Router on a stick

redmick

Hello People
I have been googling but cannot seem to get my setup quite right.
Im doing a course for electricians and am having trouble with an aspect of it.
This is my first course involving networking so CLI is very new and strange to me but I'm slowly picking it up.
I have a 1841 router connected to a 2950 switch.
The 1841 is plugged into my home router so i can test accessing the web.
I have got through different stages ok but this has me beat.
two VLANS ON MY SWITCH
One a private Vlan one a Guest Vlan
On the guest i will setup a Microtik AP.
But i cant get my routing or trunking working for the life of me
I can ping the interface sub-if's but no further.
Hoping some guru can point me in the right direction to sort it out as the deeper i get the more I'm getting confused.
I want to work it out but just cant seem to put my finger on it.
any help would be great
Cheers
Redmick



Here are my running configs.
wonkersSw1#
wonkersSw1#sh run
Building configuration...


Current configuration : 1811 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname wonkersSw1
!
enable secret 27 xxxxxxxxxxxxxxxxxx
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description Trunk to router
switchport mode trunk
spanning-tree portfast trunk
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport mode access
!
interface FastEthernet0/4
switchport mode access
!
interface FastEthernet0/5
switchport mode access
!
interface FastEthernet0/6
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport mode access
shutdown
!
interface FastEthernet0/8
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport mode access
shutdown
!
interface FastEthernet0/11
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
!
interface Vlan1
description Private network
ip address 10.0.3.1 255.255.255.0
no ip route-cache
shutdown
!
interface Vlan10
description Guest wireless network
ip address 10.0.5.1 255.255.255.0
no ip route-cache
!
interface Vlan20
no ip address
no ip route-cache
shutdown
!
ip default-gateway 10.0.1.1
ip http server
banner motd ^C
********************************************************************






UNATHORISED ACCESS WONKERS IT DEPARTMENT ONLY




********************************************************************^C
!
line con 0
exec-timeout 30 0
password 3 xxxxxxxxxxxxxxxxxxxxA
logging synchronous
login
line vty 0 4
login
line vty 5 15
login
!
!
end


wonkersSw1#
wonkersR1#EN
wonkersR1#SH RUN
Building configuration...


Current configuration : 1466 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wonkersR1
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxxxxxxxxxxxxxxxx
!
no aaa new-model
ip cef
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description Outside link to modem
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description inside link to switch
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1.1
description Private VLAN
encapsulation dot1Q 1 native
ip address 10.0.3.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.10
description Guest VLAN
encapsulation dot1Q 10
ip address 10.0.5.1 255.255.255.0
ip nat inside
!
ip default-gateway 10.0.1.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet0/0 overload
!
access-list 100 remark == [Control NAT Service]==
access-list 100 remark ==[Control NAT Service]==
access-list 100 permit ip 10.0.2.0 0.0.0.255 any
!
!
!
control-plane
!
!
banner motd ^C
***************************************************************************


Unauthorised Access is denied Wonkers IT department only


***************************************************************************^C
!
line con 0
exec-timeout 30 0
password 7 xxxxxxxxxxxxxx
logging synchronous
login
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end


wonkersR1#

CertifiedMonkey

redmick wrote: »

interface Vlan1
description Private network
ip address 10.0.3.1 255.255.255.0
no ip route-cache
shutdown
!
interface Vlan10
description Guest wireless network
ip address 10.0.5.1 255.255.255.0
!
interface FastEthernet0/1.1
description Private VLAN
encapsulation dot1Q 1 native
ip address 10.0.3.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.10
description Guest VLAN
encapsulation dot1Q 10
ip address 10.0.5.1 255.255.255.0
ip nat inside
!

Looks like you got some duplicate IP addresses. You're most likely pinging the vlan interfaces and not the subinterfaces. Just a thought. Not 100% sure.

redmick

Oops so they are supposed to be be different?
I thought as it was say for example Vlan 1 they had to match.
If not I'm guessing they shall need to be on the same ip range.

CertifiedMonkey

Yes, they should be different because the IP address is used to uniquely identify each device on a TCP/IP network. You're correct that devices in the same VLAN should be in the same IP address range. Also, you might want to issue the no shutdown command on Int VLAN 1.

Let me know how it goes.

redmick

Ok
so now its

interface Vlan1
description Private network
ip address 10.0.3.10 255.255.255.0
no ip route-cache
!
interface Vlan10
description Guest network
ip address 10.0.5.10 255.255.255.0
!
interface FastEthernet0/1.1
description Private VLAN
encapsulation dot1Q 1 native
ip address 10.0.3.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.10
description Guest VLAN
encapsulation dot1Q 10
ip address 10.0.5.1 255.255.255.0
ip nat inside
!
Can ping 10.0.3.1 but cant ping 10.0.3.1
i get reply from 10.3.0.100: Destination host unreadable.

10.0.3.100 being my laptop plugged into fa0/3

redmick

Ok but interesting i just changed ports
so im plugged into fa0/12
Pinged 10.0.5.1 all good
pinged 10.0.5.10 also good
But still no reply from 10.0.2.1 on that Vlan
On my laptop should my networks have the Vlan as a default gateway or the interface ip?
i.e. Vlan 10.0.5.10 or sub int 10.0.5.1?

CertifiedMonkey

Can ping 10.0.3.1 but cant ping 10.0.3.1
i get reply from 10.3.0.100: Destination host unreadable.

10.0.3.100 being my laptop plugged into fa0/3

You would use the IP address of the router interface for your default gateway. The IP addresses on your vlan interfaces are used for remote management (in this case with a L2 switch). Also, I don't understand what you're trying to say here:

redmick

My router interface was originally 10.0.2.1 but it all got muddled (FOR ME ANYWAY) when i had to setup the trunking and the sub interface
The workers router connects to another in my house for the internet it is 10.0.1.1
And the fa0/1 was originally set to 10.0.2.1
with the ping it was a typo i can ping 10.0.3.1 but not 10.0.3.10 sorry

redmick

wonkers router
dang spell check

CertifiedMonkey

Can you post a diagram with labeled ports, IP addresses, hostnames, etc. Also, can you post the Current config of the laptop, router(s), and switch(es). I'm having a hard time trying to figure out the network config with all of the information scattered.

redmick

oops that did not work
How do i paste a picture of the network?

wonkersR1#sh run
Building configuration...


Current configuration : 1467 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname wonkersR1
!
boot-start-marker
boot-end-marker
!
enable secret
!
no aaa new-model
ip cef
!
!
!
!
!
!
--More--
*Nov 7 10:46:44.650: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
!
!
!
!
interface FastEthernet0/0
description Outside link to modem
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description inside link to switch
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1.1
description Private VLAN
encapsulation dot1Q 1 native
ip address 10.0.3.1 255.255.255.0
ip nat inside
!
interface FastEthernet0/1.10
description Guest VLAN
encapsulation dot1Q 10
ip address 10.0.5.1 255.255.255.0
ip nat inside
!
ip default-gateway 10.0.1.1
!
!
ip http server
no ip http secure-server
ip nat inside source list 100 interface FastEthernet0/0 overload
!
access-list 100 remark == [Control NAT Service]==
access-list 100 remark ==[Control NAT Service]==
access-list 100 permit ip 10.0.2.0 0.0.0.255 any
!
!
!
control-plane
!
!
banner motd ^C
***************************************************************************


Unauthorised Access is denied Wonkers IT department only


***************************************************************************^C
!
line con 0
exec-timeout 30 0
password
logging synchronous
login
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end


wonkersR1#

wonkersSw1#sh run
Building configuration...


Current configuration : 1804 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname wonkersSw1
!
enable secret
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description Trunk to router
switchport mode trunk
spanning-tree portfast trunk
!
interface FastEthernet0/2
switchport mode access
!
interface FastEthernet0/3
switchport mode access
!
interface FastEthernet0/4
switchport mode access
!
interface FastEthernet0/5
switchport mode access
!
interface FastEthernet0/6
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport mode access
shutdown
!
interface FastEthernet0/8
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport mode access
shutdown
!
interface FastEthernet0/11
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
!
interface Vlan1
description Private Network
ip address 10.0.3.10 255.255.255.0
no ip route-cache
shutdown
!
interface Vlan10
description Guest network
ip address 10.0.5.10 255.255.255.0
no ip route-cache
!
interface Vlan20
no ip address
no ip route-cache
shutdown
!
ip default-gateway 10.0.1.1
ip http server
banner motd ^C
********************************************************************






UNATHORISED ACCESS WONKERS IT DEPARTMENT ONLY




********************************************************************^C
!
line con 0
exec-timeout 30 0
password
logging synchronous
login
line vty 0 4
login
line vty 5 15
login
!
!
end


wonkersSw1#

Can i attach a packet tracer file somehow?

something strange i set Vlan 1 no shut
when i do it administratively shuts down Vlan 10
and then if i command no shut on Vlan 10 it does the same to Vlan 1

cant get a picture of my lan to paste or copy in from work
I can email if you pm me an address
cheers
and thanks for your help

networker050184

On the switches that do not route you can only have one SVI administratively up at a time.

Hondabuff

Since you cant do multiple VLANS to the AP in packet tracer, This will be the best that you can do.

http://www.filedropper.com/wireless_1

redmick

Ok ya got me how the heck did you attach that picture?

Hondabuff

Snip it tool in Windows. Then insert image, browse for your image and upload it.

redmick

In insert image i don't get the option to browse only to paste a URL

Hondabuff

Try Chrome or Firefox.

redmick

Made no difference
My box without the pretty pictures shows me this
Insert Image

X

Add an Image from Url

Allowed Filetypes: jpg, jpeg, png, gif


URL












OK
Cancel

Hondabuff

Should look similar to this.

redmick

Haha got it
Rookie mistake i was replying to the post not the thread
Thanks for your persistence
Now back to my real issue