Solved

A new vLan on cisco 2960

Posted on 2012-03-20
81
717 Views
Last Modified: 2012-06-27
Hi,
I have just made a new vLan 2 on my switch cisco 2960, assigned port 'interface gig 0/23', connected my laptop to this port 0/23 physically and there is no internet (no IP assignment)?.  What needs to be set to get the IP? Do I have to set anything on my router cisco 2911?  I want to make a vLan2 for some department machines, so that they can be separte from the default vLan.
Help plz
0
Comment
Question by:amanzoor
  • 41
  • 34
  • 3
  • +1
81 Comments
 
LVL 6

Expert Comment

by:vmagan
ID: 37742963
what is handing out ip addresses? Server, router, or switch?

what ip address did you give vlan2? make sure you did a no shutdown on the vlan2.

ALso, try giving it a static ip that is on the same network as that vlan.

Let me know if that works.
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37742971
Is the dhcp server in the same vlan? Also, have a look at the IP helper-address command.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743073
My appologies guys, here are the configs from my switch and the router.
EEpurposeSwitch2960.txt
forEEpuposesAccesslistNewFeb2011.txt
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743084
vmegan,
DHCP server is handling the IP addresses, what is the command to give IP address to vLan (sorry), I will check if the vLan is active.
erniebeek:
I am trying to find the command to offer for a vLan. :)
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743090
doesnt look like the whole config showed up. I dont see info for vlan2 on the switch. I'll double check i might have missed it.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743132
Gentlemen,  Appears to be I cannot assign IP to my port 23?  I need help, is this the right way to assign IP to vLan 2?
Cisco2960(config-if)#ip?
Interface IP configuration subcommands:
  access-group  Specify access control for packets
  admission     Apply Network Admission Control
  auth-proxy    Apply authenticaton proxy
  device        IP device tracking
  dhcp          Configure DHCP parameters for this interface
  vrf           VPN Routing/Forwarding parameters on the interface
Help plz
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743140
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
                                                Gi0/5, Gi0/6, Gi0/7, Gi0/8
                                                Gi0/9, Gi0/10, Gi0/11, Gi0/12
                                                Gi0/13, Gi0/14, Gi0/15, Gi0/16
                                                Gi0/17, Gi0/18, Gi0/19, Gi0/20
                                                Gi0/21, Gi0/22, Gi0/24, Gi0/25
                                                Gi0/26, Gi0/27, Gi0/28, Gi0/29
                                                Gi0/30, Gi0/31, Gi0/32, Gi0/33
                                                Gi0/34, Gi0/35, Gi0/36, Gi0/37
                                                Gi0/38, Gi0/39, Gi0/40, Gi0/41
                                                Gi0/42, Gi0/43, Gi0/44, Gi0/45
                                                Gi0/46, Gi0/48, Gi0/49, Gi0/50
2    VLAN0002                         active    Gi0/23
201  VLAN0201                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
201  enet  100201     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743146
conf t

inter vlan2
ip address x.x.x.x x.x.x.x (subnet)
no shutdown
write mem
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37743152
Create an interface vlan 2:
Interface vlan 2
To that you can assign an IP address and use the ip-helper command.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743153
also post a

show ip interface brief

thanks
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37743156
Hmm, close finish :-)
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743169
Follow my steps above on adding ip address to vlan2 and you should be ok..

enter global mode.

config t
then do a "interface vlan2" enter
then enter "ip address x.x.x.x (which is the ip address for this vlan2) x.x.x.x (which is the subnet) press enter
then do a "no shutdown" enter
then do a "wr" or "write memory" enter
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743172
lol very close
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743243
I have successfully given it an Ip as per your suggestions:
ip address 10.10.2.252 255.255.255.0  <<<<<<.........note that this IP is from an Existing subnet
press enter
no shut
wr
On my laptop I am connected to port 23, and the IP is wiered 169.254...........
Help?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743262
CISCO2960#show interfaces vlan2
Vlan2 is up, line protocol is up
  Hardware is EtherSVI, address is 9c4e.xxxx.xxxx (bia 9c4e.xxxx.xxxx)
  Internet address is 10.10.2.252/24
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive not supported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:19, output 00:05:57, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     384 packets input, 70791 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     4 packets output, 256 bytes, 0 underruns
     0 output errors, 2 interface resets
     0 output buffer failures, 0 output buffers swapped out
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743291
That's an apipa meaning you cannot contact the dhcp server.

Try giving the laptop a static ip address. Let me know if you need help.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743305
Whats the ip address on vlan1?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743313
Also I cannot ping it?
interface Vlan1
 ip address 10.10.10.252 255.255.255.0
!
interface Vlan2
 ip address 10.10.2.252 255.255.255.0
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743360
I assigned a static IP to the laptop, but cannot still go online.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743399
Sending 5, 100-byte ICMP Echos to 10.10.10.96, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/5 ms
CISCO2960#ping 10.10.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.2.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
CISCO2960#
I can ping from the swith to any address 10.10.10.0/24 but cannot 10.10.2.0/24.  Help plz
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743662
OK, When I remove the vlan2, I am able to ping anywhere, there is something to do with the vlan #?
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743706
when you add vlan2 and do a no shutdown make sure vlan one is still up.

add vlan2 then do "show ip interface brief" and post results.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743759
CISCO2960#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol

Vlan1                  10.10.10.252    YES NVRAM  up                    up

Vlan2                  10.10.2.252     YES manual up                    down

FastEthernet0          unassigned      YES NVRAM  down                  down

GigabitEthernet0/1     unassigned      YES unset  up                    up

GigabitEthernet0/2     unassigned      YES unset  up                    up

GigabitEthernet0/3     unassigned      YES unset  up                    up

GigabitEthernet0/4     unassigned      YES unset  up                    up

GigabitEthernet0/5     unassigned      YES unset  down                  down

GigabitEthernet0/6     unassigned      YES unset  up                    up

GigabitEthernet0/7     unassigned      YES unset  up                    up

GigabitEthernet0/8     unassigned      YES unset  up                    up

GigabitEthernet0/9     unassigned      YES unset  up                    up

GigabitEthernet0/10    unassigned      YES unset  up                    up

GigabitEthernet0/11    unassigned      YES unset  up                    up

GigabitEthernet0/12    unassigned      YES unset  up                    up

GigabitEthernet0/13    unassigned      YES unset  up                    up

GigabitEthernet0/14    unassigned      YES unset  up                    up

GigabitEthernet0/15    unassigned      YES unset  up                    up

GigabitEthernet0/16    unassigned      YES unset  down                  down

GigabitEthernet0/17    unassigned      YES unset  up                    up

GigabitEthernet0/18    unassigned      YES unset  down                  down

GigabitEthernet0/19    unassigned      YES unset  up                    up

GigabitEthernet0/20    unassigned      YES unset  up                    up

GigabitEthernet0/21    unassigned      YES unset  up                    up

GigabitEthernet0/22    unassigned      YES unset  up                    up

GigabitEthernet0/23    unassigned      YES unset  up                    up

GigabitEthernet0/24    unassigned      YES unset  up                    up

GigabitEthernet0/25    unassigned      YES unset  up                    up

GigabitEthernet0/26    unassigned      YES unset  up                    up

GigabitEthernet0/27    unassigned      YES unset  down                  down

GigabitEthernet0/28    unassigned      YES unset  up                    up

GigabitEthernet0/29    unassigned      YES unset  up                    up

GigabitEthernet0/30    unassigned      YES unset  up                    up

GigabitEthernet0/31    unassigned      YES unset  up                    up

GigabitEthernet0/32    unassigned      YES unset  up                    up

GigabitEthernet0/33    unassigned      YES unset  up                    up

GigabitEthernet0/34    unassigned      YES unset  down                  down

GigabitEthernet0/35    unassigned      YES unset  up                    up

GigabitEthernet0/36    unassigned      YES unset  up                    up

GigabitEthernet0/37    unassigned      YES unset  up                    up

GigabitEthernet0/38    unassigned      YES unset  up                    up

GigabitEthernet0/39    unassigned      YES unset  up                    up

GigabitEthernet0/40    unassigned      YES unset  up                    up

GigabitEthernet0/41    unassigned      YES unset  up                    up

GigabitEthernet0/42    unassigned      YES unset  up                    up

GigabitEthernet0/43    unassigned      YES unset  up                    up

GigabitEthernet0/44    unassigned      YES unset  up                    up

GigabitEthernet0/45    unassigned      YES unset  up                    up

GigabitEthernet0/46    unassigned      YES unset  up                    up

GigabitEthernet0/47    unassigned      YES unset  up                    down

GigabitEthernet0/48    unassigned      YES unset  up                    up

GigabitEthernet0/49    unassigned      YES unset  down                  down

GigabitEthernet0/50    unassigned      YES unset  down                  down
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743766
do a show vlan and post results.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743784
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
                                                Gi0/5, Gi0/6, Gi0/7, Gi0/8
                                                Gi0/9, Gi0/10, Gi0/11, Gi0/12
                                                Gi0/13, Gi0/14, Gi0/15, Gi0/16
                                                Gi0/17, Gi0/18, Gi0/19, Gi0/20
                                                Gi0/21, Gi0/22, Gi0/23, Gi0/24
                                                Gi0/25, Gi0/26, Gi0/27, Gi0/28
                                                Gi0/29, Gi0/30, Gi0/31, Gi0/32
                                                Gi0/33, Gi0/34, Gi0/35, Gi0/36
                                                Gi0/37, Gi0/38, Gi0/39, Gi0/40
                                                Gi0/41, Gi0/42, Gi0/43, Gi0/44
                                                Gi0/45, Gi0/46, Gi0/48, Gi0/49
                                                Gi0/50
2    VLAN0002                         active
201  VLAN0201                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
201  enet  100201     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    -        0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743811
assign the port that you are connected to with your laptop to vlan2.



Switch(config)# interface gi0/23
 
Switch(config-if)# switchport mode access
 
Switch(config-if)# switchport access vlan 2
 
Switch(config-if)# end
 
Switch# write memory

then try to ping again.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37743890
I have assigned port gig 0/23 to vlan2:  On my laptop the IP address from the ethernet is 169.254.........'
-Also I cannot ping from the DC/DHCP which has the subnet 10.10.2.0/24 to the switch 2960, but I can successfully ping the server DC/DHCP from the switch 2960.

CISCO2960#show interfaces gigabitEthernet 0/23
GigabitEthernet0/23 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 9c4e.2079.a417 (bia 9c4e.2079.a417)
  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input never, output 00:00:00, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     647408 packets input, 62051851 bytes, 0 no buffer
     Received 20175 broadcasts (6683 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 6683 multicast, 0 pause input
     0 input packets with dribble condition detected
     6081038 packets output, 5073965749 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 PAUSE output
     0 output buffer failures, 0 output buffers swapped out
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37743926
we need to get in to interface vlan2 and add the ip-helper address x.x.x.x (where xxxx is the dhcp server address)
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37744036
I assigned the ip-helper tothe interface of vLan2,  I am able to ping now the DC/DHCP server but now I cannot ping the router at 10.10.2.254, it starts when I assign this vLAN the IP address 10.10.2.252 (there is something wiered with this)
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37744069
I unassigned vlan2, I am able to ping everywhere.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37744218
yes of course you can ping everywhere when you are on vlan1. Everything is on the same network.

IF we are going to work on vlan2 then we need to keep it up and stop removing it.

recreate vlan2 put the ip address and the ip-helper.

then post running config and show ip inter brief and sho vlan

we will get this resolved

thanks
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37744552
Here you go, please see attached.  It might help, the ip-gateway on the switch is set to 10.10.10.254, how can we add another address of the same router 10.10.2.254.
2960Vlan.TXT
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37744566
post a show vlan and what happeneds when you ping the dhcp and gateway?
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37744570
ok no need for sho vlan i see port 23 is on vlan 2.

is vlan2 showing up and up?
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37744573
what is the dhcp server address?

wow, i should have scrolled down huh, all the other cmds are there.

thanks
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37744583
the ip-helper address cmd should be pointing to your dhcp server. which i believe is on the 10.10.10. network. Or am i wrong?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37744585
The dhcp server is 10.10.2.1 this server also has 10.10.10.96
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37744615
so this dhcp server is not even on your vlan1?

lets put the ip-helper address to 10.10.10.96

then do a write mem

do a ipconfig /release and renew on the laptop. Lets see if you get a ip address now.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37744621
I have three DHCP
server1 10.10.10.1 - 10.10.10.200
server11 10.10.10.200 - 10.10.10.253, it also has the full scope of 10.10.2.1-10.10.10.254
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37744628
vmagan,
i can post results tomorrow, is it ok.?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 6

Expert Comment

by:vmagan
ID: 37744652
yea i'll be here.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37746948
Here you go.  I have done ipconfig /release ,/renew and checked still no ip.  Help plz
vlan2960New.TXT
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37747241
go into the vlan2 interface and do a "no ip helper-address 10.10.10.1"

then try the ipconfig release then renew again.

Let me know if you are still getting 169 address.

also make sure that you have a scope on the 10.10.10.x the dhcp server that has the scope for the 10.10.2 network should be the dhcp server on the ip-helper address cmd.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37747720
I went into:
vlan2 interface and did a "no ip helper-address 10.10.10.1"

 and tried ipconfig release then renew again.  Still get the 169 address on my laptop. :)
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37747763
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/21 ms
CSCO2960#ping 10.10.10.96  <<<<..................I can ping this DHCP

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.96, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/21 ms
CISCO2960#ping 10.10.2.1  <<<...................I can ping this DHCP

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/5 ms
CISCO2960#ping 10.10.2.254  <<<<...........................I cannot ping the router interface

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.2.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37747988
vmagan, please check this one, this guy made some routes on the router, the end paragraph.
http://www.tek-tips.com/viewthread.cfm?qid=1435012
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37748048
I was just about to ask you what are you using for a router. sho me a ip route on the router if you can.

thanks
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37748105
I will just post you ip route, meanwhile look at the access lists, do I need to add something here?
Standard IP access list 10
    10 permit 10.10.0.0, wildcard bits 0.0.255.255 (541069488 matches)
Standard IP access list 21
    10 permit any (5681764 matches)
Standard IP access list 23
    10 permit 10.10.10.0, wildcard bits 0.0.0.7
Standard IP access list 50
    10 permit 7X.XX.XXX.XX
    20 permit 10.10.10.0, wildcard bits 0.0.0.255
    30 permit 10.10.11.0, wildcard bits 0.0.0.255
Extended IP access list 101
    10 deny ip 72.184.0.0 0.0.0.255 any
    20 deny ip 88.201.0.0 0.0.255.255 any (30 matches)
    30 deny ip 195.211.0.0 0.0.255.255 any (246 matches)
    40 deny ip 222.173.0.0 0.0.255.255 any (68 matches)
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37748138
2911#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is xx.xx.xxx.xx to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via xx.xx.xxx.xx
      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C        10.10.2.0/24 is directly connected, GigabitEthernet0/1.801
L        10.10.2.254/32 is directly connected, GigabitEthernet0/1.801
C        10.10.10.0/24 is directly connected, GigabitEthernet0/1.801
L        10.10.10.254/32 is directly connected, GigabitEthernet0/1.801
C        10.10.11.0/24 is directly connected, GigabitEthernet0/0
L        10.10.11.254/32 is directly connected, GigabitEthernet0/0
      72.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        xx.xx.xxx.xx/31 is directly connected, GigabitEthernet0/1.92
L        xx.xx.xxxx.xx/32 is directly connected, GigabitEthernet0/1.92
2911#
2911#
2911#
2911#show ip rou
2911#show ip route sum
2911#show ip route summary
IP routing table name is default (0x0)
IP routing table maximum-paths is 32
Route Source    Networks    Subnets     Replicates  Overhead    Memory (bytes)
connected       0           8           0           448         1376
static          1           0           0           56          172
internal        2                                               1088
Total           3           8           0           504         2636
2911#
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37748210
post a show running config

thanks
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37748367
We have to get the router to Nat out that 10.10.2 network to the internet.

Post sho run when you have a sec.

thanks
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37748388
correct, but I am not even getting the IP on the laptop.  What could be the reason.  I will post sh run in a minute
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37748403
My second post from the top has a file 'r' its the config of my router.
Thanks
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37748507
and this DHCP server is plugged in to vlan1 correct? (just making sure)
and the ip is 10.10.10.96 with a scope for the 10.10.2. network?

what port is this 10.10.10.96 dhcp server plugged in to?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37748557
Correct, correct
let me check the port, its really hard to figure this one out.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37748566
also, make sure you scope is activated for the 10.10.2 network.
when you do an ipconfig /all do you see anything under dhcp server?
also try this for a pc that is on vlan1 and tell me what is the dhcp server for that pc.

thanks
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37748626
Bingo in port 1 of the switch 2960
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37748724
I made sure that 10.10.2.0 scope is actviated.  I tried the under as on 2 pcs:
ip 10.10.10.247      and on a different PC ip 10.10.10.249 with same as under
subnet mask 255.255.255.0
DG 10.10.10.254
DHCP 10.10.10.96
DNS 10.10.10.96
          10.10.10.1
          10.10.10.3
          10,10,11,1
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37749003
are we sure that on the laptop the network settings are set to receive an ip address and dns address automatically?

I'm running out of ideas here.

we can set up the Nat but you still wont get online unless you give it a static ip.

Lets start to configure the Nat on the router.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37749017
post a show run so that we can configure the Nat for vlan2
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37749073
you also stated that you can ping other devices on the 10.10.2 and the 10.10.10.network correct?

I think we also need a static route that shows

ip route 10.10.2.0 255.255.255.0 x.x.x.x (router address on vlan1)

then post sho ip route config

thanks
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37756881
vmagan:
Correct.
Please tell me one thing. Purpose of making a new Vlan?
-When a new Vlan is made basically we try to allocate a different subnet addresses to the new machines within that new Vlan? right?
-Do we need to make a new Vlan2 on the router?

I will send you the show ip route today.  I am basically out of office.
Regards
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37756904
vmagan;
Here you go;
http://www.petri.co.il/forums/showthread.php?t=35417
look at the last post, how/where would I assign the vLan id 2 to my DHCP server inside the DHCP server?
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37758623
If this were a layer 3 switch then we would be done. But since its not we need to work on the router end now. How many interfaces does your router have. We can either do whats called a "router on a stick" or if you have available interfaces we can aassign each interface to a vlan.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37759089
do a sho ver on the router.

copy and paste the image name. We need to determine whether the image is IP only or IP plus image. That will let us know if the encapsulation cmd is available or not.

thanks
0
 
LVL 17

Expert Comment

by:MAG03
ID: 37761392
Just curious, are you trunking the vlans to the router?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37765632
vmagan;
Physically 3 out of which I am using 2. One cable comes from the ISP and then goes into our Switch (the other location), and we are connected via our ISP from our router, so

Switch                                        ISP                        Switch                              
(2960 other location) ..................router 2911...........(2960 location where new Vlan2 is made)

Here is show ver of router 2911:
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M3, REL
EASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sun 18-Jul-10 03:32 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)


Mag03:
How can I tell you, is there any command which would show you that I am trunking the vlans? let me know so that I can paste the output.

Help plz
THanks
0
 
LVL 17

Expert Comment

by:MAG03
ID: 37765696
Show int trunk

The above command will show what is trunked and on which interfaces.
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37765799
where is the system image file when you do the sho ver?
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37767208
vmagan:
Sorry here is the complete command:
Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.0(1)M3, REL
EASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Sun 18-Jul-10 03:32 by prod_rel_team

ROM: System Bootstrap, Version 15.0(1r)M9, RELEASE SOFTWARE (fc1)

Fernhill_2911 uptime is 10 weeks, 5 days, 16 hours, 5 minutes
System returned to ROM by reload at 20:04:04 EST Tue Jan 10 2012
System restarted at 20:05:28 EST Tue Jan 10 2012
System image file is "flash0:c2900-universalk9-mz.SPA.150-1.M3.bin"
Last reload type: Normal Reload
Last reload reason: Reload Command



This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco CISCO2911/K9 (revision 1.0) with 487424K/36864K bytes of memory.
Processor board ID FTX1440A28K
3 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
254464K bytes of ATA System CompactFlash 0 (Read/Write)


License Info:

License UDI:

-------------------------------------------------
Device#   PID                   SN
-------------------------------------------------
*0        CISCO2911/K9          FTX1440A28K



Technology Package License Information for Module:'c2900'

----------------------------------------------------------------
Technology    Technology-package          Technology-package
              Current       Type          Next reboot
-----------------------------------------------------------------
ipbase        ipbasek9      Permanent     ipbasek9
security      securityk9    Permanent     securityk9
uc            None          None          None
data          None          None          None

Configuration register is 0x2102
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37767212
Mag;
show interface trunk on both the router 2911 and the switch 2960 produces no results.
Thanks
0
 
LVL 17

Assisted Solution

by:MAG03
MAG03 earned 100 total points
ID: 37767616
when you say shows no results what do you mean?

The show interface trunk will not work on the router, it is just for the switch.

But I believe this is where your problem is.  The 2960, as you have mentioned, is a L2 switch which means you need a router to do the inter VLAN routing.  This will also mean that the VLANs need to be trunked to the router.

Where is your DHCP server located?

Here is the configuration that is needed:

Switch

enable
conf t

int fa0/1 < or interface that connects to the router>
switchport mode trunk
switchport trunk encapsulation dot1q

Router

enable
conf t

int fa0/1 < or interface that connects to the switch>
no shut

int fa0/1.1
encapsulation dot1q 1
ip add x.x.x.x y.y.y.y < where x is the IP and y is the subnet of VLAN 1 >

int fa0/1.2
encapsulation dot1q 2
ip add x.x.x.x y.y.y.y <where x is the IP and y is the subnet of VLAN 2>
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37767808
thats what i stated above "router on a stick and trunking". Thanks for the config though. Also, the sho ver was to identify wether the encapsulation is available or not. That IOS does support the encapsulation cmd.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37767993
Mag:
On my switch there is no command for encapsulation,
I tried switchport trunk encapsulation, not available, but it has:
C(config-if)#switchport trunk ?
  allowed  Set allowed VLAN characteristics when interface is in trunking mode
  native   Set trunking native characteristics when interface is in trunking
           mode
  pruning  Set pruning VLAN characteristics when interface is in trunking mode


On my router the interface which is connected to this switch is 0/1.801, the IP address 10.10.2.252 255.255.255.0 is already assigned to the vlan 2 interface on the switch 2960, how can I assign it to the interface 0/1.801, just want to clarify myself.  Thanks


Cisco router 2911:

interface GigabitEthernet0/1
 no ip address
 ip nbar protocol-discovery
 ip flow ingress
 duplex full
 speed 100
 no cdp enable
 !
!
interface GigabitEthernet0/1.92
 description INTERNET
 encapsulation dot1Q 92
 ip address xx.xx.xx.xxx 255.255.255.254
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 ip nbar protocol-discovery
 ip flow ingress
 ip nat outside
 ip inspect TRAFFIC_INSPECTI out
 ip virtual-reassembly
 no cdp enable
 service-policy input block-p2p
!
interface GigabitEthernet0/1.801
 description O_CAMPUS_LAN
 encapsulation dot1Q 801
 ip address 10.10.2.254 255.255.255.0 secondary
 ip address 10.10.10.254 255.255.255.0
 no ip redirects
 no ip unreachables
 ip nbar protocol-discovery
 ip flow ingress
 ip flow egress
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37768092
Here is sho ip route:
show ip routeGateway of last resort is xx.xx.xxx.xx to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via xx.xx.xxx.xx
      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C        10.10.2.0/24 is directly connected, GigabitEthernet0/1.801
L        10.10.2.254/32 is directly connected, GigabitEthernet0/1.801
C        10.10.10.0/24 is directly connected, GigabitEthernet0/1.801
L        10.10.10.254/32 is directly connected, GigabitEthernet0/1.801
C        10.10.11.0/24 is directly connected, GigabitEthernet0/0
L        10.10.11.254/32 is directly connected, GigabitEthernet0/0
      72.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        72.xx.xxx.xx/31 is directly connected, GigabitEthernet0/1.92
L        72.xx.xxx.xx/32 is directly connected, GigabitEthernet0/1.92
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37768298
Please let me know a compatible layer 3 switch on which I can easily make Vlans and which can be easily put/setup into my existing environment? thanks
0
 
LVL 6

Expert Comment

by:vmagan
ID: 37771202
Cisco 3560 is a nice and cheap one with layer 3 funcionalities. Not cheap but cheaper then the other ones.
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37771381
Thanks vmagan,
I will look into the new switch, meanwhile any cure to my existing problem?
Help
0
 
LVL 4

Author Comment

by:amanzoor
ID: 37771500
vmagan,
Should I look for 'Lan base software' or 'IP base software' and what is the difference so I can understand in easy words.  Keeping in mind my existing 2960 switch.
Thanks
http://www.cisco.com/en/US/products/ps10744/prod_models_comparison.html
0
 
LVL 6

Accepted Solution

by:
vmagan earned 400 total points
ID: 37771804
https://supportforums.cisco.com/docs/DOC-3362

take a look at link above. I would just go with the Lan base image. Not sure what the difference in $ is but you have more then enough with Lan base image.
0
 
LVL 4

Author Closing Comment

by:amanzoor
ID: 37837897
Thanks gentlemen, too bad that my existing switch has no capability to lay down new vlans and talk between them.  Planning to buy a new switch.
Thanks
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now