VLAN DHCP and routing problems
Hello,
I'm a newbie here with Cisco and I've got a couple of questions if I could get some help with it.
I have a large church campus with 10 Cisco switches and 1 Cisco PIx and 10 Cisco APs. I wanted to change the network from being a flat Class C to 7 VLans. I have learned and programmed the switches
using VTP on the core switch and I understand the port mapping with VLans. My core switch is a 5505 with a Route Switch Module. I have figured out how to setup the vlan ips and routing on the RSM but here's my problem. In the flat network vlan1 is used normally with an ip range of 192.168.0.0/24
I have made it to where my 192.168 subnet can see my new vlans and ping each vlan gateway address. However, after setting my trunks to my other switches and verifying that vtp carried the vlan information over, assigned some ports, I can not get dhcp to work correctly from my win2k dhcp server on vlan1 and if I manually assign an ip to a machine in the new vlan it won't go anywhere. It can't ping anything on vlan1 or any of the other vlan gateways. I'm lost. Here's my RSM config.
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rsm.switch.fumcr.com
!
!
ip subnet-zero
ip domain-name fumcr.com
ip cef
ip dhcp-server 192.168.0.3
!
!
!
interface Vlan1
description default (vlan1) VLAN interface
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Vlan10
description Servers (vlan10) VLAN interface
ip address 10.10.10.1 255.255.255.0
ip helper-address 192.168.0.3
no ip directed-broadcast
ip nat inside
!
interface Vlan20
description Private-Wired (vlan20) VLAN interface
ip address 10.10.20.1 255.255.255.0
ip helper-address 192.168.0.3
no ip directed-broadcast
ip nat inside
!
interface Vlan30
description Public-Wired (vlan30) VLAN interface
ip address 10.10.30.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Vlan40
description Printers (vlan40) VLAN interface
ip address 10.10.40.1 255.255.255.0
ip helper-address 192.168.0.3
no ip directed-broadcast
ip nat inside
!
interface Vlan50
description Private-Wireless (vlan50) VLAN interface
ip address 10.10.50.1 255.255.255.0
ip helper-address 192.168.0.3
no ip directed-broadcast
ip nat inside
!
interface Vlan60
description Public-Wireless (vlan60) VLAN interface
ip address 10.10.60.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Vlan100
description PhoneLink (vlan100) VLAN interface
ip address 10.10.100.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
ip nat inside source list 1 interface Vlan1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.2 (IP Address of my inside interface on the PIX)
ip http server
!
access-list 1 permit any
!
!
line con 0
transport input none
line vty 0 4
!
end
Any ideas? Thanks in advance! Steve
I'm a newbie here with Cisco and I've got a couple of questions if I could get some help with it.
I have a large church campus with 10 Cisco switches and 1 Cisco PIx and 10 Cisco APs. I wanted to change the network from being a flat Class C to 7 VLans. I have learned and programmed the switches
using VTP on the core switch and I understand the port mapping with VLans. My core switch is a 5505 with a Route Switch Module. I have figured out how to setup the vlan ips and routing on the RSM but here's my problem. In the flat network vlan1 is used normally with an ip range of 192.168.0.0/24
I have made it to where my 192.168 subnet can see my new vlans and ping each vlan gateway address. However, after setting my trunks to my other switches and verifying that vtp carried the vlan information over, assigned some ports, I can not get dhcp to work correctly from my win2k dhcp server on vlan1 and if I manually assign an ip to a machine in the new vlan it won't go anywhere. It can't ping anything on vlan1 or any of the other vlan gateways. I'm lost. Here's my RSM config.
Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rsm.switch.fumcr.com
!
!
ip subnet-zero
ip domain-name fumcr.com
ip cef
ip dhcp-server 192.168.0.3
!
!
!
interface Vlan1
description default (vlan1) VLAN interface
ip address 192.168.0.1 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Vlan10
description Servers (vlan10) VLAN interface
ip address 10.10.10.1 255.255.255.0
ip helper-address 192.168.0.3
no ip directed-broadcast
ip nat inside
!
interface Vlan20
description Private-Wired (vlan20) VLAN interface
ip address 10.10.20.1 255.255.255.0
ip helper-address 192.168.0.3
no ip directed-broadcast
ip nat inside
!
interface Vlan30
description Public-Wired (vlan30) VLAN interface
ip address 10.10.30.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Vlan40
description Printers (vlan40) VLAN interface
ip address 10.10.40.1 255.255.255.0
ip helper-address 192.168.0.3
no ip directed-broadcast
ip nat inside
!
interface Vlan50
description Private-Wireless (vlan50) VLAN interface
ip address 10.10.50.1 255.255.255.0
ip helper-address 192.168.0.3
no ip directed-broadcast
ip nat inside
!
interface Vlan60
description Public-Wireless (vlan60) VLAN interface
ip address 10.10.60.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
interface Vlan100
description PhoneLink (vlan100) VLAN interface
ip address 10.10.100.1 255.255.255.0
no ip directed-broadcast
ip nat inside
!
ip nat inside source list 1 interface Vlan1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.2 (IP Address of my inside interface on the PIX)
ip http server
!
access-list 1 permit any
!
!
line con 0
transport input none
line vty 0 4
!
end
Any ideas? Thanks in advance! Steve
ASKER
Thanks donjohnston,
I have changed it but won't be able to test it until tomorrow AM. Does my config look ok? The reason that I ask this is that I put my test machine in vlan 20 and manually set the ip address to 10.10.20.10 with gateway 10.10.20.1 and could not reach anything on the network. But my equipment in vlan 1 can ping anything on any vlan. Do I have a routing issue? I enabled IP routing by doing a (config)ip routing command on the RSM.
Thanks again!! Steve
I have changed it but won't be able to test it until tomorrow AM. Does my config look ok? The reason that I ask this is that I put my test machine in vlan 20 and manually set the ip address to 10.10.20.10 with gateway 10.10.20.1 and could not reach anything on the network. But my equipment in vlan 1 can ping anything on any vlan. Do I have a routing issue? I enabled IP routing by doing a (config)ip routing command on the RSM.
Thanks again!! Steve
>I put my test machine in vlan 20 and manually set the ip address to 10.10.20.10 with gateway 10.10.20.1 and could not reach anything on the network
What network is "the" network?
Why are you running NAT on the RSM? You've got a PIX, right?
What network is "the" network?
Why are you running NAT on the RSM? You've got a PIX, right?
ASKER
Thanks for replying.
Currently the network is vlan 1 and most of the other vlans that I setup. I am running nat on the RSM because I am trying to set the pix at the border and have a barracuda filter after that. I have the pix at the border then I wanted to have the barracuda filter after that for the rest of the network. We have a private network, but I want to have a public network, both filtered and separated from each other. Do I make sense? Sorry, I'm new with this.
Thanks, Steve
Currently the network is vlan 1 and most of the other vlans that I setup. I am running nat on the RSM because I am trying to set the pix at the border and have a barracuda filter after that. I have the pix at the border then I wanted to have the barracuda filter after that for the rest of the network. We have a private network, but I want to have a public network, both filtered and separated from each other. Do I make sense? Sorry, I'm new with this.
Thanks, Steve
>We have a private network, but I want to have a public network, both filtered and separated from each other.
You don't need NAT to do that. An access list will accomplish the same thing.
You don't need NAT to do that. An access list will accomplish the same thing.
ASKER
I tested your change today by changing vlan 1 to ip nat inside and no luck. The test pc will not receive an ip from the dhcp server. I'm wondering if I have a switch configuration problem. However I have the 2924 trunked to the 5505 and I can ping my dhcp server from the 2924. Is dhcp traceable? Maybe then I could see where it is stopping.
Also, I thought I needed to use nat on the vlans along with access lists?
Also, I thought I needed to use nat on the vlans along with access lists?
Let's narrow this down.
Where is the DHCP server? (What port on what switch is it connected)
Where is the PC? (what port on what switch is it connected)
Where is the DHCP server? (What port on what switch is it connected)
Where is the PC? (what port on what switch is it connected)
ASKER
The DHCP server is on port 5/12 of the Cat 5505
The PC is on port 0/24 of the Cat 2924.
The 2924 is connected from port 1/1 (fiber) to port 4/1 on the 5505.
The PC is on port 0/24 of the Cat 2924.
The 2924 is connected from port 1/1 (fiber) to port 4/1 on the 5505.
Can you post the config of the 2924 and the output of a "show port" and "show trunk" on the 5505.
ASKER
Here's the config for the 2924
Using 1504 out of 32768 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname c1.24.switch.fumcr.com
!
enable secret
enable password
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface VLAN1
ip address 192.168.0.16 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 192.168.0.1
snmp-server engineID local 0000000902000003E328DCC0
snmp-server community private RW
snmp-server community public RO
banner login ^C
First United Methodist Church
Richardson, Texas
Family Life Center
Switch 3^C
!
line con 0
transport input none
stopbits 1
line vty 0 4
password
login
line vty 5 15
password
login
!
end
--------------------------
Here's the Show port for the 5505
core.switch.fumcr.co (enable) sh port
Port Name Status Vlan Level Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
1/1 notconnect 1 normal full 1000 1000BaseSX
1/2 notconnect 1 normal full 1000 1000BaseSX
3/1 connected 1 normal full 1000 1000BaseSX
3/2 connected 1 normal full 1000 1000BaseSX
3/3 notconnect 1 normal full 1000 1000BaseSX
3/4 connected 1 normal full 1000 1000BaseSX
3/5 connected 1 normal full 1000 1000BaseSX
3/6 notconnect 1 normal full 1000 1000BaseSX
3/7 notconnect 1 normal full 1000 1000BaseSX
3/8 notconnect 1 normal full 1000 1000BaseSX
3/9 notconnect 1 normal full 1000 1000BaseSX
4/1 connected trunk normal full 100 100BaseFX MM
4/2 connected 1 normal full 100 100BaseFX MM
4/3 connected 1 normal full 100 100BaseFX MM
4/4 connected trunk normal full 100 100BaseFX MM
4/5 notconnect 1 normal half 100 100BaseFX MM
4/6 notconnect 1 normal half 100 100BaseFX MM
4/7 notconnect 1 normal half 100 100BaseFX MM
4/8 notconnect 1 normal half 100 100BaseFX MM
4/9 notconnect 1 normal half 100 100BaseFX MM
4/10 notconnect 1 normal half 100 100BaseFX MM
4/11 notconnect 1 normal half 100 100BaseFX MM
4/12 notconnect 1 normal half 100 100BaseFX MM
5/1 connected 1 normal half 100 100BaseTX
5/2 notconnect 1 normal half 100 100BaseTX
5/3 notconnect 1 normal half 100 100BaseTX
5/4 notconnect 1 normal half 100 100BaseTX
5/5 notconnect 1 normal half 100 100BaseTX
5/6 notconnect 1 normal half 100 100BaseTX
5/7 notconnect 1 normal half 100 100BaseTX
5/8 notconnect 1 normal half 100 100BaseTX
5/9 connected 1 normal half 100 100BaseTX
5/10 notconnect 1 normal half 100 100BaseTX
5/11 connected 1 normal half 100 100BaseTX
5/12 connected 1 normal half 100 100BaseTX
5/13 notconnect 1 normal half 100 100BaseTX
5/14 notconnect 1 normal half 100 100BaseTX
5/15 notconnect 1 normal half 100 100BaseTX
5/16 connected 1 normal half 100 100BaseTX
5/17 connected 1 normal half 100 100BaseTX
5/18 notconnect 1 normal half 100 100BaseTX
5/19 connected 1 normal half 100 100BaseTX
5/20 connected 1 normal half 100 100BaseTX
5/21 connected 1 normal half 100 100BaseTX
5/22 connected 1 normal half 100 100BaseTX
5/23 connected 1 normal half 100 100BaseTX
5/24 connected 1 normal half 100 100BaseTX
15/1 connected trunk normal half 400 Route Switch
Port Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex
----- -------- ----------------- ----------------- -------- -------- -------
3/1 disabled No disabled 46
3/2 disabled No disabled 47
3/3 disabled No disabled 48
3/4 disabled No disabled 49
3/5 disabled No disabled 50
3/6 disabled No disabled 51
3/7 disabled No disabled 52
3/8 disabled No disabled 53
3/9 disabled No disabled 54
4/1 disabled No disabled 10
4/2 disabled No disabled 11
4/3 disabled No disabled 12
4/4 disabled No disabled 13
4/5 disabled No disabled 14
4/6 disabled No disabled 15
4/7 disabled No disabled 16
4/8 disabled No disabled 17
4/9 disabled No disabled 18
4/10 disabled No disabled 19
4/11 disabled No disabled 20
4/12 disabled No disabled 21
5/1 disabled 00-a0-98-00-88-5a No disabled 22
5/2 disabled 00-d0-68-03-9e-68 No disabled 23
5/3 disabled 00-40-ca-1b-38-5e No disabled 24
5/4 disabled 00-40-ca-14-4c-92 No disabled 25
5/5 disabled 00-30-18-a5-5c-38 No disabled 26
5/6 disabled 00-d0-68-03-9e-68 No disabled 27
5/7 disabled 00-e0-b0-fb-17-01 No disabled 28
5/8 disabled 00-e0-b0-fb-17-01 No disabled 29
5/9 disabled 00-40-ca-1b-38-5e No disabled 30
5/10 disabled 00-d0-68-03-9e-68 No disabled 31
5/11 disabled 00-07-e9-1a-72-50 No disabled 32
5/12 disabled 00-40-ca-14-4c-92 No disabled 33
5/13 disabled 00-30-18-a5-5c-38 No disabled 34
5/14 disabled 00-10-c6-de-e4-1c No disabled 35
5/15 disabled 00-10-c6-de-e4-1c No disabled 36
5/16 disabled 00-14-85-65-a2-3c No disabled 37
5/17 disabled 00-40-ca-15-c9-b6 No disabled 38
5/18 disabled 00-e0-b0-fb-17-03 No disabled 39
5/19 disabled 00-50-da-61-84-f7 No disabled 40
5/20 disabled 00-10-5a-1b-35-cf No disabled 41
5/21 disabled 00-b0-d0-aa-99-28 No disabled 42
5/22 disabled 00-e0-b0-fb-17-03 No disabled 43
5/23 disabled 00-15-f9-a9-00-98 No disabled 44
5/24 disabled 00-01-64-ff-cf-0d No disabled 45
Port Trap IfIndex
----- -------- -------
1/1 disabled 3
1/2 disabled 4
15/1 disabled 55
Port Broadcast-Limit Broadcast-Drop
-------- --------------- --------------
1/1 - 0
1/2 - 0
3/1 - 0
3/2 - 0
3/3 - 0
3/4 - 0
3/5 - 0
3/6 - 0
3/7 - 0
3/8 - 0
3/9 - 0
4/1 - -
4/2 - 0
4/3 - 0
4/4 - -
4/5 - 0
4/6 - 0
4/7 - 0
4/8 - 0
4/9 - 0
4/10 - 0
4/11 - 0
4/12 - 0
5/1-8 - 0
5/9-16 - 0
5/17-24 - 0
Port Send FlowControl Receive FlowControl RxPause TxPause Unsupported
admin oper admin oper opcodes
----- -------- -------- -------- -------- ------- ------- -----------
1/1 desired off off off 0 0 0
1/2 desired off off off 0 0 0
3/1 desired off off off 0 0 0
3/2 desired off off off 0 0 0
3/3 desired off off off 0 0 0
3/4 desired off off off 0 0 0
3/5 desired off off off 0 0 0
3/6 desired off off off 0 0 0
3/7 desired off off off 0 0 0
3/8 desired off off off 0 0 0
3/9 desired off off off 0 0 0
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
----- ---------- ---------- ---------- ---------- ---------
1/1 0 0 0 0 0
1/2 0 0 0 0 0
4/1 0 0 0 0 0
4/2 0 0 0 0 0
4/3 0 0 0 0 0
4/4 0 0 0 0 0
4/5 0 0 0 0 0
4/6 0 0 0 0 0
4/7 0 0 0 0 0
4/8 0 0 0 0 0
4/9 0 0 0 0 0
4/10 0 0 0 0 0
4/11 0 0 0 0 0
4/12 0 0 0 0 0
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
1/1 0 0 0 0 0 0 0
1/2 0 0 0 0 0 0 0
4/1 2 5 0 0 0 0 -
4/2 0 0 0 0 0 0 0
4/3 0 0 0 0 0 0 0
4/4 0 0 0 0 0 0 -
4/5 0 0 0 0 0 0 0
4/6 0 0 0 0 0 0 0
4/7 0 0 0 0 0 0 0
4/8 0 0 0 0 0 0 0
4/9 0 0 0 0 0 0 0
4/10 0 0 0 0 0 0 0
4/11 0 0 0 0 0 0 0
4/12 0 0 0 0 0 0 0
Port Auto-Parts Giants Data-Rate FCS-Err Runts Rcv-frms Src-Addr
Mismatch Changes
----- ---------- ---------- ---------- --------- ---------- --------- ---------
5/1 0 4 0 6 0 60209944 1
5/2 0 0 0 0 0 8824 2
5/3 0 0 0 0 8 4400603 1
5/4 0 0 0 0 16 3112661 1
5/5 0 0 0 0 0 3165066 1
5/6 0 0 0 0 0 397 1
5/7 0 0 0 0 0 0 0
5/8 0 0 0 0 0 0 0
5/9 0 0 0 0 64 27120701 2
5/10 0 0 0 0 0 334 1
5/11 0 0 0 0 0 1269482029 1
5/12 0 0 0 0 326 89669631 1
5/13 0 0 0 0 0 94086087 1
5/14 0 0 0 0 0 3292 1
5/15 0 0 0 0 0 8453 1
5/16 0 0 0 0 0 425789 1
5/17 0 0 0 0 69 198738300 1
5/18 0 0 0 0 0 0 0
5/19 0 0 0 3 887 462686892 1
5/20 0 0 0 0 0 155003128 1
5/21 0 0 0 0 1523 1112906424 1
5/22 0 0 0 0 0 0 0
5/23 0 0 0 0 148 1552387 1
5/24 0 0 0 0 0 203398910 1
Port Rcv-Multi Rcv-Broad Good-Bytes Align-Err Short-Evnt Late-Coll Collision
----- ---------- ---------- ---------- --------- ---------- --------- ---------
5/1 - - 3223593753 0 1 0 1161976
5/2 - - 1502942 0 7 0 12
5/3 - - 1539155439 0 7 0 122512
5/4 - - 90230856 0 6 0 104736
5/5 - - 490586688 0 4 0 106710
5/6 - - 149991 0 613 0 6
5/7 - - 0 0 0 0 0
5/8 - - 0 0 0 0 0
5/9 - - 1274487289 0 3296 0 761332
5/10 - - 79561 0 1 0 0
5/11 - - 2240237235 0 7 0 381274392
5/12 - - 2339024304 0 4 6 3066750
5/13 - - 4166515598 0 1739 3 16892643
5/14 - - 925283 0 3 0 3
5/15 - - 1395553 0 5 0 53
5/16 - - 98221923 0 0 0 26235
5/17 - - 1959037311 0 4 0 14441809
5/18 - - 0 0 0 0 0
5/19 - - 3446468452 0 4 0 34519539
5/20 - - 3615298587 0 12 0 3830347
5/21 - - 3058880524 137 0 3 16065368
5/22 - - 0 0 0 0 0
5/23 - - 132645456 0 13 2 12637
5/24 - - 1605510342 0 0 0 11032172
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
----- ---------- ---------- ---------- ---------- ---------
3/1 - 0 0 0 0
3/2 - 0 0 0 0
3/3 - 0 0 0 0
3/4 - 0 0 0 0
3/5 - 0 0 0 0
3/6 - 0 0 0 0
3/7 - 0 0 0 0
3/8 - 0 0 0 0
3/9 - 0 0 0 0
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
3/1 0 0 0 0 0 0 0
3/2 0 0 0 0 0 0 0
3/3 0 0 0 0 0 0 0
3/4 0 0 0 0 0 0 0
3/5 0 0 0 0 0 0 0
3/6 0 0 0 0 0 0 0
3/7 0 0 0 0 0 0 0
3/8 0 0 0 0 0 0 0
3/9 0 0 0 0 0 0 0
Use 'session' command to see router counters.
Last-Time-Cleared
--------------------------
Tue Aug 19 2008, 03:58:36
--------------------------
Here's the show trunk on the 5505
core.switch.fumcr.co (enable) sh trunk
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
4/1 on isl trunking 1
4/4 on isl trunking 1
15/1 nonegotiate isl trunking 1
Port Vlans allowed on trunk
-------- --------------------------
4/1 1-1005
4/4 1-1005
15/1 1-1005
Port Vlans allowed and active in management domain
-------- --------------------------
4/1 1,10,20,30,40,50,60,100
4/4 1,10,20,30,40,50,60,100
15/1 1,10,20,30,40,50,60,100
Port Vlans in spanning tree forwarding state and not pruned
-------- --------------------------
4/1 1,10,20,30,40,50,60,100
4/4 1,10,20,30,40,50,60,100
15/1 1,10,20,30,40,50,60,100
core.switch.fumcr.co (enable)
Using 1504 out of 32768 bytes
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname c1.24.switch.fumcr.com
!
enable secret
enable password
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface VLAN1
ip address 192.168.0.16 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 192.168.0.1
snmp-server engineID local 0000000902000003E328DCC0
snmp-server community private RW
snmp-server community public RO
banner login ^C
First United Methodist Church
Richardson, Texas
Family Life Center
Switch 3^C
!
line con 0
transport input none
stopbits 1
line vty 0 4
password
login
line vty 5 15
password
login
!
end
--------------------------
Here's the Show port for the 5505
core.switch.fumcr.co (enable) sh port
Port Name Status Vlan Level Duplex Speed Type
----- ------------------ ---------- ---------- ------ ------ ----- ------------
1/1 notconnect 1 normal full 1000 1000BaseSX
1/2 notconnect 1 normal full 1000 1000BaseSX
3/1 connected 1 normal full 1000 1000BaseSX
3/2 connected 1 normal full 1000 1000BaseSX
3/3 notconnect 1 normal full 1000 1000BaseSX
3/4 connected 1 normal full 1000 1000BaseSX
3/5 connected 1 normal full 1000 1000BaseSX
3/6 notconnect 1 normal full 1000 1000BaseSX
3/7 notconnect 1 normal full 1000 1000BaseSX
3/8 notconnect 1 normal full 1000 1000BaseSX
3/9 notconnect 1 normal full 1000 1000BaseSX
4/1 connected trunk normal full 100 100BaseFX MM
4/2 connected 1 normal full 100 100BaseFX MM
4/3 connected 1 normal full 100 100BaseFX MM
4/4 connected trunk normal full 100 100BaseFX MM
4/5 notconnect 1 normal half 100 100BaseFX MM
4/6 notconnect 1 normal half 100 100BaseFX MM
4/7 notconnect 1 normal half 100 100BaseFX MM
4/8 notconnect 1 normal half 100 100BaseFX MM
4/9 notconnect 1 normal half 100 100BaseFX MM
4/10 notconnect 1 normal half 100 100BaseFX MM
4/11 notconnect 1 normal half 100 100BaseFX MM
4/12 notconnect 1 normal half 100 100BaseFX MM
5/1 connected 1 normal half 100 100BaseTX
5/2 notconnect 1 normal half 100 100BaseTX
5/3 notconnect 1 normal half 100 100BaseTX
5/4 notconnect 1 normal half 100 100BaseTX
5/5 notconnect 1 normal half 100 100BaseTX
5/6 notconnect 1 normal half 100 100BaseTX
5/7 notconnect 1 normal half 100 100BaseTX
5/8 notconnect 1 normal half 100 100BaseTX
5/9 connected 1 normal half 100 100BaseTX
5/10 notconnect 1 normal half 100 100BaseTX
5/11 connected 1 normal half 100 100BaseTX
5/12 connected 1 normal half 100 100BaseTX
5/13 notconnect 1 normal half 100 100BaseTX
5/14 notconnect 1 normal half 100 100BaseTX
5/15 notconnect 1 normal half 100 100BaseTX
5/16 connected 1 normal half 100 100BaseTX
5/17 connected 1 normal half 100 100BaseTX
5/18 notconnect 1 normal half 100 100BaseTX
5/19 connected 1 normal half 100 100BaseTX
5/20 connected 1 normal half 100 100BaseTX
5/21 connected 1 normal half 100 100BaseTX
5/22 connected 1 normal half 100 100BaseTX
5/23 connected 1 normal half 100 100BaseTX
5/24 connected 1 normal half 100 100BaseTX
15/1 connected trunk normal half 400 Route Switch
Port Security Secure-Src-Addr Last-Src-Addr Shutdown Trap IfIndex
----- -------- ----------------- ----------------- -------- -------- -------
3/1 disabled No disabled 46
3/2 disabled No disabled 47
3/3 disabled No disabled 48
3/4 disabled No disabled 49
3/5 disabled No disabled 50
3/6 disabled No disabled 51
3/7 disabled No disabled 52
3/8 disabled No disabled 53
3/9 disabled No disabled 54
4/1 disabled No disabled 10
4/2 disabled No disabled 11
4/3 disabled No disabled 12
4/4 disabled No disabled 13
4/5 disabled No disabled 14
4/6 disabled No disabled 15
4/7 disabled No disabled 16
4/8 disabled No disabled 17
4/9 disabled No disabled 18
4/10 disabled No disabled 19
4/11 disabled No disabled 20
4/12 disabled No disabled 21
5/1 disabled 00-a0-98-00-88-5a No disabled 22
5/2 disabled 00-d0-68-03-9e-68 No disabled 23
5/3 disabled 00-40-ca-1b-38-5e No disabled 24
5/4 disabled 00-40-ca-14-4c-92 No disabled 25
5/5 disabled 00-30-18-a5-5c-38 No disabled 26
5/6 disabled 00-d0-68-03-9e-68 No disabled 27
5/7 disabled 00-e0-b0-fb-17-01 No disabled 28
5/8 disabled 00-e0-b0-fb-17-01 No disabled 29
5/9 disabled 00-40-ca-1b-38-5e No disabled 30
5/10 disabled 00-d0-68-03-9e-68 No disabled 31
5/11 disabled 00-07-e9-1a-72-50 No disabled 32
5/12 disabled 00-40-ca-14-4c-92 No disabled 33
5/13 disabled 00-30-18-a5-5c-38 No disabled 34
5/14 disabled 00-10-c6-de-e4-1c No disabled 35
5/15 disabled 00-10-c6-de-e4-1c No disabled 36
5/16 disabled 00-14-85-65-a2-3c No disabled 37
5/17 disabled 00-40-ca-15-c9-b6 No disabled 38
5/18 disabled 00-e0-b0-fb-17-03 No disabled 39
5/19 disabled 00-50-da-61-84-f7 No disabled 40
5/20 disabled 00-10-5a-1b-35-cf No disabled 41
5/21 disabled 00-b0-d0-aa-99-28 No disabled 42
5/22 disabled 00-e0-b0-fb-17-03 No disabled 43
5/23 disabled 00-15-f9-a9-00-98 No disabled 44
5/24 disabled 00-01-64-ff-cf-0d No disabled 45
Port Trap IfIndex
----- -------- -------
1/1 disabled 3
1/2 disabled 4
15/1 disabled 55
Port Broadcast-Limit Broadcast-Drop
-------- --------------- --------------
1/1 - 0
1/2 - 0
3/1 - 0
3/2 - 0
3/3 - 0
3/4 - 0
3/5 - 0
3/6 - 0
3/7 - 0
3/8 - 0
3/9 - 0
4/1 - -
4/2 - 0
4/3 - 0
4/4 - -
4/5 - 0
4/6 - 0
4/7 - 0
4/8 - 0
4/9 - 0
4/10 - 0
4/11 - 0
4/12 - 0
5/1-8 - 0
5/9-16 - 0
5/17-24 - 0
Port Send FlowControl Receive FlowControl RxPause TxPause Unsupported
admin oper admin oper opcodes
----- -------- -------- -------- -------- ------- ------- -----------
1/1 desired off off off 0 0 0
1/2 desired off off off 0 0 0
3/1 desired off off off 0 0 0
3/2 desired off off off 0 0 0
3/3 desired off off off 0 0 0
3/4 desired off off off 0 0 0
3/5 desired off off off 0 0 0
3/6 desired off off off 0 0 0
3/7 desired off off off 0 0 0
3/8 desired off off off 0 0 0
3/9 desired off off off 0 0 0
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
----- ---------- ---------- ---------- ---------- ---------
1/1 0 0 0 0 0
1/2 0 0 0 0 0
4/1 0 0 0 0 0
4/2 0 0 0 0 0
4/3 0 0 0 0 0
4/4 0 0 0 0 0
4/5 0 0 0 0 0
4/6 0 0 0 0 0
4/7 0 0 0 0 0
4/8 0 0 0 0 0
4/9 0 0 0 0 0
4/10 0 0 0 0 0
4/11 0 0 0 0 0
4/12 0 0 0 0 0
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
1/1 0 0 0 0 0 0 0
1/2 0 0 0 0 0 0 0
4/1 2 5 0 0 0 0 -
4/2 0 0 0 0 0 0 0
4/3 0 0 0 0 0 0 0
4/4 0 0 0 0 0 0 -
4/5 0 0 0 0 0 0 0
4/6 0 0 0 0 0 0 0
4/7 0 0 0 0 0 0 0
4/8 0 0 0 0 0 0 0
4/9 0 0 0 0 0 0 0
4/10 0 0 0 0 0 0 0
4/11 0 0 0 0 0 0 0
4/12 0 0 0 0 0 0 0
Port Auto-Parts Giants Data-Rate FCS-Err Runts Rcv-frms Src-Addr
Mismatch Changes
----- ---------- ---------- ---------- --------- ---------- --------- ---------
5/1 0 4 0 6 0 60209944 1
5/2 0 0 0 0 0 8824 2
5/3 0 0 0 0 8 4400603 1
5/4 0 0 0 0 16 3112661 1
5/5 0 0 0 0 0 3165066 1
5/6 0 0 0 0 0 397 1
5/7 0 0 0 0 0 0 0
5/8 0 0 0 0 0 0 0
5/9 0 0 0 0 64 27120701 2
5/10 0 0 0 0 0 334 1
5/11 0 0 0 0 0 1269482029 1
5/12 0 0 0 0 326 89669631 1
5/13 0 0 0 0 0 94086087 1
5/14 0 0 0 0 0 3292 1
5/15 0 0 0 0 0 8453 1
5/16 0 0 0 0 0 425789 1
5/17 0 0 0 0 69 198738300 1
5/18 0 0 0 0 0 0 0
5/19 0 0 0 3 887 462686892 1
5/20 0 0 0 0 0 155003128 1
5/21 0 0 0 0 1523 1112906424 1
5/22 0 0 0 0 0 0 0
5/23 0 0 0 0 148 1552387 1
5/24 0 0 0 0 0 203398910 1
Port Rcv-Multi Rcv-Broad Good-Bytes Align-Err Short-Evnt Late-Coll Collision
----- ---------- ---------- ---------- --------- ---------- --------- ---------
5/1 - - 3223593753 0 1 0 1161976
5/2 - - 1502942 0 7 0 12
5/3 - - 1539155439 0 7 0 122512
5/4 - - 90230856 0 6 0 104736
5/5 - - 490586688 0 4 0 106710
5/6 - - 149991 0 613 0 6
5/7 - - 0 0 0 0 0
5/8 - - 0 0 0 0 0
5/9 - - 1274487289 0 3296 0 761332
5/10 - - 79561 0 1 0 0
5/11 - - 2240237235 0 7 0 381274392
5/12 - - 2339024304 0 4 6 3066750
5/13 - - 4166515598 0 1739 3 16892643
5/14 - - 925283 0 3 0 3
5/15 - - 1395553 0 5 0 53
5/16 - - 98221923 0 0 0 26235
5/17 - - 1959037311 0 4 0 14441809
5/18 - - 0 0 0 0 0
5/19 - - 3446468452 0 4 0 34519539
5/20 - - 3615298587 0 12 0 3830347
5/21 - - 3058880524 137 0 3 16065368
5/22 - - 0 0 0 0 0
5/23 - - 132645456 0 13 2 12637
5/24 - - 1605510342 0 0 0 11032172
Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize
----- ---------- ---------- ---------- ---------- ---------
3/1 - 0 0 0 0
3/2 - 0 0 0 0
3/3 - 0 0 0 0
3/4 - 0 0 0 0
3/5 - 0 0 0 0
3/6 - 0 0 0 0
3/7 - 0 0 0 0
3/8 - 0 0 0 0
3/9 - 0 0 0 0
Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants
----- ---------- ---------- ---------- ---------- --------- --------- ---------
3/1 0 0 0 0 0 0 0
3/2 0 0 0 0 0 0 0
3/3 0 0 0 0 0 0 0
3/4 0 0 0 0 0 0 0
3/5 0 0 0 0 0 0 0
3/6 0 0 0 0 0 0 0
3/7 0 0 0 0 0 0 0
3/8 0 0 0 0 0 0 0
3/9 0 0 0 0 0 0 0
Use 'session' command to see router counters.
Last-Time-Cleared
--------------------------
Tue Aug 19 2008, 03:58:36
--------------------------
Here's the show trunk on the 5505
core.switch.fumcr.co (enable) sh trunk
Port Mode Encapsulation Status Native vlan
-------- ----------- ------------- ------------ -----------
4/1 on isl trunking 1
4/4 on isl trunking 1
15/1 nonegotiate isl trunking 1
Port Vlans allowed on trunk
-------- --------------------------
4/1 1-1005
4/4 1-1005
15/1 1-1005
Port Vlans allowed and active in management domain
-------- --------------------------
4/1 1,10,20,30,40,50,60,100
4/4 1,10,20,30,40,50,60,100
15/1 1,10,20,30,40,50,60,100
Port Vlans in spanning tree forwarding state and not pruned
-------- --------------------------
4/1 1,10,20,30,40,50,60,100
4/4 1,10,20,30,40,50,60,100
15/1 1,10,20,30,40,50,60,100
core.switch.fumcr.co (enable)
If you manually assign an IP address to the PC (192.168.0.x/24), can you ping 192.168.0.16 and 192.168.0.1?
ASKER
I have manually assigned the IP 10.10.20.2 to the PC and yes it can ping 192.168.0.1 and 192.168.0.3 which is the dhcp server. However I can't get it to browse the internet or see things on the network by name. Even after setting the DNS to my local dns ip address.
Wait a minute... you assigned an ip address of 10.10.20.2 to the PC? According to the 2950 config, the PC is in VLAN 1. And the IP address of the VLAN 1 interface on the RSFC is 192.168.0.1
ASKER
Correct, but I assigned the port on the 2924 port 0/24 to vlan 20 which is 10.10.20.1
Here's my show vlan on the 2924:
VLAN Name Status Ports
---- --------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa1/2
10 Servers active
20 Private-Wired active Fa0/24
30 Public-Wired active
40 Printers active
50 Private-Wireless active
60 Public-Wireless active
100 PhoneLink active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Here's my show vlan on the 2924:
VLAN Name Status Ports
---- --------------------------
1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4,
Fa0/5, Fa0/6, Fa0/7, Fa0/8,
Fa0/9, Fa0/10, Fa0/11, Fa0/12,
Fa0/13, Fa0/14, Fa0/15, Fa0/16,
Fa0/17, Fa0/18, Fa0/19, Fa0/20,
Fa0/21, Fa0/22, Fa0/23, Fa1/2
10 Servers active
20 Private-Wired active Fa0/24
30 Public-Wired active
40 Printers active
50 Private-Wireless active
60 Public-Wireless active
100 PhoneLink active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
If you can ping the DHCP server from the PC, then you've connectivity. The helper address is in place. The only unknown is the server. Are you sure you've got the scope defined on the DHCP server?
If you put the f0/24 port in VLAN 1 can the PC get an IP address then?
If you put the f0/24 port in VLAN 1 can the PC get an IP address then?
ASKER
Yes. If I put f0/24 into vlan 1 the pc can get an ip address. I am positive I have teh scope defined in the server. I have win2k dhcp server with a 192.168.0.0 scope and a 10.10.20.0 scope.
Well, you've confirmed that packets can get from the PC in VLAN 20 to the server in VLAN 1. The only thing left is the server.
But just to be sure, look at the "show int vlan 20" on the RSFC and confirm that the helper-address shows up correctly.
But just to be sure, look at the "show int vlan 20" on the RSFC and confirm that the helper-address shows up correctly.
ASKER
Well guess what. Now I can get dhcp assigned. It was the server. You can not use super scopes with vlans. So now it is serving up ips correctly. Now onto the next problem. I can get my ip for the pc in vlan 20. But not be able to get to the internet. I can see everything on my network just not the internet.
The PC IP is 10.10.20.2 Subnet 255.255.255.0 Gateway 10.10.20.1
Is that an RSM config problem?
The PC IP is 10.10.20.2 Subnet 255.255.255.0 Gateway 10.10.20.1
Is that an RSM config problem?
Do you have routes on the firewall for the 10 - 60 networks? Can you get to the internet from the RSFC?
ASKER
Uhh. No I guess I don't have routes on the firewall. I thought the RSM would send anything out since it has the statement of 0.0.0.0 0.0.0.0 192.168.0.2 in it. and .2 is my firewall.
It will.
But when the response to your traffic comes back in, the firewall needs to know where those networks are so it can know where to forward the traffic to.
But when the response to your traffic comes back in, the firewall needs to know where those networks are so it can know where to forward the traffic to.
ASKER
I got it!! I figured out to add the whole 10.10.0.0 to my pix and that allowed me to let the vlans on the internet. Now on to the last problem. I need to keep vlans 30 and 60 from being able to see the other vlans but I want to be able to see them. Make sense?
Thanks again for all your help! Steve
Thanks again for all your help! Steve
>Now on to the last problem. I need to keep vlans 30 and 60 from being able to see the other vlans but I want to be able to see them. Make sense?
Nope. Can you be more specific?
Nope. Can you be more specific?
ASKER
I was thinking I need to add access list control to vlan 30 and 60 that would only let those two vlans get to the internet but not any of my other vlans. I wanted to be able to get to a server I would have to put in vlan 30 to serve dhcp and administer it remotely from vlan 10 or 20.
Still not getting it.
Why do you want a separate dhcp server on VLAN 30? And you want to block traffic from VLAN 30 and 60 to all other VLAN's except you want to access it from VLAN 10 or 20?
Why do you want a separate dhcp server on VLAN 30? And you want to block traffic from VLAN 30 and 60 to all other VLAN's except you want to access it from VLAN 10 or 20?
ASKER
I'm allowing public access on our campus to the internet. I just don't want the public users in the other vlans to be able to get to my corporate network.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Change the "ip nat outside" to "ip nat insdie" on the VLAN 1 interface.