We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

Connect 2921 to internet while running CUCM lab.

Medium Priority
28 Views
Last Modified: 2020-06-28
I am running a home lab for Cisco CUCM.  At one time last week i had the lab erased and set up the router to access the internet.  Now if possible i would like to combine both.  I will paste my router config below. Please let me know what other info i can post.

Router#show run
Building configuration...

*Jun 26 23:48:55.040: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 2393 bytes
!
! Last configuration change at 23:48:55 UTC Fri Jun 26 2020
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/0
enable secret 5 $1$q5rR$.8hlui3nyKxX2zpWBd3i6/
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.10.0.1 10.10.0.10
ip dhcp excluded-address 10.15.0.1 10.15.0.10
!
ip dhcp pool Data
 network 10.10.0.0 255.255.255.0
 default-router 10.10.0.1
 option 150 ip 10.10.0.1
!
ip dhcp pool Voice
 network 10.15.0.0 255.255.255.0
 default-router 10.10.0.1
 option 150 ip 10.15.0.15
!
!
!
no ip domain lookup
ip name-server 192.168.0.1
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2921/K9 sn FTX1625AN3V
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description Router on a stick for CUCM lab
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 description Data Vlan
 encapsulation dot1Q 10
 ip address 10.10.0.1 255.255.255.0
!
interface GigabitEthernet0/0.11
 description Mgmt Vlan
 encapsulation dot1Q 11
 ip address 10.11.0.1 255.255.255.0
!
interface GigabitEthernet0/0.15
 description Voice Vlan
 encapsulation dot1Q 15
 ip address 10.15.0.1 255.255.255.0
!
interface GigabitEthernet0/1
 description LAN
 ip address 10.12.0.15 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 description BROADBAND INTERNET
 ip address 192.168.0.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
!
access-list 1 permit any
!
control-plane
!
!
!
line con 0
 exec-timeout 120 0
 password cisco
 logging synchronous
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password cisco
 login
 transport input none
line vty 5 15
 password cisco
 login
 transport input none
!
scheduler allocate 20000 1000
!
end
Comment
Watch Question

Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
sorry i tried to understand what you want , can you explain more details ?
So i want to use the setup you gave me before to connect my 2921 to the internet while at the same time running my CUCM lab.
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
so what is subnets want to access internet ? data , management , voice ...etc 
It should be in the router config i posted.

I already did the setup. Since i have 3 interfaces i used 0/0 for CUCM lab and 0/1 and 0/2 for connecting to internet.  It is not working currently and im not sure what i did wrong.
Here is my current pc config.

Ethernet adapter Ethernet 3:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::f5ec:677:cc12:387c%5
   IPv4 Address. . . . . . . . . . . : 10.15.0.12
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.10.0.1


Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
yes your nat configuration is wrong 

ip nat inside source list 1 interface GigabitEthernet0/0 overload

it should be like this

ip nat inside source list 1 interface GigabitEthernet0/2 overload


I have a trunk setup from the switch to 0/0 on the router.  I dont have a trunk for the Lan interface on the router to the switch. Do i need 2 trunks or how will the pc reach the internet through the router if its on the trunk for the CUCM?  Hope that makes sense.
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
your pc setting also need to be changed like this

Ethernet adapter Ethernet 3:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::f5ec:677:cc12:387c%5
   IPv4 Address. . . . . . . . . . . : 10.15.0.12
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.15.0.1 
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
for the switch

I have a trunk setup from the switch to 0/0 on the router.  I dont have a trunk for the Lan interface on the router to the switch. Do i need 2 trunks or how will the pc reach the internet through the router if its on the trunk for the CUCM?  Hope that makes sense. 

you need to create vlans 10,11,15 on the switch and need to configure the link between switch and router as trunk 
It is getting those settings from DHCP on my router. Should i set it statically even though everything is working fine?
Here is my current switch config

Switch#show run
Building configuration...

Current configuration : 4892 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$2Pmq$xJhHx7I/bBT2spoR79LtQ0
!
no aaa new-model
switch 3 provision ws-c3750-48p
system mtu routing 1500
ip subnet-zero
no ip domain-lookup
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet3/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet3/0/2
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/3
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/4
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/5
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/6
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/7
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/8
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/9
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/10
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/11
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/12
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/13
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/14
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/15
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/16
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/17
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/18
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/19
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/20
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/21
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/22
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/23
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/24
 switchport access vlan 15
 switchport mode access
 switchport voice vlan 15
 spanning-tree portfast
!
interface FastEthernet3/0/25
!
interface FastEthernet3/0/26
!
interface FastEthernet3/0/27
!
interface FastEthernet3/0/28
!
interface FastEthernet3/0/29
!
interface FastEthernet3/0/30
!
interface FastEthernet3/0/31
!
interface FastEthernet3/0/32
!
interface FastEthernet3/0/33
!
interface FastEthernet3/0/34
!
interface FastEthernet3/0/35
!
interface FastEthernet3/0/36
!
interface FastEthernet3/0/37
!
interface FastEthernet3/0/38
!
interface FastEthernet3/0/39
!
interface FastEthernet3/0/40
!
interface FastEthernet3/0/41
!
interface FastEthernet3/0/42
!
interface FastEthernet3/0/43
!
interface FastEthernet3/0/44
!
interface FastEthernet3/0/45
!
interface FastEthernet3/0/46
!
interface FastEthernet3/0/47
!
interface FastEthernet3/0/48
!
interface GigabitEthernet3/0/1
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
!
interface GigabitEthernet3/0/4
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 ip address 10.10.0.2 255.255.255.0
!
interface Vlan11
 ip address 10.11.0.2 255.255.255.0
!
interface Vlan15
 ip address 10.15.0.2 255.255.255.0
!
ip default-gateway 10.11.0.1
ip classless
ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
 exec-timeout 120 0
 password cisco
 logging synchronous
 login
line vty 0 4
 password cisco
 login
line vty 5 15
 password cisco
 login
!
end


Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
It is getting those settings from DHCP on my router. Should i set it statically even though everything is working fine?
nope , just modify dhcp settings to be like this

ip dhcp pool Voice
 network 10.15.0.0 255.255.255.0
 default-router 10.15.0.1
 option 150 ip 10.15.0.15
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
your switch config it seems working fine .
Ok i made that change.

I am really confused on how my pc reaches the internet. For the lab my pc is using the .15 sub interface on 0/0. But the internet is using 0/2 interface to reach internet and 0/1 for the LAN interface.  Now i know before that i used the 0/1 to connect to the switch when i was just connecting to the internet with no CUCM lab setup. But now my pc is using 0/0 for lab so do i even need the 0/1 interface?

Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
Your pc is member of vlan 15 and your gateway is 10.15.0.1 , so every internet traffic will reach your gateway after that will match your access list number 1 which has permit any rule , permit any it mean all subnets will be prmited to access internet
last step when the traffic match access list 1 , then will be natted over gi0/2 and access internet :)  
So in theory i should be able to unplug my wireless from my desktop and reach the internet through my router correct?

Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
yes that is correct , unless you have access point connected to your network to extend your lan 
OK, im going to try it and ill update.

Ok, so that did not work.
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
Please let me know what exactly didn't work ? 
When i disconnected my wireless i could not connect to the internet.
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
Try to release and renew ip addresses after wireless unplugged
So i did a release and renew but nothing changed. I am still showing no internet access for my ethernet adapter. Would you like me to repost my router and pc configs?
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
sure , please share your config and to which port is connected to ?
Here is my current router config:

Building configuration...

Current configuration : 2393 bytes
!
! Last configuration change at 00:39:29 UTC Sat Jun 27 2020
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/0
enable secret 5 $1$q5rR$.8hlui3nyKxX2zpWBd3i6/
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.10.0.1 10.10.0.10
ip dhcp excluded-address 10.15.0.1 10.15.0.10
!
ip dhcp pool Data
 network 10.10.0.0 255.255.255.0
 default-router 10.10.0.1
 option 150 ip 10.10.0.1
!
ip dhcp pool Voice
 network 10.15.0.0 255.255.255.0
 default-router 10.15.0.1
 option 150 ip 10.15.0.15
!
!
!
no ip domain lookup
ip name-server 192.168.0.1
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2921/K9 sn FTX1625AN3V
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description Router on a stick for CUCM lab
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/0.10
 description Data Vlan
 encapsulation dot1Q 10
 ip address 10.10.0.1 255.255.255.0
!
interface GigabitEthernet0/0.11
 description Mgmt Vlan
 encapsulation dot1Q 11
 ip address 10.11.0.1 255.255.255.0
!
interface GigabitEthernet0/0.15
 description Voice Vlan
 encapsulation dot1Q 15
 ip address 10.15.0.1 255.255.255.0
!
interface GigabitEthernet0/1
 description LAN
 ip address 10.12.0.15 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 description BROADBAND INTERNET
 ip address 192.168.0.254 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
!
access-list 1 permit any
!
control-plane
!
!
!
line con 0
 exec-timeout 120 0
 password cisco
 logging synchronous
 login
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password cisco
 login
 transport input none
line vty 5 15
 password cisco
 login
 transport input none
!
scheduler allocate 20000 1000
!
end

Here is my pc config:
Ethernet adapter Ethernet 3:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::f5ec:677:cc12:387c%5
   IPv4 Address. . . . . . . . . . . : 10.15.0.12
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.15.0.1

My PC is connected to my Switch. The Switch port 0/1 is trunked to router on port 0/0.  I have the internet cable plugged into port 0/2 on my router.


Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
pc to which port is connected on the switch ? please share switch config also 
Sr.Network & Security Engineer
CERTIFIED EXPERT
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview
I will add that and retry.  Is that the command that lets the sub interfaces communicate with the other ip subnets on the router?
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
This is the difference between the two commands:

ip nat inside :
  • Translates the source IP address of packets that travel from inside to outside.
  • Translates the destination IP address of packets that travel from outside to inside.
ip nat outside :
  • Translates the source IP address of packets that travel from outside to inside.
  • Translates the destination IP address of packets that travel from inside to outside.
So that did finally work. I just had to go in and give it a static DNS address.  It seems i didnt put anything in the router for that so i will have to adjust that. TY as always for your expertise.
Mohammad RummanehSr.Network & Security Engineer
CERTIFIED EXPERT
You are most welcome :)


Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.