Hope you can help, have been asked to look into setting up some vlans and could do with some basic information/assistance.
Initally we would like to vlan one office (more to come later). we have a cisco 2800 router which we can use for controlling our vlans.
Our set up is like this :
cisco 2911 (Managed and very little control over) this houses our external internet link
cisco 2800 (Full control over, doing nothing now)
Ive currently set
fa0/0 to 192.168.10.5 talk to the 2911 which is on 192.168.10.1 and hopefully try to use this link as our "uplink" to the internet
fa0/1 is set to 172.16.15.254 which is main buildings network, so i can communicate with the router etc
fa/0/1/1 I have (hopefully) put into vlan20 on 10.10.10.1 (hopefully to be the gateway for 10.10.10.0 network which is to be the other building)
and i have a test computer on 10.10.10.2.
from the 2800 i can ping all addresses (uplink on 192.168.10.1, main network 172.16.10.0 and the test computer 10.10.10.2)
from the computer i can ping the router 10.10.10.1.
What I will eventually need to do, is have vlan20 network with internet access via the 192.168.10.1 link, and also to our servers.
I feel i am missing some step and have spent a few days now trying to learn cisco/routing/gateways to no avail. I believe i need to gateway the vlan via the internet link, to give them internet access (manually putting the computer on a 192 address gatewayed to the internet router works). and eventually The vlan20 will need access to our servers aswell as they will be accessing information from those (which are currently on the main network (172.*)
I would say that you have made a pretty good start. I see a couple of things in the config that you have posted.
- the default-gateway command would be used only if the router starts acting as an IP host. Having the command in the config does not hurt anything, but it is not accomplishing much.
- you have a static route for 10.10.10.0 which you do not need. That subnet is a connected route and therefore you do not need a route statement for it. And why would you use 192.168.1.1 as the next hop?
- you have a static default route configured, which is a good thing. But why use 172.16.10.1 as the next hop? It would seem to make more sense to use 192.168.10.1 as the next hop.
You tell us that the test computer can ping the router at 10.10.10.1. But you do not tell us whether the test computer can ping anything else? As a start can the test computer ping the fa0/0 and fa0/1 interfaces on the 2800 router? For the test computer to ping the 2911 your posted config should work - but you will need a route on the 2911 that gets to 10.10.10.0 using the 2800 as a next hop. Similarly your config should route packets from the test computer to the main building network. But that network needs a route back to 10.10.10.0 for communications to be successful.
1) I read later in the day regarding default-gateway, so have removed that.
2) I was hoping to use 192.168.10.1 as a gateway to give access, but got it wrong have removed that aswell.
3) 172.16.10.1 was entered by mistake. guess my hands are on auto from working with our normal network, it was as you correctly said, intended to be 192.168.10.1.
some more info for you, if i directly connect the test pc to the 911, on a 126.96.36.199 ip and put the 911 as the gateway, i can connect to the internet just fine.
putting the test pc back onto the 2800, in its 10.10.10.2 address, i can ping all the up/up interfaces on the 2800 (this surprised me actually, i was expecting them to be "seperate". But that was just my impression.
Trying to ping 192.168.10.1 (the 2911) failes with a time out.
Due to the nature of the traffic on the remote building, The end-goal is hopefully to have vlan20 on a seperate range of ip's to the main network, without communications to the main network, other than our housed servers and internet. I suspect I will need to vlan the servers and enable routing between them. but I'm trying to learn one step at a time.
I certainly agree about trying to learn one step at a time. And it looks to me like you are making progress.
I believe that when you attempt to ping from the test PC to the 2911 your ping gets to the 2911. But it does not have a route for the 10.10.10 network and so can not send a response. If you (or someone who has access) can configure a route on the 2911 for 10.10.10 with the 2800 as the next hop then I believe that you would be able to ping the 2911.
Once you can ping the 2911 you might want to try access to the Internet. I predict that you will have problems with that and that the problem will be about doing Network Address Translation for the 10.10.10 network. But go one step at a time.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...