First time creating VLANS on a 2924 switch - PLEASE HELP! 2

[JRosario78]

I configured my 2610 router for encap do1q and my 2924 switch VLAN switch port access. When I plug my laptop to any port, I'm unable to access anything.

Could some one please assist me with this? Below is the running config of both my router and switch.

2610Router#sh run
Building configuration...

Current configuration : 1093 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2610Router
!
enable secret 5 $1$289r$8xqOx6bZymLIHefD2kdyn.
!
ip subnet-zero
!
!
ip name-server 167.206.3.159
ip name-server 167.206.3.158
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.0.26 255.255.255.0
full-duplex
!
interface FastEthernet1/0
no ip address
speed auto
full-duplex
!
interface FastEthernet1/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet1/0.2
encapsulation dot1Q 2
ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet1/0.3
encapsulation dot1Q 3
ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet1/0.4
encapsulation dot1Q 4
ip address 192.168.4.4 255.255.255.0
!
router rip
network 192.168.0.0
network 192.168.1.0
network 192.168.10.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 192.168.0.0 255.255.255.0 192.168.0.1
no ip http server
!
!
!
dial-peer cor custom
!
!
!
gateway
!
!
line con 0
line aux 0
line vty 0 4
login
!
end


CAT2924Switch#sh run
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CAT2924Switch
!
enable secret 5 $1$yWj2$gSWok9LpvLZcLKeV6qUV5/
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 2
!
interface FastEthernet0/5
switchport access vlan 2
!
interface FastEthernet0/6
switchport access vlan 2
!
interface FastEthernet0/7
switchport access vlan 2
!
interface FastEthernet0/8
switchport access vlan 2
!
interface FastEthernet0/9
switchport access vlan 3
!
interface FastEthernet0/10
switchport access vlan 3
!
interface FastEthernet0/11
switchport access vlan 3
!
interface FastEthernet0/12
switchport access vlan 3
!
interface FastEthernet0/13
switchport access vlan 3
!
interface FastEthernet0/14
switchport access vlan 3
!
interface FastEthernet0/15
switchport access vlan 3
!
interface FastEthernet0/16
switchport access vlan 3
!
interface FastEthernet0/17
switchport access vlan 4
!
interface FastEthernet0/18
switchport access vlan 4
!
interface FastEthernet0/19
switchport access vlan 4
!
interface FastEthernet0/20
switchport access vlan 4
!
interface FastEthernet0/21
switchport access vlan 4
!
interface FastEthernet0/22
switchport access vlan 4
!
interface FastEthernet0/23
switchport access vlan 4
!
interface FastEthernet0/24
switchport access vlan 4
!
interface VLAN1
ip address 192.168.1.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 192.168.1.1
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end

Thanks

 

[Zen37]

Well, for one thing, you don't need to have dot1q encapsulation if you're only using one vlan. Your switch has one vlan setup, setup the others aswell. You need to configure your vlan 2, 3 and 4.

Don't give IPs to your tunnel configuration on your router, give them to your vlan configuration on your switch. Give a segment to each of your vlan.

This route:
ip route 192.168.0.0 255.255.255.0 192.168.0.1
Does not mean a thing, take it out, you already have an interface on that segment, that's all you need.

I guess your router is connected to the port 0/1 of your switch. It would be a good thing to configure that port to be a trunk aswell.

Start with that.

 

[vipergg]

Go to

http://cisco.com/en/US/products/hw/...figuration_guide_chapter09186a008007d7dd.html

for help on vlans on a 2924.

 

[JRosario78]

I'm still not sure if my VLAN configuration is correct. Could some one please check it and let me know what I'm doing wrong.


2610Router#sh run
Building configuration...

Current configuration : 830 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2610Router
!
enable secret 5 $1$XxlD$RddSCJ6YKqk8HFo/w4C5u1
!
ip subnet-zero
!
!
ip name-server 192.168.0.1
ip name-server 167.206.3.159
ip name-server 167.206.3.158
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.0.26 255.255.255.0
half-duplex
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
interface FastEthernet1/0.1
encapsulation dot1Q 1 native
!
interface FastEthernet1/0.2
encapsulation dot1Q 2
!
interface FastEthernet1/0.3
encapsulation dot1Q 3
!
interface FastEthernet1/0.4
encapsulation dot1Q 4
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
end


CAT2924Switch#sh run
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CAT2924Switch
!
enable secret 5 $1$.tSo$bxQutpZI.stHbiaWm9B8L/
!
!
!
!
!
!
ip subnet-zero
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 2
!
interface FastEthernet0/5
switchport access vlan 2
!
interface FastEthernet0/6
switchport access vlan 2
!
interface FastEthernet0/7
switchport access vlan 2
!
interface FastEthernet0/8
switchport access vlan 2
!
interface FastEthernet0/9
switchport access vlan 3
!
interface FastEthernet0/10
switchport access vlan 3
!
interface FastEthernet0/11
switchport access vlan 3
!
interface FastEthernet0/12
switchport access vlan 3
!
interface FastEthernet0/13
switchport access vlan 3
!
interface FastEthernet0/14
switchport access vlan 3
!
interface FastEthernet0/15
switchport access vlan 3
!
interface FastEthernet0/16
switchport access vlan 3
!
interface FastEthernet0/17
switchport access vlan 4
!
interface FastEthernet0/18
switchport access vlan 4
!
interface FastEthernet0/19
switchport access vlan 4
!
interface FastEthernet0/20
switchport access vlan 4
!
interface FastEthernet0/21
switchport access vlan 4
!
interface FastEthernet0/22
switchport access vlan 4
!
interface FastEthernet0/23
switchport access vlan 4
!
interface FastEthernet0/24
switchport access vlan 4
!
interface VLAN1
ip address 192.168.1.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN2
ip address 192.168.2.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN3
ip address 192.168.3.3 255.255.255.0
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN4
ip address 192.168.4.4 255.255.255.0
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 192.168.1.1
snmp-server engineID local 00000009020000049ACC6900
snmp-server community private RW
snmp-server community public RO
!
line con 0
transport input none
stopbits 1
line vty 0 4
password
login
line vty 5 15
password
login
!
end

 

[vipergg]

No it's not, you are trying to create multiple layer 3 management interfaces on your switch . When you create a "interface vlan 3" this is for putting a management ip address for the switch on the box and has nothing to do with creating a vlan . Remember this is a layer 2 box only and the only address it can use is the address used to manage the switch itself . Get rid of all of those interfaces except the one you want to have the switch management interface on and then point your default gateway to the address on your router that pertains to that particular vlan . Then to create the vlans do the following . From the CLI.

type "vlan database" enter. Then create a vlan , type vlan X state active" , enter . "X" is your vlan number. Do those commands for each vlan you want to create . then exit out back to the switch prompt. Do a show vlan and it should show all your vlans as active . Until you see your vlans under this command they are not created . You applied the vlans correctly to the interfaces with the switchport access command . Try this and get back to us . Good luck.

 

[vipergg]

Should have caught this before router is wrong also . For each vlan your need an ip address range . This ip address is then applied to your subinterfaces . should look like this. The native vlan on the switch and router must match.
The numbers after the dot1q statement are your vlan numbers.
interface FastEthernet1/0
no ip address

!
interface FastEthernet1/0.1
encapsulation dot1Q 1 native
ip address XXX.XXX.XXX.XXX <mask>
!
interface FastEthernet1/0.2
encapsulation dot1Q 2
ip address XXX.XXX.XXX.XXX <mask>


Hope this helps.

 

[JRosario78]

Dude,

It appears to be working now!!! Now I just can't access the internet from my laptop on the switch. How can I get to the out to the WAN?

Copy of running config on router:
2610Router#sh run
Building configuration...

Current configuration : 982 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 2610Router
!
enable secret 5 $1$XxlD$RddSCJ6YKqk8HFo/w4C5u1
!
ip subnet-zero
!
!
ip name-server 192.168.0.1
ip name-server 167.206.3.159
ip name-server 167.206.3.158
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.0.26 255.255.255.0
half-duplex
!
interface FastEthernet1/0
no ip address
duplex auto
speed auto
!
interface FastEthernet1/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet1/0.2
encapsulation dot1Q 2
ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet1/0.3
encapsulation dot1Q 3
ip address 192.168.3.3 255.255.255.0
!
interface FastEthernet1/0.4
encapsulation dot1Q 4
ip address 192.168.4.4 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip http server
!
!
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
end

Copy of running config on switch:
CAT2924Switch#sh run
Building configuration...

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CAT2924Switch
!
enable secret 5 $1$/cwa$fXMSKYEo2o3Cjktpc4v2I0
!
!
!
!
!
!
ip subnet-zero
ip name-server 192.168.0.1
ip name-server 167.206.3.159
ip name-server 167.206.3.158
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 2
!
interface FastEthernet0/3
switchport access vlan 2
!
interface FastEthernet0/4
switchport access vlan 2
!
interface FastEthernet0/5
switchport access vlan 2
!
interface FastEthernet0/6
switchport access vlan 2
!
interface FastEthernet0/7
switchport access vlan 2
!
interface FastEthernet0/8
switchport access vlan 3
!
interface FastEthernet0/9
switchport access vlan 3
!
interface FastEthernet0/10
switchport access vlan 3
!
interface FastEthernet0/11
switchport access vlan 3
!
interface FastEthernet0/12
switchport access vlan 3
!
interface FastEthernet0/13
switchport access vlan 3
!
interface FastEthernet0/14
switchport access vlan 3
!
interface FastEthernet0/15
switchport access vlan 3
!
interface FastEthernet0/16
switchport access vlan 3
!
interface FastEthernet0/17
switchport access vlan 4
!
interface FastEthernet0/18
switchport access vlan 4
!
interface FastEthernet0/19
switchport access vlan 4
!
interface FastEthernet0/20
switchport access vlan 4
!
interface FastEthernet0/21
switchport access vlan 4
!
interface FastEthernet0/22
switchport access vlan 4
!
interface FastEthernet0/23
switchport access vlan 4
!
interface FastEthernet0/24
switchport access vlan 4
!
interface VLAN1
ip address 192.168.1.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 192.168.1.1
snmp-server engineID local 00000009020000049ACC6900
snmp-server community private RW
snmp-server community public RO
!
line con 0
exec-timeout 0 0
transport input none
stopbits 1
line vty 0 4
login
line vty 5 15
login
!
end

THANKS!!!

 

[JRosario78]

This might help out.

2610Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

C 192.168.4.0/24 is directly connected, FastEthernet1/0.4
C 192.168.0.0/24 is directly connected, Ethernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet1/0.1
C 192.168.2.0/24 is directly connected, FastEthernet1/0.2
C 192.168.3.0/24 is directly connected, FastEthernet1/0.3
S* 0.0.0.0/0 [1/0] via 192.168.0.1


C:\>route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x20002 ...00 0b db 9f e1 02 ...... 3Com 3C920 Integrated Fast Ethernet Controll
er (3C905C-TX Compatible) - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.4.4 192.168.4.12 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.4.0 255.255.255.0 192.168.4.12 192.168.4.12 20
192.168.4.12 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.4.255 255.255.255.255 192.168.4.12 192.168.4.12 20
224.0.0.0 240.0.0.0 192.168.4.12 192.168.4.12 20
255.255.255.255 255.255.255.255 192.168.4.12 192.168.4.12 1
Default Gateway: 192.168.4.4
===========================================================================
Persistent Routes:
None

 

[vipergg]

Can you ping 192.168.0.1 ??? I would also try clearing the arp table in the router . If you have been moving your pc around on the switch you may have to clear the mac-address-table too . Until you can ping that address you aren't going anywhere . Off hand the config looks pretty good . Can you ping your other router interfaces off the switch ?

 

[JRosario78]

I cleared the arp-cache on the router and the switch. I also cleared the mac-address-table ont the switch. I am able to ping 192.168.0.1 from both the switch and the laptop.

I noticed that I am not able to ping my 54g router(192.168.0.54 on WAN port - 192.168.10.54 on DHCP side) router witch is connected to the netgear (192.168.0.1), even after adding a static route on the 2610 router. Other then that I could ping around my network.

I still can not access a network share on a box (192.168.0.25) in the 192.168.0.0 network. I'm just able to ping around. Should I enable rip on the 2610?

2610Router#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

S 192.168.10.0/24 [1/0] via 192.168.0.54
C 192.168.4.0/24 is directly connected, FastEthernet1/0.4
C 192.168.0.0/24 is directly connected, Ethernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet1/0.1
C 192.168.2.0/24 is directly connected, FastEthernet1/0.2
C 192.168.3.0/24 is directly connected, FastEthernet1/0.3
S* 0.0.0.0/0 [1/0] via 192.168.0.1

Thanks,
Jose

 

[lambent]

Let me guess, are you having the following network topology?

Internet---Netgear-A---Switch A---2610 router---2924 switch

also

Internet---Netgear-A---Switch A---wireless router

Your Switch A should be representing the subnet 192.168.0.0/24 and have 3 devices connected to it, i.e. Netgear-A, 2610 router, and wireless router (assuming your "54g" router is a 802.11g wireless router).

 

[JRosario78]

Yes, it goes something like that.

Cable Modem -> Netgear FVS318 Firewall Router (192.168.0.1) -> Cisco 2610 e0/0 (192.168.0.26) - f1/0 (192.168.1.1) -> Cisco 2924 Switch (192.168.1.2)

Also

Cable Modem -> Netgear FVS318 Firewall Router (LAN Address 192.168.0.1) -> Wireless Router 54g (WAN Port 192.168.0.54 - DHCP side 192.168.10.54)

 

[lambent]

You said you got a "network share on a box (192.168.0.25)". What's its default gateway? I suggest you use 192.168.0.26 as its default gateway.

Also do you have static routes on your Netgear for other subnets such as 192.168.1.0/24 to 192.168.4.0/24 and 192.168.10.0/24? Make sure it has these static routes with 192.168.0.26 as their next hop for 192.168.1.0/24 to 192.168.4.0/24, and 192.168.0.54 as the next hop of 192.168.10.0/24.

For the ping problem of your 54g router, can you ping 192.168.0.54 from your 2610 router? Did you block ICMP on the 54g router?

For accessing the Internet, did you run NAT/PAT on your 54g router? Did you run NAT/PAT on your Netgear?

 

[JRosario78]

The default gateway for the computer with the ip address is 192.168.01.

I'll put in the static routes on the netgear for the other networks. Between the netgear and the 54g, I'm running RIP.

I'm using NAT on both the netgear and the 54g routers. Could I enable NAT on the 2610 for the VLANs, once I get this issue resolved?

Yes, I'm able to ping the 54g router from the 2610 router.
2610Router>ping 192.168.0.54

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.54, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
2610Router>ping 192.168.10.54

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.54, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Thanks

 

[JRosario78]

I put in the static routers. I think that it works! I'm able to ping yahoo.com from the switch. From the switch, I'm also able to ping the 54g router at the 192.168.10.54 address. Once I get home I'll plug in my laptop and test.

Wrong Question:
*** Could I enable NAT on the 2610 for the VLANs, once I get this issue resolved? ***

Correct Question:
Can I enable DHCP on the 2610 for the VLANs, once I make sure that all is well?

Thanks!!!

 

[lambent]

I think you only need to configure NAT/PAT on your Netgear. However if its GUI or the setup menu cannot let you to include other subnets in the NAT/PAT rule set, then maybe you'll have to also enable NAT on the 2610 router. I didn't try such a double inside-to-outside NAT/PAT setup so I'm not sure if it works or not.

Btw can your 54g router run in "bridge mode"? I believe it's more appropriate to run a bridge-mode wireless AP in your case.

 

[JRosario78]

I'll try the bridge mode on the 54g later today.

Once I connect my laptop to the switch, I'll get back to this post/form with an update.

Thanks to all for taking time out to assist me with this!!!

Jose

 

[JRosario78]

Hey It Works!!! It Works!!!

Thanks to all for helping me out with this!!!

Thanks,
Jose