Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 817
  • Last Modified:

Cisco 2600 VLAN Internet Connectivity.

Hi there, trying to learn about VLANs and Cisco. So far I've been able to get the VLANs working using a 2612 and Catalyst 1900 to assign them etc...

However, I can't seem to figure out why none of clients behind any VLAN can't access the internet.

I've included the config of the 2600.

The 192.168.7.0 network is the network of my ISP router which the 2600 is behind.

Please let me know if the config of the 1900 is needed.

Thanks in advance,
Cisco Newbie
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2600
!
logging queue-limit 100
enable secret 5 
!
ip subnet-zero
!
!
ip name-server 192.168.7.1
ip name-server 68.238.96.12
ip name-server 68.238.64.12
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.11.1 192.168.11.10
ip dhcp excluded-address 192.168.12.1 192.168.12.10
ip dhcp excluded-address 192.168.13.1 192.168.13.10
ip dhcp excluded-address 192.168.14.1 192.168.14.10
ip dhcp excluded-address 192.168.15.1 192.168.15.10
ip dhcp excluded-address 192.168.16.1 192.168.16.10
ip dhcp excluded-address 192.168.17.1 192.168.17.10
ip dhcp excluded-address 192.168.18.1 192.168.18.10
ip dhcp excluded-address 192.168.19.1 192.168.19.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
ip dhcp excluded-address 192.168.21.1 192.168.21.10
ip dhcp excluded-address 192.168.22.1 192.168.22.10
ip dhcp excluded-address 192.168.23.1 192.168.23.10
ip dhcp excluded-address 192.168.24.1 192.168.24.10
ip dhcp excluded-address 192.168.25.1 192.168.25.10
ip dhcp excluded-address 192.168.26.1 192.168.26.10
ip dhcp excluded-address 192.168.27.1 192.168.27.10
ip dhcp excluded-address 192.168.28.1 192.168.28.10
ip dhcp excluded-address 192.168.29.1 192.168.29.10
ip dhcp excluded-address 192.168.30.1 192.168.30.10
!
ip dhcp pool 10
   network 192.168.10.0 255.255.255.0
   dns-server 192.168.7.1 4.2.2.2 4.2.2.3 
   default-router 192.168.10.1 
   domain-name cisco-pwns-me.com
!
ip dhcp pool 11
   network 192.168.11.0 255.255.255.0
   default-router 192.168.11.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 12
   network 192.168.12.0 255.255.255.0
   default-router 192.168.12.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 13
   network 192.168.13.0 255.255.255.0
   default-router 192.168.13.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 14
   network 192.168.14.0 255.255.255.0
   default-router 192.168.14.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 15
   network 192.168.15.0 255.255.255.0
   default-router 192.168.15.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 16
   network 192.168.16.0 255.255.255.0
   default-router 192.168.16.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 17
   network 192.168.17.0 255.255.255.0
   default-router 192.168.17.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 18
   network 192.168.18.0 255.255.255.0
   default-router 192.168.18.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 19
   network 192.168.19.0 255.255.255.0
   default-router 192.168.19.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 20
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 21
   network 192.168.21.0 255.255.255.0
   default-router 192.168.21.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 22
   network 192.168.22.0 255.255.255.0
   default-router 192.168.22.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 23
   network 192.168.23.0 255.255.255.0
   default-router 192.168.23.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 24
   network 192.168.24.0 255.255.255.0
   default-router 192.168.24.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 25
   network 192.168.25.0 255.255.255.0
   default-router 192.168.25.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 26
   network 192.168.26.0 255.255.255.0
   default-router 192.168.26.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 27
   network 192.168.27.0 255.255.255.0
   default-router 192.168.27.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 28
   network 192.168.28.0 255.255.255.0
   default-router 192.168.28.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 29
   network 192.168.29.0 255.255.255.0
   default-router 192.168.29.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 30
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
!
ip audit notify log
ip audit po max-events 100
ip dhcp-server 192.168.10.10
!
! 
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination 
!
!
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
 no ip address
 no ip route-cache
 no ip mroute-cache
 speed auto
 full-duplex
!
interface FastEthernet0/0.10
 encapsulation isl 10
 ip address 192.168.10.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.11
 encapsulation isl 11
 ip address 192.168.11.10 255.255.255.0
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.12
 encapsulation isl 12
 ip address 192.168.12.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.13
 encapsulation isl 13
 ip address 192.168.13.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.14
 encapsulation isl 14
 ip address 192.168.14.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.15
 encapsulation isl 15
 ip address 192.168.15.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.16
 encapsulation isl 16
 ip address 192.168.16.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.17
 encapsulation isl 17
 ip address 192.168.17.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.18
 encapsulation isl 18
 ip address 192.168.18.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.19
 encapsulation isl 19
 ip address 192.168.19.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.20
 encapsulation isl 20
 ip address 192.168.20.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.21
 encapsulation isl 21
 ip address 192.168.21.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.22
 encapsulation isl 22
 ip address 192.168.22.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.23
 encapsulation isl 23
 ip address 192.168.23.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.24
 encapsulation isl 24
 ip address 192.168.24.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.25
 encapsulation isl 25
 ip address 192.168.25.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.26
 encapsulation isl 26
 ip address 192.168.26.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.27
 encapsulation isl 27
 ip address 192.168.27.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.28
 encapsulation isl 28
 ip address 192.168.28.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.29
 encapsulation isl 29
 ip address 192.168.29.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.30
 encapsulation isl 30
 ip address 192.168.30.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.7.3 255.255.255.0
 speed auto
 full-duplex
!
interface Serial0/1
 no ip address
 shutdown
!
ip http server
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.7.1
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
 password 
 login
line vty 0
 password 
 login
line vty 1 4
 login
!
!
end

Open in new window

0
TechnyneTX
Asked:
TechnyneTX
  • 22
  • 15
  • 10
  • +2
2 Solutions
 
shbasmCommented:
set the connection between router and switch as trunk
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Does the router at 192.168.7.1 know how to get back to all the subnets you are using in your VLANs? I.e., does it have a route like "192.168.0.0 255.255.0.0" to GW 192.168.7.3?
Also, I assume that the 192.168.7.1 router is doing NAT for you ...
0
 
TechnyneTXAuthor Commented:
@shbasm

I attempted this on the 2600 and received the below information, on the 1900 this is already set.




2600(config-if)#trunk-group main
Only ISDN interfaces can be added to a trunk group

Open in new window

interface FastEthernet 0/26

!
  trunk On

Open in new window

0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
TechnyneTXAuthor Commented:
@ Garry-G

Yes, the router on 192.168.7.1 is the ISP router doing NAT (Verizon FiOS)

in the routing area, I have configured the route shown in the attached image.

 Routing Table on Fios Router
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Can the user boxes ping their respective gateway IP? Do they even get their IP from the DHCP from the 2600? Can you do a traceroute from the 192.168.7.1 router towards any of the VLAN subnets? How do the hops look? How does a traceroute from a machine inside the VLANs towards the .7.1 router or the internet look?
0
 
TechnyneTXAuthor Commented:
@Garry-G

No, I cannot ping their respective gateway IP.

They do get their IP and DNS properly from the 2600.

From 192.168.7.2 Client PC
 
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved

C:\Users\User>tracert 192.168.11.12

Tracing route to 192.168.11.12 over a maximum of 30 hops

  1    <1 ms     1 ms    <1 ms  192.168.7.3
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.

Open in new window


From 192.168.11.12 (VLAN12) Client PC

 
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved

C:\Users\User>tracert 192.168.7.1

Tracing route to 192.168.7.1 over a maximum of 30 hops

  1    *     GATTS  [192.168.11.12] reports: Destination host unreachable.

Trace complete.

C:\Users\User>

Open in new window

0
 
shbasmCommented:
ok you have two routers ? if so put a reverse route on isp router to your network
0
 
SouljaCommented:
Yes the isp router will need return routes for each of the vlans that you have created.
0
 
shbasmCommented:
for each vlan or you can make summarization
0
 
shbasmCommented:
the problem is that your isp router dont knew how to reach your internal network located after the  router you use for intervaln routing
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
The /16 route ought to be fully sufficient (unless there are more specifics there). Anyway, from the traceroute, it seems like a basic problem in connectivity ... though I'm not sure why the DHCP assignment gets through ...
Can you do a ping from the 2600 to an IP inside a VLAN? Do you get arp resolves? (show ip arp) How about pinging the router from the vlan? (192.168.11.12 to 192.168.11.10 e.g.)
0
 
TechnyneTXAuthor Commented:
@Garry-G

I am able to ping both directions from a vlan client to the 2600 and from the 2600 to the vlan client.

 
2600#ping 192.168.11.12

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.11.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
2600#

Open in new window


 
2600#sh ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.7.15            0   6c62.6de5.838c  ARPA   FastEthernet0/1
Internet  192.168.7.7             1   0026.18f0.1ab1  ARPA   FastEthernet0/1
Internet  192.168.10.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.10
Internet  192.168.11.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.11
Internet  192.168.7.5             2   0024.1dd7.22fb  ARPA   FastEthernet0/1
Internet  192.168.15.11         123   0003.2541.38dd  ARPA   FastEthernet0/0.15
Internet  192.168.7.3             -   0003.e369.24a1  ARPA   FastEthernet0/1
Internet  192.168.14.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.14
Internet  192.168.14.11         124   0003.2541.38dd  ARPA   FastEthernet0/0.14
Internet  192.168.7.2             0   485b.39a7.a7d1  ARPA   FastEthernet0/1
Internet  192.168.15.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.15
Internet  192.168.13.11         135   0003.2541.38dd  ARPA   FastEthernet0/0.13
Internet  192.168.10.12           2   0003.2541.38dd  ARPA   FastEthernet0/0.10
Internet  192.168.7.1             3   0023.97b4.d126  ARPA   FastEthernet0/1
Internet  192.168.12.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.12
Internet  192.168.12.11         134   0003.2541.38dd  ARPA   FastEthernet0/0.12
Internet  192.168.11.12           0   0003.2541.38dd  ARPA   FastEthernet0/0.11
Internet  192.168.13.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.13
Internet  192.168.18.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.18
Internet  192.168.18.11         121   0003.2541.38dd  ARPA   FastEthernet0/0.18
Internet  192.168.19.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.19
Internet  192.168.17.11         121   0003.2541.38dd  ARPA   FastEthernet0/0.17
Internet  192.168.16.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.16
Internet  192.168.16.11         122   0003.2541.38dd  ARPA   FastEthernet0/0.16
Internet  192.168.17.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.17
Internet  192.168.22.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.22
Internet  192.168.23.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.23
Internet  192.168.20.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.20
Internet  192.168.21.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.21
Internet  192.168.26.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.26
Internet  192.168.27.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.27
Internet  192.168.24.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.24
Internet  192.168.25.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.25
Internet  192.168.30.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.30
Internet  192.168.28.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.28
Internet  192.168.29.10           -   0003.e369.24a0  ARPA   FastEthernet0/0.29

Open in new window


@ shbasm / Soulja

I have defined specific routes on the isp router and it has no effect.

 isp route snapshot
0
 
SouljaCommented:
Interesting, that should work. Must be something we are overlooking. Can you post the switch config and current router config?
0
 
shbasmCommented:
192.168.7.1
is ip of isp router right ?
 
this interface of 1900 is connected to isp router ?
interface FastEthernet0/1
 ip address 192.168.7.3 255.255.255.0
 
now make single route in isp router like this destination 192.168.0.0 gateway 192.168.7.3 netmask
255.255.0.0
0
 
SouljaCommented:
I think the 1900 is connected to the fa0/0 (isl tagging with subinterfaces)  on his router, and the fa0/1 (7.3) on his router is connected to the isp router (7.1)
0
 
TechnyneTXAuthor Commented:
@ shbasm

192.168.7.1 is the IP of the isp router.

The interface of the 1900 is NOT connected to the isp router.

Topology is like this:

192.168.7.1 -----> 2600 FastEthernet0/1

2600 FastEthernet0/0 ---- 1900 FastEthernet0/26 (Port A) Trunking ON

1900 Ethernet 0/2 (VLAN11)  -----> Client PC 192.168.11.12
0
 
TechnyneTXAuthor Commented:
Soulja:

I think the 1900 is connected to the fa0/0 (isl tagging with subinterfaces)  on his router, and the fa0/1 (7.3) on his router is connected to the isp router (7.1)

Open in new window


That is correct.
0
 
shbasmCommented:
you do not have to connect like this
connect routers back to back
connect the isp router to an interface of 1900 other than the one used for intervlan routing
0
 
TechnyneTXAuthor Commented:
@ shbasm

I have done what you suggested, no change in connectivity to vlan clients.

@ Souja

Here is a copy of the 1900 config you requested.

 
!
!
!
vlan 10 name "VLAN10" sde 10 state Operational mtu 1500
vlan 11 name "VLAN11" sde 11 state Operational mtu 1500
vlan 12 name "VLAN12" sde 12 state Operational mtu 1500
vlan 13 name "VLAN13" sde 13 state Operational mtu 1500
vlan 14 name "VLAN14" sde 14 state Operational mtu 1500
vlan 15 name "VLAN15" sde 15 state Operational mtu 1500
vlan 16 name "VLAN16" sde 16 state Operational mtu 1500
vlan 17 name "VLAN17" sde 17 state Operational mtu 1500
vlan 18 name "VLAN18" sde 18 state Operational mtu 1500
vlan 19 name "VLAN19" sde 19 state Operational mtu 1500
vlan 20 name "VLAN20" sde 20 state Operational mtu 1500
vlan 21 name "VLAN21" sde 21 state Operational mtu 1500
vlan 22 name "VLAN22" sde 22 state Operational mtu 1500
vlan 23 name "VLAN23" sde 23 state Operational mtu 1500
vlan 24 name "VLAN24" sde 24 state Operational mtu 1500
vlan 25 name "VLAN25" sde 25 state Operational mtu 1500
vlan 26 name "VLAN26" sde 26 state Operational mtu 1500
vlan 27 name "VLAN27" sde 27 state Operational mtu 1500
vlan 28 name "VLAN28" sde 28 state Operational mtu 1500
vlan 29 name "VLAN29" sde 29 state Operational mtu 1500
vlan 30 name "VLAN30" sde 30 state Operational mtu 1500
!
!
!
!
hostname 1900
!
!
!
!
ip address 192.168.7.17 255.255.255.0
ip default-gateway 192.168.7.1
ip domain-name  "home"
ip name-server 192.168.7.1
!
!
!
!
enable password level 15 
!
interface Ethernet 0/1

  duplex full
  vlan-membership static 10
!
interface Ethernet 0/2

  vlan-membership static 11
!
interface Ethernet 0/3

  vlan-membership static 12
!
interface Ethernet 0/4

  vlan-membership static 13
!
interface Ethernet 0/5

  vlan-membership static 14
!
interface Ethernet 0/6

  vlan-membership static 15
!
interface Ethernet 0/7

  vlan-membership static 16
!
interface Ethernet 0/8

  vlan-membership static 17
!
interface Ethernet 0/9

  vlan-membership static 18
!
interface Ethernet 0/10

  vlan-membership static 19
!
interface Ethernet 0/11

  vlan-membership static 20
!
interface Ethernet 0/12

  vlan-membership static 21
!
interface Ethernet 0/13

  vlan-membership static 22
!
interface Ethernet 0/14

  vlan-membership static 23
!
interface Ethernet 0/15

  vlan-membership static 24
!
interface Ethernet 0/16

  vlan-membership static 25
!
interface Ethernet 0/17

  vlan-membership static 26
!
interface Ethernet 0/18

  vlan-membership static 27
!
interface Ethernet 0/19

  vlan-membership static 28
!
interface Ethernet 0/20

  vlan-membership static 29
!
interface Ethernet 0/21

  vlan-membership static 30
!
interface Ethernet 0/22

!
interface Ethernet 0/23

!
interface Ethernet 0/24

!
interface Ethernet 0/25

!
interface FastEthernet 0/26

!
  trunk On
!
interface FastEthernet 0/27

  duplex full
!
!
!
line console
end

Open in new window


Here is the copy of the 2600 config you requested.

 
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2600
!
logging queue-limit 100
enable secret 5 
!
ip subnet-zero
!
!
ip name-server 192.168.7.1
ip name-server 68.238.96.12
ip name-server 68.238.64.12
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.11.1 192.168.11.10
ip dhcp excluded-address 192.168.12.1 192.168.12.10
ip dhcp excluded-address 192.168.13.1 192.168.13.10
ip dhcp excluded-address 192.168.14.1 192.168.14.10
ip dhcp excluded-address 192.168.15.1 192.168.15.10
ip dhcp excluded-address 192.168.16.1 192.168.16.10
ip dhcp excluded-address 192.168.17.1 192.168.17.10
ip dhcp excluded-address 192.168.18.1 192.168.18.10
ip dhcp excluded-address 192.168.19.1 192.168.19.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
ip dhcp excluded-address 192.168.21.1 192.168.21.10
ip dhcp excluded-address 192.168.22.1 192.168.22.10
ip dhcp excluded-address 192.168.23.1 192.168.23.10
ip dhcp excluded-address 192.168.24.1 192.168.24.10
ip dhcp excluded-address 192.168.25.1 192.168.25.10
ip dhcp excluded-address 192.168.26.1 192.168.26.10
ip dhcp excluded-address 192.168.27.1 192.168.27.10
ip dhcp excluded-address 192.168.28.1 192.168.28.10
ip dhcp excluded-address 192.168.29.1 192.168.29.10
ip dhcp excluded-address 192.168.30.1 192.168.30.10
!
ip dhcp pool 10
   network 192.168.10.0 255.255.255.0
   dns-server 192.168.7.1 4.2.2.2 4.2.2.3 
   default-router 192.168.10.1 
   domain-name cisco-pwns-me.com
!
ip dhcp pool 11
   network 192.168.11.0 255.255.255.0
   default-router 192.168.11.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 12
   network 192.168.12.0 255.255.255.0
   default-router 192.168.12.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 13
   network 192.168.13.0 255.255.255.0
   default-router 192.168.13.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 14
   network 192.168.14.0 255.255.255.0
   default-router 192.168.14.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 15
   network 192.168.15.0 255.255.255.0
   default-router 192.168.15.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 16
   network 192.168.16.0 255.255.255.0
   default-router 192.168.16.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 17
   network 192.168.17.0 255.255.255.0
   default-router 192.168.17.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 18
   network 192.168.18.0 255.255.255.0
   default-router 192.168.18.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 19
   network 192.168.19.0 255.255.255.0
   default-router 192.168.19.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 20
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 21
   network 192.168.21.0 255.255.255.0
   default-router 192.168.21.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 22
   network 192.168.22.0 255.255.255.0
   default-router 192.168.22.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 23
   network 192.168.23.0 255.255.255.0
   default-router 192.168.23.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 24
   network 192.168.24.0 255.255.255.0
   default-router 192.168.24.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 25
   network 192.168.25.0 255.255.255.0
   default-router 192.168.25.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 26
   network 192.168.26.0 255.255.255.0
   default-router 192.168.26.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 27
   network 192.168.27.0 255.255.255.0
   default-router 192.168.27.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 28
   network 192.168.28.0 255.255.255.0
   default-router 192.168.28.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 29
   network 192.168.29.0 255.255.255.0
   default-router 192.168.29.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 30
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
!
ip audit notify log
ip audit po max-events 100
ip dhcp-server 192.168.10.10
!
! 
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination 
!
!
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
 no ip address
 no ip route-cache
 no ip mroute-cache
 speed auto
 full-duplex
!
interface FastEthernet0/0.10
 encapsulation isl 10
 ip address 192.168.10.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.11
 encapsulation isl 11
 ip address 192.168.11.10 255.255.255.0
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.12
 encapsulation isl 12
 ip address 192.168.12.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.13
 encapsulation isl 13
 ip address 192.168.13.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.14
 encapsulation isl 14
 ip address 192.168.14.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.15
 encapsulation isl 15
 ip address 192.168.15.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.16
 encapsulation isl 16
 ip address 192.168.16.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.17
 encapsulation isl 17
 ip address 192.168.17.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.18
 encapsulation isl 18
 ip address 192.168.18.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.19
 encapsulation isl 19
 ip address 192.168.19.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.20
 encapsulation isl 20
 ip address 192.168.20.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.21
 encapsulation isl 21
 ip address 192.168.21.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.22
 encapsulation isl 22
 ip address 192.168.22.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.23
 encapsulation isl 23
 ip address 192.168.23.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.24
 encapsulation isl 24
 ip address 192.168.24.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.25
 encapsulation isl 25
 ip address 192.168.25.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.26
 encapsulation isl 26
 ip address 192.168.26.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.27
 encapsulation isl 27
 ip address 192.168.27.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.28
 encapsulation isl 28
 ip address 192.168.28.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.29
 encapsulation isl 29
 ip address 192.168.29.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.30
 encapsulation isl 30
 ip address 192.168.30.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.7.3 255.255.255.0
 speed auto
 full-duplex
!
interface Serial0/1
 no ip address
 shutdown
!
ip http server
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.7.1
!
!
!
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
 password 
 login
line vty 0
 password 
 login
line vty 1 4
 login
!
!
end

Open in new window

0
 
rochey2009Commented:
Hi,

The VLAN 11 IP address of the router is 192.168.11.10, but your DHCP scope defines the default gateway as 192.168.11.1, so each PC will be sending traffic to 192.168.11.1 instead of 192.168.11.10. You've got a similar configuration for each VLAN. You need to change the dhcp configuration so that it gives out the correct default gateway for each VLAN.

interface FastEthernet0/0.11
 encapsulation isl 11
 ip address 192.168.11.10 255.255.255.0

ip dhcp pool 11
   network 192.168.11.0 255.255.255.0
   default-router 192.168.11.1
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12
0
 
shbasmCommented:
rochey2009 right you need to change default-router configuration in dhcp  to reflect the ip address you choose for subinterface .
0
 
TechnyneTXAuthor Commented:
interface FastEthernet0/0.11
 encapsulation isl 11
 ip address 192.168.11.10 255.255.255.0
 no ip route-cache
 no ip mroute-cache

ip dhcp pool 11
   network 192.168.11.0 255.255.255.0
   default-router 192.168.11.10
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12

Open in new window


I have made this change, shut/no shut the ports, released/renewed the client IP. There is no internet connectivity. :-/
0
 
TechnyneTXAuthor Commented:
Changing the default route DID resolve tracert, I can now ping 192.168.7.1 from 192.168.11.12 (VLAN11)

0
 
rochey2009Commented:
please post the IP config of the PC.
0
 
shbasmCommented:
ok did you connected routers back to back like this
connect isp router to interface 0/1 of 1900
  now make single route in isp router like this destination 192.168.0.0 gateway 192.168.7.3 netmask
255.255.0.0
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
What does the traceroute look like now from .12 ? Did you refresh the DHCP assignment on that box? Does it correctly show .10 as the default router?
0
 
rochey2009Commented:
can you ping 4.2.2.2
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Also, does the .7.1 router do NAT for IPs not in its connect LAN interface? This will be necessary ... otherwise, you could always add NAT on the 2600 ...
0
 
TechnyneTXAuthor Commented:
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.11.12(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Monday, September 12, 2011 2:06:28 PM
   Lease Expires . . . . . . . . . . : Tuesday, September 13, 2011 2:06:28 PM
   Default Gateway . . . . . . . . . : 192.168.11.10
   DHCP Server . . . . . . . . . . . : 192.168.11.10
   DNS Servers . . . . . . . . . . . : 192.168.7.1
                                       68.238.96.12
                                       68.238.64.12
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 
TechnyneTXAuthor Commented:
C:\Users\User>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 4.2.2.2:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
0
 
rochey2009Commented:
can you ping 4.2.2.2
0
 
shbasmCommented:
issue this from this pc tracert 4.2.2.2 and tell us the last ip appear
0
 
rochey2009Commented:
ok we've sorted out the routing to the external facing router, now you need to do what Garry-G said, and see if it's a NAT problem.
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
I've set up a tcpdump - if you would, please do a ping to 195.158.42.30 - this should show whether the outgoing packets are correctly NATed or not ...
0
 
TechnyneTXAuthor Commented:
@ shbasm last IP to show is 192.168.7.1

@ Garry-G Pinged the IP you requested, all timed out.



0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
OK, nothing showed up here, so somebody is filtering the traffic ...
So either the .7.1 router is stopping the traffic it doesn't know, or your provider is when seeing RFC sender IPs ...
I assume you can do the ping from the 2600? If so, you could try and set up NAT on the 2600:

int fa0/1
ip nat outside
int fa0/0.11
ip nat inside
ex
access-list 99 permit 192.168.0.0 0.0.255.255
ip nat source list 99 int fa0/1 over

(untested, but should work)
0
 
TechnyneTXAuthor Commented:
@Garry-G pinged from the router, successful. Ping from VLAN11 All Lost

 
2600#ping 195.158.42.30

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 195.158.42.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 152/159/164 ms

Open in new window

0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Even with the NAT on the router?
0
 
TechnyneTXAuthor Commented:
@Garry-G

I am unable to input the command "ip nat source list 99 int fa0/1 over"

It appears that "source" is not a known command.

 
2600#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
2600(config)#ip nat sou
2600(config)#ip nat ?
  Stateful     Stateful NAT configuration commands
  inside       Inside address translation
  log          NAT Logging
  outside      Outside address translation
  pool         Define pool of addresses
  service      Special translation for application using non-standard port
  translation  NAT translation entry configuration

Open in new window

0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
sorry,

ip nat inside source list 99 int fa0/1 over
0
 
rochey2009Commented:
nat statement should be:

ip nat inside source list 99 fa0/1 overload
0
 
TechnyneTXAuthor Commented:
That really made it angry...

it booted me out of telnet to it, and on console it is showing as follows:

 
*Mar  2 22:24:48.224: DHCPD: DHCPDISCOVER received from client 0100.0325.4138.dd on interface FastEthernet0/0.11.
*Mar  2 22:24:50.224: DHCPD: assigned IP address 192.168.11.12 to client 0100.0325.4138.dd.
*Mar  2 22:24:50.224: DHCPD: Sending DHCPOFFER to client 0100.0325.4138.dd (192.168.11.12).
*Mar  2 22:24:50.224: DHCPD: child  pool: 192.168.11.0 / 255.255.255.0 (11)
*Mar  2 22:24:50.224: DHCPD: pool 11 has no parent.
*Mar  2 22:24:50.224: DHCPD: child  pool: 192.168.11.0 / 255.255.255.0 (11)
*Mar  2 22:24:50.224: DHCPD: pool 11 has no parent.
*Mar  2 22:24:50.224: DHCPD: creating ARP entry (192.168.11.12, 0003.2541.38dd).
*Mar  2 22:24:50.224: DHCPD: unicasting BOOTREPLY to client 0003.2541.38dd (192.168.11.12).
*Mar  2 22:24:50.228: DHCPD: DHCPREQUEST received from client 0100.0325.4138.dd.
*Mar  2 22:24:50.232: DHCPD: Sending DHCPACK to client 0100.0325.4138.dd (192.168.11.12).
*Mar  2 22:24:50.232: DHCPD: child  pool: 192.168.11.0 / 255.255.255.0 (11)
*Mar  2 22:24:50.232: DHCPD: pool 11 has no parent.
*Mar  2 22:24:50.232: DHCPD: child  pool: 192.168.11.0 / 255.255.255.0 (11)
*Mar  2 22:24:50.232: DHCPD: pool 11 has no parent.
*Mar  2 22:24:50.232: DHCPD: creating ARP entry (192.168.11.12, 0003.2541.38dd).
*Mar  2 22:24:50.232: DHCPD: unicasting BOOTREPLY to client 0003.2541.38dd (192.168.11.12).
*Mar  2 22:24:53.760: DHCPD: DHCPINFORM received from client 0100.0325.4138.dd (192.168.11.12).
*Mar  2 22:24:53.760: DHCPD: Sending DHCPACK to client 0100.0325.4138.dd (192.168.11.12).
*Mar  2 22:24:53.760: DHCPD: child  pool: 192.168.11.0 / 255.255.255.0 (11)
*Mar  2 22:24:53.760: DHCPD: pool 11 has no parent.
*Mar  2 22:24:53.764: DHCPD: child  pool: 192.168.11.0 / 255.255.255.0 (11)
*Mar  2 22:24:53.764: DHCPD: pool 11 has no parent.
*Mar  2 22:24:53.764: DHCPD: unicasting BOOTREPLY to client 0003.2541.38dd (192.168.11.12).

Open in new window

0
 
rochey2009Commented:
Can you get back onto the router with telnet?
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
If you put a static IP on the PC, does the routing to the outside work then?
0
 
TechnyneTXAuthor Commented:
@ rochey2009

No. I have cisco console cable connected to it, but it will not answer telnet on 192.168.7.4 from the .7.0 network nor a vlan behind it

0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
OK, though I can't explain why it should behave like that, change the access list to a bit more specific:

no access-list 99
access list 99 permit 192.168.11.0 0.0.0.255

and see what happens...
0
 
TechnyneTXAuthor Commented:
@ Garry-G - Static IP did not change anything.

changing access list allows telnet again, still no internet on vlan.
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
Does the router actually do any NAT? Do some ping/telnet to the outside from the PC and check the NAT table:

show ip nat tr
0
 
rochey2009Commented:
does your PC still have an IP address?
0
 
TechnyneTXAuthor Commented:
@ Garry-G

From 192.168.11.12:

ping -t 192.168.7.5
succeeds continuously

 2600 is not doing any nat.

 
2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

2600#sh ip nat tr

Open in new window

0
 
rochey2009Commented:
please can you repost your router config
0
 
TechnyneTXAuthor Commented:
@ rochey2009

Here it is:

 
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2600
!
logging queue-limit 100
enable secret 5
!
ip subnet-zero
!
!
ip name-server 192.168.7.1
ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.11.1 192.168.11.10
ip dhcp excluded-address 192.168.12.1 192.168.12.10
ip dhcp excluded-address 192.168.13.1 192.168.13.10
ip dhcp excluded-address 192.168.14.1 192.168.14.10
ip dhcp excluded-address 192.168.15.1 192.168.15.10
ip dhcp excluded-address 192.168.16.1 192.168.16.10
ip dhcp excluded-address 192.168.17.1 192.168.17.10
ip dhcp excluded-address 192.168.18.1 192.168.18.10
ip dhcp excluded-address 192.168.19.1 192.168.19.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
ip dhcp excluded-address 192.168.21.1 192.168.21.10
ip dhcp excluded-address 192.168.22.1 192.168.22.10
ip dhcp excluded-address 192.168.23.1 192.168.23.10
ip dhcp excluded-address 192.168.24.1 192.168.24.10
ip dhcp excluded-address 192.168.25.1 192.168.25.10
ip dhcp excluded-address 192.168.26.1 192.168.26.10
ip dhcp excluded-address 192.168.27.1 192.168.27.10
ip dhcp excluded-address 192.168.28.1 192.168.28.10
ip dhcp excluded-address 192.168.29.1 192.168.29.10
ip dhcp excluded-address 192.168.30.1 192.168.30.10
!
ip dhcp pool 11
   network 192.168.11.0 255.255.255.0
   default-router 192.168.11.10 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 12
   network 192.168.12.0 255.255.255.0
   default-router 192.168.12.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 13
   network 192.168.13.0 255.255.255.0
   default-router 192.168.13.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 14
   network 192.168.14.0 255.255.255.0
   default-router 192.168.14.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 15
   network 192.168.15.0 255.255.255.0
   default-router 192.168.15.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 16
   network 192.168.16.0 255.255.255.0
   default-router 192.168.16.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 17
   network 192.168.17.0 255.255.255.0
   default-router 192.168.17.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 18
   network 192.168.18.0 255.255.255.0
   default-router 192.168.18.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 19
   network 192.168.19.0 255.255.255.0
   default-router 192.168.19.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 20
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 21
   network 192.168.21.0 255.255.255.0
   default-router 192.168.21.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 22
   network 192.168.22.0 255.255.255.0
   default-router 192.168.22.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 23
   network 192.168.23.0 255.255.255.0
   default-router 192.168.23.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 24
   network 192.168.24.0 255.255.255.0
   default-router 192.168.24.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 25
   network 192.168.25.0 255.255.255.0
   default-router 192.168.25.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 26
   network 192.168.26.0 255.255.255.0
   default-router 192.168.26.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 27
   network 192.168.27.0 255.255.255.0
   default-router 192.168.27.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 28
   network 192.168.28.0 255.255.255.0
   default-router 192.168.28.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 29
   network 192.168.29.0 255.255.255.0
   default-router 192.168.29.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 30
   network 192.168.30.0 255.255.255.0
   default-router 192.168.30.1 
   dns-server 192.168.7.1 68.238.96.12 68.238.64.12 
!
ip dhcp pool 10
   network 192.168.10.0 255.255.255.0
   dns-server 192.168.7.1 4.2.2.2 4.2.2.3 
   default-router 192.168.10.1 
   domain-name ciscosucks.com
!
ip audit notify log
ip audit po max-events 100
ip dhcp-server 192.168.10.10
!
! 
!
!
!
!
!
!
!
!
!
!
no voice hpi capture buffer
no voice hpi capture destination 
!
!
mta receive maximum-recipients 0
!
!
!
!
interface FastEthernet0/0
 no ip address
 ip nat inside
 no ip route-cache
 no ip mroute-cache
 speed auto
 full-duplex
!
interface FastEthernet0/0.10
 encapsulation isl 10
 ip address 192.168.10.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.11
 encapsulation isl 11
 ip address 192.168.11.10 255.255.255.0
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.12
 encapsulation isl 12
 ip address 192.168.12.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.13
 encapsulation isl 13
 ip address 192.168.13.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.14
 encapsulation isl 14
 ip address 192.168.14.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.15
 encapsulation isl 15
 ip address 192.168.15.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.16
 encapsulation isl 16
 ip address 192.168.16.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.17
 encapsulation isl 17
 ip address 192.168.17.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.18
 encapsulation isl 18
 ip address 192.168.18.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.19
 encapsulation isl 19
 ip address 192.168.19.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.20
 encapsulation isl 20
 ip address 192.168.20.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.21
 encapsulation isl 21
 ip address 192.168.21.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.22
 encapsulation isl 22
 ip address 192.168.22.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.23
 encapsulation isl 23
 ip address 192.168.23.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.24
 encapsulation isl 24
 ip address 192.168.24.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.25
 encapsulation isl 25
 ip address 192.168.25.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.26
 encapsulation isl 26
 ip address 192.168.26.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.27
 encapsulation isl 27
 ip address 192.168.27.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.28
 encapsulation isl 28
 ip address 192.168.28.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.29
 encapsulation isl 29
 ip address 192.168.29.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface FastEthernet0/0.30
 encapsulation isl 30
 ip address 192.168.30.10 255.255.255.0
 no ip redirects
 no ip route-cache
 no ip mroute-cache
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.7.3 255.255.255.0
 ip nat outside
 speed auto
 full-duplex
!
interface Serial0/1
 no ip address
 shutdown
!
ip nat inside source list 99 interface FastEthernet0/1 overload
ip http server
ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.7.1
!
!
!
access-list 99 permit 192.168.11.0 0.0.0.255
!
call rsvp-sync
!
!
mgcp profile default
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
 password 
 login
line vty 0
 password 
 login
line vty 1 4
 login
!
!
end

Open in new window

0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
┬┤There's no "ip nat inside" on the fa0/0.11 interface ...
0
 
TechnyneTXAuthor Commented:
@ Garry-G

That was it!

Do I need to configure access rules & ip nat inside for every vlan?

0
 
rochey2009Commented:
yes
0
 
TechnyneTXAuthor Commented:
Thank you to all for the assistance, this process fully helped me grasp the concept of vlan, dhcp and nat concepts!
0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
OK, so in conclusion, apart from the default gateway, it seems as if your uplink router is only doing NAT for the .7/24 network, so any traffic destined for the Internat has to originate in that network. You could test that theory by doing a ping with source e.g.

ping SOMEIP source fa0/0.11

Anyway, adding all the subnets (aggregation should work, e.g. 192.168.8.0 0.0.7.255, 192.168.16.0 0.0.15.255 to cover all from 8 through 31) to the access list 99 will cause all traffic to be NATed to your 2600's outside interface IP ... out of curiosity - how fast is your uplink? Not sure how much BW the 2600 will be able to carry with the added NAT operation ...
0
 
TechnyneTXAuthor Commented:
@ Garry-G

isp router has 10/100Mbps ports. Internet connection speed is 35Mbps/35Mbps.

 
2600#ping google.com source fa0/0.11
Translating "google.com"...domain server (192.168.7.1) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.73.99, timeout is 2 seconds:
Packet sent with a source address of 192.168.11.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
2600#

Open in new window

0
 
Garry GlendownConsulting and Network/Security SpecialistCommented:
(the ping might be working now due to the NAT ... check whether the .10 IP shows up in the active NAT translations)
You may be pushing towards or beyond the 2600's performance with that link ... Cisco lists that router with a maximum of 15kpps using CEF ... that's (using 1500 byte packets) a total of about 22.5Mbps ... once the processor gets involved, you're down to a tenth of that ... which may happen once you start doing NAT ... you should notice though by doing some line speed tests ... if all you get is ~250kbyte/s download rates on an empty line, that's the cause ...
In that case, check the CPE router .7.1 whether you can find a way to move the NAT to it instead of the Cisco ... in case nothing else works, try this (not quite "clean") solution:

- set the CPE router to netmask /16 on the LAN-facing interface
- same on the 2600
- keep the routes for the local networks towards the 2600

This might make the CPE allow the additional networks through it with NAT and without filtering them ... not pretty, but could work ...
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 22
  • 15
  • 10
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now