alttechnology
asked on
Cisco Routing 5505 Help
I currently have a CISCO 5505 with a RSM. I have 4 VLANS
100 10.10.10.1_net Ports 2/1-8
200 11.11.11.1_net Ports 2/9-16
300 12.12.12.1_net Ports 2/17-24
999 192.168.254.1_net Ports 3/1-22
My ISP router/Gateway is set for 192.168.254.254
If I attach any device in any Vlan I can route to any Vlan. I figured out how to do that. I can even resolve DNS and ping devices in each vlan. I set each vlan interface in the RSM to x.x.x.1 for each vlan and they are pingable. BUT I can not route out to the internet.
I want to be able to have any device in any of the four Vlans route out to the internet using the 192.168.254.254 of my ISP router which I can put in any port or create another vlan. Unfortunately, I don’t have clue on what I am doing. I am new to Cisco.
Its this possible and can someone give me a step by step?
Thanks!!
100 10.10.10.1_net Ports 2/1-8
200 11.11.11.1_net Ports 2/9-16
300 12.12.12.1_net Ports 2/17-24
999 192.168.254.1_net Ports 3/1-22
My ISP router/Gateway is set for 192.168.254.254
If I attach any device in any Vlan I can route to any Vlan. I figured out how to do that. I can even resolve DNS and ping devices in each vlan. I set each vlan interface in the RSM to x.x.x.1 for each vlan and they are pingable. BUT I can not route out to the internet.
I want to be able to have any device in any of the four Vlans route out to the internet using the 192.168.254.254 of my ISP router which I can put in any port or create another vlan. Unfortunately, I don’t have clue on what I am doing. I am new to Cisco.
Its this possible and can someone give me a step by step?
Thanks!!
The ISP router most likely needs a modification to its NAT settings to have it NAT for the other subnets you've created. Do you have access to it? You'll want to look at the nat statements, and see if they reference an access-list. If so, you probably need to add references to your other subnets to it.
How are you getting to the internet?
Is the RSM doing NAT?
Is the RSM doing NAT?
ASKER
No,
The ISP router is a DSL Speedstream. It does not serve DHCP (I have my own server serve DHCP) is only set for 192.168.254.254 (Internal). As log as I have anything plugged in to the IPS router with a 192.168.254 address I am ok. But, I was figuring that I could take my Cisco 5505 with the 4 vlans and somehow forward it to the 192.168.254 vlan or tell it to NAT to 192.168.254.254 to get out to the net.
I dont have a clue with the Cisco just starting to go down that road. I am a SAN/Windows/VMWare junkie....
Thanks for nay help!
The ISP router is a DSL Speedstream. It does not serve DHCP (I have my own server serve DHCP) is only set for 192.168.254.254 (Internal). As log as I have anything plugged in to the IPS router with a 192.168.254 address I am ok. But, I was figuring that I could take my Cisco 5505 with the 4 vlans and somehow forward it to the 192.168.254 vlan or tell it to NAT to 192.168.254.254 to get out to the net.
I dont have a clue with the Cisco just starting to go down that road. I am a SAN/Windows/VMWare junkie....
Thanks for nay help!
No you're not routing in the 5500?
You're going to need to enable NAT if you want multiple networks.
Does the 5500 even have a route processor? Use a "show module" command and see if you've got an "RSM" or "RSFC".
You're going to need to enable NAT if you want multiple networks.
Does the 5500 even have a route processor? Use a "show module" command and see if you've got an "RSM" or "RSFC".
ASKER
Yes,
I am using the 5500 to route between vlan 100,200,300 but I want to take a connection from the 5500 and plug it in to the DSL router so that any host in the 5500 on any vlain can route out of the cisco to the DSL router.
The 5500 does have a RSM in slot 5. I think I have it enabled to route between vlans and it boots fine. The problen is I want any host on any of the vlans (100,200,300) to use vlan 999 (the 192.168.254.x vlan) and use the DSL router that is plugged in that vlan with a IP address of 192.168.254.254.
Or can I set a port up link 3/24 and use that for the connection to the DSL router to get out.
I can do a show vlans and the configs if that would help.
Thanks !
I am using the 5500 to route between vlan 100,200,300 but I want to take a connection from the 5500 and plug it in to the DSL router so that any host in the 5500 on any vlain can route out of the cisco to the DSL router.
The 5500 does have a RSM in slot 5. I think I have it enabled to route between vlans and it boots fine. The problen is I want any host on any of the vlans (100,200,300) to use vlan 999 (the 192.168.254.x vlan) and use the DSL router that is plugged in that vlan with a IP address of 192.168.254.254.
Or can I set a port up link 3/24 and use that for the connection to the DSL router to get out.
I can do a show vlans and the configs if that would help.
Thanks !
Here's what you need to do with your RSM:
accesslist 1 permit any
ip nat inside source list 1 interface vlan 999
int vlan 999
ip address 192.168.254.??? 255.255.255.???
ip nat outside
int vlan 100
ip nat inside
int vlan 200
ip nat inside
int vlan 300
ip nat inside
accesslist 1 permit any
ip nat inside source list 1 interface vlan 999
int vlan 999
ip address 192.168.254.??? 255.255.255.???
ip nat outside
int vlan 100
ip nat inside
int vlan 200
ip nat inside
int vlan 300
ip nat inside
ASKER
Don, I am out of town and will be back in a few days. I will try to do this remotely but, I will give this a shot this week.
ASKER
Getting a little closer. Now I can resolve DNS.
Here is the config from the RSM for vlan 100
sho interface vlan 100
Vlan100 is up, line protocol is up
Hardware is Cat5k Virtual Ethernet, address is 0030.9649.d400 (bia 0030.9649.d
400)
Description: ***Internal 10.10.10.x Al Net***
Internet address is 10.10.10.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
=================== Other info === Step by Step =============
Session 5
Password:
Router>en
Password:
Router#
Router#config Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#access-list
Router(config)#ip nat inside source list 1 interface vlan 999
Router(config)#int vlan 999
Router(config-if)#ip address 192.168.254.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#int vlan 100
Router(config-if)#ip nat inside
Router(config-if)#int vlan 200
Router(config-if)#ip nat inside
Router(config-if)#int vlan 300
Router(config-if)#ip nat inside
Router(config-if)#no shut
============== From Workstation patched in to Vlan 200 slot 2 / port 1
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.10.10.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.1
C:\>ping www.yahoo.com
Pinging www.yahoo-ht2.akadns.net [209.73.186.238] with 32 bytes of data:
Reply from 10.10.10.1: Destination host unreachable.
Reply from 10.10.10.1: Destination host unreachable.
Reply from 10.10.10.1: Destination host unreachable.
Reply from 10.10.10.1: Destination host unreachable.
Ping statistics for 209.73.186.238:
==========================
ho access-lists
Standard IP access list 1
permit any (169 matches)
Router#sho conifg
Using 1282 out of 126968 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service single-slot-reload-enable
!
hostname Router
!
enable secr
enable pass
!
ip subnet-zero
ip cef
!
!
!
!
interface Vlan10
description ** Al Route to Inet 1_1_1_1 **
ip address 1.1.1.1 255.255.255.248
no ip route-cache
no ip mroute-cache
!
interface Vlan100
description ***Internal 10.10.10.x Al Net***
ip address 10.10.10.1 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Vlan200
description ***Internal 11.11.11.x Al Net***
ip address 11.11.11.1 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Vlan300
description ***Internal 12.12.12.x Al Net***
ip address 12.12.12.1 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Vlan999
description ***Internal 192.168.254.Route to Inet Al***
ip address 192.168.254.1 255.255.255.0
no ip route-cache
no ip mroute-cache
!
router ospf 100
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 11
Here is the config from the RSM for vlan 100
sho interface vlan 100
Vlan100 is up, line protocol is up
Hardware is Cat5k Virtual Ethernet, address is 0030.9649.d400 (bia 0030.9649.d
400)
Description: ***Internal 10.10.10.x Al Net***
Internet address is 10.10.10.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
=================== Other info === Step by Step =============
Session 5
Password:
Router>en
Password:
Router#
Router#config Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#
Router(config)#access-list
Router(config)#ip nat inside source list 1 interface vlan 999
Router(config)#int vlan 999
Router(config-if)#ip address 192.168.254.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#int vlan 100
Router(config-if)#ip nat inside
Router(config-if)#int vlan 200
Router(config-if)#ip nat inside
Router(config-if)#int vlan 300
Router(config-if)#ip nat inside
Router(config-if)#no shut
============== From Workstation patched in to Vlan 200 slot 2 / port 1
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.10.10.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.10.1
C:\>ping www.yahoo.com
Pinging www.yahoo-ht2.akadns.net [209.73.186.238] with 32 bytes of data:
Reply from 10.10.10.1: Destination host unreachable.
Reply from 10.10.10.1: Destination host unreachable.
Reply from 10.10.10.1: Destination host unreachable.
Reply from 10.10.10.1: Destination host unreachable.
Ping statistics for 209.73.186.238:
==========================
ho access-lists
Standard IP access list 1
permit any (169 matches)
Router#sho conifg
Using 1282 out of 126968 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service single-slot-reload-enable
!
hostname Router
!
enable secr
enable pass
!
ip subnet-zero
ip cef
!
!
!
!
interface Vlan10
description ** Al Route to Inet 1_1_1_1 **
ip address 1.1.1.1 255.255.255.248
no ip route-cache
no ip mroute-cache
!
interface Vlan100
description ***Internal 10.10.10.x Al Net***
ip address 10.10.10.1 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Vlan200
description ***Internal 11.11.11.x Al Net***
ip address 11.11.11.1 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Vlan300
description ***Internal 12.12.12.x Al Net***
ip address 12.12.12.1 255.255.255.0
no ip route-cache
no ip mroute-cache
!
interface Vlan999
description ***Internal 192.168.254.Route to Inet Al***
ip address 192.168.254.1 255.255.255.0
no ip route-cache
no ip mroute-cache
!
router ospf 100
log-adjacency-changes
network 10.10.10.0 0.0.0.255 area 0
network 11
Your VLAN interfaces on the RSM aren't defined as inside or outside.
Also, post the results of "show ip route"
Also, post the results of "show ip route"
ASKER
Ok, I thought that this defined the inside/outside for the vlan. I guess this proves that I dont have a clue with routers.
Router(config-if)#ip address 192.168.254.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#int vlan 100
Router(config-if)#ip nat inside
Here is the sho ip route on the RSM
Router>sho ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/29 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Vlan10
C 127.0.0.0/8 is directly connected, Vlan0
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Vlan100
11.0.0.0/24 is subnetted, 1 subnets
C 11.11.11.0 is directly connected, Vlan200
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, Vlan300
C 192.168.254.0/24 is directly connected, Vlan999
Router(config-if)#ip address 192.168.254.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#int vlan 100
Router(config-if)#ip nat inside
Here is the sho ip route on the RSM
Router>sho ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/29 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Vlan10
C 127.0.0.0/8 is directly connected, Vlan0
10.0.0.0/24 is subnetted, 1 subnets
C 10.10.10.0 is directly connected, Vlan100
11.0.0.0/24 is subnetted, 1 subnets
C 11.11.11.0 is directly connected, Vlan200
12.0.0.0/24 is subnetted, 1 subnets
C 12.12.12.0 is directly connected, Vlan300
C 192.168.254.0/24 is directly connected, Vlan999
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
That did it!