Solved: Re: 2851 with Etherswitch vlans and dhcp -- oh my

scottbob09 · ‎08-28-2006

I am missing something really simple, but for the life of me I cant figure it out. I have a 23 port etherswitch with 3 vlans 2 of which I will eventually connect back to a vpn and the 3rd (vlan 100) I want to throw out the local internet only.

My problem is that although I can get DHCP addresses on all vlans, I cant get to the internet. The router console can successfully ping things on the Internet but none of the vlans can.

I am attaching the router and switch module configs and help would be greatly appreciated.

Edison Ortiz · ‎08-28-2006

Scott,

1) You need an ip nat statement describing the source list and destination interface.

2) You need to include the other networks in the trunk as part of the nat.

Here is your config with the changes

!

! Last configuration change at 12:08:35 EDT Mon Aug 28 2006

! NVRAM config last updated at 12:30:10 EDT Mon Aug 28 2006

!

version 12.4

service timestamps debug datetime msec show-timezone

service timestamps log datetime msec show-timezone

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

clock timezone EST -5

clock summer-time EDT recurring

!

ip cef

no ip dhcp use vrf connected

!

ip dhcp pool Beard_Voice

network 10.10.131.0 255.255.255.0

default-router 10.10.131.3

dns-server 137.123.221.69

!

ip dhcp pool Beard_Data

network 137.123.131.0 255.255.255.0

default-router 137.123.131.3

dns-server 137.123.221.69

!

ip dhcp pool Beard_RR

network 172.30.100.0 255.255.255.0

default-router 172.30.100.1

dns-server 24.92.226.173

!

voice-card 0

no dspfarm

!

interface GigabitEthernet0/0

ip address dhcp

ip nat outside

ip nat enable

ip virtual-reassembly

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet1/0

ip address 1.2.3.5 255.255.255.0

!

interface GigabitEthernet1/0.100

encapsulation dot1Q 100

ip address 172.30.100.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet1/0.131

encapsulation dot1Q 131

ip nat inside

ip address 137.123.131.3 255.255.255.0

!

interface GigabitEthernet1/0.331

encapsulation dot1Q 331

ip nat inside

ip address 10.10.131.3 255.255.255.0

!

router eigrp 100

network 10.0.0.0

network 137.123.0.0

network 172.30.0.0

no auto-summary

no eigrp log-neighbor-changes

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

access-list 1 permit 172.30.100.0 0.0.0.255

access-list 1 permit 137.123.131.0 0.0.0.255

access-list 1 permit 10.10.131.0 0.0.0.255

ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 g0/0

!

control-plane

!

voice-port 0/0/0

!

voice-port 0/0/1

!

voice-port 0/0/2

!

voice-port 0/0/3

!

line con 0

line aux 0

line 66

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

line vty 0 4

login

!

scheduler allocate 20000 1000

!

end

View solution in original post

Richard Burts · ‎08-28-2006

Scott

Am I correct in assuming that your path to the Internet is through interface Gig0/0?

I see that you have NAT inside and NAT outside configured on interfaces. But I do not see any other NAT configuration. This will be a problem in getting to the Internet.

But the biggest problem that I am seeing so far is that your router does not seem to have a default route.

HTH

Rick

HTH

Rick

scottbob09 · ‎08-28-2006

Yes gig0/0 is where we will be plugging in the ISP. Right now it is in a test isp connection we have in our office where we only get DHCP, but at the actual site we will have static addresses. So I guess I should create a loopback interface and assign an IP address to set that staic route to (or am I over thinking it)

Richard Burts · ‎08-28-2006

Scott

I think that you are on the right track. I am not sure that I think that you need to create a loopback interface for this. There are many reasons to create and use loopback addresses and it may or may not be a good thing for you to have. But I do not see a loopback as part of the solution for this routing issue.

If you could tell us a bit more about your testing environment we might be able to give better answers. At this point my advice would be to set up a default route using one of the available options. You could just do ip route 0.0.0.0 0.0.0.0 gig0/0. This would work if a device that you connect to supports proxy ARP. I would not want to do this as a long term implementation because the default route pointed at a LAN interface requires proxy ARP, and can impact performance of the router. But in a testing environment it should work ok.

Another alternative is to configure a default route pointing to a next hop address through the Gig0/0. I see that you are learning an address through DHCP in your test environment, but if there is a router connected through that interface which has a fixed address then you could use that for the next hop in the default route.

HTH

Rick

HTH

Rick

Edison Ortiz · ‎08-28-2006

Scott,

1) You need an ip nat statement describing the source list and destination interface.

2) You need to include the other networks in the trunk as part of the nat.

Here is your config with the changes

!

! Last configuration change at 12:08:35 EDT Mon Aug 28 2006

! NVRAM config last updated at 12:30:10 EDT Mon Aug 28 2006

!

version 12.4

service timestamps debug datetime msec show-timezone

service timestamps log datetime msec show-timezone

service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

clock timezone EST -5

clock summer-time EDT recurring

!

ip cef

no ip dhcp use vrf connected

!

ip dhcp pool Beard_Voice

network 10.10.131.0 255.255.255.0

default-router 10.10.131.3

dns-server 137.123.221.69

!

ip dhcp pool Beard_Data

network 137.123.131.0 255.255.255.0

default-router 137.123.131.3

dns-server 137.123.221.69

!

ip dhcp pool Beard_RR

network 172.30.100.0 255.255.255.0

default-router 172.30.100.1

dns-server 24.92.226.173

!

voice-card 0

no dspfarm

!

interface GigabitEthernet0/0

ip address dhcp

ip nat outside

ip nat enable

ip virtual-reassembly

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet1/0

ip address 1.2.3.5 255.255.255.0

!

interface GigabitEthernet1/0.100

encapsulation dot1Q 100

ip address 172.30.100.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface GigabitEthernet1/0.131

encapsulation dot1Q 131

ip nat inside

ip address 137.123.131.3 255.255.255.0

!

interface GigabitEthernet1/0.331

encapsulation dot1Q 331

ip nat inside

ip address 10.10.131.3 255.255.255.0

!

router eigrp 100

network 10.0.0.0

network 137.123.0.0

network 172.30.0.0

no auto-summary

no eigrp log-neighbor-changes

!

ip nat inside source list 1 interface GigabitEthernet0/0 overload

access-list 1 permit 172.30.100.0 0.0.0.255

access-list 1 permit 137.123.131.0 0.0.0.255

access-list 1 permit 10.10.131.0 0.0.0.255

ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 g0/0

!

control-plane

!

voice-port 0/0/0

!

voice-port 0/0/1

!

voice-port 0/0/2

!

voice-port 0/0/3

!

line con 0

line aux 0

line 66

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

line vty 0 4

login

!

scheduler allocate 20000 1000

!

end