Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1357
Views
0
Helpful
17
Replies

How to configure Multiple DHCP with internet access

Go to solution
cool01
Level 1
Level 1

‎12-06-2017 09:00 PM - edited ‎03-05-2019 09:36 AM

I would like to ask some help to fix my configuration by using Multiple DHCP with internet access.

Currently my configuration below is connected to multiple dhcp unfortunately unsuccessful Internet access.

 

Current configuration : 1449 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

ip dhcp excluded-address 192.168.10.1 192.168.10.10

ip dhcp excluded-address 192.168.20.1 192.168.20.10

!

ip dhcp pool vlan10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 103.225.36.226 103.225.36.238

!

ip dhcp pool vlan20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

dns-server 103.225.36.226 103.225.36.238

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

ip nat outside

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

ip nat inside

 

username fair password 0 fairship

!

!

interface FastEthernet0/0

 description Link_to_ISP$ETH-LAN$

 ip address 103.225.36.242 255.255.255.252

ip nat inside

 speed 100

 full-duplex

!

interface FastEthernet0/1

 description Link_to_LAN$ETH-LAN$$ES_LAN$

ip nat outside

no ip address

ip nbar protocol-discovery

 speed 100

 full-duplex

!

 service-policy output DROP

!

interface Serial0/0/0

 no ip address

 shutdown

 clock rate 2000000

!

ip classless

ip route 0.0.0.0 0.0.0.0 103.225.36.241

!

ip http server

!

control-plane

!

line con 0

 password fairshipping

 logging synchronous

 login

line aux 0

line vty 0 4

 password fairshipping

 logging synchronous

 login local

!

end

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎12-07-2017 01:10 AM

Hello,

 

I have made a few additions to your configuration (in bold):

 


Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
username fair password 0 fairship
!
interface FastEthernet0/0
description Link_to_ISP$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat inside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
access-list 1 permit 192.168.10.0
access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
password fairshipping
logging synchronous
login
line aux 0
line vty 0 4
password fairshipping
logging synchronous
login local

View solution in original post

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to cool01

‎12-08-2017 05:36 AM

Hello,

 

do your clients get an IP address ? You might want to add:

 

interface FastEthernet0/17

switchport access vlan 10

description access-port

spanning-tree portfast

 

to all the access ports.

View solution in original post

0 Helpful
17 Replies 17

Go to solution
Georg Pauwen
VIP
VIP

‎12-07-2017 01:10 AM

Hello,

 

I have made a few additions to your configuration (in bold):

 


Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
username fair password 0 fairship
!
interface FastEthernet0/0
description Link_to_ISP$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat inside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
access-list 1 permit 192.168.10.0
access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
password fairshipping
logging synchronous
login
line aux 0
line vty 0 4
password fairshipping
logging synchronous
login local

0 Helpful

Go to solution
cool01
Level 1
Level 1
In response to Georg Pauwen

‎12-08-2017 04:11 AM

I already applied the configuration unfortunately still not working, but i try it again tomorrow. Thanks for your response i hope you can reply my inquiries until i success this configuration. I also include my Switch config below.

 

Switch

 

Building configuration...

 

Current configuration : 5369 bytes

!

! Last configuration change at 14:25:32 GMT+8 Tue Aug 18 2015

! NVRAM config last updated at 14:13:48 GMT+8 Tue Aug 18 2015

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

 

hostname fair_switch

!

boot-start-marker

boot-end-marker

!

enable password f@1r

!

no aaa new-model

clock timezone GMT+8 8 0

!

!

crypto pki trustpoint TP-self-signed-2967729024

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-2967729024

 revocation-check none

 rsakeypair TP-self-signed-2967729024

!

crypto pki certificate chain TP-self-signed-2967729024

 certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32393637 37323930 3234301E 170D3933 30333031 30303030

  35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363737

  32393032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100A994 D09FA408 93DB36BB EB73F0E5 7B4E8FEE A19B52D4 345628F8 C1E7967D

  1E4B5AFD B5B4CB26 9E80D684 8CE610CA A2313E38 04E053BC 21CC4660 B7694029

  7E8FA283 65B72EFE 6D884BF1 1111F005 92734180 34B7C4F8 35F7DFD8 41D40037

  668EEB24 23430096 8AF4C5B7 926E09A8 0C17E30B CD95A0DE 3F68D3EE 2FE75B5B

  0A710203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 143DD2B4 5967CBE7 F732A40D 05A6F94D 1564072A 54301D06

  03551D0E 04160414 3DD2B459 67CBE7F7 32A40D05 A6F94D15 64072A54 300D0609

  2A864886 F70D0101 05050003 8181009F D800E049 CEC8977B F8C672B6 AB6F791E

  5DD70B9D 1BA8E7D5 65326C3A 32CE5A19 1328B4C7 AEEF2386 E787B996 DF904E86

  AC347DF1 0BAA1B8C 8B75667C 8A990367 1E8C2DC2 0C5789C4 214717C2 DCD50244

  5B30FD76 3FB9E159 2B472F6A 3509676C 5FCEACD7 F20FDC10 9FE3B1A5 1EAA223E

  24F57C5E E3CF6D35 743F50F1 2F6E96

        quit

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0

 no ip address

 shutdown

!

interface FastEthernet0/1

switchport mode trunk

 description access-port

 speed 100

 duplex full

!

interface FastEthernet0/2

switchport access vlan 10

 description access-port

!

interface FastEthernet0/3

switchport access vlan 10

 description access-port

!

interface FastEthernet0/4

switchport access vlan 10

 description access-port

!

interface FastEthernet0/5

switchport access vlan 10

 description access-port

!

interface FastEthernet0/6

switchport access vlan 10

 description access-port

!

interface FastEthernet0/7

switchport access vlan 10

 description access-port

!

interface FastEthernet0/8

switchport access vlan 10

 description access-port

!

interface FastEthernet0/9

switchport access vlan 10

 description access-port

!

interface FastEthernet0/10

switchport access vlan 10

 description access-port

!

interface FastEthernet0/11

switchport access vlan 10

 description access-port

!

interface FastEthernet0/12

switchport access vlan 10

 description access-port

!

interface FastEthernet0/13

switchport access vlan 10

 description access-port

!

interface FastEthernet0/14

switchport access vlan 10

 description access-port

!

interface FastEthernet0/15

switchport access vlan 10

 description access-port

!

interface FastEthernet0/16

switchport access vlan 10

 description access-port

!

interface FastEthernet0/17

switchport access vlan 10

 description access-port

!

interface FastEthernet0/18

switchport access vlan 10

 description access-port

!

interface FastEthernet0/19

switchport access vlan 10

 description access-port

!

interface FastEthernet0/20

switchport access vlan 10

 description access-port

!

interface FastEthernet0/21

switchport access vlan 10

 description access-port

!

interface FastEthernet0/22

switchport access vlan 10

 description access-port

!

interface FastEthernet0/23

switchport access vlan 10

 description access-port

!

interface FastEthernet0/24

switchport access vlan 10

 description access-port

!

interface FastEthernet0/25

switchport access vlan 10

 description access-port

!

interface FastEthernet0/26

switchport access vlan 10

 description access-port

!

interface FastEthernet0/27

switchport access vlan 10

 description access-port

!

interface FastEthernet0/28

switchport access vlan 10

 description access-port

interface FastEthernet0/29

switchport access vlan 20

 description access-port

!

interface FastEthernet0/30

switchport access vlan 20

 description access-port

!

interface FastEthernet0/31

switchport access vlan 20

 description access-port

!

interface FastEthernet0/32

switchport access vlan 20

 description access-port

!

interface FastEthernet0/33

switchport access vlan 20

 description access-port

!

interface FastEthernet0/34

switchport access vlan 20

 description access-port

!

interface FastEthernet0/35

 switchport access vlan 20

description access-port

!

interface FastEthernet0/36

 switchport access vlan 20

description access-port

!

interface FastEthernet0/37

 switchport access vlan 20

description access-port

!

interface FastEthernet0/38

 switchport access vlan 20

description access-port

!

interface FastEthernet0/39

 switchport access vlan 20

description access-port

!

interface FastEthernet0/40

 switchport access vlan 20

description access-port

!

interface FastEthernet0/41

 switchport access vlan 20

description access-port

!

interface FastEthernet0/42

switchport access vlan 20

description access-port

!

interface FastEthernet0/43

switchport access vlan 20

description access-port

!

interface FastEthernet0/44

 switchport access vlan 20

description access-port

!

interface FastEthernet0/45

switchport access vlan 20

description access-port

!

interface FastEthernet0/46

 switchport access vlan 20

description access-port

!

interface FastEthernet0/47

switchport access vlan 20

 description access-port

!

interface FastEthernet0/48

 switchport access vlan 20

description access-port

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

!

ip http server

ip http secure-server

!

snmp-server community bl4ckf1b37 RO 99

snmp-server location FairShipping, Malate, Manila

snmp-server contact noc@blackfibersolutions.com

snmp-server chassis-id Cisco 2960

snmp-server enable traps tty

!

!

line con 0

line vty 0 4

 password fairs

 login

line vty 5 15

 login

!

end

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to cool01

‎12-08-2017 05:36 AM

Hello,

 

do your clients get an IP address ? You might want to add:

 

interface FastEthernet0/17

switchport access vlan 10

description access-port

spanning-tree portfast

 

to all the access ports.

0 Helpful

Go to solution
cool01
Level 1
Level 1
In response to Georg Pauwen

‎12-08-2017 07:14 PM

Thanks for your response, i will do your suggestion for my problem. I hope you still response my inquiry until i success this case.

 

Thank you again

0 Helpful

Go to solution
cool01
Level 1
Level 1
In response to Georg Pauwen

‎12-09-2017 12:14 AM

My client got IP address even without spanning-tree portfast but as per your advise i include the spanning-tree portfast. Unfortunately upon applying this config below i still having bad result. Please see below my config for Router and Switch. And please correct my config.

==========

ROUTER

Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat outside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat outside


username fairs password 0 fairs
!
policy-map DROP
 class BLOCKED
   drop
!
interface FastEthernet0/0
 description Link_to_BlackFiber$ETH-LAN$
 ip address 103.225.36.242 255.255.255.252
ip nat inside
 speed 100
 full-duplex
!
interface FastEthernet0/1
 description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat outside
no ip address
ip nbar protocol-discovery
 speed 100
 full-duplex
!
 service-policy output DROP
!
interface Serial0/0/0
 no ip address
 shutdown
 clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
access-list 1 permit 192.168.10.0
access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
 password fairs
 logging synchronous
 login
line aux 0
line vty 0 4
 password fairs
 logging synchronous
 login local
!
end

==========

 SWITCH

Switch

Building configuration...

Current configuration : 5369 bytes
!
! Last configuration change at 14:25:32 GMT+8 Tue Aug 18 2015
! NVRAM config last updated at 14:13:48 GMT+8 Tue Aug 18 2015
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!

hostname fair_switch
!
boot-start-marker
boot-end-marker
!
enable password f@1rs
!
no aaa new-model
clock timezone GMT+8 8 0
!
!
crypto pki trustpoint TP-self-signed-2967729024
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2967729024
 revocation-check none
 rsakeypair TP-self-signed-2967729024
!
crypto pki certificate chain TP-self-signed-2967729024
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32393637 37323930 3234301E 170D3933 30333031 30303030
  35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363737
  32393032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A994 D09FA408 93DB36BB EB73F0E5 7B4E8FEE A19B52D4 345628F8 C1E7967D
  1E4B5AFD B5B4CB26 9E80D684 8CE610CA A2313E38 04E053BC 21CC4660 B7694029
  7E8FA283 65B72EFE 6D884BF1 1111F005 92734180 34B7C4F8 35F7DFD8 41D40037
  668EEB24 23430096 8AF4C5B7 926E09A8 0C17E30B CD95A0DE 3F68D3EE 2FE75B5B
  0A710203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 143DD2B4 5967CBE7 F732A40D 05A6F94D 1564072A 54301D06
  03551D0E 04160414 3DD2B459 67CBE7F7 32A40D05 A6F94D15 64072A54 300D0609
  2A864886 F70D0101 05050003 8181009F D800E049 CEC8977B F8C672B6 AB6F791E
  5DD70B9D 1BA8E7D5 65326C3A 32CE5A19 1328B4C7 AEEF2386 E787B996 DF904E86
  AC347DF1 0BAA1B8C 8B75667C 8A990367 1E8C2DC2 0C5789C4 214717C2 DCD50244
  5B30FD76 3FB9E159 2B472F6A 3509676C 5FCEACD7 F20FDC10 9FE3B1A5 1EAA223E
  24F57C5E E3CF6D35 743F50F1 2F6E96
        quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
 no ip address
 shutdown
!
interface FastEthernet0/1
switchport mode trunk
 description access-port
 speed 100
 duplex full
!
interface FastEthernet0/2
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/25
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/26
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/27
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/28
switchport access vlan 10
 description access-port
spanning-tree portfast
!
interface FastEthernet0/29
switchport access vlan 20
 description access-port
spanning-tree portfast
!
interface FastEthernet0/30
switchport access vlan 20
 description access-port
spanning-tree portfast
!
interface FastEthernet0/31
switchport access vlan 20
 description access-port
spanning-tree portfast
!
interface FastEthernet0/32
switchport access vlan 20
 description access-port
spanning-tree portfast
!
interface FastEthernet0/33
switchport access vlan 20
 description access-port
spanning-tree portfast
!
interface FastEthernet0/34
switchport access vlan 20
 description access-port
spanning-tree portfast
!
interface FastEthernet0/35
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/36
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/37
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/38
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/39
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/40
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/41
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/42
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/43
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/44
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/45
switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/46
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface FastEthernet0/47
switchport access vlan 20
 description access-port
spanning-tree portfast
!
interface FastEthernet0/48
 switchport access vlan 20
description access-port
spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
!
ip http server
ip http secure-server
!
snmp-server community bl4ckf1b37 RO 99
snmp-server location FairS, Malate, Manila
snmp-server contact noc@blackfibersolutions.com
snmp-server chassis-id Cisco 2960
snmp-server enable traps tty
!
line con 0
line vty 0 4
 password fairs
 login
line vty 5 15
 login
!
end

==========

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to cool01

‎12-09-2017 12:23 AM

Hello,

 

the 'ip nat inside' and 'ip nat outside' statements on your router are reversed. Change them to what I marked in bold below:

 

ROUTER

Current configuration : 1449 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool vlan10
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 103.225.36.226 103.225.36.238
!
ip dhcp pool vlan20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 103.225.36.226 103.225.36.238
!
interface FastEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
username fairs password 0 fairs
!
policy-map DROP
class BLOCKED
drop
!
interface FastEthernet0/0
description Link_to_BlackFiber$ETH-LAN$
ip address 103.225.36.242 255.255.255.252
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
description Link_to_LAN$ETH-LAN$$ES_LAN$
ip nat inside
no ip address
ip nbar protocol-discovery
speed 100
full-duplex
!
service-policy output DROP
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 103.225.36.241
!
access-list 1 permit 192.168.10.0
access-list 1 permit 192.168.20.0
!
ip http server
!
control-plane
!
line con 0
password fairs
logging synchronous
login
line aux 0
line vty 0 4
password fairs
logging synchronous
login local
!
end

0 Helpful

Go to solution
cool01
Level 1
Level 1
In response to Georg Pauwen

‎12-12-2017 06:03 PM

After configuration I ping my DNS 8.8.8.8 and 103.225.36.238 using telnet all has success rate 100 but my network connection still limited, i noticed while ping the DNS using cmd my result is "request time out" unlike before "unreachable". Also in my research, I recognized that our configuration for router/switch are correct but i can't understand the configuration still no internet access?

 

 =ROUTER=

Current configuration : 1449 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

ip dhcp excluded-address 192.168.10.1 192.168.10.10

ip dhcp excluded-address 192.168.20.1 192.168.20.10

!

ip dhcp pool vlan10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 8.8.8.8

!

ip dhcp pool vlan20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

dns-server 8.8.8.8

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

ip nat inside

 

 

 

 

 

 

username fairs password 0 fairs

!

interface FastEthernet0/0

 description Link_to_BlackFiber$ETH-LAN$

 ip address 103.225.36.242 255.255.255.252

ip nat outside

 speed 100

 full-duplex

!

interface FastEthernet0/1

 description Link_to_LAN$ETH-LAN$$ES_LAN$

ip nat inside

no ip address

ip nbar protocol-discovery

 speed 100

 full-duplex

!

 service-policy output DROP

!

interface Serial0/0/0

 no ip address

 shutdown

 clock rate 2000000

!

ip nat inside source list 1 interface FastEthernet0/0 overload

!

ip classless

ip route 0.0.0.0 0.0.0.0 103.225.36.241

!

Access-list 1 permit 192.168.10.0

Access-list 1 permit 192.168.20.0

!

ip http server

!

control-plane

!

line con 0

 password fairs

 logging synchronous

 login

line aux 0

line vty 0 4

 password fairs

 logging synchronous

 login local

!

end

 

=SWITCH=

Current configuration : 5369 bytes

!

! Last configuration change at 14:25:32 GMT+8 Tue Aug 18 2015

! NVRAM config last updated at 14:13:48 GMT+8 Tue Aug 18 2015

!

version 15.0

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

 

hostname fair_switch

!

boot-start-marker

boot-end-marker

!

enable password f@1rsh1pp1ng

!

no aaa new-model

clock timezone GMT+8 8 0

!

!

crypto pki trustpoint TP-self-signed-2967729024

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-2967729024

 revocation-check none

 rsakeypair TP-self-signed-2967729024

!

crypto pki certificate chain TP-self-signed-2967729024

 certificate self-signed 01

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39363737

  32393032 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

D800E049 CEC8977B F8C672B6 AB6F791E

  5DD70B9D 1BA8E7D5 65326C3A 32CE5A19 1328B4C7 AEEF2386 E787B996 DF904E86

  AC347DF1 0BAA1B8C 8B75667C 8A990367 1E8C2DC2 0C5789C4 214717C2 DCD50244

  5B30FD76 3FB9E159 2B472F6A 3509676C 5FCEACD7 F20FDC10 9FE3B1A5 1EAA223E

  24F57C5E E3CF6D35 743F50F1 2F6E96

        quit

 

 

 

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0

 no ip address

 shutdown

!

interface FastEthernet0/1

switchport mode trunk

 description access-port

 speed 100

 duplex full

!

interface FastEthernet0/2

switchport access vlan 10

 description access-port

spanning-tree portfast

!

interface FastEthernet0/47

switchport access vlan 20

 description access-port

spanning-tree portfast

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1 (telnet)

ip address 103.225.36.250 255.255.255.252

!

ip http server

ip http secure-server

!

snmp-server community bl4ckf1b37 RO 99

snmp-server location FairShipping, Malate, Manila

snmp-server contact noc@blackfibersolutions.com

snmp-server chassis-id Cisco 2960

snmp-server enable traps tty

!

!

line con 0

line vty 0 4

 password fairs

 login

line vty 5 15

 login

!

end

0 Helpful

Go to solution
cool01
Level 1
Level 1
In response to cool01

‎12-12-2017 10:40 PM

I share the details i had so can easily understand what i want supposed to do in my network.

 

1. Router= 1841 (1800 series)

2. Switch= 2960SF Catalyst

3. I need a separated network with both INTERNET ACCESS.

       a. Network 1 = 192.168.10.1

       b. Network 2 = 192.168.20.1

4. ISP Details(modem) - Direct

       IP Address: 103.225.36.242

       SM: 255.255.255.252

       GW: 103.225.36.241

5. Router to Modem=fa0/0, Router to Switch=fa0/1

 

 

Preview file
21 KB
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to cool01

‎12-13-2017 12:11 AM

Hello,

 

the config looks good. If you can ping 8.8.8.8 you (obviously) have Internet access. What is the output of 'ipconfig /all' from one of the PCs on Vlan 10 or Vlan 20 ?

0 Helpful

Go to solution
cool01
Level 1
Level 1
In response to Georg Pauwen

‎12-13-2017 12:33 AM

But if you ping 8.8.8.8 or 103.225.36.238 you have result "Request Time Out" also i noticed while checking the packet sent/received the sent was simultaneously responded unlike received has no responded. even google.com has rto result.

 

ipconfig /all for Vlan10

192.168.10.11

255.255.255.0

192.168.10.1

8.8.8.8

103.225.36.238

 

ipconfig /all for Vlan20

192.168.20.11

255.255.255.0

192.168.20.1

8.8.8.8

103.225.36.238

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to cool01

‎12-13-2017 01:00 AM

Hello,

 

you have this configured:

 

interface FastEthernet0/0

description Link_to_BlackFiber$ETH-LAN$

ip address 103.225.36.242 255.255.255.252

!

ip route 0.0.0.0 0.0.0.0 103.225.36.241

 

Can you ping 103.225.36.241 from your router ?

0 Helpful

Go to solution
cool01
Level 1
Level 1
In response to Georg Pauwen

‎12-13-2017 02:44 AM

After configuring please see the below ping result for 8.8.8.8, 103.225.36.238, 103.225.36.241, 103.225.36.242. What do you say about this result?

 

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/48/48 ms
========================================================
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 103.225.36.238, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
========================================================
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 103.225.36.241, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
========================================================
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 103.225.36.242, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

0 Helpful

Go to solution
cool01
Level 1
Level 1
In response to cool01

‎12-13-2017 04:02 AM

I was thinking the IP Address provided by our ISP is not allowed for DHCP Server maybe because the IP Address provided use for static IP address per workstation. Our current configuration having installed Static IP Address due to the 103.225.36.242 was distributed to 30 usable IP Addresses and but the installed static ip address we are using please see this below.

 

IP: 103.225.37.131 - my pc

SM: 255.255.255.224

GW: 103.225.37.129

DNS1:103.225.36.238

DNS2:103.225.36.226

 

Current Configuration (Static IP Address per workstation)

Building configuration...

 

Current configuration : 1449 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$nrgd$KqCZrWkVWFUIV/4V5DNRn/

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

!

ip name-server 103.225.36.238

ip name-server 103.225.36.226

ip name-server 8.8.8.8

!

username fairs password 0 fairs

!

interface FastEthernet0/0

 description Link_to_BlackFiber$ETH-LAN$

 ip address 103.225.36.242 255.255.255.252

 speed 100

 full-duplex

!

interface FastEthernet0/1

 description Link_to_LAN$ETH-LAN$$ES_LAN$

 ip address 103.225.36.249 255.255.255.252 secondary

 ip address 103.225.37.129 255.255.255.224

 ip nbar protocol-discovery

 speed 100

 full-duplex

 service-policy output DROP

!

interface Serial0/0/0

 no ip address

 shutdown

 clock rate 2000000

!

ip classless

ip route 0.0.0.0 0.0.0.0 103.225.36.241

!

ip http server

!

!

control-plane

!

!

line con 0

 password fairs

 logging synchronous

 login

line aux 0

line vty 0 4

 password fairs

 logging synchronous

 login local

!

end

 

 

 

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to cool01

‎12-13-2017 04:20 AM

Hello,

 

if these are routable public IP addresses of course you can statically assign them to your host. The only limitation is that the number of hosts is now limited to the number of public IP addresses you have available.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card