Basic network design, what's the right way to set it up?

GDainesGDaines Member Posts: 273 ■■■□□□□□□□
I was originally going into great detail about everything I have including switch and router models, firmware and IOS versions just in case any has a version that limits what it can be used for, but then wondered how much of it is irrelevant so have gone back to basics and I'll add info if/as required other than to say everything is running variants of IOS 12.x.

I want to connect R1 to my home network wireless router to get internet access. Using an 1841 can I configure one of the Ethernet ports on the 192.168.x.x range and just connect the two devices? Can I then configure the other Ethernet port to say 10.10.0.1 255.255.255.0 for management? And can I use this router as the Cisco lab NTP time server or would a 2811 be more suitable?

I want to use 3 switches servicing 3 different networks, 10.10.1.x, 10.10.2.x and 10.10.3.x, imagine it as 3 different sites, floors in a building or just departments if this was in the real world. I want to set SW1 as the DHCP server for all 3 LANs if possible so I was planning to use a 3560 (the other two switches being another 3560 and a 2960). I will connect one PC to each network and need DHCP to give the appropriate IP address based on the switch it's plugged in to. I need PCs on any network to be able to ping PCs on any other network so I'm sure they'll be some routing and DHCP relay to configure. And with that in mind is my 2960 going to be any good?

So where do I start?

1. Can I work with the kit I've got or would I be better off getting a 2821/2851 with network module and using that as R1 with each of the switches directly connected to one of the many network ports?
2. Can each device be given a management IP on the 0.x network (say 10.10.0.2 0.3 and 0.4) while connected clients operate on a completely different network (1.x 2.x and 3.x)? Or am I over complicating this and should just be using 1.1 2.1 and 3.1 as my management IPs and dishing out 21-255 via DHCP for the clients?
3. If 2 is possible could I VLAN SW1 ports 1-12 for the 0.x management network and 13-24 for the 1.x client network? Will DHCP be able to service clients on the 1.x network while not working on the management VLAN?
4. As the router only has 2 Ethernet ports do I need to plug it (via the second port) and switches 2 & 3 into the management VLAN on SW1?
5. I have SW1 dishing out DHCP addresses for 10.10.1.x but have yet to configure it to handle the other networks (this is where I need to refresh both my subnet and Cisco DHCP server knowledge I think). It's probably easier for each switch to dish out DHCP to it's own network, but then doing that I wouldn't learn anything. Can my desired config be set up?

I need to get my head around which ports on which devices I connect to what, and how each device needs to be configured - what I'd give for a CCNP sitting next to me for a days training running me through this. Is this asking too much to be answered here? I'm sure once I start to understand network design the next stage with more routers added into the mix will become clearer on how to set it up. I apologise if this is really basic stuff, but I've never touched Cisco kit before I set up my lab for self-study, and that study is progressing rather slowly.

Garry

Comments

  • YanioYanio Member Posts: 37 ■■□□□□□□□□
    GDaines wrote: »
    I want to connect R1 to my home network wireless router to get internet access. Using an 1841 can I configure one of the Ethernet ports on the 192.168.x.x range and just connect the two devices? Can I then configure the other Ethernet port to say 10.10.0.1 255.255.255.0 for management? And can I use this router as the Cisco lab NTP time server or would a 2811 be more suitable?
    Garry

    I've recently connected my home lab to my virgin media Super(phah!!)Hub. Indecently I used 1841's too. Basically I connected the 1841 (R1) to my Virgin Router with a crossover cable, brought the interface up waited for it to pick up a DHCP address then statically assigned/reserved that address. For all intents and purposes this becomes your WAN link for the lab. Mostly all my hosts/Switches/Routers in the lab use 10.x.x.x addresses.

    A static route and some NAT translations later and everything seems happy enough.

    Frustrating part is that from outside your lab (so your normal home LAN serviced by the Superhub) you won't be able to get to any devices in your lab directly, as far as I know there's no way to insert your own ip routes into the Virgin kit. Just means you need to SSH/Telnet to R1 and then go from there.

    I know it's possible to put some home routers into 'Modem mode' and use your own kit for everything else, so after i pick up an AP i'll be doing this.

    Of course this could all be an arse backwards way of doing things, I'm still new-ish!
    "That's what" -She
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    Yanio wrote: »
    I've recently connected my home lab to my virgin media Super(phah!!)Hub.

    I'm using Virgin too, not sure what box I have as it was updated this year but just realised it has 4 Ethernet ports so I don't need to connect via the (add-on) wireless router, I can plug directly into the modem. Don't believe I'd need a crossover cable for that as my wireless is just using a standard Ethernet cable? And I don't want my home network to be able to access the lab so no problem there, I have a bunch of old PC's which I'm going to use as clients and a management PC.
  • Dieg0MDieg0M Member Posts: 861
    Yanio wrote: »
    Frustrating part is that from outside your lab (so your normal home LAN serviced by the Superhub) you won't be able to get to any devices in your lab directly, as far as I know there's no way to insert your own ip routes into the Virgin kit. Just means you need to SSH/Telnet to R1 and then go from there.

    Just do port forwarding and you will have access from outside.
    Follow my CCDE journey at www.routingnull0.com
  • TWXTWX Member Posts: 275 ■■■□□□□□□□
    Before I made my 2821 (and later, a 2851) into my actual Internet-facing device, I simply set-up one ethernet interface on the router to do DHCP off of the Netgear POS and had the Cisco treat the RFC1918 address (192.168.1.0/24 network) as if it was a public address, letting the Netgear handle NAT for those real addresses on the Internet outside of the 192.168 network, while the Cisco box NATs for the inside of the lab and treats 192.168 as if it's outside. For what it's worth I had picked up another AP that straddles the line between a consumer and commercial that I installed on the inside of the Cisco network, a consumer-quality unit that is only L2 and can do VLAN tagging associated with a given SSID and with the ability to do management on yet another VLAN, so I had a means to get into my lab without having to come in from the "outside".

    I went a little crazy on equipment. Four 2800-series ISRs, one of each model offered. Many, many L2 switches. One L3 switch that I'm using for L3. Initially I only used serial to connect the routers together because I figure that I know Ethernet, I needed practice on serial. Eventually after I had gone through EIGRP (which I use at work, it was just some practice) and gotten all of the routers talking over serial with OSPF I brought up the L3 switch and started using it as the principal method to route between the routers.

    Part why I went crazy is for me, having to configure the same or similar things repeatedly but slightly differently (ie, 172.16.0.0/27, 172.16.0.32/27, 172.16.0.64/27, 172.16.0.240/28 on the network subinterfaces on the first router, 172.16.1.0/27 etc on the second router's subinterfaces, x.x.2,x, x,x,3,x on the next, and 172.30.255.255/24 for my loopbacks for router IDs in EIGRP and OSPF) makes it a lot easier to retain what I'm playing with. I also make a point of using the methods that I've seen in the books but I do not ever use at work and have never used at home (hence the 172.16.0.0/12 usage and breaking it up into sub-C VLSM segments and the use of OSPF) because forcing myself to repeatedly do what I never have needed to do makes me retain it much better.

    Donno if this helps at all, just my $0.02.
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    Everything helps, or at least it will when I've got my head around it all.

    So okay, while as yet untested as I don't have a spare cable that's long enough to connect the lab upstairs to the Internet connection downstairs, the plan is to connect R1 directly to my cable modem and see if it gets a DHCP address and therefore a connection out to the Internet. If not it's simply a matter of connecting it to my WiFi router instead which I know will give out a 192.168.x.x address, so that side of things looks like it should be easy.

    All I've gotta work out now is can my existing kit handle the setup I want to play with? R1 (1841) to SW1 (3560), and SW1 to SW2 (3560) and SW3 (2960). One Windows 7 PC plugged into each switch, all set to request a DHCP address. SW1 is the DHCP server and needs to be able to issue addresses on 10.10.1.0, 10.10.2.0 and 10.10.3.0 - 1.0 to any devices connected to SW1, 2.0 to any devices connected to SW2, and surprise surprise 3.0 to any devices connected to SW3.

    While everything would be easy if I used a 255.255.0.0 subnet mask as they'd all be on the same network, I'm going to use 255.255.255.0 which will then require some routing if each PC is going to be able to ping the others (If people are not seeing this SW1 could just as easily be 10.10.0.0, SW2 172.16.0.0 and SW3 192.168.1.0 then why I need to set up routing between networks becomes more obvious).

    1. Can my 3560 dish out DHCP addresses to 3 different networks (assuming DHCP relay is correctly configured to allow devices on the 2.0 and 3.0 networks to communicate with the DHCP server residing on the 1.0 network)?
    2. Is my 2960 going to work as SW3 in this setup, i.e. will I be able to set it up to forward DHCP requests to SW1, and to route ping requests to the machines on the 1.0 and 2.0 networks, and Internet requests to R1? I'm assuming possibly not as it's a layer2 switch, but then maybe I'm just not getting inter-LAN routing and DHCP relay just yet.

    Forget the management IP on 10.10.0.x range for each device, after I posted I realised it's only the routers have CON, AUX and two LAN while the switches just have a CON and the 24 switch ports (26 if I count the uplink ports but my 3560's seem to use SFP modules and don't have any fitted so I've just the 24x 10/100 ports).


  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    Ok so I've created the DHCP pools on SW1, it's assigning an address to my client PC1 connected to SW1 (10.10.1.21 255.255.255.0) and the client can ping the switch (10.10.1.2), but as expected it can't ping the router (10.10.0.1) as it's on a different network.

    What should the default gateway for each pool be set to, the router (10.10.0.1) or SW1 (10.10.1.2)?
    How do I enable routing between the networks as I can't seem to find the "ip helper-address" command on my 3560 which is running IOS 12.2?

    Next step is to get SW2 and SW3 connected and configured, but no point until I can at least get PC1 to see the router (and hopefully the internet once the router is hooked up to the outside world).

    Once again I apologise that this is basic stuff but my previous jobs have all been managing clients and servers and using simple switches, until now I've never configured anything on a switch, configured multiple networks within one company, or configured DHCP not on a Windows server. I promise to document it once I get it working and not keep asking such basic questions. Thanks for your time...
  • TWXTWX Member Posts: 275 ■■■□□□□□□□
    I feel your pain on the position of the equipment- my office is down in the basement and my service entrance and cablemodem (and other cabled equipment like the printer) are on the ground floor. I had already ghetto-installed a single Cat5e cable but since I want my lab to be my real live gear for my Internet connection I had to put a switch on the ground floor, connect the cablemodem to a port on on a VLAN specifically to trunk that VLAN down through the switch to the router, then set up a subinterface on the router in the basement to act as the public-facing interface through that VLAN, then trunk the other VLANs through other subinterfaces back up to the switch so other ports could be used for local. On top of that I wanted to use the second port on my router for some of the same VLANs as went upstairs, so I had to use bridged virtual interfaces to tie subinterfaces on g0/0 to subinterfaces on g0/1 into one L2 area.

    One suggestion, you might want to use classless IP subnetting and VLSM simply to give yourself more practice. Define /27 and /28 networks for your user networks and /30 networks for your interconnects between routing devices, so that you get used to the number of hosts on a subnet and other associated stuff. Also, if you're comfortable with 10.0.0.0/8, pick one that you're not comfortable with. For my lab I went with 172.16.0.0/12 since I've used 192.168.0.0/16 at home for more than twenty years and 10.0.0.0/8 at work for a decade.

    Granted, most enterprise networks won't go too nutty subdividing Class-C address space at a given remote site, but it isn't unreasonable to assign a Class-B to a site and to then subdivide that Class-B given the needs of the site. At my work each site gets the second octet of the ten network (ex. 10.11.0.0/16 for site 1, 10.12.0.0 for site 2, etc) and the IPs get further broken-down once at the site (ie, 10.11.0.1/20 for wired users, 10.11.4.0/20 for wireless users, 10.11.255.0/24 for management) and sites may connect to each other with subnetted 10.255.255.0/24 (ie, first point to point 10.255.255.0/30, 10.255.255.1/10.255.255.2 on interfaces, 10.255.255.3 as broadcast, second point to point 10.255.255.4, 10.255.255.5/.6 on interfaces, broadcast on 10.255.255.7, etcetera) or where they connect through the VLSM cloud emulating Layer 2 they could easily share a class-C, 10.255.254.0/24 with the CO on .1 and .254, and branch offices from the example on 10.255.254.11, 10.255.254.12, etc.

    Sorry, I tend to ramble on.
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    A good idea TWX once I've got my head around simple network design and routing, I'll completely reconfigure everything to use VLSM to get in some valuable practice. I'm going to have to buy myself another router with network module to play with all the setups I want to create and that'll take some time to find what I want at the right price. Fortunately a lot of the stuff it'll be used for won't be covered until the second exam so I have some time.

    On the subject of where I'm at atm I've been pointed towards VLAN's and Inter VLAN routing so let's see how far I get by this time tomorrow. I'll be a happy man if my PC can see my router.
  • TWXTWX Member Posts: 275 ■■■□□□□□□□
    Are you using the 3560 switches as L3 devices, or only as L2 devices?

    Even the 2960 may have some form of L3, I haven't really tried, but I gather that some L3 stuff is making its way to cheaper and cheaper switches.
  • volfkhatvolfkhat Member Posts: 1,046 ■■■■■■■■□□
    Dieg0M wrote: »
    Just do port forwarding and you will have access from outside.

    DUDE!!!!


    i really love this forum :]
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    TWX wrote: »
    Are you using the 3560 switches as L3 devices, or only as L2 devices?

    I'm using SW1 as a L3 device to provide DHCP to all networks and to route between networks. SW2 and SW3 are being used only as L2 switches. If this was real world I suspect my servers would be on SW1/LAN1 and the clients split into smaller collision domains via the other switches.

    It seems I jumped the gun and got ahead of myself when I started this thread as the next chapter I got to was IP Routing which is followed by OSPF. However, it hasn't helped me answer the questions I posed as everything was done using routers in the book and I've not been able to translate what I read into a working solution using a single L3 switch instead of 3+ routers.... yet! It does though look like I was on to something in post #9 when I mentioned VLAN's and Inter-VLAN Routing so I'm currently reading through this: How To Configure InterVLAN Routing on Layer 3 Switches - Cisco
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    Well I'm finally getting there. While I still need to wait for some cables and a rack mount kit to arrive later this week so I can hook up my 3rd switch, I am at last working..... to a degree.

    SW1 can ping R1 and SW2 but not itself.
    SW2 can ping itself but not R1 or SW1.

    PC1 on SW1 is given a 1.x IP address via DHCP
    PC1 can ping SW1 and SW2 but not R1.

    PC2 on SW2 is given a 2.x IP address via DHCP
    PC2 can ping SW2 but not R1 or SW1.

    If I'm right I've got to set up VLAN's and configure the interfaces on SW2 matching those created on SW1 (except for the router connection). If I can get this right then SW3 should be straightforward once it's cabled in. So far I've just been using one test PC so I've not been able to test Inter-LAN pings, time to plug a few more in once the SW3 is online.

    Time to re-read the chapter on IP routing to see if I can determine what commands/settings I'll need to get SW2 and SW3 to see R1 via SW1, and then back to DHCP to work out what address I'm supposed to be using for the default gateway in each pool.
  • JollycorkJollycork Member Posts: 149
    you can connect your 1800 series to your cable modem/router, and have the external interface [WAN] obtain IP address, subnet from your cable modem. That actually creates two broadcast domains [2 networks] the LAN behind the Cable Modem/Router and a LAN behind the 1800 series router].

    on the LAN side of your 1800 series, you need to do NAT overload [or many to one NAT]. that's where you'll need a pool of addresses for hosts behind the 1800 series router. Create the NAT pool and doing NAT overload is in the books. Then set your IP route table. Remember the default gateway is your 1800 series router LAN port which will then forward packets not destined for the LAN, out the WAN port, to your cable modem/router which will then forward those packets not destined for the LAN of the cable modem/router out the WAN to the internet. And for any ACLs it is prudent to mention that there is an implied deny any any at the end [which you won't ever see. The default end of an ACL is to deny so somewhere before the end there must be something that says allow ]

    Side note: Also is that if a router doesn't know what to do with a packet/frame, it drops it [trashcan] .

    once you got that... [DNS of course needs to set for hosts] you should get out to the internet.

    Doing layer 3 routing on a layer 3 switch, at this point seems to be jumping the gun, so to is VLANs. I'd just hook up the 2 switches together over a trunk and see if you can configure switches and trunking and hosts on both switches get to the internet, before jumping to VLANs.

    Once you have the WAN/LAN NAT overload configuration for your routers behind the cable modem/router, you can hook up any number of routers and practice routing, route tables, OSPF/RIP/ EIGRP, between those networks and the internet.

    The internet is nothing but a bunch of routers connected together and those routers exchange route table data with each other. If you get cheap 2600 or 1800s or even 2800s you can create your own mini-internet at home. Just need a couple of racks to mount it all and practice routing between hosts on all segments.

    Same with switching. Switching is it's own study. I'd learn each one because while consumer level routers have built in 4 or 8 port switches, they are typically unmanaged switches, where business class, there's switches and switching, which is not the same as a consumer switch.

    Another side note is that physical network ports on Cisco routers can have subinterfaces with their own IP addressing. Router on a stick is a single physical network port with subinterfaces to route between VLANs .... If your going to try your hand at intervlan routing...
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    I'm actually giving up on this for now until I can get a better understanding of switch routing.

    I'm happy that once I have a long enough cable I'll be able to connect my router to the outside world.
    I'm happy that the L3 switch (SW1) can communicate with the router (R1).
    And I'm happy that DHCP appears to be giving out the correct address ranges depending on the switch a client is plugged in to.

    However, I've realised I was pinging the local VLAN interface from SW1 and not actually SW2 which does not respond.
    After trying many configuration methods I still can't ping anything from SW2.
    I suspect if I remove the VLANs then DHCP won't give out the different IP ranges.

    A long way still to go and much to learn it seems...
  • JollycorkJollycork Member Posts: 149
    The simple method is "router on a stick". That way hosts on VLAN 1 on switch 1 can ping hosts on VLAN 2 on switch 2 through a 802.1q trunk line.

    You can google "router on a stick" and there's thousands of links to configure it.

    You can use a DHCP helper to give out IP addresses on hosts on another VLAN. or you can simply statically assign hosts addresses...
    the simpler method to get the thing to work is use static addressing.
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    Well would you believe it, I stuck at it last night and everything (configured so far) seems to be working.

    First mistake was assigning FA0/24 to SW2 as "switchport vlan 2" - this worked for DHCP as the entire remote switch was automatically in vlan2, but inter-vlan routing wasn't working so no switch could ping another and clients could only ping the local switch.

    Turns out switch-to-switch ports needed to be TRUNK ports and once I'd got that bit right BOOM! Now I've worked out that I can assign any port on any switch to a vlan and the connected pc will receive a DHCP address from the appropriate range, i.e. 1.x on vlan1, 2.x on vlan2 and 3.x on vlan3. I even learned the "interface range" command so assigning all 24 ports on SW2 into vlan2 was a doddle.

    Once the rest of my cables arrive so I can add SW3 and a 3rd pc into the mix to be totally sure my network design is functioning as required I'll try to draw up the network map correctly in Visio (adding interfaces, ip address and vlan configurations to my original) and then I'll document the whole setup. It'll be even better if my router connection to the outside world works so I can test internet access as then it'll really simulate a possible real-world setup.

    Next step is to learn if there's an easy way to propagate vlan configuration around all switches automatically as, while it was easy enough to do with 3 vlans/switches, it would get a whole lot harder if there were many many more.

    Thanks for the input so far. TWX I'll be reconfiguring everything when I'm finished to use VLSMs (and that'll give me the perfect opportunity to also use/test config backup & restore using a TFTP server). Jollycork I'll Google "router on a stick" to see what it is you're telling me.
  • YanioYanio Member Posts: 37 ■■□□□□□□□□
    Nothing more satisfying than figuring out the issues on your Kit. Love those Eureka moments!

    For VLAN propagation you'll want to look at VTP, I don't think this is a CCENT topic anymore (wasn't covered in any of my studies) but it's certainly worth knowing about.

    Router on a stick is basically a way of allowing VLANS to talk to each other through a router using sub-interfaces. If you've got L3 switching on the go I'm not sure you'll need to look at this, but again it's worth knowing!
    "That's what" -She
  • JollycorkJollycork Member Posts: 149
    I would say that knowing the basics, is important. While I was right with everyone else in buying equipment and then wanting to get it to work, without really knowing the basics, I learned that knowing the basics, goes a long way in knowing what doesn't work and why, and what does work and why.

    And my experience was that even though I thought I knew the basics, I didn't really "know" the basics and had to continue study to know them.
  • TWXTWX Member Posts: 275 ■■■□□□□□□□
    I found that understanding VLANs, VLAN Trunks (which other manufacturers call tagged interfaces), and inter-VLAN routing; that's the moment when it all comes together from a usability perspective.

    Now, there's still a whole lot of material to go over, but once the basics are understood then the rest is filling in.
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    Eureka... well sort of!

    I'd gotten quite easily to the stage where everything on the internal LANs was able to ping everything else up to SW1 so that's DHCP, VLANs and InterVLAN routing working, but nothing other than SW1 could see R1. After re-reading the section on setting up static routing and realising that I'd only set up routing on SW1 and not R1 that was quickly resolved and very satisfying it was to finally get the PCs able to ping R1.

    My router is now connected to the outside world via a port on my home router giving it a 192.168.x.x dhcp address and it can ping external web sites.

    My final issue is that while R1 can access the internet, and everything on the Cisco LANs can ping R1, none of the clients can access the internet so I must be missing something. Using "ip route 0.0.0.0 0.0.0.0 fa0/1" I thought I'd set the gateway of last resort to use exit interface FE0/1 on R1 which is connected to the outside world, so shouldn't requests unresolved on the internal network be sent out to the internet?

    R1#show ip route

    Gateway of last resort is 0.0.0.0 to network 0.0.0.0
    10.0.0.0/24 is subnetted, 4 subnets
    C 10.10.0.0 is directly connected, FastEthernet0/0
    S 10.10.1.0 [1/0] via 10.10.0.2
    S 10.10.2.0 [1/0] via 10.10.0.2
    S 10.10.3.0 [1/0] via 10.10.0.2
    S* 0.0.0.0/0 is directly connected, FastEthernet0/1
    C 192.168.0.0/16 is directly connected, FastEthernet0/1


    I assume you won't need to see routes on SW1 because the PCs on all VLANs can ping R1. I did a tracert from PC1 to an external IP address and the only two hops it managed were 10.10.1.1 (default gateway) and 10.10.0.1 (R1) so the request got to the router but not to the outside world as far as I can see?

    As I've said before I appreciate all the help given so far especially as I'm jumping ahead of my studies sometimes, but designing this network which could exist in the real world has boosted my motivation to carry on and learn this stuff. I'm still a little way off even considering taking an exam but I know now so much more than I did in my last job so hopefully I'll land a new one soon.
  • YanioYanio Member Posts: 37 ■■□□□□□□□□
    So you've got a default route on R1 sending traffic to your Home Router on interface 192.168.0.x, but does your home router know what to do with packets trying to get back into your lab? If a packet hits your home router addressed to 10.10.1.1 would it know what to do with it? Probably not.

    You'll probably find you need to do some NAT/PAT translations from your lab addresses to the 192.168.0.x interface of R1. That way any traffic coming from your lab will egress with a 192.168.0.x address and your home router will know what to do with the replies.

    Apologies if that doesn't make sense, it's early :)

    P.S feel free to PM, i've got a similar setup at home and would be happy to share the show run etc.
    "That's what" -She
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    Yanio wrote: »
    So you've got a default route on R1 sending traffic to your Home Router on interface 192.168.0.x, but does your home router know what to do with packets trying to get back into your lab? If a packet hits your home router addressed to 10.10.1.1 would it know what to do with it? Probably not.

    You'll probably find you need to do some NAT/PAT translations from your lab addresses to the 192.168.0.x interface of R1. That way any traffic coming from your lab will egress with a 192.168.0.x address and your home router will know what to do with the replies.

    Wouldn't data being sent out to the internet by R1 have a source address of say 192.168.0.2 and therefore the home router on 192.168.0.1 will send traffic that originated from that .2 address back to that address? And then through the whole process of routing with source and destination IP addresses in the packets sort itself out on the 10.10 network having reached R1? The router itself can ping web sites so I'm of the opinion that that side of things is working but then I wouldn't be asking for opinions if I was absolutely sure.

    What I can't work out though is why devices on the Cisco network are sending traffic to R1 but it doesn't appear to be getting out, whereas when the traffic is generated by R1 itself it looks like it does. At first glance that suggests to me a configuration issue with R1, but it's quite possible it could be down to VLANs and gateway addresses (I doubt it's DHCP configuration as the switches have static addresses, although if the gateway address being used and/or the VLAN configuration is the issue then the info received by the clients will also be wrong).

    Having skipped chapter 9 (OSPF) and just glimpsed over chapter 10 (layer 2 switching) so I could get to chapter 11 (VLANs and InterVLAN routing) I plan to glimpse over this now before my job interview later, then I'll go back over chapters 8 (IP routing) to 11 again this evening to see if I pick up on anything I didn't grasp first time around. Hopefully I'll spot something relevant to my issue.
  • YanioYanio Member Posts: 37 ■■□□□□□□□□
    Data being sent out of R1 will have the source IP address of whichever device sent the packet originally (unless you have some NAT going on already?). So if Host A with IP 10.10.10.10 sends some data, it will have the source address of 10.10.10.10, which your home router knows nothing about. When the responses come back from google or where ever, your Virgin kit looks at it's routing table and thinks 'well i don't know where 10.10.10.0/24 is, so i'd better send it to my default route' which is probably back to the www.

    When you ping from R1, it'll use the source IP address of the egress interface, in this case 192.168.0.2, which your home router can route successfully; therefore ping responses. If you used the extended ping commands to define a different source IP of another R1 interface, the pings would likely fail.

    If you setup PAT on the interface that links R1 to your home router to transform all exiting traffic to the 192.168.0.2 address, it should work perfectly.
    "That's what" -She
  • GDainesGDaines Member Posts: 273 ■■■□□□□□□□
    Thanks Yanio, sounds logical so I'm now following what you're explaining but unfortunately I've not got a clue where to start or what to configure, but at least I have a starting point.

    EDIT: Once I knew what I was looking for I looked up PAT in the index and found it in one of the ICND2 sections so I wasn't due to get to it for a while. Wasn't particularly clear but with the help of some web articles I managed to piece together the essential commands to correctly configure R1 as follows:

    R1(config)# ip nat pool mypool 192.168.2.7 192.168.2.7 netmask 255.255.0.0
    R1(config)# ip nat inside source list 1 pool mypool overload
    R1(config)# access-list 1 permit 10.10.0.0 0.0.255.255
    R1(config)# int fa0/0
    R1(config-if)# ip nat inside
    R1(config-if)# int fa0/1
    R1(config-if)# ip nat outside

    Lammle's book has me putting ip addresses on the interfaces which I skipped as they were already configured, the internal interface already being on the 10.10.0.x network and the external interface getting a dhcp address from the home router/network. The latter caused an issue for a while after I configured the wrong ip address in line 1, clearing down to retype the command using the correct address isn't very straightforward but another web article later and I finally sorted it. I guess going forward I should set up a static ip address for that interface.

    Time now to re-read chapters 8-11. Understanding NAT/PAT is something for another day.
Sign In or Register to comment.