Link to home
Start Free TrialLog in
Avatar of techdrive
techdriveFlag for United States of America

asked on

Need help with router on a stick vlan configuration

I have a cisco  and a cisco router where I am trying to run router on a stick. I built the following configs below. Ping works great but when I IP hosts they cannot connect and I cannot connect to them. They are all connected to the same switch which is connected to the same router. Can anyone give me any clues on what I am doing wrong here.

[code][/


                                    CISCO SWITCH

Current configuration : 2322 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW1-CORE
!
enable secret 5 $1$gJl9$2ohrNMmWR0t32wcyH1VCe/
!
username tut
no aaa new-model
switch 1 provision ws-c3750e-24td
system mtu routing 1500
ip subnet-zero
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0
 no ip address
!
interface GigabitEthernet1/0/1
 description Trunk-to-Router
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
 description Trunk-To-Router
 switchport trunk encapsulation dot1q
 switchport mode trunk
 spanning-tree portfast trunk
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
 description Main_one
 ip address 10.46.72.5 255.255.255.192
!
interface Vlan63
 description firstad
 ip address 192.168.46.2 255.255.255.192
!
interface Vlan127
 description vlan 127
 ip address 192.168.46.66 255.255.255.192
!
interface Vlan191
 description secondAD
 ip address 192.168.46.130 255.255.255.192
!
interface Vlan254
 description thirdad
 ip address 192.168.46.194 255.255.255.192
!
ip default-gateway 10.46.72.1
ip classless
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password secret
 login
line vty 5 15
 password secret
 login
!
end



                        CISCO ROUTER


Current configuration : 1536 bytes
!
! Last configuration change at 20:27:35 UTC Sun Apr 1 2018
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$I82l$7qVCpEL4zYjazjo6eLebR.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn FTX1108A38P
!
redundancy
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 ip address 10.46.72.1 255.255.255.128
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.63
 encapsulation dot1Q 63
 ip address 192.168.46.1 255.255.255.192
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.127
 encapsulation dot1Q 127
 ip address 192.168.46.65 255.255.255.192
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.191
 encapsulation dot1Q 191
 ip address 192.168.46.129 255.255.255.192
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/1.254
 encapsulation dot1Q 254
 ip address 192.168.46.194 255.255.255.192
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 password secret
 login
 transport input all
line vty 5 15
 password secret
 login
 transport input all
!
scheduler allocate 20000 1000
endcode]
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image
Switch:
Vlan1
 description Main_one
 Vlan 63
description **whatever1**
 Vlan 127
description **whatever2**
 Vlan 191
description **whatever3**
 Vlan254
description **whatever4**

Open in new window

Router:
interface GigabitEthernet0/1
no shut
!
interface GigabitEthernet0/0
 ip nat outside
!
ip route 0.0.0.0 0.0.0.0 <next-hop>
!
ip nat source inside list NAT interface fa0/0 overload
!
ip access-list extended NAT
 permit ip 192.168.46.0 0.0.0.255 any

Open in new window


Switch needs VLAN created since VLANs will not be created by creating interface vlans (or VTP assigns VLANs to device in VTP client or VTP sever mode).

I guess router needs the rest of NAT configuration since SVIs are configured with ip nat inside. External interface in that case is missing ip nat outside. Also default route is not present. NAT access list s summary for all networks.

You may need to assign access ports to specific VLANs (if present on switch). Also if DHCP server is not provided - you will need to assign IP addresses manually. If DHCP server is provided - each SVI is missing command ip helper-address x.x.x.x for hosts to be able to reach DHCP server (except VLAN where/if DHCP server is present).

It's is a little bit strange that VLAN1 is taking different path to router....
Router 
interface GigabitEthernet0/0
 ip address 10.46.72.1 255.255.255.128

Open in new window

Switch
interface Vlan1
 description Main_one
 ip address 10.46.72.5 255.255.255.192

Open in new window

The rest of SVIs are connected as subinterfaces of interface Gi0/1.

And switch is missing
ip routing

Open in new window

command.
Avatar of techdrive
techdrive
Flag of United States of America image

ASKER

good catch Predrag Jovic
Avatar of techdrive
techdrive
Flag of United States of America image

ASKER

Can you explain Predrag Jovic  this line "ip nat source inside list NAT interface fa0/0 overload"
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image
Actually, IP routing on switch is not needed for router on stick.
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image
That line is performing natting from inside interfaces to outside interface (but is nat needed and which interface is outside interface?)... And it supposed to be gi0/0 not fa0/0 (again if nat is needed at all on router).
Avatar of techdrive
techdrive
Flag of United States of America image

ASKER

Honestly I copied this config from a site and I might be doing myself an injustice. I am just trying to setup a lab with 5 subnets and just able to talk to the 10.46.72.0 network.
Avatar of techdrive
techdrive
Flag of United States of America image

ASKER

I guess what I am trying to understand is what binds the IP address with that of the VLAN.  I guess in my simple world the vlan ID in the encapsulation command with the 802.1Q should bind with the switch vlan. Do you even need IP addresses on the virtual ports on the cisco switch. Shouldn't I just need to create the vlan on the switch, create a 802.1q trunk on the switch and define the ip addresses and encapsulation command to get this to working...or am I missing something,.
ASKER CERTIFIED SOLUTION
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of techdrive
techdrive
Flag of United States of America image

ASKER

thanks
Avatar of Predrag Jovic
Predrag Jovic
Flag of Poland image
You're welcome.