cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2971
Views
10
Helpful
13
Replies

1921 router vlan interface config

ianmatchett
Level 1
Level 1

Hi,


I have managed to configure my router to connect to the internet through a cable modem, with a fixed ip of 192.168.1.254(modem internal ip). 


I have a dhcp pool functional for the rest of the network, and it does assign ip's through a vlan on my extra interface card to computers connecting. However I can not get it to talk to the net, and I can not ping the computer from the router or vice versa. 


Any thoughts on why? 

I have linked the vlan to the interface through switchport and the are all on the subnet 192.168.0.0 255.255.240.0

 

Thanks

Ian

13 Replies 13

Martin Moran
Level 3
Level 3

Hi @ianmatchett,

How many devices exist in your environment (or connecting to the router)? Can you provide an output example of the router config?

Rgrds,

Martin, IT Specialist

Rajeev Sharma
Cisco Employee
Cisco Employee

Hey Ian,

Post the 'show run' from router for more insight.

Regards,

RS.

Hey Guys,

 

We will have anywhere between 100 and 500 devices at any one time going through the router(From phones to tablets to computers) and all DHCP. WE have a very few static ip's as I am trying to keep it as simple as possible. 

Show run: 

 

Current configuration : 3210 bytes

!

! Last configuration change at 14:38:53 UTC Fri Aug 29 2014

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname YWAMSeamill

!

boot-start-marker

boot-end-marker

!

!

enable secret

enable password

!

no aaa new-model

!

ip cef

!

!

!

ip dhcp excluded-address 10.10.1.1 10.10.2.1

!

ip dhcp pool BigPool

import all

network 10.10.0.0 255.255.240.0

domain-name YWAMSeamill

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

crypto pki trustpoint TP-self-signed-690012190

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-690012190

revocation-check none

rsakeypair TP-self-signed-690012190

!

!

crypto pki certificate chain TP-self-signed-690012190

certificate self-signed 01

quit

license udi pid CISCO1921/K9 sn FGL172125JH

!

!

username SeamillAdmin privilege

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

switchport access vlan 20

no ip address

!

interface GigabitEthernet0/0/1

switchport access vlan 20

no ip address

!

interface GigabitEthernet0/0/2

no ip address

!

interface GigabitEthernet0/0/3

no ip address

!

interface Vlan1

no ip address

!

interface Vlan20

ip address dhcp

!

ip forward-protocol nd

!

no ip http server

ip http authentication local

ip http secure-server

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

!

end

I got a few questions for you:

1. Is the DHCP pool configured to give IP addresses in the VLAN 20?

2. Is this router the default gateway for the VLAN 20?

3. If the second question is yes, Why is your interface vlan 20 configured to request an IP address via DHCP? Why don't you configure an static IP address here?

4. Did you configure any static routing pointing to the modem IP address?

5. One last note: In the first post you said that "You have linked the vlan to the interface through switchport and they are all on the subnet 192.168.0.0 255.255.240.0" ... I think You meant subnet 10.10.0.0 255.255.240.0, right?

Hope to see your answers.

Rgrds,

Martin, IT Specialist

 

Hi Martin,

 

Thanks for your questions, I am a newbie on all this so very very much appreciated.

 

1. I think so, that was the aim... 

2. yes

3. Changed: see run file below

4. I have attempted to use a static route to the modem

5. That was a mistake, yes 10.10.x.x is what I want to use for the internal network

 

Current configuration : 3287 bytes

!

! Last configuration change at 15:21:25 UTC Fri Aug 29 2014

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname YWAMSeamill

!

boot-start-marker

boot-end-marker

!

!

enable secret

enable password

!

no aaa new-model

!

ip cef

!

!

!

ip dhcp excluded-address 10.10.1.1 10.10.2.1

!

ip dhcp pool BigPool

import all

network 10.10.0.0 255.255.240.0

domain-name YWAMSeamill

dns-server 4.4.4.2 4.4.4.1

default-router 192.168.1.1

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

crypto pki trustpoint TP-self-signed-690012190

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-690012190

revocation-check none

rsakeypair TP-self-signed-690012190

!

!

crypto pki certificate chain TP-self-signed-690012190

certificate self-signed 01

 

quit

license udi pid CISCO1921/K9 sn FGL172125JH

!

!

username SeamillAdmin

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

switchport access vlan 20

no ip address

!

interface GigabitEthernet0/0/1

switchport access vlan 20

no ip address

!

interface GigabitEthernet0/0/2

no ip address

!

interface GigabitEthernet0/0/3

no ip address

!

interface Vlan1

no ip address

!

interface Vlan20

ip address 10.10.1.1 255.255.255.0

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

!

!

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

!

end

Hi @ianmatchett ,

Some points:

  • First thing is that you have to change the "default-router" option in the DHCP pool with the IP address of the interface VLAN 20 of the router because this is the IP that the router will use to communicate in that segment. Also, change the mask of the IP configured in the interface vlan 20 of the router to match the mask that you are assigning the DHCP pool:

ip dhcp pool BigPool
 default-router 10.10.1.1

!

interface vlan 20

 ip address 10.10.1.1 255.255.240.0

!

NOTE: You have to release/renew the IP addressing in your computers for the new configuration to take effect.
-

  • Before, you could not ping your router from the PCs because the router didn't have any IP in the segment 10.10.x.x to respond to any host. Now that the router has an IP in the segment 10.10.x.x try pinging the router at 10.10.1.1 and It should work now.
  • For the router to PING any outside network you have to configure some static routing at the router. You can do so by configuring a default route pointing to your modem (which I guess is configured to do NAT for your private networks):

ip route 0.0.0.0 0.0.0.0 192.168.1.254 
-
Hope this help and let us now your results.

Rgrds,

Martin, IT Specialist

Hi Martin,


I have made the vlan 20 changes as you described, I can now ping the router from my pc attached through g0/0/0 on vlan 20. It gives it an ip of 10.10.0.1 

 

I can ping outside world from the router, so if I try "google.com" it comes back successful, but I still can not get the pc to ping outside world. In fact, I can not ping the modem from the laptop, although I can from the router. 

Here is what I have: 

 

YWAMSeamill#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down 
GigabitEthernet0/0         192.168.1.1     YES NVRAM  up                    up   
GigabitEthernet0/1         unassigned      YES NVRAM  administratively down down 
GigabitEthernet0/0/0       unassigned      YES unset  up                    up   
GigabitEthernet0/0/1       unassigned      YES unset  down                  down 
GigabitEthernet0/0/2       unassigned      YES unset  down                  down 
GigabitEthernet0/0/3       unassigned      YES unset  down                  down 
NVI0                       unassigned      YES unset  administratively down down 
Vlan1                      unassigned      YES unset  down                  down 
Vlan20                     10.10.1.1       YES manual up                    up   
YWAMSeamill#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 192.168.1.254 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.1.254
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.10.0.0/20 is directly connected, Vlan20
L        10.10.1.1/32 is directly connected, Vlan20
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, GigabitEthernet0/0
L        192.168.1.1/32 is directly connected, GigabitEthernet0/0

 

I feel like it is so close yet so far!!!

Ian

 

Hi @ianmatchett,

The fact that you can ping "google.com" from your router but not from your PC is because the modem doesn't have the 10.10.0.0/20 (subnet facing your laptop) directly connected and it doesn't know how to reach the subnet 10.10.0.0/20  although it knows how to reach the subnet 192.168.1.0/24 (subnet between your router and your modem).

If possible, configure your modem with a static route pointing to the 192.168.1.1 (router IP facing the modem) that tells the modem it can reach 10.10.0.0/20 through the router.

What type of modem do you have? So I can help you searching the way to configure that static route.

Let me know.

Rgrds,

Martin, IT Specialist

I feel like such a dunce! 

Right, so got the route set up on the modem so I can reach it from my laptop, but still can't get outside through the laptop.

 

I am using a BT Business Hub, that has been our router as our modem, attempting to downgrade it to just servicing the broadband link. Do I need to put it into bridge mode? I was thinking I would just stop it issuing ip addresses. 

Thanks

Ian
 

Hi @ianmatchett,

I'm glad to hear that. In that case, if your laptop can't get outside it could be because the modem isn't doing NAT for the 10.10.0.0/20. Can you check if you can configure NAT for the 10.10.0.0/20?

Hope to see your answers.

Rgrds,

Martin, IT Specialist

Hi Martin,

 

Sorry for the radio silence, I have been at a conference for last week, then the mountain of work/emails on return...

 

Re the modem, it is pretty limited, which is why I have bought the cisco router. Would setting it into bridge mode be an option? It would only be 192.168.1.254, static, would the router be able to push the return to 10.10.x.x network? 

 

Ian

Hi @ianmatchett,

If that the case, I will do NAT overload in the router so it will translate the 10.10.x.x into 192.168.x.x (which is the subnet that the modem recognize).

Type the following commands:

access-list "x" permit 10.10.0.0 0.0.15.255

ip nat inside source list 1 interface GigabitEthernet0/0 overload

interface vlan 20

 ip nat inside

interface GigabitEthernet0/0

 ip nat outside

-

This has to work for you.

Let me know your results.

Rgrds,

Martin, IT Specialist

Hi Martin,

 

I have tried that already I am afraid, still no cigar. I can ping google.com from the router, but not a pc connected to the router. 

I am wondering about setting the cable modem up in bridge mode and getting the 1900 to do the PPP etc? IS that possible? 

 

Ian

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: