and build an SVI.

Try this:

no inter fa0/0.100

int vlan 100
description WORKSTATION VLAN
ip address xx.xx.xx.xx 255.255.255.0
ip helper-address xx.xx.xx.xx
exit

Assuming the PC is directly connected to fa0/1/10


Chris

Hi Chris,

Thanks for you response.

The pc is directly plugin to int fa0/1/0.

If I delete the sub-interface, how would I associate the port to what VLAN I would like the port would be? I understand that the mother interface shouldnt have any ip, since the IP would be on  the sub-interface for management purposes, but Fa0/0 is also my uplink to the Gi0/1 on the 2821 Router, there these two ports have IPs. I still dont understand why I can ping from the router console and yet a pc connected to the switchport cannot see outside. (Pardon my ignorance since I am new to this type of work).

Thanks again,

Ray

Ray,


Your fa0/0 interface appears to be your outside interface.  fa0/0 already has an address on it.  If you build a sub-interface (fa0/0.100) it would actually point your inside network to your service provider.


Building an SVI (switched virtual interface) will enable your LAN to route out to the service provider.  In this config it dosn't appear you require a Vlan1 because you are using Vlan100.  At this point from the router you should be able to ping the PC.  The PC may not be able to get to the Internet without a NAT configuration.



Chris

Chris,

I would think  I should be able to ping the pc as well. unfortunately, the pc is not seeing outside, ie not able to get to the dhcp server which is on a different subnet.

Yes, fa0/0 is my physical interface facing outside.

The 2821 router this 1861 is ported to also has a switch ported on Gi0/0 where I also have a 3750 on it. That part is fully functional, where this pc I am currently using plugged on it. So from the 2821 to the outside world is fully operational, my problem is only from the switch part of 1861 since I can ping from the router console to anywhere. I think the problem lies on the switch config, where communication between the switch and the router itself is failing.

thanks again,

Ray

Ray,


From the router can you ping the 'ip helper address'?


From the router can you ping the ip address configured on interface vlan 100?


From the router can you ping the PC connected to fa0/1/0?


If the first two work and your PC is not getting DHCP then check that the proper DHCP scope has been configured on the DHCP server.  After this from the PC try to release and renew the DHCP lease.  If you don't have access to the PC you may get lucky by shutting down fa0/1/0, waiting a few minutes and no-shutting the interface.


If your ISP is not NAT'ing your traffic you'll need a NAT config before the PC can access the internet.



Thanks,


Chris

Hi Chris,

From the router, I can ping the DHCP server. From the router I cannot ping the VLAN 100 ip address.

I temporarily configured the attached pc with static IP. No, I cannot ping the pc from the router.

I know the DHCP scope is ok since I have another switch plugged in to Gi0/0. On that switch I have my pc and IP phone connected and both are fully functional including access to the web. My suspect is that the missing part is the communication between the switch module with the router L3 interface fa0/0 to go out to the next hop

Ray,


Is Vlan 100 in the Vlan database?  If you do a 'show vlan' do you see vlan 100?


If not you'll need to add it.  I believe you can do this from global config mode with a 'vlan 100' command.  If the vlan isn't in the vlan database things don't work well.


Next:


If you do a 'show interface fa0/1/0' is it in a 'down down' or a 'up down' state?


If you do a 'show interface vlan 100' this this in a 'down down' or an 'up down' state?



Thanks,


Chris

Chris

Good point. I was thinking of routing on a stick and i got that config wrong as well

Jon

Jon Marshall
Hall of Fame
Hall of Fame

vhahonbaltar wrote:

I am tasked to configure this router and deploy to our remote office in Samoa but I am having difficulty gettting the switchpart to work. From the router console, I can ping outside but a pc plugin to the switchport is not seeing outside. Is there a specific config for the switchports other than VLAN, speed and duplex?

See config below:

interface FastEthernet0/0
description Trunk to Router
ip address xx.xx.xx.xx 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/0.100
description WORKSTATION VLAN
encapsulation dot1Q 100
ip address xx.xx.xx.xx 255.255.255.0
ip helper-address xx.xx.xx.xx
!
interface FastEthernet0/1/0
switchport access vlan 100
duplex full

I appreciate any help on this. I have until tomorrow morning to figure this out.

Ray

Ray

Can you post router config and if the IPs are public then by all means x.x.x.x but if they are private can you leave them in. Basically if the addresses on your fa0/0 interfaces are private addresses are you natting on the router ?

I also need to see the switch config and can you indicate which port on the switch is connected to the router.

Can you also post a "sh int trunk" from the switch.

the fa0/0 interface has an address so this has to be from the native vlan - is the ip from the native vlan ?

finally how are you testing connectivity with the laptop ie. are you trying to ping sites on the internet or connect via http and are you using IPs on the internet or URLs.

If you can answer/provide output from above should be able to make some progress.

Jon

Thanks Jon,

Here is the full config less logging, username, aaa, etc.

We are using private IP so I have I am safe.

0#sho run
Building configuration...


Current configuration : 9649 bytes
!
! Last configuration change at 08:09:58 HST Sat Sep 25 2010 by HONLAdmin
! NVRAM config last updated at 21:57:44 HST Fri Sep 24 2010 by HONLAdmin
!
version 12.4
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname HON-ASM-1800
!
boot-start-marker
boot-end-marker
!
card type t1 0 2
logging message-counter syslog
logging buffered 16384
!
aaa new-model
!
!
aaa authentication login xxx

aaa authorization console
aaa authorization config-commands
aaa authorization exec xxx

aaa authorization commands 1 xxx

aaa authorization commands 15 xxxx

aaa accounting exec xxx

action-type start-stop
group tacacs+
!
aaa accounting commands 1

action-type start-stop
group tacacs+
!
aaa accounting commands 15

action-type start-stop
group tacacs+
!
aaa accounting connection default
action-type start-stop
group tacacs+
!
aaa accounting system default
action-type start-stop
group tacacs+
!
!
!
aaa session-id common
ethernet lmi global
clock timezone  

no network-clock-participate wic 2
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
crypto pki trustpoint TP-self-signed-893051541
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-893051541
revocation-check none
rsakeypair TP-self-signed-893051541
!
!
crypto pki certificate chain TP-self-signed-893051541
certificate self-signed 01
  3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 38393330 35313534 31301E17 0D313030 39323032 30303331
  395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3839 33303531
  35343130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  D104F930 616CA2CD 3354AB90 7C1CC567 6600B0A4 F495658D BD2BEEE9 190E7149
  35599A49 97C58E5C 2F51EB32 A0BF3A11 3574064B 562AD0A7 5C0DB3BE D91827A9
  6159DF99 8DA93CB2 884BB31E 971B32BE 2F28E69F 83018DCE 3B5EBAFC 7C927846
  05159A30 3A35D7F9 BC3032C5 7355EB29 36A7AC57 74FD8535 534361F4 FA50C7D5
  02030100 01A37730 75300F06 03551D13 0101FF04 05300301 01FF3022 0603551D
  11041B30 19821779 6F75726E 616D652E 796F7572 646F6D61 696E2E63 6F6D301F
  0603551D 23041830 16801458 6CCC0493 F25005F4 4DDD9E43 38068FAD 8BAC7330
  1D060355 1D0E0416 0414586C CC0493F2 5005F44D DD9E4338 068FAD8B AC73300D
  06092A86 4886F70D 01010405 00038181 00BEC934 748E51F8 6B3088A7 4D1C9A66
  1A383A3E 4E13892B AF2059EE 6ED53FC4 651B5613 AD93949E 828B79FB 907944FD
  12D39CAB 2073A123 5018A9C3 53BEF409 9C198B70 73C6CF90 FD81CFE2 EF2F30ED
  38E3B731 F01B3168 052B03A7 B65B1674 BC1E2F9F 63AC6CA7 CE50AD41 906701A0
  F5AD7690 634E0DF9 70975935 A9EF1F12 1B
   quit
dot11 syslog
ip source-route
ip cef
!
!
!
!
no ip domain lookup

no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!

!
!
!
archive
log config
  logging enable
  logging size 300
  hidekeys
!
!
controller T1 0/2/0
cablelength long 0db
!
!
!
!
!
interface Loopback0
ip address 10.xx.255.88 255.255.255.255
!
interface FastEthernet0/0
description Trunk to Router
ip address 10.xx.254.89 255.255.255.252
speed 100
full-duplex
!
interface FastEthernet0/0.100
no cdp enable
!
interface FastEthernet0/1/0
switchport access vlan 100
duplex full
!
interface FastEthernet0/1/1
switchport access vlan 100
!
interface FastEthernet0/1/2
switchport access vlan 100
duplex full
!
interface FastEthernet0/1/3
switchport access vlan 100
!
interface FastEthernet0/1/4
switchport access vlan 100
!
interface FastEthernet0/1/5
switchport access vlan 100
!
interface FastEthernet0/1/6
switchport access vlan 100
!
interface FastEthernet0/1/7
switchport access vlan 100
!
interface FastEthernet0/1/8
switchport access vlan 100
duplex full
!
interface Vlan1
no ip address
!
interface Vlan100
description Workstation Vlan
ip address 10.170.76.251 255.255.255.0
ip helper-address 10.170.100.8
!
router eigrp 2121
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
no ip http server
ip http access-class 23
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip tacacs source-interface Loopback0

!
!
!
!
!

!
control-plane
!
!
!
voice-port 0/0/0
!
voice-port 0/0/1
!
voice-port 0/0/2
!
voice-port 0/0/3
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
voice-port 0/4/0
auto-cut-through
signal immediate
input gain auto-control
description Music On Hold Port
!
ccm-manager fax protocol cisco

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: