Help with my VLAN setup

WasteTimeChangingCars

WasteTimeChangingCars

WasteTimeChangingCars

Associate
Joined
2 Mar 2009
Posts
228
Location
republic of Agdgdgwngo
I bought a cisco 1841 router so that I could segment my home network into 2 VLANs and each with access to the internet that was the plan. The cisco router was meant to go through the broadband router which is a Billion BiPAC 7402X. However PCs in the VLANs have no access to the internet I think I’ve made a mistake with NAT I’m not really sure, also ping's seem to fail when i try to ping PCs . If someone could tell me where I’ve gone wrong that would be great.

Edit: i should say that the Billion router already has DNS and NAT running

Configs below

Billion BiPAC 7402X
Code: 
Billion Router
Management address – 192.168.2.1
DNS – 8.8.8.8 – 212.69.36.3

Cisco 1841
Code: 
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LAB
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
!
ip dhcp pool VLAN-10-Desktops
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1 
   dns-server 192.168.2.1 
!
ip dhcp pool VLAN-20-WiFi
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1 
   dns-server 192.168.2.1 
!
!
ip name-server 192.168.2.1
ip name-server 8.8.8.8
ip name-server 212.69.36.3
!
multilink bundle-name authenticated
!
!
!
!
archive
 log config
  hidekeys
! 
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 ip nat outside
 ip virtual-reassembly
 speed 100
 half-duplex
!
interface FastEthernet0/0.1
 description Native VLAN 1
 encapsulation dot1Q 1 native
 ip address 192.168.2.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.10
 description VLAN 10 Desktops
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/0.20
 description VLAN 20 Wi-Fi
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
scheduler allocate 20000 1000
end
 
Last edited:
Quick query, but are you devices receiving the IP address of the router interface? As they're not excluded from the DHCP range?

Can't really look in detail unfortunately... might have been drinking.

NAT also won't be doing anything as the access list isn't called on any interface.

Can the interface be declared as outside whilst is sub-interfaces are inside?
 
Last edited:
Few things spring to mind:

1, Internet interface is set to Half-duplex, it needs to be full duplex
2, You need to add an ip address on the internet interface, make it share its own network with the router its connected to.
3, you may need to change the default route of the actual router IP which will be connected to your internet interface as some routers can be funny and not like the interface fa0/0 command even though it accepts it (Virgin Media is a good example of this).
4, VLANS are on wrong interface, they need to be sub-interfaces on the fa0/1 interface as this is inside interface.
5, Dont forget to do no shut on the fa0/1 interface once vlans are set up.

Actually, you dont need NAT on the router, as you said, this is already on the other router. You just need to forward the traffic from the vlans to the Billion router if this is gateway to the internet.

If you were going to use this router as NAT, then the Access-list is wrong, it needs to be either 192.168.0.0 0.0.15.255 or 192.168.0.0 0.0.255.255
 
Last edited:
ots3go said:
Quick query, but are you devices receiving the IP address of the router interface? As they're not excluded from the DHCP range?

Can't really look in detail unfortunately... might have been drinking.

NAT also won't be doing anything as the access list isn't called on any interface.

Can the interface be declared as outside whilst is sub-interfaces are inside?
Click to expand...

Dont need to put an access-list on an interface as its being using as the NAT list (Although we dont need NAT as the other router will be handling it all).

You're right about the sub interfaces though.
 
ots3go said:
Quick query, but are you devices receiving the IP address of the router interface? As they're not excluded from the DHCP range?

Can't really look in detail unfortunately... might have been drinking.

NAT also won't be doing anything as the access list isn't called on any interface.

Can the interface be declared as outside whilst is sub-interfaces are inside?
Click to expand...

yes, devices are receiving ip addresses

Thanks for your suggestions I'll go and implement them and see if it works, once again thanks
 
Well for a start your devices are NATing to no IP address....

ip nat inside source list 1 interface FastEthernet0/0 overload

interface FastEthernet0/0
no ip address

What is your public IP address? I assume you have a modem in front of the router and that is doing the NAT (which it seems to be judging by your first post). If this is the case then you are you NATing on this router (incorrectly)? Remove it and try again

- GP
 
I’ve changed the interfaces round and all PCs can ping each other when I enabled RIP1 on both Cisco and Billion routers. However no access to the internet for PCs in VLANs 10 & 20, I am very confused as to why this is the case. I’m unsure if I need NAT running on the Cisco router I’m pretty sure I don’t when NAT is already running fine on the Billion router which is connected to the internet. My public IP address is 212.69.47.163

A ruff diagram of the network
Capture-1.jpg


New Cisco config
Code: 
LAB#sh running
Building configuration...

Current configuration : 1695 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LAB
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
dot11 syslog
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.20.1
!
ip dhcp pool vlan-10
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   dns-server 192.168.2.1
!
ip dhcp pool vlan-20
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.1
   dns-server 192.168.2.1
!
!
ip name-server 192.168.2.1
ip name-server 8.8.8.8
ip name-server 212.69.36.3
!
multilink bundle-name authenticated
!
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 speed 100
 full-duplex
!
interface FastEthernet0/1.1
 description vlan 1
 encapsulation dot1Q 1 native
 ip address 192.168.2.2 255.255.255.0
!
interface FastEthernet0/1.10
 description vlan 10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface FastEthernet0/1.20
 description vlan 20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
router rip
 network 192.168.2.0
 network 192.168.10.0
 network 192.168.20.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1.1
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
line con 0
 logging synchronous
line aux 0
line vty 0
 password cisco
 login
line vty 1 4
 login
line vty 5 9
 login
!
scheduler allocate 20000 1000
end

sh ip route
Code: 
Gateway of last resort is 0.0.0.0 to network 0.0.0.0

R    212.69.47.0/24 [120/1] via 192.168.2.1, 00:00:09, FastEthernet0/1.1
C    192.168.10.0/24 is directly connected, FastEthernet0/1.10
C    192.168.20.0/24 is directly connected, FastEthernet0/1.20
C    192.168.2.0/24 is directly connected, FastEthernet0/1.1
S*   0.0.0.0/0 is directly connected, FastEthernet0/1.1
 
Last edited:
No, you won't need NAT on the Cisco router in that setup.

The Billion will be using NAT Overload so that your network may access the internet using a single public IP address.

Are the return routes shown on the Billion router?

Can you ping your inside global address?

Swtich0 -> Switch1 -> Billion all configured as trunk ports?
 
Last edited:
Can you ping out to an IP address rather than relying on DNS?

Quickly see if you can get to 8.8.8.8 for example.

If you're receiving a ping response from the Billion on your VLANs, routing looks like it's fine and the problem is lying some place else.
 
Deception said:
Some Cisco routers dont like the ip route if you dont specify the end address (even though it goes out the same interface anyway). Glad it all works now :D
Click to expand...

Cracking to know it's sorted.

The above is something that'll now always stick in the front of my mind.

Shocking through how it'll take an extra routing lookup because of a weird bug...
 
Last edited:
ots3go said:
Cracking to know it's sorted.

The above is something that'll now always stick in the front of my mind.

Shocking through how it'll take an extra routing lookup because of a weird bug...
Click to expand...

I didnt know til last week when I had to install a new router to go with our Virgin Media line. I tried everything and someone mentioned that to me and it worked. So, yea, something that will stick with me too! :p
 
You must log in or register to reply here.
Back
Top Bottom