Solved: Re: How to create separate subnets in network - Page 2

mahesh18 · ‎04-16-2010

Hi all,

I have home newtorl of 2 routes 3 layer 2 and 1 layer 3 switch.

Right now they all are in 1 network --means same subnet.

how can i create different subnets and make inter vlan routing any ideas

thanks

mahesh

mahesh18 · ‎04-18-2010

Hi Jon,

Thanks for reply.

so right no i am doing 1 step at time as below

i connected my layer 3 switch with router

3550SMI#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.5.1 to network 0.0.0.0

C    192.168.30.0/24 is directly connected, Vlan30
C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet0/11
S*   0.0.0.0/0 [1/0] via 192.168.5.1

3550SMI#sh run int fa0/11
Building configuration...

Current configuration : 166 bytes
!
interface FastEthernet0/11
description Lan connection to 2650XM Router
no switchport
ip address 192.168.5.2 255.255.255.252
spanning-tree bpduguard enable
end

i am able to ping the router ip as below but can not ping the internet and also not getting ip address from layer 3 switch

3550SMI#ping 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
3550SMI#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
3550SMI#

DHCP config

ip routing
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
ip dhcp excluded-address 192.168.30.1
ip dhcp excluded-address 192.168.5.2
ip dhcp excluded-address 192.168.5.1
!
ip dhcp pool Cisco
import all
network 192.168.1.0 255.255.255.0
!
!

thanks

mahesh

mahesh18 · ‎04-18-2010

Hi jon

here is router config

2650xm#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

192.168.5.0/30 is subnetted, 1 subnets
C 192.168.5.0 is directly connected, FastEthernet1/0
2650xm#ping 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
2650xm#ping 192.168.5.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
2650xm#

Jon Marshall · ‎04-18-2010

mahesh18 wrote:

3550SMI#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.5.1 to network 0.0.0.0
C    192.168.30.0/24 is directly connected, Vlan30
C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet0/11
S*   0.0.0.0/0 [1/0] via 192.168.5.1
3550SMI#sh run int fa0/11
Building configuration...
Current configuration : 166 bytes
!
interface FastEthernet0/11
 description Lan connection to 2650XM Router
 no switchport
 ip address 192.168.5.2 255.255.255.252
 spanning-tree bpduguard enable
end
i am able to ping the router ip as below but can not ping the internet and also not getting ip address from layer 3 switch
3550SMI#ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
3550SMI#ping 4.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
3550SMI#

Mahesh

You will need to make sure the router is setup correctly. You will need to setup NAT on the router for your private addressing. Also you need a default-route on your router pointing to the next-hop for the internet. Can you ping an internet address from the router ?

Jon

mahesh18 · ‎04-18-2010

Ho jon

'

fro router i can ping the internet

2650xm#ping 4.2.2.2****************************************************************************ping to internet IP

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/49/52 ms

2650xm#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

S    192.168.30.0/24 [1/0] via 192.168.5.2
S    192.168.10.0/24 [1/0] via 192.168.5.2
S    192.168.20.0/24 [1/0] via 192.168.5.2
     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet1/0
2650xm#'

problem is

1> from switch no ping to internet

3550SMI#ping 4.2.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
3550SMI#ping 192.168.5.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
3550SMI#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.5.1 to network 0.0.0.0

C    192.168.30.0/24 is directly connected, Vlan30
C    192.168.10.0/24 is directly connected, Vlan10
C    192.168.20.0/24 is directly connected, Vlan20
     192.168.5.0/30 is subnetted, 1 subnets
C       192.168.5.0 is directly connected, FastEthernet0/11
S*   0.0.0.0/0 [1/0] via 192.168.5.1
3550SMI#

2>>>>>>>from layer 3 switch no ip is assigned to PC so not working as dhcp

here is nat on router config

interface FastEthernet0/0
description WAN Connection to ISP modem
ip address dhcp
ip access-group 102 in
no ip redirects
ip accounting output-packets
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
no fair-queue
!
interface FastEthernet1/0
ip address 192.168.5.1 255.255.255.252
ip access-group 103 out
ip nat inside
ip virtual-reassembly
duplex auto
speed auto

ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 102 deny icmp any any echo log
access-list 102 permit ip any any
!

Let me know how we can solve these 2 issues for time being

many thanks jon

Jon Marshall · ‎04-18-2010

Mahesh

You only have one DHCP pool configured on the 3550 switch -

ip dhcp pool Cisco
import all
network 192.168.1.0 255.255.255.0
!

you need one for each vlan subnet so you will need a pool for -

192.168.10.0/24

192.168.20.0/24

192.168.30.0/24

also you don't need this -

ip dhcp excluded-address 192.168.5.2
ip dhcp excluded-address 192.168.5.1

because you are not handing out any IPs from the 192.168.5.0 pool.

In addition for each pool you need to add a default router so your config should look like -

ip dhcp pool vlan10

import all

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

ip dhcp pool vlan20

import all

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

and one for vlan 30 as well.

If you are not allocating any end devices eg. PCs etc. into vlan 1 then you don't need the Cisco DHCP pool. You only need pools for the vlans you are allocating end devices into.

Your NAT -

You currently have this -

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

you will need to add extra lines for each new address range eg.

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.5.0 0.0.0.3 any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

etc..

Jon

mahesh18 · ‎04-18-2010

Hi Jon,

thanks for great reply

i did exactly as you mentioned for ip dhcp pool for 3 vlans

but for access -list i did 192.168.0.0 0.0.255.255

after this i am able to ping the internet from switch and pc but not able to open web sites.

many thanks

mahesh

mahesh18 · ‎04-18-2010

Hi Jon,

I am able to ping internet sites from switch router and pc but unable to open internet sites.

also when i do ipconfig /all on pc it do not show ip address

from switch and router i am able to ping the internet sites with www.yahoo.com but not from pc.

i also try to add the isp dns servers with command

ip name server in switch still same thing?

any thoughts

mahesh

mahesh18 · ‎04-18-2010

Hi Jon,

Now internet is working fine on all pcs.I can access the websites.

this is what is did under each Vlan 10,20, and 30 in layer 3 switch i add the command

dns-server 64.59.135.143

Now when i do ipconfig on pc i see DNS server as 64.59.135.143.

Many Many thanks for all your help during this all work.

I learned lot of stuff from you still lot to learn!!.

Best regards

Mahesh