Link to home
Start Free TrialLog in
Avatar of giorgosy78
giorgosy78Flag for Afghanistan

asked on

CISCO 1841 AND 2960

Dear Experts

I am new to cisco so i would like some help from you regarding the following configuration. I want to separate some departments into different vlans. All should have access to the internet but none of them should have access to each other.
Unfortunately i can get to the web only from vlan 1 (f0/1) on the switch. I wonder what am i doing wrong as if i plug a pc into any other port which belongs to a different vlan i cannot get any ip from the dhcp of cisco 1841.
A little help will be much appreciated.

Regards
George


CISCO 1841 CONF
 
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router1841
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$Yfnt$G774VpcOum4Hb9W/G0XXU.
enable password xxxxxxxx
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-750196408
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-750196408
 revocation-check none
 rsakeypair TP-self-signed-750196408
!
!
crypto pki certificate chain TP-self-signed-750196408
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 37353031 39363430 38301E17 0D303930 34313730 37323733 
  305A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3735 30313936 
  34303830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  8D8A32A7 833B0AFE B472F801 6DE8EF20 0840ABA8 F51528F8 C4050F7F 76C1FF1C 
  BEA89861 99492933 60826D16 3422E4C5 A31F3871 9A9CD569 0C9C2CF4 2F0819F2 
  A1F17326 FAC75060 3039D946 74F64DE0 5FD0A306 D1E44F20 5B4665E5 161E00F7 
  C526E7BD 89E10914 3B1DF59B 9B9E925A 4A67232A 9F557AF6 1F83BCBE 265BE2E7 
  02030100 01A37930 77300F06 03551D13 0101FF04 05300301 01FF3024 0603551D 
  11041D30 1B821972 6F757465 72313834 312E796F 7572646F 6D61696E 2E636F6D 
  301F0603 551D2304 18301680 145920F1 F6554429 99B69935 70C48D8A 0472BE7B 
  7C301D06 03551D0E 04160414 5920F1F6 55442999 B6993570 C48D8A04 72BE7B7C 
  300D0609 2A864886 F70D0101 04050003 81810045 1347E135 BE988FA0 8A5303EA 
  C7634F4E B273FD38 56CE4310 49BA4317 D2DCBEB2 B6C87E5C 4E9E37F1 A9D2E07D 
  C8E49B7C 2833AFD6 9654F612 3026FC44 1CCBF650 EB754476 F055897E DF84F8ED 
  F5E6974A 57BDA82E 7D6DAD80 5F37FC45 8F71D49A 0E65E958 0704004A 7C755F5F 
  CA648C50 954BA190 F91EA095 71B1D1A8 93A661
  	quit
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.1.1 192.168.1.2
ip dhcp excluded-address 192.168.1.100 192.168.1.254
ip dhcp excluded-address 192.168.20.1 192.168.20.2
ip dhcp excluded-address 192.168.20.100 192.168.20.254
ip dhcp excluded-address 192.168.30.1 192.168.30.2
ip dhcp excluded-address 192.168.30.100 192.168.30.254
ip dhcp excluded-address 192.168.40.1 192.168.40.2
ip dhcp excluded-address 192.168.40.100 192.168.40.254
!
ip dhcp pool LAN1
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 195.14.130.220 217.27.32.196 
   default-router 192.168.0.1 
!
ip dhcp pool vlan10
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 
!
ip dhcp pool vlan20
   import all
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1 
!
ip dhcp pool vlan30
   import all
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1 
!
ip dhcp pool vlan40
   import all
   network 192.168.40.0 255.255.255.0
   default-router 192.168.40.1 
!
!
ip domain name yourdomain.com
ip name-server 217.27.32.196
ip name-server 208.67.222.222
!
multilink bundle-name authenticated
!
!
username admin privilege 15 password 0 xxxxxxxxxx
! 
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 speed auto
 full-duplex
 no mop enabled
!
interface FastEthernet0/1
 description $ES_WAN$$ETH-WAN$
 ip address dhcp client-id FastEthernet0/1
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/1.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0/1.40
 encapsulation dot1Q 40
 ip address 192.168.40.1 255.255.255.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/1 overload
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.20.0 0.0.0.255 any
access-list 100 permit ip 192.168.30.0 0.0.0.255 any
access-list 100 permit ip 192.168.40.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
end
 
 
 
 
 
 
CISCO 2960 CONF
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
vtp mode transparent
ip subnet-zero
!
no ip domain-lookup
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10,20,30,40 
!
interface FastEthernet0/1
!
interface FastEthernet0/2
 switchport access vlan 10
!
interface FastEthernet0/3
 switchport access vlan 10
!
interface FastEthernet0/4
 switchport access vlan 10
!
interface FastEthernet0/5
 switchport access vlan 10
!
interface FastEthernet0/6
 switchport access vlan 10
!
interface FastEthernet0/7
 switchport access vlan 10
!
interface FastEthernet0/8
 switchport access vlan 10
!
interface FastEthernet0/9
 switchport access vlan 20
!
interface FastEthernet0/10
 switchport access vlan 20
!
interface FastEthernet0/11
 switchport access vlan 20
!
interface FastEthernet0/12
 switchport access vlan 20
!
interface FastEthernet0/13
 switchport access vlan 20
!
interface FastEthernet0/14
 switchport access vlan 20
!
interface FastEthernet0/15
 switchport access vlan 20
!
interface FastEthernet0/16
 switchport access vlan 20
!
interface FastEthernet0/17
 switchport access vlan 30
!
interface FastEthernet0/18
 switchport access vlan 30
!
interface FastEthernet0/19
 switchport access vlan 30
!
interface FastEthernet0/20
 switchport access vlan 30
!
interface FastEthernet0/21
 switchport access vlan 30
!
interface FastEthernet0/22
 switchport access vlan 30
!
interface FastEthernet0/23
 switchport access vlan 30
!
interface FastEthernet0/24
 switchport access vlan 30
!
interface FastEthernet0/25
 switchport access vlan 30
!
interface FastEthernet0/26
 switchport access vlan 30
!
interface FastEthernet0/27
 switchport access vlan 30
!
interface FastEthernet0/28
 switchport access vlan 30
!
interface FastEthernet0/29
 switchport access vlan 30
!
interface FastEthernet0/30
 switchport access vlan 30
!
interface FastEthernet0/31
 switchport access vlan 30
!
interface FastEthernet0/32
 switchport access vlan 30
!
interface FastEthernet0/33
 switchport access vlan 30
!
interface FastEthernet0/34
 switchport access vlan 30
!
interface FastEthernet0/35
 switchport access vlan 30
!
interface FastEthernet0/36
 switchport access vlan 30
!
interface FastEthernet0/37
 switchport access vlan 30
!
interface FastEthernet0/38
 switchport access vlan 30
!
interface FastEthernet0/39
 switchport access vlan 30
!
interface FastEthernet0/40
 switchport access vlan 30
!
interface FastEthernet0/41
 switchport access vlan 40
!
interface FastEthernet0/42
 switchport access vlan 40
!
interface FastEthernet0/43
 switchport access vlan 40
!
interface FastEthernet0/44
 switchport access vlan 40
!
interface FastEthernet0/45
 switchport access vlan 40
!
interface FastEthernet0/46
 switchport access vlan 40
!
interface FastEthernet0/47
 switchport access vlan 40
!
interface FastEthernet0/48
 switchport mode trunk
!
interface GigabitEthernet0/1
 switchport access vlan 10
!
interface GigabitEthernet0/2
 switchport access vlan 10
!
interface Vlan1
 ip address 192.168.0.2 255.255.255.0
 no ip route-cache
!
interface Vlan10
 ip address 192.168.1.2 255.255.255.0
 no ip route-cache
!
interface Vlan20
 ip address 192.168.20.2 255.255.255.0
 no ip route-cache
!
interface Vlan30
 ip address 192.168.30.2 255.255.255.0
 no ip route-cache
!
interface Vlan40
 ip address 192.168.40.2 255.255.255.0
 no ip route-cache
!
ip default-gateway 192.168.0.1
ip http server
!
control-plane
!
!

Open in new window

Avatar of API_NOC
API_NOC
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/1.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface FastEthernet0/1.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
!
interface FastEthernet0/1.40
 encapsulation dot1Q 40
 ip address 192.168.40.1 255.255.255.0


no statements of NAT inside. also you may want to put these on the interface FastEthernet0/0
Avatar of giorgosy78
giorgosy78
Flag of Afghanistan image

ASKER

Excuse me if i may not understood correct your answer but isn't the way i have it the same as you told me?

I mean i have the same configuration as you wrote me and is on interface Fastethernet0/0 with no NAT statements inside.

Line 126 to 140.

Correct me if i m wrong please. I want so much to solve this problem.

Avatar of API_NOC
API_NOC
nterface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/0.40
 encapsulation dot1Q 40
 ip address 192.168.40.1 255.255.255.0
ip nat inside

Avatar of giorgosy78
giorgosy78
Flag of Afghanistan image

ASKER

Thank you for been so helpful

I have done as u said but still i am unable to get an ip from the dhcp in any vlan apart from vlan1 which is int f0/1.

Even if i connect a pc on any other vlan with static ip still i cannot ping the router.
E.g vlan 30 with 192.168.30.x 255.255.255.0 and gateway 192.168.30.1 on the pc, i cannot ping 192.168.30.1

I have removed the ip on intf0/0 on the router and did intf0/0.1 with enc dot1q native 1 as a change but still no dhcp to other vlans

:(
Avatar of giorgosy78
giorgosy78
Flag of Afghanistan image

ASKER


This is my latest configuration

CISCO 1841 ROUTER
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.1.1 192.168.1.2
ip dhcp excluded-address 192.168.1.100 192.168.1.254
ip dhcp excluded-address 192.168.20.1 192.168.20.2
ip dhcp excluded-address 192.168.20.100 192.168.20.254
ip dhcp excluded-address 192.168.30.1 192.168.30.2
ip dhcp excluded-address 192.168.30.100 192.168.30.254
ip dhcp excluded-address 192.168.40.1 192.168.40.2
ip dhcp excluded-address 192.168.40.100 192.168.40.254
!
ip dhcp pool LAN1
   import all
   network 192.168.0.0 255.255.255.0
   dns-server 195.14.130.220 217.27.32.196
   default-router 192.168.0.1
!
ip dhcp pool vlan10
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
!
ip dhcp pool vlan20
   import all
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
!
ip dhcp pool vlan30
   import all
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1
!
ip dhcp pool vlan40
   import all
   network 192.168.40.0 255.255.255.0
   default-router 192.168.40.1
!
!
ip domain name yourdomain.com
ip name-server 217.27.32.196
ip name-server 208.67.222.222
!
multilink bundle-name authenticated
!


archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$
 no ip address
 ip nat inside
 ip virtual-reassembly
 speed auto
 full-duplex
 no mop enabled
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.30
 encapsulation dot1Q 30
 ip address 192.168.30.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.40
 encapsulation dot1Q 40
 ip address 192.168.40.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/1
 description $ES_WAN$$ETH-WAN$
 ip address dhcp client-id FastEthernet0/1
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet0/1 overload
!
access-list 23 permit 192.168.0.0 0.0.0.255
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.168.20.0 0.0.0.255
access-list 23 permit 192.168.30.0 0.0.0.255
access-list 23 permit 192.168.40.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
access-list 100 permit ip 192.168.20.0 0.0.0.255 any
access-list 100 permit ip 192.168.30.0 0.0.0.255 any
access-list 100 permit ip 192.168.40.0 0.0.0.255 any




CISCO 2960 SWITCH
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10,20,30,40
!
interface FastEthernet0/1
!
interface FastEthernet0/2
 switchport access vlan 10
!
interface FastEthernet0/3
 switchport access vlan 10
!
interface FastEthernet0/4
 switchport access vlan 10
!
interface FastEthernet0/5
 switchport access vlan 10
!
interface FastEthernet0/6
 switchport access vlan 10
!
interface FastEthernet0/7
 switchport access vlan 10
!
interface FastEthernet0/8
 switchport access vlan 10
!
interface FastEthernet0/9
 switchport access vlan 20
!
interface FastEthernet0/10
 switchport access vlan 20
!
interface FastEthernet0/11
 switchport access vlan 20
!
interface FastEthernet0/12
 switchport access vlan 20
!
interface FastEthernet0/13
 switchport access vlan 20
!
interface FastEthernet0/14
 switchport access vlan 20
!
interface FastEthernet0/15
 switchport access vlan 20
!
interface FastEthernet0/16
 switchport access vlan 20
!
interface FastEthernet0/17
 switchport access vlan 30
!
interface FastEthernet0/18
 switchport access vlan 30
!
interface FastEthernet0/19
 switchport access vlan 30
!
interface FastEthernet0/20
 switchport access vlan 30
!
interface FastEthernet0/21
 switchport access vlan 30
!
interface FastEthernet0/22
 switchport access vlan 30
!
interface FastEthernet0/23
 switchport access vlan 30
!
interface FastEthernet0/24
 switchport access vlan 30
!
interface FastEthernet0/25
 switchport access vlan 30
!
interface FastEthernet0/26
 switchport access vlan 30
!
interface FastEthernet0/27
 switchport access vlan 30
!
interface FastEthernet0/28
 switchport access vlan 30
!
interface FastEthernet0/29
 switchport access vlan 30
!
interface FastEthernet0/30
 switchport access vlan 30
!
interface FastEthernet0/31
 switchport access vlan 30
!
interface FastEthernet0/32
 switchport access vlan 30
!
interface FastEthernet0/33
 switchport access vlan 30
!
interface FastEthernet0/34
 switchport access vlan 30
!
interface FastEthernet0/35
 switchport access vlan 30
!
interface FastEthernet0/36
 switchport access vlan 30
!
interface FastEthernet0/37
 switchport access vlan 30
!
interface FastEthernet0/38
 switchport access vlan 30
!
interface FastEthernet0/39
 switchport access vlan 30
!
interface FastEthernet0/40
 switchport access vlan 30
!
interface FastEthernet0/41
 switchport access vlan 40
!
interface FastEthernet0/42
 switchport access vlan 40
!
interface FastEthernet0/43
 switchport access vlan 40
!
interface FastEthernet0/44
 switchport access vlan 40
!
interface FastEthernet0/45
 switchport access vlan 40
!
interface FastEthernet0/46
 switchport access vlan 40
!
interface FastEthernet0/47
 switchport access vlan 40
!
interface FastEthernet0/48
 switchport mode trunk
 switchport nonegotiate
!
interface GigabitEthernet0/1
 switchport access vlan 10
!
interface GigabitEthernet0/2
 switchport access vlan 10
!
interface Vlan1
 ip address 192.168.0.2 255.255.255.0
 no ip route-cache
!
ASKER CERTIFIED SOLUTION
Avatar of API_NOC
API_NOC
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of API_NOC
API_NOC
and i am also assuming you have a cable between port 0/48 and fastethernet0/0
Avatar of giorgosy78
giorgosy78
Flag of Afghanistan image

ASKER

I dont know what you had in mind when you told me to connect a pc on port 0/17 but as soon as i've done it and put static ips on it EVERTYHING STARTED TO WORK LIKE A CHARM!!!!!!
And i can get an ip also from the dhcp.On every single port on every single vlan...

Thank you so much for your help my dear friend

Now i will have to find out how to make all vlan NOT to talk to each other

Yes there was a cable between 0/48 and f0/0 that was not the issue :)