3550 internet issue

jeanathanjeanathan Member Posts: 163
I don't know why, but I decided to try a lab utilizing vlans, layer 3 ports, and the routing engine on the 3550.

I connect a pc to port fa0/9, the port is in vlan 5, vlan 5 has an ip address of 192.168.1.1/24.
The pc has an ip address of 192.168.1.100/24 and a default gateway of 192.168.1.1

So I enabled ip routing with config)#ip routing
I then connected a cheap linksys with working internet up to port fa0/1 on the 3550.
I setup port fa0/1 with "no switchport" and "ip address 192.168.2.10 255.255.255.0"
The link sys has a working wan connection and an internal lan ip of 192.168.2.1 for 192.168.2.0/24.

So i put ip route 0.0.0.0 0.0.0.0 192.168.2.1 into the 3550.

Now I can ping the 192.168.2.10 from the pc and I can ping the 192.168.2.1 from the router.

I cannot access the internet or ping 192.168.2.1 from the pc.

I have read that you need an actual proper router connected to the routed port of a 3550 so that the router can redirect traffic into the 192.168.1.0/24 network via the 3550 192.168.2.10 next hop address.

Any ideas why no net access?

Here is the 3550 config...
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
!
username holmesjrh privilege 15 secret 5 $1$M.A1$/LPF1K3EIUPDIRav.oHUz.
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
aaa session-id common
authentication mac-move permit
ip subnet-zero
ip routing
ip name-server 4.2.2.1
!
!
!
!
crypto pki trustpoint TP-self-signed-885241216
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-885241216
 revocation-check none
 rsakeypair TP-self-signed-885241216
!
!
crypto pki certificate chain TP-self-signed-885241216
 certificate self-signed 01
  3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 38383532 34313231 36301E17 0D393330 33303130 30303130
  335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3838 35323431
  32313630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  D9820BBE 4769131C E1BA1EAC 4C5FED6A 324574DA 58ECF980 C40D4A69 0873AFB2
  2288748D F32084C1 2556E7FA 8E7BC0E7 E22F579E 96C80FD1 0423631C 9A30B292
  F39683A2 C2A8235A 7DE9AB98 5487330E B0BEF744 7014FEFA 1BBDE6A3 40A2044B
  AD4310BE 119B0B94 8404A754 FA651AA6 361EE9D5 1C178326 9C61B8B1 A037C9B1
  02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
  11040B30 09820753 77697463 682E301F 0603551D 23041830 1680144C CBF7E718
  ED9CA9EE EDBD9A29 DAB90546 71082D30 1D060355 1D0E0416 04144CCB F7E718ED
  9CA9EEED BD9A29DA B9054671 082D300D 06092A86 4886F70D 01010405 00038181
  00D4DA81 BF77B2D9 1A778C65 275AA8ED BA772031 3BE17827 DDD16635 286B0BDF
  25FCBB44 BE795A1E A12BCD0A C043A791 DC4E9322 A4228BD5 14E4F5B1 58341158
  2166FC63 E57EDBDC F845704B AF3D6887 6A1DF07E FB97E9F7 FB4FBE4A A39F7B4B
  47CF9233 13A37338 25E4FD12 44D57127 C2C5DA80 BA9554CD 104E320B 70178030 82
  quit
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Port-channel1
 switchport mode dynamic desirable
!
interface FastEthernet0/1
 no switchport
 ip address 192.168.2.33 255.255.255.0
!
interface FastEthernet0/2
 switchport mode dynamic desirable
!
interface FastEthernet0/3
 switchport mode dynamic desirable
!
interface FastEthernet0/4
 switchport mode dynamic desirable
!
interface FastEthernet0/5
 switchport mode dynamic desirable
!
interface FastEthernet0/6
 switchport mode dynamic desirable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport access vlan 5
 switchport mode access
!
interface FastEthernet0/10
 switchport mode dynamic desirable
!
interface FastEthernet0/11
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport mode dynamic desirable
!
interface FastEthernet0/20
 switchport mode dynamic desirable
!
interface FastEthernet0/21
 switchport mode dynamic desirable
!
interface FastEthernet0/22
 switchport mode dynamic desirable
!
interface FastEthernet0/23
 switchport mode dynamic desirable
!
interface FastEthernet0/24
 switchport mode dynamic desirable
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
 channel-group 1 mode on
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan5
 ip address 192.168.1.1 255.255.255.0
!
ip default-gateway 192.168.2.1
ip classless
no ip route static inter-vrf
ip route profile
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
!
control-plane
!
!
line con 0
line vty 0 4
 transport input ssh
line vty 5 15
 transport input ssh
!
end
Struggling through the re-certification process after 2 years of no OJT for the CCNP.

Comments

  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    Does the Linksys have a route back to the 192.168.1.0 network that the PC is on?
    :mike: Cisco Certifications -- Collect the Entire Set!
  • jeanathanjeanathan Member Posts: 163
    mikej412 wrote: »
    Does the Linksys have a route back to the 192.168.1.0 network that the PC is on?

    No and I am guessing that is why it does not work. The 3550 would need to be capable of NAT to overcome this restriction?

    My linksys is running ddwrt and I added the route 192.168.1.0 reached by gateway 192.168.2.10, however it still does not work. Probably just another bug in ddwrt, like the fact that WAN QoS doesn't work. I can however now ping 192.168.2.1 from the PC :)

    I bet if I put my 1811 or 2620xm in against the 3550 adding the route back to 192.168.1.0 would work.
    Struggling through the re-certification process after 2 years of no OJT for the CCNP.
  • mikem2temikem2te Member Posts: 407
    Just a thought, try changing the default route-

    ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

    To the a IP address of the Linksys rather than the exit interface FE0/1.
    Blog : http://www.caerffili.co.uk/

    Previous : Passed Configuring Microsoft Office SharePoint Server 2007 (70-630)
    Currently : EIGRP & OSPF
    Next : CCNP Route
  • jeanathanjeanathan Member Posts: 163
    mikem2te wrote: »
    Just a thought, try changing the default route-

    ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

    To the a IP address of the Linksys rather than the exit interface FE0/1.

    I tried, but to avail. I think the ddwrt linksys it mostly to blame. I will try cable modem --> 2650xm -- > 3550 ---> vlan later. I read in the self study book where they suggest using eigrp between a 3550 core router routed port and an internet router (cisco) at the customer edge.
    Struggling through the re-certification process after 2 years of no OJT for the CCNP.
  • notgoing2failnotgoing2fail Member Posts: 1,138
    jeanathan,


    You're in luck as I am playing with my 3550 today and we have practically the same setup.

    Don't worry about NAT. Just the other week I did the same thing without a 3550 using my 1811 and some other routers and switches and was able to get out on the internet.

    I'll set things up on my end and show you my config....

  • chrisonechrisone Senior Member Member Posts: 2,207 ■■■■■■■■■□
    what is handling the DHCP and NATing? if its the DSL router your setup wont work. Being that you setup the interface as a routed interface with the "no switchport" command, this is your outside WAN interface. Your DSL router is considered the ISP now. So your 3550 needs to provide DHCP to the LAN side and NATing as well. You will have to NAT all your LAN to the WAN interface of the 3550 on port Fa0/1.

    the reason why you can ping the 192.168.2.10 IP from the PC is because the default gateway for the PC is the 3550 and the 3550 knows of the IP on its interface. You can ping 192.168.2.1 from the 3550 because it knows of this network. However the dsl router doesnt know what 192.168.1.0 is. All it knows is its LAN (192.168.2.0) network and its WAN network to the ISP. Your 192.168.1.0 network on the LAN side needs to be NATed to the 192.168.2.10 ip address of the interface connecting to the DSL router. The LAN on VLAN5 you have (192.168.1.0) needs to show up as a 192.168.2.0 network LAN side on the DSL router.
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User
  • notgoing2failnotgoing2fail Member Posts: 1,138
    You said you setup fa0/1 with 192.168.2.10

    But in your running-config it shows .33



    interface FastEthernet0/1
    no switchport
    ip address 192.168.2.33 255.255.255.0

  • jeanathanjeanathan Member Posts: 163
    Thanks for the heads up and confirming w/ the 1811 ng2fail, I had a sneaking suspicion that was were I was going to wind up. I changed it to .33 after realizing that a my have it via dhcp, but it is back to .10 now that I confirmed no .10 in the dhcp table of the linksys. It didn't change anything in terms of routing beyond the 3550 routed port.

    Chrisone ip nat ? gives me an unrecognized command on the 3550. I searched the cisco feature navigator and it does not list the ip nat command for the 3550 12.2se emi ios images.

    But I understand now and agree with what you are saying about the linksys /w ddwrt is essential the ISP and my 3550 the customer edge router and so with NAT my 192.168.1.0/24 addresses cannot translate to the "would be public, but private" per this setup 192.168.2.0/24 addresses. ddwrt is cheap and brings nice features to low end routers, but is too buggy for most things. Routing table entries appears to be one of those.
    Struggling through the re-certification process after 2 years of no OJT for the CCNP.
  • notgoing2failnotgoing2fail Member Posts: 1,138
    I'm at the same point where you are now. What is "ddwrt"?

    Anyways, I had created a setup awhile back without using NAT and I was able to get out on the internet with my linksys.

    Unfortunately I don't have that linksys on right now because I got a new provider and they provided me with their own wireless router.

    But I don't see this as an issue....

    I cannot get out on the internet either so let me see what I can come up with....

    Are you saying that NAT is not available for the 3550?

    I thought that with L3 switches, you get a full blown router?

  • notgoing2failnotgoing2fail Member Posts: 1,138
    Ok I just looked it up, apparently an L3 3550 doesn't support NAT/PAT.

    Which now really has pissssed me off....I didn't realize that you can say you're an L3 switch but half-asssssed L3.....


    I guess that's the catch.....


    What you can do is put your 1811 inline with your setup and make the 1811 do the NAT/PAT.


    Internet --- linksys --- 1811 --- Crappy L3 3550

    So you can turn your L3 back to L2....

  • chrisonechrisone Senior Member Member Posts: 2,207 ■■■■■■■■■□
    I'm at the same point where you are now. What is "ddwrt"?

    Anyways, I had created a setup awhile back without using NAT and I was able to get out on the internet with my linksys.

    Unfortunately I don't have that linksys on right now because I got a new provider and they provided me with their own wireless router.

    But I don't see this as an issue....

    I cannot get out on the internet either so let me see what I can come up with....

    Are you saying that NAT is not available for the 3550?

    I thought that with L3 switches, you get a full blown router?

    The reason why yours works and his doesnt is due to the big KEY POINT everyone is failing to see here. That is the fuction of the interface between the 3550 and the router.

    Another design method you can get it to work very easily is to create a layer two port. Make the port your created using the "no switchport" to a switchport and place it in the vlan 5 (192.168.1.0) network. Now any port you place on vlan 5 the 3550 switch will just use layer two and pass all that traffic up to the DSL router and all hosts on vlan 5 can grab an IP address from the DHCP off the router. The 3550 will just be a layer 2 switch in this case. If you want the switch to be a layer 3 you will have to use the method i described in my earlier post and you will have to NAT the vlan 5 network to the "routed" interface you created with the "no switchport" command.

    You can use a router to do the NATing and DHCP if you have an extra one around. There is a little bit more involved as far as configuration but you should play with it before i just hand out answers icon_razz.gif

    RTR
    3550
    DSL RTR
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User
  • notgoing2failnotgoing2fail Member Posts: 1,138
    chrisone wrote: »
    The reason why yours works and his doesnt is due to the big KEY POINT everyone is failing to see here. That is the fuction of the interface between the 3550 and the router.

    Another design method you can get it to work very easily is to create a layer two port. Make the port your created using the "no switchport" to a switchport and place it in the vlan 5 (192.168.1.0) network. Now any port you place on vlan 5 the 3550 switch will just use layer two and pass all that traffic up to the DSL router and all hosts on vlan 5 can grab an IP address from the DHCP off the router. The 3550 will just be a layer 2 switch in this case. If you want the switch to be a layer 3 you will have to use the method i described in my earlier post and you will have to NAT the vlan 5 network to the "routed" interface you created with the "no switchport" command.

    You can use a router to do the NATing and DHCP if you have an extra one around. There is a little bit more involved as far as configuration but you should play with it before i just hand out answers icon_razz.gif

    RTR
    3550
    DSL RTR

    To be fair, my earlier setup wasn't exactly the same as this one. As it involved an 1811 router (a real router, not this half-butt L3 3550) and a pretty expensive linksys...

    I did no natting on it and it worked surprisingly. It even baffled a good friend of mine who before I setup the lab told me that I'd have to NAT. To everyone's surprise, I didn't...

    Now that I configured my setup exactly as his, I can't get out on the internet either...

    Why Cisco? Why did you remove the NAT command? Seriously, WTF?

  • jeanathanjeanathan Member Posts: 163
    I guess that's the catch.....

    Same here, that was why I decide to do the lab, I need to know the limitations of inter vlan routing and how it works in an environment with a routed interface.

    I guess I learned...

    Connect a switchport from a linksys router to a swtichport on a vlan of the 3550 and everyone in that vlan gets internet. Try to access a computer on the internet capable vlan via a computer on a different vlan and it works perfect (inter vlan routing). Try to access the internet from a vlan different than the internet bridged vlan and no internet access. If you want internet to all vlans, well inter vlan routing does not provide that outright you need a routed port connected to a router that provides NAT and dhcp.

    No NAT support on a 3550, not important for the test, but it is experience building for the future designing of cisco networks and troubleshooting.
    Struggling through the re-certification process after 2 years of no OJT for the CCNP.
  • chrisonechrisone Senior Member Member Posts: 2,207 ■■■■■■■■■□
    hahaha you guys are getting confused on the role a switchport and a routed port play.


    If your doing layer two on the switchport between the 3550 and the dsl router it will pass the traffic via layer 2. So layer 2 port on 3550 on vlan 5 to the DSL router will pass "ANYTHING" any ports on VLAN 5 will be on. So if you have ports on vlan 5 their dhcp broadcast will remain on vlan 5 and the DSL router will see it, then hand out the address and do the NATing on all its own. With a layer 2 port between the 3550 and the DSL router all your really doing is extending the LAN side of the DSL router. Now once you do this you may say ok how do i get the 3550 switch an IP on the vlan 5.....anyone have any ideas?......heres a clue

    config t
    int vlan5
    (config-t)#ip address 192.168.2.10 255.255.255.0

    Create an SVI. "Switched Virtual Interface"

    Sorry i didnt see your post before mine, but yeah your kind of getting the idea now jeanathan
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User
  • notgoing2failnotgoing2fail Member Posts: 1,138
    chrisone wrote: »
    hahaha you guys are getting confused on the role a switchport and a routed port play.


    If your doing layer two on the switchport between the 3550 and the dsl router it will pass the traffic via layer 2. So layer 2 port on 3550 on vlan 5 to the DSL router will pass "ANYTHING" any ports on VLAN 5 will be on. So if you have ports on vlan 5 their dhcp broadcast will remain on vlan 5 and the DSL router will see it, then hand out the address and do the NATing on all its own. With a layer 2 port between the 3550 and the DSL router all your really doing is extending the LAN side of the DSL router. Now once you do this you may say ok how do i get the 3550 switch an IP on the vlan 5.....anyone have any ideas?......heres a clue

    config t
    int vlan5
    (config-t)#ip address 192.168.2.10 255.255.255.0

    Create an SVI. "Switched Virtual Interface"

    Sorry i didnt see your post before mine, but yeah your kind of getting the idea now jeanathan


    Thanks chrisone, this is why I feel it is extremely important to understand the fundamentals. I am still trying to get my head wrapped around it, I probably won't fully understand this until later down the road when I am more focused on it...

    My 1811 supports this "SVI", but I'm not entirely sure what that is all about.....I would assume so does the 3550?

    But I wouldn't be surprised if it didn't, since it's a half-arrrrsed L3 router...

  • chrisonechrisone Senior Member Member Posts: 2,207 ■■■■■■■■■□
    it supports the SVI, 2950 and 2960 switches have them as well. All switches aside from the 1900 which i cant remember if those old things support it or not.
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User
  • notgoing2failnotgoing2fail Member Posts: 1,138
    chrisone wrote: »
    it supports the SVI, 2950 and 2960 switches have them as well. All switches aside from the 1900 which i cant remember if those old things support it or not.

    If I had to guess, I'd say no...

    the 2900's don't even support RSTP!! jeez!!!

  • mwgoodmwgood Member Posts: 293
    OK, so Mike put his thumb on the primary problem - the route from the Linksys back to the 192.168.1.x network. Now that you've entered that route on the Linksys and you have connectivity between the PC and the LAN side of the Linksys - you just need to make sure the Linksys is NATing the 192.168.1.x network, and that you have an internet connection from the Linksys.

    All the other stuff in this thread is just making things too complex, as far as I can tell...

    The problem has nothing to do with NAT on the 3550, routed ports vs layer 2, SVIs - etc.

    Of course, this assumes that the Linksys is actually capable of performing NAT for a private network that is not directly connected.
  • chrisonechrisone Senior Member Member Posts: 2,207 ■■■■■■■■■□
    mwgood wrote: »
    OK, so Mike put his thumb on the primary problem - the route from the Linksys back to the 192.168.1.x network. Now that you've entered that route on the Linksys and you have connectivity between the PC and the LAN side of the Linksys - you just need to make sure the Linksys is NATing the 192.168.1.x network, and that you have an internet connection from the Linksys.

    All the other stuff in this thread is just making things too complex, as far as I can tell...

    The problem has nothing to do with NAT on the 3550, routed ports vs layer 2, SVIs - etc.

    How do you have two subnets on the LAN side of the DSL router and how does the DSL router know how to NAT the two?

    LAN
    3550 rtr interface--(WAN network between 3550 and DSL rtr) this is also the LAN side for the DSL rtr
    DSL rtr
    WAN ISP network.

    Of course this has everything to do with routed interfaces and layer 2. There are two different ways to set this up. If you turn the interface on the 3550 connecting to the DSL rtr to a "routed interface" it is considered the end of a broadcast domain and the start of a new broadcast domain. To the LAN on the 3550 this is the end of the road my friend, its the gateway (WAN side of the 3550) To the DSL router this is LAN side, which the DSL router only understands one subnet. How are you going to jam two subnets in the LAN side of the DSL router? lol

    If you cant understand how to set this up with basic layer 2 ports or see how layer 2 can be involved in setting up a very simple and basic network, then sorry you need to go back and review your CCNA books. I dont know which linksys router he is using but i never seen any options to input static routes icon_rolleyes.gif especially when the LAN side of that DSL router is treating it as a LAYER 2 NETWORK!

    Im sorry for being out of line but this has everything to do with layer 3 and layer 2 and understanding the difference between the two. If you dont remember turning a port into a routed interface is like having a router with two interfaces on each side. They are seperate broadcast domains.
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User
  • mikej412mikej412 Member Posts: 10,086 ■■■■■■■■■■
    chrisone wrote: »
    I dont know which linksys router he is using but i never seen any options to input static routes icon_rolleyes.gif especially when the LAN side of that DSL router is treating it as a LAYER 2 NETWORK!
    Huh? And the Linksys is a router. And the 3550 is/can act as a router. icon_rolleyes.gif

    Routing

    http://ui.linksys.com/files/WRT55AG/v2/1.67/Router.htm

    The Linksys also supports RIP, so if you don't want to fool with static routes you can also configure RIP on the 3550.
    :mike: Cisco Certifications -- Collect the Entire Set!
  • mwgoodmwgood Member Posts: 293
    chrisone wrote: »
    How do you have two subnets on the LAN side of the DSL router and how does the DSL router know how to NAT the two?

    1 subnet would be directly connected and the other would be 1 hop away. And the Linksys router would need to have the capability to NAT a network that is not directly connected.

    chrisone wrote: »
    Of course this has everything to do with routed interfaces and layer 2. There are two different ways to set this up. If you turn the interface on the 3550 connecting to the DSL rtr to a "routed interface" it is considered the end of a broadcast domain and the start of a new broadcast domain. To the LAN on the 3550 this is the end of the road my friend, its the gateway (WAN side of the 3550) To the DSL router this is LAN side, which the DSL router only understands one subnet. How are you going to jam two subnets in the LAN side of the DSL router? lol

    You are correct in your explanation of the function of a routed interface and the broadcast domain, but why do you insist that the routed interface is then the "WAN side of the 3550?" It is just another network or broadcast domain on the LAN.
    chrisone wrote: »
    If you cant understand how to set this up with basic layer 2 ports or see how layer 2 can be involved in setting up a very simple and basic network, then sorry you need to go back and review your CCNA books. I dont know which linksys router he is using but i never seen any options to input static routes icon_rolleyes.gif especially when the LAN side of that DSL router is treating it as a LAYER 2 NETWORK!

    Well, since the originator of this thread started with the premise that he was doing a lab with ip routing enabled on the 3550, I presume that turning the LAN into a single subnet would go against the original intent. Also, he had mentioned that he successfully entered a static route for the 192.168.1.x network on the Linksys, establishing connectivity between the PC and the Gateway address on the LAN side of the Linksys router.
    chrisone wrote: »
    Im sorry for being out of line but this has everything to do with layer 3 and layer 2 and understanding the difference between the two. If you dont remember turning a port into a routed interface is like having a router with two interfaces on each side. They are seperate broadcast domains.

    I do remember that turning a port into a routed interface is "like having a router..." - but, it simply doesn't matter that they are in separate broadcast domains. The only restriction is whether the Linksys router is capable of doing NAT for a network that is not directly connected. If it can't perform that function, then any Cisco router with an IOS that supports NAT will do the trick.
  • chrisonechrisone Senior Member Member Posts: 2,207 ■■■■■■■■■□
    There is obviously many methods to skin a cat as they say, i am pretty sure all three of our designs will work. however i already provided in detail how to get both a layer 3 and layer 2 design to work. If you guys would like and chime in detail how you will get your designs to work like i already have, i am sure the original poster will have a blast labing all the scenarios jijiji icon_thumright.gif
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User
  • ColbyGColbyG Member Posts: 1,264
    chrisone wrote: »
    So your 3550 needs to provide DHCP to the LAN side and NATing as well. You will have to NAT all your LAN to the WAN interface of the 3550 on port Fa0/1.

    3550s don't NAT.
  • jeanathanjeanathan Member Posts: 163
    It works! :D I think by biggest problem was working with ddwrt (buggy).

    I must not have configured the DDWRT operating system correctly earlier. (www.dd-wrt.com | Unleash Your Router)

    Final topology Modem-->Linksys running ddwrt-->Wireless bridge to Another Linksys running ddwrt-->3550-->all vlans (SVI interfaces) on the switch have internet access.
    Both Linksys ddwrt routers perform NAT, so yes double-NAT'd, but it is a lab.

    Two things: 1. ddwrt routing table (yes it is confusing). 2. final 3550 config

    1. see attachment; 192.168.5.0/24 = vlan 10, 192.168.1.0/24 = vlan 5

    2.
    !
    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Switch
    !
    !
    username holmesjrh privilege 15 secret 5 $1$M.A1$/LPF1K3EIUPDIRav.oHUz.
    !
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    !
    !
    !
    aaa session-id common
    authentication mac-move permit
    ip subnet-zero
    ip routing
    ip name-server 4.2.2.1
    !
    !
    !
    !
    crypto pki trustpoint TP-self-signed-885241216
     enrollment selfsigned
     subject-name cn=IOS-Self-Signed-Certificate-885241216
     revocation-check none
     rsakeypair TP-self-signed-885241216
    !
    !
    crypto pki certificate chain TP-self-signed-885241216
     certificate self-signed 01
      3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
      30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
      69666963 6174652D 38383532 34313231 36301E17 0D393330 33303130 30303130
      335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
      532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3838 35323431
      32313630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
      D9820BBE 4769131C E1BA1EAC 4C5FED6A 324574DA 58ECF980 C40D4A69 0873AFB2
      2288748D F32084C1 2556E7FA 8E7BC0E7 E22F579E 96C80FD1 0423631C 9A30B292
      F39683A2 C2A8235A 7DE9AB98 5487330E B0BEF744 7014FEFA 1BBDE6A3 40A2044B
      AD4310BE 119B0B94 8404A754 FA651AA6 361EE9D5 1C178326 9C61B8B1 A037C9B1
      02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
      11040B30 09820753 77697463 682E301F 0603551D 23041830 1680144C CBF7E718
      ED9CA9EE EDBD9A29 DAB90546 71082D30 1D060355 1D0E0416 04144CCB F7E718ED
      9CA9EEED BD9A29DA B9054671 082D300D 06092A86 4886F70D 01010405 00038181
      00D4DA81 BF77B2D9 1A778C65 275AA8ED BA772031 3BE17827 DDD16635 286B0BDF
      25FCBB44 BE795A1E A12BCD0A C043A791 DC4E9322 A4228BD5 14E4F5B1 58341158
      2166FC63 E57EDBDC F845704B AF3D6887 6A1DF07E FB97E9F7 FB4FBE4A A39F7B4B
      47CF9233 13A37338 25E4FD12 44D57127 C2C5DA80 BA9554CD 104E320B 70178030 82
      quit
    spanning-tree mode pvst
    spanning-tree etherchannel guard misconfig
    spanning-tree extend system-id
    !
    vlan internal allocation policy ascending
    !
    !
    !
    !
    !
    !
    interface Port-channel1
     switchport mode dynamic desirable
    !
    interface FastEthernet0/1
     no switchport
     ip address 192.168.2.33 255.255.255.0
    !
    interface FastEthernet0/2
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/3
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/4
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/5
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/6
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/7
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/8
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/9
     switchport access vlan 5
     switchport mode access
    !
    interface FastEthernet0/10
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/11
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/12
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/13
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/14
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/15
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/16
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/17
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/18
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/19
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/20
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/21
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/22
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/23
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface FastEthernet0/24
     switchport access vlan 10
     switchport mode dynamic desirable
    !
    interface GigabitEthernet0/1
     switchport mode dynamic desirable
     channel-group 1 mode on
    !
    interface GigabitEthernet0/2
     switchport mode dynamic desirable
    !
    interface Vlan1
     no ip address
     shutdown
    !
    interface Vlan5
     ip address 192.168.3.1 255.255.255.0
    !
    interface Vlan10
     ip address 192.168.5.1 255.255.255.0
    !
    ip default-gateway 192.168.2.1
    ip classless
    no ip route static inter-vrf
    ip route profile
    ip route 0.0.0.0 0.0.0.0 192.168.2.1
    ip http server
    ip http secure-server
    !
    !
    ip sla enable reaction-alerts
    !
    control-plane
    !
    !
    line con 0
    line vty 0 4
     transport input ssh
    line vty 5 15
     transport input ssh
    !
    end
    
    Struggling through the re-certification process after 2 years of no OJT for the CCNP.
  • chrisonechrisone Senior Member Member Posts: 2,207 ■■■■■■■■■□
    sweet looks like a combo of mine and mwgood's ideas. icon_thumright.gif

    ColbyG , thanks for the info, but we realized that earlier in the thread icon_smile.gif It was one of those features we werent too sure if it was available or not as i normally wouldnt design a network in this matter. We flirted with the idea of a cisco router to handle the DHCP and NATing. Like i said there is many ways to design this scenario, everyone had great input. :)
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User
  • jeanathanjeanathan Member Posts: 163
    chrisone wrote: »
    sweet looks like a combo of mine and mwgood's ideas. icon_thumright.gif

    ColbyG , thanks for the info, but we realized that earlier in the thread icon_smile.gif It was one of those features we werent too sure if it was available or not as i normally wouldnt design a network in this matter. We flirted with the idea of a cisco router to handle the DHCP and NATing. Like i said there is many ways to design this scenario, everyone had great input. :)

    I forgot to say thanks to everyone for the assistance, so thanks chrisone, mwgood, ColbyG, mikej412, mwgood, and notgoing2fail ;) I do appreciate the assistance in helping me learn this bcmsn stuff.
    Struggling through the re-certification process after 2 years of no OJT for the CCNP.
  • chrisonechrisone Senior Member Member Posts: 2,207 ■■■■■■■■■□
    No problem my friend!

    Someone obviously i know who it was, gave me bad reps for a comment i made and failed to see the valuable input i had regardless if it were attacking a design from a different viewpoint or angle. LOL it doesnt bother me, im just glad i had a part in helping you out, no retarded bad reps are going to take that credit away icon_wink.gif and no i wont return the favor, i am not a coward and dont hide behind "bad reps."
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    Certs: eCPTXv2, AZ-500, SC-200 (fail 1st attempt), EnCE, Splunk Core Power User
  • notgoing2failnotgoing2fail Member Posts: 1,138
    chrisone wrote: »
    No problem my friend!

    Someone obviously i know who it was, gave me bad reps for a comment i made and failed to see the valuable input i had regardless if it were attacking a design from a different viewpoint or angle. LOL it doesnt bother me, im just glad i had a part in helping you out, no retarded bad reps are going to take that credit away icon_wink.gif and no i wont return the favor, i am not a coward and dont hide behind "bad reps."


    I know the difference between someone flaming me VS. simply telling me I'm wrong and helping me out.

    People should understand the difference, this is what this forum is all about. I have no problem when someone points out that I'm wrong or slightly incorrect because it only helps me and others who are reading it.

    it's too bad that you got a bad rep from someone....

Sign In or Register to comment.