interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 switchport mode trunk ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface FastEthernet2/1 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/2 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface VLAN1 ip address 192.168.0.249 255.255.255.0 no ip directed-broadcast no ip route-cache
router:
interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 switchport mode trunk ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface FastEthernet2/1 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/2 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface VLAN1 ip address 192.168.0.249 255.255.255.0 no ip directed-broadcast no ip route-cache
I have no access lists at all I wiped them to test weather this works. What am I doing wrong ? I need 2 vlans and this just fails and fails. I can route from a port assigned to the def vlan, but not from any port assigned to vlan 2
interface FastEthernet0/0 no ip address no ip mroute-cache duplex auto speed auto no cdp enable ! interface FastEthernet0/0.1 encapsulation dot1Q 2 ip address 192.168.44.253 255.255.255.0 no cdp enable ! interface FastEthernet0/0.2 encapsulation dot1Q 1 native ip address 192.168.0.253 255.255.255.0 ip nat inside no cdp enable
Have you created vlan 2 in the 'vlan database' in the CLI? Do you see the proper ports assigned to vlan 2 in a 'show vlan'?
I assume you are going with the single port connecting the switch to the router marked as a trunk port, rather than the port channel group which isn't going to work with a router-on-a-stick 2600?
Which code rev of the 2924? Some of the older ones defaulted to ISL as the default trunk type. Try making sure to do dot1q trunk type on your trunk port.
One thing I would strongly suggest with older gear especially is staying away from VLAN 1 altogether. Cisco treats it special, and it flip/flop'd alot on the router code. This way didn't work always. Sometimes you needed
interface FastEthernet0/0 ip address 192.168.0.253 255.255.255.0
interface FastEthernet0/0.1 encapsulation dot1Q 2 ip address 192.168.44.253 255.255.255.0
to talk with the native vlan on the switch.
Once you move into multiple VLANs, and trunking them, then switch everything away from VLAN 1 and the native vlan oddness that overtook some hardware/software revs.
I am not sure how to set a interface or sub interface on a 2600 as a trunk. All I see is a trunk-group command, Should I default that to
1 ?
I have tried dotq (specified it on the switch, because you were right, it was isl.)
Right now, if the sub router interfaces are set to isl vlanid
and the switch trunk port is set to switchport trunk encapsulation isl
I was able to get vlan working, well it's odd.
I have ports defined for vlan 2, the funny thing is, under isl mode I can get a dhcp address just not on the 44 network. I get the native vlan network. My dhcp server is set up for the second vlan range. Here is my config:
switch:
192_sub#sh vlan VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Fa2/3, Fa2/4
2 it-dept active Fa0/11
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 192_sub ! enable secret 5 $1$V8a5$.pOnSyDIEGBo01iFaQVZp/ ! ! ! ! ! ! ip subnet-zero ip dhcp-server 192.168.0.111 ! ! ! interface FastEthernet0/1 switchport mode trunk ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 switchport access vlan 2 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface FastEthernet2/1 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/2 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface VLAN1 ip address 192.168.0.249 255.255.255.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.0.253 snmp-server engineID local 00000009020000D0C0F257C0 snmp-server community private RW snmp-server community public RO ! line con 0
Router:
interface FastEthernet0/0 no ip address no ip mroute-cache duplex auto speed auto no cdp enable ! interface FastEthernet0/0.1 encapsulation isl 2 ip address 192.168.44.253 255.255.255.0 no ip redirects no cdp enable ! interface FastEthernet0/0.2 encapsulation isl 1 ip address 192.168.0.253 255.255.255.0 no ip redirects ip nat inside no cdp enable !
At this point both work, however I do not get the correct address range appilied to me. Maybe setting an ip address on the switches 0/11 interface will do it ? I dunno I am kinda lost, I followed this post
Password: cerberus#sh run Building configuration...
Current configuration : 7019 bytes ! ! Last configuration change at 12:04:58 EST Fri Oct 5 2007 ! version 12.2 service tcp-keepalives-in service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname cerberus ! boot system flash c2600-js-mz.122-12a.bin no logging console enable secret 5 $1$N98h$NfYf1TUtstXQzSiVuB.dS1 enable password 7 044B1B0F1F22181F5949 ! clock timezone EST -5 ip subnet-zero ! ! no ip domain-lookup ! no ip bootp server ip cef ! class-map match-all radmin-rdp match access-group 101 class-map match-all ipsec match access-group 103 class-map match-all voice match access-group 105 class-map match-all www match access-group 102 ! ! policy-map voip class voice bandwidth 150 class class-default fair-queue policy-map outbound_shaper class ipsec bandwidth percent 50 random-detect class www bandwidth percent 25 random-detect class radmin-rdp bandwidth percent 25 random-detect class class-default fair-queue ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address no ip mroute-cache duplex auto speed auto no cdp enable ! interface FastEthernet0/0.1 encapsulation dot1Q 2 ip address 192.168.44.253 255.255.255.0 no ip redirects ip nat inside no cdp enable ! interface FastEthernet0/0.4 encapsulation dot1Q 1 native ip address 192.168.0.253 255.255.255.0 ip nat inside no cdp enable ! interface Serial0/0 bandwidth 1536 ip address 12.87.xx.xx 255.255.255.252 ip access-group 125 in ip nat outside encapsulation ppp service-module t1 timeslots 1-24 service-module t1 remote-alarm-enable no cdp enable ! interface FastEthernet0/1 ip address 10.0.0.253 255.255.255.0 ip nat inside duplex auto speed auto no cdp enable ! interface Serial0/1 ip address 10.1.1.2 255.255.255.0 ip nat inside encapsulation ppp service-policy output voip service-module t1 clock source internal no cdp enable hold-queue 200 in hold-queue 200 out ! ip nat pool OVERLOAD 12.87.xx.xx12.87.xx.xx netmask 255.255.255.252 ip nat pool warehouse 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252 ip nat pool it-dept 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252 ip nat inside source list 1 pool OVERLOAD overload ip nat inside source list 2 pool warehouse overload ip nat inside source list 3 pool it-dept overload ip nat inside source static udp 192.168.0.200 3389 12.170.xx.xx 3389 extendable ip nat inside source static tcp 192.168.0.200 3389 12.170.xx.xx 3389 extendable ip nat inside source static tcp 192.168.0.200 1723 12.170.xx.xx 1723 extendable ip nat inside source static tcp 192.168.0.74 3389 12.170.252.xx 3389 extendable ip nat inside source static udp 192.168.0.74 3389 12.170.252.xx 3389 extendable ip nat inside source static tcp 192.168.0.55 3389 12.87.xx.xx 3389 extendable ip nat inside source static udp 192.168.0.55 3389 12.87.xx.xx 3389 extendable ip nat inside source static udp 10.0.0.254 5060 12.87.16.xx 5060 extendable ip nat inside source static udp 192.168.0.235 4326 12.87.xx.xx 4326 extendable ip nat inside source static tcp 192.168.0.235 4326 12.87.xx.xx 4326 extendable ip nat inside source static tcp 10.0.0.254 6600 12.87.xx.xx6600 extendable ip nat inside source static udp 10.0.0.254 6600 12.87.xx.xx6600 extendable ip nat inside source static tcp 192.168.0.199 443 12.170.xx.xx 443 extendable ip nat inside source static udp 192.168.0.199 4500 12.170.xx.xx 4500 extendable ip nat inside source static udp 192.168.0.199 500 12.170.252.209 500 extendable ip nat inside source static tcp 192.168.0.111 22 12.170.xx.xx 22 extendable ip nat inside source static tcp 192.168.0.111 80 12.170.xx.xx 80 extendable ip nat inside source static tcp 10.0.0.254 22 12.87.xx.xx 22 extendable ip nat inside source static tcp 10.0.0.254 80 12.87.xx.xx 80 extendable ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 12.87.xx.xx name at&t ip route 192.168.1.0 255.255.255.0 Serial0/1 10.1.1.1 permanent no ip http server ip pim bidir-enable ! access-list 1 permit 10.0.0.0 0.0.0.255 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 3 permit 192.168.44.0 0.0.0.255 access-list 101 remark remote admin acl access-list 101 permit tcp any eq 4326 any time-range business_hr access-list 101 permit tcp any eq 3389 any time-range business_hr access-list 102 remark www protocol access-list 102 permit tcp any eq www any time-range business_hr access-list 102 permit tcp any eq 443 any time-range business_hr access-list 102 permit tcp any eq ftp any time-range business_hr access-list 103 remark ipsec/lt2p/pptp/esp access-list 103 permit esp any any time-range business_hr access-list 103 permit udp any eq isakmp any time-range business_hr access-list 103 permit udp any eq 1701 any time-range business_hr access-list 103 permit udp any eq 1723 any time-range business_hr access-list 103 permit udp any eq 4500 any time-range business_hr access-list 103 permit ahp any any time-range business_hr access-list 103 permit gre any any time-range business_hr access-list 103 permit tcp any eq 1723 any time-range business_hr access-list 105 remark VOIP (SIP/IAX/IAX2) traffic gets top priority (5) access-list 105 permit udp any any eq 4569 access-list 105 permit udp any any eq 5004 access-list 105 permit udp any any eq 5036 access-list 105 permit udp any any eq 5060 access-list 105 permit ip host 10.0.0.254 any access-list 105 permit ip any host 10.0.0.254 access-list 125 deny tcp any any eq telnet access-list 125 deny tcp any any eq chargen access-list 125 deny tcp any any eq ident access-list 125 deny tcp any any eq nntp access-list 125 deny tcp any any eq hostname access-list 125 deny tcp any any eq exec access-list 125 deny tcp any any eq cmd access-list 125 permit ip any any access-list 125 permit gre any any access-list 125 permit ip any host 192.168.0.200 access-list 126 permit gre any any access-list 126 permit ip any any access-list 126 permit udp any any access-list 126 permit icmp any any access-list 126 permit esp any any access-list 126 permit ahp any any dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit no cdp run ! snmp-server community public RO snmp-server contact jzakhar snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps envmon snmp-server enable traps bgp snmp-server enable traps rsvp snmp-server enable traps frame-relay snmp-server enable traps syslog snmp-server enable traps rtr snmp-server host 192.168.0.111 public ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 password 7 xx login ! ntp clock-period 17179997 ntp server 10.0.0.254 time-range business_hr periodic weekdays 8:00 to 18:00 ! time-range name periodic weekdays 8:00 to 18:00 ! end
Switch:
User Access Verification
Password:
192_sub>en Password:
192_sub#sh run Building configuration...
Current configuration: ! version 12.0 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname 192_sub ! enable secret 5 $1$V8a5$.pOnSyDIEGBo01iFaQVZp/ ! ! ! ! ! ! ip subnet-zero ip dhcp-server 192.168.0.111 ! ! ! interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport trunk pruning vlan 3-1001 switchport mode trunk ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 ! interface FastEthernet0/8 ! interface FastEthernet0/9 ! interface FastEthernet0/10 ! interface FastEthernet0/11 ! interface FastEthernet0/12 ! interface FastEthernet0/13 ! interface FastEthernet0/14 ! interface FastEthernet0/15 ! interface FastEthernet0/16 switchport access vlan 2 ! interface FastEthernet0/17 ! interface FastEthernet0/18 ! interface FastEthernet0/19 ! interface FastEthernet0/20 ! interface FastEthernet0/21 ! interface FastEthernet0/22 ! interface FastEthernet0/23 ! interface FastEthernet0/24 ! interface FastEthernet2/1 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/2 port group 1 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,2,1002-1005 switchport mode trunk ! interface FastEthernet2/3 ! interface FastEthernet2/4 ! interface VLAN1 ip address 192.168.0.249 255.255.255.0 no ip directed-broadcast no ip route-cache ! ip default-gateway 192.168.0.253 snmp-server engineID local 00000009020000D0C0F257C0 snmp-server community private RW snmp-server community public RO ! line con 0 exec-timeout 0 0 transport input none stopbits 1 line vty 0 4 password xx login line vty 5 15 password xx login ! end
192_sub#sh vlan VLAN Name Status Ports
---- -------------------------------- ---------
-------------------------------
1 default active Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Fa2/3, Fa2/4
2 it-dept active Fa0/16
3 VLAN0003 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
192_sub#sh ver Cisco Internetwork Operating System Software IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC8, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2003 by cisco Systems, Inc. Compiled Thu 19-Jun-03 13:09 by antonino Image text-base: 0x00003000, data-base: 0x0034E2F4
ROM: Bootstrap program is C2900XL boot loader
192_sub uptime is 1 day, 3 hours, 20 minutes System returned to ROM by power-on System image file is "flash:c2900xl-c3h2s-mz.120-5.WC8.bin"
cisco WS-C2924M-XL (PowerPC403GA) processor (revision 0x11) with 8192K/
1024K bytes of memory. Processor board ID FAA0315F0FN, with hardware revision 0x03 Last reset from power-on
Processor is running Enterprise Edition Software Cluster command switch capable Cluster member switch capable
28 FastEthernet/IEEE 802.3 interface(s)
32K bytes of flash-simulated non-volatile configuration memory. Base ethernet MAC Address: 00:D0:C0:F2:57:C0 Motherboard assembly number: 73-3425-06 Power supply part number: 34-0920-01 Motherboard serial number: FAA03129G25 Power supply serial number: NONE Model revision number: A0 Model number: WS-C2924M-XL-EN System serial number: FAA0315F0FN
port 0/1 is trunked into the router, my computer was plugged into port
16, If I statically set the address, I was able to access all of our networks, but not route out.
I am using one ip address to NAT 2 networks
ip nat pool warehouse 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252 ip nat pool it-dept 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252
Those are the same ip's, i just remved the last 2 octets. Tomorrow I am going to remove the native vlan and create another and use 2 non natives as per the advice above, however I did power cycle the switch and router. It worked when I left last night, and for 4 hours this morning.. Then just stopped. I am also the only one with access to the gear and closet. So nothing was changed. Which is really confusing me. It could be it stopped working when people from the warehouse network started using traffic, I was not able to time it.
I will be reading documentation tonight, but from all the examples of router on a stick i have seen, this should work. Any advice is of course always appreciated
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.