2600 router + 2924 switch and vlans

Discussion in 'Cisco' started by turnip, Oct 4, 2007.

  1. turnip

    turnip Guest

    switch config:

    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    switchport mode trunk
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface FastEthernet2/1
    port group 1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,1002-1005
    switchport mode trunk
    !
    interface FastEthernet2/2
    port group 1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,1002-1005
    switchport mode trunk
    !
    interface FastEthernet2/3
    !
    interface FastEthernet2/4
    !
    interface VLAN1
    ip address 192.168.0.249 255.255.255.0
    no ip directed-broadcast
    no ip route-cache


    router:

    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    switchport mode trunk
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface FastEthernet2/1
    port group 1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,1002-1005
    switchport mode trunk
    !
    interface FastEthernet2/2
    port group 1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,1002-1005
    switchport mode trunk
    !
    interface FastEthernet2/3
    !
    interface FastEthernet2/4
    !
    interface VLAN1
    ip address 192.168.0.249 255.255.255.0
    no ip directed-broadcast
    no ip route-cache

    I have no access lists at all I wiped them to test weather this works.
    What am I doing wrong ?
    I need 2 vlans and this just fails and fails. I can route from a port
    assigned to the def vlan, but not from any port assigned to vlan 2
    turnip, Oct 4, 2007
    #1
    1. Advertising

  2. turnip

    turnip Guest

    On Oct 4, 4:49 pm, turnip <> wrote:
    > switch config:
    >
    > interface FastEthernet0/14
    > !
    > interface FastEthernet0/15
    > !
    > interface FastEthernet0/16
    > switchport mode trunk
    > !
    > interface FastEthernet0/17
    > !
    > interface FastEthernet0/18
    > !
    > interface FastEthernet0/19
    > !
    > interface FastEthernet0/20
    > !
    > interface FastEthernet0/21
    > !
    > interface FastEthernet0/22
    > !
    > interface FastEthernet0/23
    > !
    > interface FastEthernet0/24
    > !
    > interface FastEthernet2/1
    > port group 1
    > switchport trunk encapsulation dot1q
    > switchport trunk allowed vlan 1,2,1002-1005
    > switchport mode trunk
    > !
    > interface FastEthernet2/2
    > port group 1
    > switchport trunk encapsulation dot1q
    > switchport trunk allowed vlan 1,2,1002-1005
    > switchport mode trunk
    > !
    > interface FastEthernet2/3
    > !
    > interface FastEthernet2/4
    > !
    > interface VLAN1
    > ip address 192.168.0.249 255.255.255.0
    > no ip directed-broadcast
    > no ip route-cache
    >
    > router:
    >
    > interface FastEthernet0/14
    > !
    > interface FastEthernet0/15
    > !
    > interface FastEthernet0/16
    > switchport mode trunk
    > !
    > interface FastEthernet0/17
    > !
    > interface FastEthernet0/18
    > !
    > interface FastEthernet0/19
    > !
    > interface FastEthernet0/20
    > !
    > interface FastEthernet0/21
    > !
    > interface FastEthernet0/22
    > !
    > interface FastEthernet0/23
    > !
    > interface FastEthernet0/24
    > !
    > interface FastEthernet2/1
    > port group 1
    > switchport trunk encapsulation dot1q
    > switchport trunk allowed vlan 1,2,1002-1005
    > switchport mode trunk
    > !
    > interface FastEthernet2/2
    > port group 1
    > switchport trunk encapsulation dot1q
    > switchport trunk allowed vlan 1,2,1002-1005
    > switchport mode trunk
    > !
    > interface FastEthernet2/3
    > !
    > interface FastEthernet2/4
    > !
    > interface VLAN1
    > ip address 192.168.0.249 255.255.255.0
    > no ip directed-broadcast
    > no ip route-cache
    >
    > I have no access lists at all I wiped them to test weather this works.
    > What am I doing wrong ?
    > I need 2 vlans and this just fails and fails. I can route from a port
    > assigned to the def vlan, but not from any port assigned to vlan 2


    sorry..

    Router:

    interface FastEthernet0/0
    no ip address
    no ip mroute-cache
    duplex auto
    speed auto
    no cdp enable
    !
    interface FastEthernet0/0.1
    encapsulation dot1Q 2
    ip address 192.168.44.253 255.255.255.0
    no cdp enable
    !
    interface FastEthernet0/0.2
    encapsulation dot1Q 1 native
    ip address 192.168.0.253 255.255.255.0
    ip nat inside
    no cdp enable
    turnip, Oct 4, 2007
    #2
    1. Advertising

  3. turnip <> writes:
    >> I have no access lists at all I wiped them to test weather this works.
    >> What am I doing wrong ?
    >> I need 2 vlans and this just fails and fails. I can route from a port
    >> assigned to the def vlan, but not from any port assigned to vlan 2


    Have you created vlan 2 in the 'vlan database' in the CLI?
    Do you see the proper ports assigned to vlan 2 in a 'show vlan'?

    I assume you are going with the single port connecting the switch to
    the router marked as a trunk port, rather than the port channel group
    which isn't going to work with a router-on-a-stick 2600?

    Which code rev of the 2924? Some of the older ones defaulted to ISL as
    the default trunk type. Try making sure to do dot1q trunk type on your
    trunk port.

    >interface FastEthernet0/0.1
    > encapsulation dot1Q 2
    > ip address 192.168.44.253 255.255.255.0
    > no cdp enable
    >!
    >interface FastEthernet0/0.2
    > encapsulation dot1Q 1 native
    > ip address 192.168.0.253 255.255.255.0
    > ip nat inside
    > no cdp enable


    One thing I would strongly suggest with older gear especially is
    staying away from VLAN 1 altogether. Cisco treats it special, and it
    flip/flop'd alot on the router code. This way didn't work always.
    Sometimes you needed

    interface FastEthernet0/0
    ip address 192.168.0.253 255.255.255.0

    interface FastEthernet0/0.1
    encapsulation dot1Q 2
    ip address 192.168.44.253 255.255.255.0

    to talk with the native vlan on the switch.

    Once you move into multiple VLANs, and trunking them, then switch
    everything away from VLAN 1 and the native vlan oddness that overtook
    some hardware/software revs.
    Doug McIntyre, Oct 5, 2007
    #3
  4. turnip

    turnip Guest

    On Oct 4, 7:16 pm, Doug McIntyre <> wrote:
    > turnip <> writes:
    > >> I have no access lists at all I wiped them to test weather this works.
    > >> What am I doing wrong ?
    > >> I need 2 vlans and this just fails and fails. I can route from a port
    > >> assigned to the def vlan, but not from any port assigned to vlan 2

    >
    > Have you created vlan 2 in the 'vlan database' in the CLI?
    > Do you see the proper ports assigned to vlan 2 in a 'show vlan'?
    >
    > I assume you are going with the single port connecting the switch to
    > the router marked as a trunk port, rather than the port channel group
    > which isn't going to work with a router-on-a-stick 2600?
    >
    > Which code rev of the 2924? Some of the older ones defaulted to ISL as
    > the default trunk type. Try making sure to do dot1q trunk type on your
    > trunk port.
    >
    > >interface FastEthernet0/0.1
    > > encapsulation dot1Q 2
    > > ip address 192.168.44.253 255.255.255.0
    > > no cdp enable
    > >!
    > >interface FastEthernet0/0.2
    > > encapsulation dot1Q 1 native
    > > ip address 192.168.0.253 255.255.255.0
    > > ip nat inside
    > > no cdp enable

    >
    > One thing I would strongly suggest with older gear especially is
    > staying away from VLAN 1 altogether. Cisco treats it special, and it
    > flip/flop'd alot on the router code. This way didn't work always.
    > Sometimes you needed
    >
    > interface FastEthernet0/0
    > ip address 192.168.0.253 255.255.255.0
    >
    > interface FastEthernet0/0.1
    > encapsulation dot1Q 2
    > ip address 192.168.44.253 255.255.255.0
    >
    > to talk with the native vlan on the switch.
    >
    > Once you move into multiple VLANs, and trunking them, then switch
    > everything away from VLAN 1 and the native vlan oddness that overtook
    > some hardware/software revs.


    I am not sure how to set a interface or sub interface on a 2600 as a
    trunk. All I see is a trunk-group command, Should I default that to
    1 ?

    I have tried dotq (specified it on the switch, because you were right,
    it was isl.)

    Right now, if the sub router interfaces are set to isl vlanid

    and the switch trunk port is set to
    switchport trunk encapsulation isl

    I was able to get vlan working, well it's odd.

    I have ports defined for vlan 2, the funny thing is, under isl mode I
    can get a dhcp address just not on the 44 network. I get the native
    vlan network. My dhcp server is set up for the second vlan range. Here
    is my config:

    switch:
    192_sub#sh vlan
    VLAN Name Status Ports
    ---- -------------------------------- ---------
    -------------------------------
    1 default active Fa0/2, Fa0/3, Fa0/4,
    Fa0/5,
    Fa0/6, Fa0/7, Fa0/8,
    Fa0/9,
    Fa0/10, Fa0/12,
    Fa0/13, Fa0/14,
    Fa0/15, Fa0/17,
    Fa0/18, Fa0/19,
    Fa0/20, Fa0/21,
    Fa0/22, Fa0/23,
    Fa0/24, Fa2/3, Fa2/4
    2 it-dept active Fa0/11
    1002 fddi-default active
    1003 token-ring-default active
    1004 fddinet-default active
    1005 trnet-default active

    VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode
    Trans1 Trans2
    ---- ----- ---------- ----- ------ ------ -------- ---- --------
    ------ ------
    1 enet 100001 1500 - - - - -
    1002 1003
    2 enet 100002 1500 - - - - -
    0 0
    1002 fddi 101002 1500 - - - - -
    1 1003
    1003 tr 101003 1500 1005 - - - srb
    1 1002
    1004 fdnet 101004 1500 - - 1 ibm -
    0 0
    1005 trnet 101005 1500 - - 1 ibm -
    0 0

    Current configuration:
    !
    version 12.0
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname 192_sub
    !
    enable secret 5 $1$V8a5$.pOnSyDIEGBo01iFaQVZp/
    !
    !
    !
    !
    !
    !
    ip subnet-zero
    ip dhcp-server 192.168.0.111
    !
    !
    !
    interface FastEthernet0/1
    switchport mode trunk
    !
    interface FastEthernet0/2
    !
    interface FastEthernet0/3
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
    switchport access vlan 2
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
    !
    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface FastEthernet2/1
    port group 1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,1002-1005
    switchport mode trunk
    !
    interface FastEthernet2/2
    port group 1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,1002-1005
    switchport mode trunk
    !
    interface FastEthernet2/3
    !
    interface FastEthernet2/4
    !
    interface VLAN1
    ip address 192.168.0.249 255.255.255.0
    no ip directed-broadcast
    no ip route-cache
    !
    ip default-gateway 192.168.0.253
    snmp-server engineID local 00000009020000D0C0F257C0
    snmp-server community private RW
    snmp-server community public RO
    !
    line con 0

    Router:


    interface FastEthernet0/0
    no ip address
    no ip mroute-cache
    duplex auto
    speed auto
    no cdp enable
    !
    interface FastEthernet0/0.1
    encapsulation isl 2
    ip address 192.168.44.253 255.255.255.0
    no ip redirects
    no cdp enable
    !
    interface FastEthernet0/0.2
    encapsulation isl 1
    ip address 192.168.0.253 255.255.255.0
    no ip redirects
    ip nat inside
    no cdp enable
    !

    router rip
    network 10.0.0.0
    network 192.168.0.0
    network 192.168.1.0
    network 192.168.44.0


    At this point both work, however I do not get the correct address
    range appilied to me. Maybe setting an ip address on the switches 0/11
    interface will do it ?
    I dunno I am kinda lost, I followed this post
    http://www.velocityreviews.com/forums/t29496-router-on-a-stick.html

    Yes this is a router on a stick setup
    turnip, Oct 5, 2007
    #4
  5. turnip

    Guest

    In article <>, turnip <> writes:

    [big snip because there's too much context and not enough relevant details]

    > Right now, if the sub router interfaces are set to isl vlanid
    >
    > and the switch trunk port is set to
    > switchport trunk encapsulation isl
    >
    > I was able to get vlan working, well it's odd.
    >
    > I have ports defined for vlan 2, the funny thing is, under isl mode I
    > can get a dhcp address just not on the 44 network.


    Which switch port is the router plugged into? That's the piece of switch
    configuration that matters.

    At a guess, it's plugged in here:

    > interface FastEthernet0/11
    > switchport access vlan 2


    And what you really need is something very much like:

    interface FastEthernet0/11
    description Switch port facing 26xx router
    switchport trunk encap dot1q
    switchport trunk allowed vlan 1-2
    switchport trunk native vlan 1
    switchport mode trunk
    spanning-tree portfast

    And on the router something very much like:

    interface FastEthernet0/0
    description dot1q "trunk" port facing 2924 switch

    interface FastEthernet0/0.1
    encapsulation dot1q 1 native
    ip address 192.168.0.253 255.255.255.0
    !
    interface FastEthernet0/0.2
    encapsulation dot1q 2
    ip address 192.168.44.253 255.255.255.0

    > I get the native
    > vlan network.


    What does this mean, "I get the native vlan network"?

    You plug a workstation into vlan 2 on the switch and get an address
    allocation from the 192.168.0.x DHCP scope?

    That would indicate that you have VLAN 1 cross-connected with VLAN2
    somewhere.
    , Oct 5, 2007
    #5
  6. turnip

    turnip Guest

    On Oct 5, 9:55 am, wrote:
    > In article <>, turnip <> writes:
    >
    > [big snip because there's too much context and not enough relevant details]
    >
    > > Right now, if the sub router interfaces are set to isl vlanid

    >
    > > and the switch trunk port is set to
    > > switchport trunk encapsulation isl

    >
    > > I was able to get vlan working, well it's odd.

    >
    > > I have ports defined for vlan 2, the funny thing is, under isl mode I
    > > can get a dhcp address just not on the 44 network.

    >
    > Which switch port is the router plugged into? That's the piece of switch
    > configuration that matters.
    >
    > At a guess, it's plugged in here:
    >
    > > interface FastEthernet0/11
    > > switchport access vlan 2

    >
    > And what you really need is something very much like:
    >
    > interface FastEthernet0/11
    > description Switch port facing 26xx router
    > switchport trunk encap dot1q
    > switchport trunk allowed vlan 1-2
    > switchport trunk native vlan 1
    > switchport mode trunk
    > spanning-tree portfast
    >
    > And on the router something very much like:
    >
    > interface FastEthernet0/0
    > description dot1q "trunk" port facing 2924 switch
    >
    > interface FastEthernet0/0.1
    > encapsulation dot1q 1 native
    > ip address 192.168.0.253 255.255.255.0
    > !
    > interface FastEthernet0/0.2
    > encapsulation dot1q 2
    > ip address 192.168.44.253 255.255.255.0
    >
    > > I get the native
    > > vlan network.

    >
    > What does this mean, "I get the native vlan network"?
    >
    > You plug a workstation into vlan 2 on the switch and get an address
    > allocation from the 192.168.0.x DHCP scope?
    >
    > That would indicate that you have VLAN 1 cross-connected with VLAN2
    > somewhere.


    You are correct on your assessment of my config. Everything is working
    as I wanted it to now. Thank you all very much for the help <3
    turnip, Oct 5, 2007
    #6
  7. turnip

    turnip Guest

    On Oct 5, 11:33 am, turnip <> wrote:
    > On Oct 5, 9:55 am, wrote:
    >
    >
    >
    > > In article <>, turnip <> writes:

    >
    > > [big snip because there's too much context and not enough relevant details]

    >
    > > > Right now, if the sub router interfaces are set to isl vlanid

    >
    > > > and the switch trunk port is set to
    > > > switchport trunk encapsulation isl

    >
    > > > I was able to get vlan working, well it's odd.

    >
    > > > I have ports defined for vlan 2, the funny thing is, under isl mode I
    > > > can get a dhcp address just not on the 44 network.

    >
    > > Which switch port is the router plugged into? That's the piece of switch
    > > configuration that matters.

    >
    > > At a guess, it's plugged in here:

    >
    > > > interface FastEthernet0/11
    > > > switchport access vlan 2

    >
    > > And what you really need is something very much like:

    >
    > > interface FastEthernet0/11
    > > description Switch port facing 26xx router
    > > switchport trunk encap dot1q
    > > switchport trunk allowed vlan 1-2
    > > switchport trunk native vlan 1
    > > switchport mode trunk
    > > spanning-tree portfast

    >
    > > And on the router something very much like:

    >
    > > interface FastEthernet0/0
    > > description dot1q "trunk" port facing 2924 switch

    >
    > > interface FastEthernet0/0.1
    > > encapsulation dot1q 1 native
    > > ip address 192.168.0.253 255.255.255.0
    > > !
    > > interface FastEthernet0/0.2
    > > encapsulation dot1q 2
    > > ip address 192.168.44.253 255.255.255.0

    >
    > > > I get the native
    > > > vlan network.

    >
    > > What does this mean, "I get the native vlan network"?

    >
    > > You plug a workstation into vlan 2 on the switch and get an address
    > > allocation from the 192.168.0.x DHCP scope?

    >
    > > That would indicate that you have VLAN 1 cross-connected with VLAN2
    > > somewhere.

    >
    > You are correct on your assessment of my config. Everything is working
    > as I wanted it to now. Thank you all very much for the help <3


    Well it worked for a day, then just up and stopped when using the vlan
    network, the 192.168.44.253 interface reports back unreachable on a
    ping, however it can traverse to the native vlan. I have no idea, I
    thought this would be easy. Maybe its the switch, but I think its prob
    the tech.

    Router:

    User Access Verification

    Password:
    Password:
    cerberus>en
    Password:
    cerberus#sh run
    Building configuration...

    Current configuration : 7019 bytes
    !
    ! Last configuration change at 12:04:58 EST Fri Oct 5 2007
    !
    version 12.2
    service tcp-keepalives-in
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname cerberus
    !
    boot system flash c2600-js-mz.122-12a.bin
    no logging console
    enable secret 5 $1$N98h$NfYf1TUtstXQzSiVuB.dS1
    enable password 7 044B1B0F1F22181F5949
    !
    clock timezone EST -5
    ip subnet-zero
    !
    !
    no ip domain-lookup
    !
    no ip bootp server
    ip cef
    !
    class-map match-all radmin-rdp
    match access-group 101
    class-map match-all ipsec
    match access-group 103
    class-map match-all voice
    match access-group 105
    class-map match-all www
    match access-group 102
    !
    !
    policy-map voip
    class voice
    bandwidth 150
    class class-default
    fair-queue
    policy-map outbound_shaper
    class ipsec
    bandwidth percent 50
    random-detect
    class www
    bandwidth percent 25
    random-detect
    class radmin-rdp
    bandwidth percent 25
    random-detect
    class class-default
    fair-queue
    !
    call rsvp-sync
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    no ip mroute-cache
    duplex auto
    speed auto
    no cdp enable
    !
    interface FastEthernet0/0.1
    encapsulation dot1Q 2
    ip address 192.168.44.253 255.255.255.0
    no ip redirects
    ip nat inside
    no cdp enable
    !
    interface FastEthernet0/0.4
    encapsulation dot1Q 1 native
    ip address 192.168.0.253 255.255.255.0
    ip nat inside
    no cdp enable
    !
    interface Serial0/0
    bandwidth 1536
    ip address 12.87.xx.xx 255.255.255.252
    ip access-group 125 in
    ip nat outside
    encapsulation ppp
    service-module t1 timeslots 1-24
    service-module t1 remote-alarm-enable
    no cdp enable
    !
    interface FastEthernet0/1
    ip address 10.0.0.253 255.255.255.0
    ip nat inside
    duplex auto
    speed auto
    no cdp enable
    !
    interface Serial0/1
    ip address 10.1.1.2 255.255.255.0
    ip nat inside
    encapsulation ppp
    service-policy output voip
    service-module t1 clock source internal
    no cdp enable
    hold-queue 200 in
    hold-queue 200 out
    !
    ip nat pool OVERLOAD 12.87.xx.xx12.87.xx.xx netmask 255.255.255.252
    ip nat pool warehouse 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252
    ip nat pool it-dept 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252
    ip nat inside source list 1 pool OVERLOAD overload
    ip nat inside source list 2 pool warehouse overload
    ip nat inside source list 3 pool it-dept overload
    ip nat inside source static udp 192.168.0.200 3389 12.170.xx.xx 3389
    extendable
    ip nat inside source static tcp 192.168.0.200 3389 12.170.xx.xx 3389
    extendable
    ip nat inside source static tcp 192.168.0.200 1723 12.170.xx.xx 1723
    extendable
    ip nat inside source static tcp 192.168.0.74 3389 12.170.252.xx 3389
    extendable
    ip nat inside source static udp 192.168.0.74 3389 12.170.252.xx 3389
    extendable
    ip nat inside source static tcp 192.168.0.55 3389 12.87.xx.xx 3389
    extendable
    ip nat inside source static udp 192.168.0.55 3389 12.87.xx.xx 3389
    extendable
    ip nat inside source static udp 10.0.0.254 5060 12.87.16.xx 5060
    extendable
    ip nat inside source static udp 192.168.0.235 4326 12.87.xx.xx 4326
    extendable
    ip nat inside source static tcp 192.168.0.235 4326 12.87.xx.xx 4326
    extendable
    ip nat inside source static tcp 10.0.0.254 6600 12.87.xx.xx6600
    extendable
    ip nat inside source static udp 10.0.0.254 6600 12.87.xx.xx6600
    extendable
    ip nat inside source static tcp 192.168.0.199 443 12.170.xx.xx 443
    extendable
    ip nat inside source static udp 192.168.0.199 4500 12.170.xx.xx 4500
    extendable
    ip nat inside source static udp 192.168.0.199 500 12.170.252.209 500
    extendable
    ip nat inside source static tcp 192.168.0.111 22 12.170.xx.xx 22
    extendable
    ip nat inside source static tcp 192.168.0.111 80 12.170.xx.xx 80
    extendable
    ip nat inside source static tcp 10.0.0.254 22 12.87.xx.xx 22
    extendable
    ip nat inside source static tcp 10.0.0.254 80 12.87.xx.xx 80
    extendable
    ip classless
    ip route 0.0.0.0 0.0.0.0 Serial0/0 12.87.xx.xx name at&t
    ip route 192.168.1.0 255.255.255.0 Serial0/1 10.1.1.1 permanent
    no ip http server
    ip pim bidir-enable
    !
    access-list 1 permit 10.0.0.0 0.0.0.255
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 2 permit 192.168.1.0 0.0.0.255
    access-list 3 permit 192.168.44.0 0.0.0.255
    access-list 101 remark remote admin acl
    access-list 101 permit tcp any eq 4326 any time-range business_hr
    access-list 101 permit tcp any eq 3389 any time-range business_hr
    access-list 102 remark www protocol
    access-list 102 permit tcp any eq www any time-range business_hr
    access-list 102 permit tcp any eq 443 any time-range business_hr
    access-list 102 permit tcp any eq ftp any time-range business_hr
    access-list 103 remark ipsec/lt2p/pptp/esp
    access-list 103 permit esp any any time-range business_hr
    access-list 103 permit udp any eq isakmp any time-range business_hr
    access-list 103 permit udp any eq 1701 any time-range business_hr
    access-list 103 permit udp any eq 1723 any time-range business_hr
    access-list 103 permit udp any eq 4500 any time-range business_hr
    access-list 103 permit ahp any any time-range business_hr
    access-list 103 permit gre any any time-range business_hr
    access-list 103 permit tcp any eq 1723 any time-range business_hr
    access-list 105 remark VOIP (SIP/IAX/IAX2) traffic gets top priority
    (5)
    access-list 105 permit udp any any eq 4569
    access-list 105 permit udp any any eq 5004
    access-list 105 permit udp any any eq 5036
    access-list 105 permit udp any any eq 5060
    access-list 105 permit ip host 10.0.0.254 any
    access-list 105 permit ip any host 10.0.0.254
    access-list 125 deny tcp any any eq telnet
    access-list 125 deny tcp any any eq chargen
    access-list 125 deny tcp any any eq ident
    access-list 125 deny tcp any any eq nntp
    access-list 125 deny tcp any any eq hostname
    access-list 125 deny tcp any any eq exec
    access-list 125 deny tcp any any eq cmd
    access-list 125 permit ip any any
    access-list 125 permit gre any any
    access-list 125 permit ip any host 192.168.0.200
    access-list 126 permit gre any any
    access-list 126 permit ip any any
    access-list 126 permit udp any any
    access-list 126 permit icmp any any
    access-list 126 permit esp any any
    access-list 126 permit ahp any any
    dialer-list 1 protocol ip permit
    dialer-list 1 protocol ipx permit
    no cdp run
    !
    snmp-server community public RO
    snmp-server contact jzakhar<xxxxx>
    snmp-server enable traps snmp authentication linkdown linkup coldstart
    warmstart
    snmp-server enable traps tty
    snmp-server enable traps isdn call-information
    snmp-server enable traps isdn layer2
    snmp-server enable traps hsrp
    snmp-server enable traps config
    snmp-server enable traps entity
    snmp-server enable traps envmon
    snmp-server enable traps bgp
    snmp-server enable traps rsvp
    snmp-server enable traps frame-relay
    snmp-server enable traps syslog
    snmp-server enable traps rtr
    snmp-server host 192.168.0.111 public
    !
    dial-peer cor custom
    !
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password 7 xx
    login
    !
    ntp clock-period 17179997
    ntp server 10.0.0.254
    time-range business_hr
    periodic weekdays 8:00 to 18:00
    !
    time-range name
    periodic weekdays 8:00 to 18:00
    !
    end


    Switch:

    User Access Verification

    Password:
    192_sub>en
    Password:
    192_sub#sh run
    Building configuration...

    Current configuration:
    !
    version 12.0
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname 192_sub
    !
    enable secret 5 $1$V8a5$.pOnSyDIEGBo01iFaQVZp/
    !
    !
    !
    !
    !
    !
    ip subnet-zero
    ip dhcp-server 192.168.0.111
    !
    !
    !
    interface FastEthernet0/1
    switchport trunk encapsulation dot1q
    switchport trunk pruning vlan 3-1001
    switchport mode trunk
    !
    interface FastEthernet0/2
    !
    interface FastEthernet0/3
    !
    interface FastEthernet0/4
    !
    interface FastEthernet0/5
    !
    interface FastEthernet0/6
    !
    interface FastEthernet0/7
    !
    interface FastEthernet0/8
    !
    interface FastEthernet0/9
    !
    interface FastEthernet0/10
    !
    interface FastEthernet0/11
    !
    interface FastEthernet0/12
    !
    interface FastEthernet0/13
    !
    interface FastEthernet0/14
    !
    interface FastEthernet0/15
    !
    interface FastEthernet0/16
    switchport access vlan 2
    !
    interface FastEthernet0/17
    !
    interface FastEthernet0/18
    !
    interface FastEthernet0/19
    !
    interface FastEthernet0/20
    !
    interface FastEthernet0/21
    !
    interface FastEthernet0/22
    !
    interface FastEthernet0/23
    !
    interface FastEthernet0/24
    !
    interface FastEthernet2/1
    port group 1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,1002-1005
    switchport mode trunk
    !
    interface FastEthernet2/2
    port group 1
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 1,2,1002-1005
    switchport mode trunk
    !
    interface FastEthernet2/3
    !
    interface FastEthernet2/4
    !
    interface VLAN1
    ip address 192.168.0.249 255.255.255.0
    no ip directed-broadcast
    no ip route-cache
    !
    ip default-gateway 192.168.0.253
    snmp-server engineID local 00000009020000D0C0F257C0
    snmp-server community private RW
    snmp-server community public RO
    !
    line con 0
    exec-timeout 0 0
    transport input none
    stopbits 1
    line vty 0 4
    password xx
    login
    line vty 5 15
    password xx
    login
    !
    end

    192_sub#sh vlan
    VLAN Name Status Ports
    ---- -------------------------------- ---------
    -------------------------------
    1 default active Fa0/2, Fa0/3, Fa0/4,
    Fa0/5,
    Fa0/6, Fa0/7, Fa0/8,
    Fa0/9,
    Fa0/10, Fa0/11,
    Fa0/12, Fa0/13,
    Fa0/14, Fa0/15,
    Fa0/17, Fa0/18,
    Fa0/19, Fa0/20,
    Fa0/21, Fa0/22,
    Fa0/23, Fa0/24, Fa2/3,
    Fa2/4
    2 it-dept active Fa0/16
    3 VLAN0003 active
    1002 fddi-default active
    1003 token-ring-default active
    1004 fddinet-default active
    1005 trnet-default active

    192_sub#sh ver
    Cisco Internetwork Operating System Software
    IOS (tm) C2900XL Software (C2900XL-C3H2S-M), Version 12.0(5)WC8,
    RELEASE SOFTWARE (fc1)
    Copyright (c) 1986-2003 by cisco Systems, Inc.
    Compiled Thu 19-Jun-03 13:09 by antonino
    Image text-base: 0x00003000, data-base: 0x0034E2F4

    ROM: Bootstrap program is C2900XL boot loader

    192_sub uptime is 1 day, 3 hours, 20 minutes
    System returned to ROM by power-on
    System image file is "flash:c2900xl-c3h2s-mz.120-5.WC8.bin"


    cisco WS-C2924M-XL (PowerPC403GA) processor (revision 0x11) with 8192K/
    1024K bytes of memory.
    Processor board ID FAA0315F0FN, with hardware revision 0x03
    Last reset from power-on

    Processor is running Enterprise Edition Software
    Cluster command switch capable
    Cluster member switch capable
    28 FastEthernet/IEEE 802.3 interface(s)

    32K bytes of flash-simulated non-volatile configuration memory.
    Base ethernet MAC Address: 00:D0:C0:F2:57:C0
    Motherboard assembly number: 73-3425-06
    Power supply part number: 34-0920-01
    Motherboard serial number: FAA03129G25
    Power supply serial number: NONE
    Model revision number: A0
    Model number: WS-C2924M-XL-EN
    System serial number: FAA0315F0FN


    port 0/1 is trunked into the router, my computer was plugged into port
    16, If I statically set the address, I was able to access all of our
    networks, but not route out.

    I am using one ip address to NAT 2 networks

    ip nat pool warehouse 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252
    ip nat pool it-dept 12.170.xx.xx12.170.xx.xx netmask 255.255.255.252

    Those are the same ip's, i just remved the last 2 octets. Tomorrow I
    am going to remove the native vlan and create another and use 2 non
    natives as per the advice above, however I did power cycle the switch
    and router. It worked when I left last night, and for 4 hours this
    morning.. Then just stopped. I am also the only one with access to the
    gear and closet. So nothing was changed. Which is really confusing me.
    It could be it stopped working when people from the warehouse network
    started using traffic, I was not able to time it.

    I will be reading documentation tonight, but from all the examples of
    router on a stick i have seen, this should work. Any advice is of
    course always appreciated
    turnip, Oct 6, 2007
    #7
  8. turnip

    turnip Guest

    Also

    192_sub#sh vtp status
    VTP Version : 2
    Configuration Revision : 0
    Maximum VLANs supported locally : 254
    Number of existing VLANs : 7
    VTP Operating Mode : Transparent
    VTP Domain Name :
    VTP Pruning Mode : Disabled
    VTP V2 Mode : Disabled
    VTP Traps Generation : Disabled
    MD5 digest : 0x9A 0x9D 0x04 0xAE 0xB3 0x4E 0x4D
    0x25
    Configuration last modified by 192.168.0.249 at 3-1-93 04:07:21


    192_sub#sh interfaces fastEthernet 0/1 switchport
    Name: Fa0/1
    Switchport: Enabled
    Administrative mode: trunk
    Operational Mode: trunk
    Administrative Trunking Encapsulation: dot1q
    Operational Trunking Encapsulation: dot1q
    Negotiation of Trunking: Disabled
    Access Mode VLAN: 0 ((Inactive))
    Trunking Native Mode VLAN: 1 (default)
    Trunking VLANs Enabled: ALL
    Trunking VLANs Active: 1-3
    Pruning VLANs Enabled: 3-1001

    Priority for untagged frames: 0
    Override vlan tag priority: FALSE
    Voice VLAN: none
    Appliance trust: none
    Self Loopback: No
    192_sub#
    turnip, Oct 6, 2007
    #8
  9. turnip

    turnip Guest

    I should also add that 2/1 and 2/2 are trunked into an identical
    switch.
    turnip, Oct 6, 2007
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Oliver

    2924 VLANs and SNMP

    John Oliver, Aug 5, 2004, in forum: Cisco
    Replies:
    1
    Views:
    594
  2. John Oliver

    How to configure VLANs on 2924

    John Oliver, Dec 24, 2004, in forum: Cisco
    Replies:
    4
    Views:
    11,383
    Jean Figueiredo
    Jan 1, 2005
  3. John Oliver

    Question about VLANs on 2924

    John Oliver, Dec 24, 2004, in forum: Cisco
    Replies:
    3
    Views:
    535
    Doug McIntyre
    Dec 25, 2004
  4. Replies:
    5
    Views:
    9,500
    Walter Roberson
    Jan 2, 2005
  5. Replies:
    2
    Views:
    803
Loading...

Share This Page