Cisco → [CCNA] Helper addresses

Hi

I was wondering if someone could give me a hand with my lab. I was working on configuring a few Vlans on a 2950 switch and 2620 router. config bellow

2950#sh vlan briefVLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/122 VLAN0002 active Fa0/23 VLAN0003 active4 VLAN0004 active5 VLAN0005 active1002 fddi-default active1003 token-ring-default active1004 fddinet-default active1005 trnet-default active2950#sh runBuilding configuration...Current configuration:!version 12.0no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname 2950!no logging console!!!!!!ip subnet-zerono ip domain-lookup!!!interface FastEthernet0/1 switchport mode trunk!interface FastEthernet0/2 switchport access vlan 2 spanning-tree portfast!interface FastEthernet0/3 spanning-tree portfast!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface VLAN1 ip address 10.10.10.2 255.255.255.0 no ip directed-broadcast no ip route-cache!ip default-gateway 10.10.10.1!line con 0 transport input none stopbits 1line vty 0 4 password ciscopress loginline vty 5 15 login!end2950#-------------------------------------------------------------------------- -c2600# sh runBuilding configuration...Current configuration : 1048 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname c2600!boot-start-markerboot-end-marker!no logging console!no aaa new-model!resource policy!ip subnet-zeroip cef!!no ip dhcp use vrf connected!!no ip ips deny-action ips-interfaceno ip domain lookup!no ftp-server write-enable!!!!!no crypto isakmp ccm!!!interface FastEthernet0/0 no ip address duplex auto speed auto!interface FastEthernet0/0.1 encapsulation dot1Q 1 native ip address 10.10.10.1 255.255.255.0 no snmp trap link-status!interface FastEthernet0/0.2 encapsulation dot1Q 2 ip address 10.10.11.1 255.255.255.0 no snmp trap link-status!interface Serial0/0 no ip address shutdown no fair-queue no dce-terminal-timing-enable!interface Serial0/1 no ip address shutdown no dce-terminal-timing-enable!ip classless!ip http serverno ip http secure-server!!!control-plane!!!!line con 0line aux 0line vty 0 4 password ciscopress login!!endc2600#c2600#sh vlansVirtual LAN ID: 1 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet0/0.1 This is configured as native Vlan for the following interface(s) :FastEthernet0/0 Protocols Configured: Address: Received: Transmitted: IP 10.10.10.1 473 29 Other 0 20 500 packets, 57355 bytes input 49 packets, 8364 bytes outputVirtual LAN ID: 2 (IEEE 802.1Q Encapsulation) vLAN Trunk Interface: FastEthernet0/0.2 Protocols Configured: Address: Received: Transmitted: IP 10.10.11.1 26 17 Other 0 4 26 packets, 2505 bytes input 21 packets, 1870 bytes outputc2600#

this config works fine but how would I pull this off on a DHCP config using Helper Addresses? I did some research but it dosent specify where should I start first and how? the switch or the router? My CCNA book only covers the static part. Im just a begginner but would like to know this part because I maintain a small network at work that is configured on DHCP.

Thanks for any help in advance

ip helper-address (dhcp server address)

Put that under whatever interface has clients that need to be served ip addresses by dhcp.

ImpetusEra beat me to it, you also use
that same command;

ip helper-address XX.XX.XX.XX
 

not only the address of your DHCP server,
but also the address(s) of your PXE
servers if you use PXE for imaging workstations.

Hello and Thank you for the resonces

So I would create vlans on the switch just like I did for the static part and assign each interface to the proper vlan

than I would go to my router and do the following

router> en
router# conf t
router (config)# int fa0/1 !-- This is the interface connected to the switch
router (config-if)# ip helper-address 75.108.54.23 (my dhcp addres)
router (config-if)# end
router# wr

Is this correct

@ MrTwister
I dont think I have PXE Servers

Also one more question if you dont mind. The book does not talk about this

Why would anyone want to have 10 workstations assigned to diffrent vlans? what is the diffrence if PC 1, PC 2 and PC 3 are all in the same VLAN (in VLAN1 native) and diffrenece between PC 1 being in VLAN1 and PC 2 being in VLAN2 and PC3 being in VLAN 3 and so on.....

What is the purpose of that, exept for more work?

Thanks

Putting users on different vlans(Broadcast domains) is usually just for separation, or in this case, for testing the concepts of multiple vlans.

Depending on the type of traffic and hardware used, a /24 vlan is a good STD for vlan size. My Company uses a /24 as the default vlan for users. Server vlans may be smaller and VOIP vlans(just for IP phones and other VOIP/Video devices) tend to be larger, /23s or /22s.

In an ordinary small office, one /24 should be more than enough. Another vlan or two may be required if you host Internet servers(to separate them from the normal users).

The examples that often use talk about different departments on different vlans. This is just a teaching example.

Some reasons for having multiple vlans
1. guest vlan(to keep them separated from you)
2. Segregation for policy reasons
3. Devices that transmit a lot of broadcast traffic
4. Large amounts of Mutlticast traffic
5. Separate vlan for a wireless Network(for security)
6. Separate vlan for a sublet Network. By this, I mean that you allow your Internet access to be used by another business in the building(for a fee I assume) but don't want to give them access to your Devcies(similar to points 1 and 2.
7. Different NAT pools (of you want to NAT the users IP address to different GLobal IP addresses(This can also be done one the same network if DHCP is setup correctly(and access-lists are used for the NATing).
8. accounting charges. Charging different departments for how much they use the Internet. More common in APAC/EU where Internet usage is paid on a GB basis.

@Jh2010

Thank you for explaining the VLAN situation. The above config for ip helpper adress that i came up with is that correct? I dont want to try this in production if its not going to work

Thanks

The Helper address should be on the Router Interface with an IP address. In this case I think it should be vlan1 ,
FastEthernet0/0.1 and FastEthernet0/0.2

If the DHCP server is on the same Subnet as an Interface then no Helper address is required. I helper address is only required to forward DHCP/Bootp/PXE requests to another Network.

We generally use 3 as we have redundant DHCP servers in my company but we have 80,000 users and probably several hundred locations.

So I still need to create as many sub interfaces for all the workstations on the network

We just have regular 10MB Cable connection this is a small business 14 workstations and 6 notebboks. The reason I would like to do this is I would like to seperate accounting, sales & marketing, managment, and wireless, and of course my workstation that I would like to keep in the native VLAN so it's easier for me to maintain.

so if my fa0/0 is connected to my cable modem and fa0/1 is connected do vlan 1 on the switch I would have to create

VLAN 1 NATIVE - My Workstation which also has an IP address asignet to it
VLAN 2 - for managment
VLAn 3 - for accountinh
VLAN 4 - for sales & marketing
VLAN 5 - for Wireless Router

and of course enable trunking and spanning-tree portfast commands on all VLANS

Where Im confused is when I create a subinterface on FA0/1 when it comes to assigning IP addresses is that where I put the command

ip helpper-address 72.123.67.102 which is my DHCP address?

Maybe I should just try it and see if I brake anything this is the only way that I will undersdtand it.

Sorry, two different things going on here.

1. The IP address 72.123.67.102 (which you should have really made up and not given out) is the External or Internet facing IP address for your Internet Connection. It is given out by the ISPs DHCP server.

2. You need to setup a DHCP server internally.

ip dhcp update dns (says to use ISP provided DNS servers)
DHCP pool (your need one per vlan)
ip dhcp pool local
network 192.168.1.0 255.255.255.0
update dns (gives out DNS server from External DHCP address)
lease 5 (this can be left out)
!

You will need a different DHCP pool per vlan/IP Network.

You will also need to setup NATing for each vlan.

Hello

I made that ip up from the ISP

i allready have dhcp server set internaly so it works right now for all the workstations on vlan 1. I just created the other 4 vlans and enabled the trunking on fa0/1 whicb is directly connected to the router

now i will create sub interfaces on the router and also will use nat

Hopefully it will work

Well It didnt work LOL everythign went down. Luckly I had a backup created that I copied back to the devices

Here is how I had it configured

Router1#sh run
Building configuration...

Current configuration : 4399 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$VcZe$tpj**************
enable password ******
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.250 192.168.1.255
!
ip dhcp pool LAN_DHCP_POOL
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
!
!
no ip bootp server
no ip domain lookup
ip domain name bosanci.net
ip name-server 4.2.2.2
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name FW_CBAC dns
ip inspect name FW_CBAC http
ip inspect name FW_CBAC https
ip inspect name FW_CBAC tcp
ip inspect name FW_CBAC udp
ip inspect name autosec_inspect cuseeme timeout 3600
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip urlfilter allow-mode on
ip urlfilter exclusive-domain deny www.myspace.com
!
!
!
username ***** password 0 *******
archive
log config
logging enable
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
!
!
!
interface FastEthernet0/0
description Cable ISP Connection
ip address dhcp
ip access-group INBOUND_ACL in
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect FW_CBAC out
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description LAN connection
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
no mop enabled
!
interface FastEthernet0/1.1
description VLAN 1
encapsulation dot1Q 1 native
ip helper-address 73.178.102.23
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.2
description VLAN 2
encapsulation dot1Q 2
ip helper-address 73.178.102.23
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.3
description VLAN 4
encapsulation dot1Q 4
ip helper-address 73.178.102.23
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.4
ip helper-address 73.178.102.23
ip nat inside
encapsulation dot1Q 4
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.5
description VLAN 5
encapsulation dot1Q 5
ip helper-address 73.178.102.23
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip access-list extended INBOUND_ACL
permit udp any eq bootps any eq bootpc log
permit tcp any any eq 22 log
deny ip any any log
ip access-list extended INBOUND_SCL
ip access-list extended autosec_firewall_acl
permit udp any any eq bootpc
deny ip any any
!
logging trap debugging
logging facility local2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
no cdp run
!
!
!
control-plane
!
!
banner motd ^Cord #
*****************************************************
Please Exit
**************************************************
#

^C
!
line con 0
exec-timeout 30 30
password *******
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
login authentication local_auth
transport input ssh
!
scheduler allocate 20000 1000
end

Router1#

SWITCH1#sh run
Building configuration...

Current configuration : 1436 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SWITCH1
!
no logging console
enable secret 5 $1$zSw6$cTuf80**************
enable password **********
!
ip subnet-zero
!
no ip domain-lookup
ip ssh time-out 120
ip ssh authentication-retries 3
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 2-4
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
description VLAN for Accounting
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/3
description VLAN for Wireless Routrer
switchport access vlan 3
spanning-tree portfast
!
interface FastEthernet0/4
description VLAN for Sales & MArketing
switchport access vlan 4
spanning-tree portfast
!
interface FastEthernet0/5
description NATIVE VLAN for Managment
spanning-tree portfast
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface Vlan1
description vlan connection to main router
ip address 192.168.1.253 255.255.255.0
no ip route-cache
!
ip http server
!
line con 0
exec-timeout 30 30
password ********
login
stopbits 1
line vty 0 4
exec-timeout 5 30
password *******
login
line vty 5 15
login
!
!
end

SWITCH1#

All I know that it didnt work.. The workstations were showing a connection but I couldnt ping anything on the network

where did I mees up

make FA0/1.1 192.168.1.254 and no address on FA0/1

Also what is that helper address? Do you have a route to that address? Each of your sub interfaces need an ip address in there respective network.

Ok so on the sub interfaces on that config I assigned

Ip helper-address 73.178.102.23 which is my outside ISP address (fa0/0) connected to my cable modem which is a litle diffrent because I made it up

So for sub interfaces I need to assign

ip helper-address 192.168.1.2

but that seems to me it's static and I would have to find out all the IP addreses of all workstations to match the gateway?

Not sure I follow you. Let's say the native vlan (1) has a dhcp server with the address 192.168.1.2. The dhcp server needs a different address pool for each vlan. So vlan1 would be 192.168.1.0/24, vlan2 192.168.2.0/24, vlan3 192.168.3.0/24, and so on. Each subinterface needs an ip address within the dhcp scope that you want to use for that vlan. So fa0/1.1 192.168.1.1, fa0/1.2 192.168.2.1, etc. The helper address for each subinterface would be 192.168.1.2. The dhcp server will assign the ip address and the gateway which you would set in the scope to be the ip address of the subinterface. My explanation sounds like crap so I'll see if I can find a good instructional.

If we are talking about the native vlan1 on the switch it has the IP address of 192.168.1.253 assigned to it

So what you are saying is that on the router I need to assign this for example

interface FastEthernet0/1.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.253
ip nat inside
ip virtual-reassembly
no cdp enable

Im just lost and asking my self the quesgtion why does the book talk about the static setup of vlans but nothing on the setup of dhcp... these books are crap and i'm about to light them on fire!!!

Everything in the book is probably using static addressing because as you see dhcp adds a little extra work to it and needs more trouble shooting to figure out why it isn't working. If your switch native vlan has a 192.168.1.x address than your router 1.1 interface also needs a 192.168.1.x address. If your dhcp server is physically connected to vlan1 then it doesn't need a helper address assigned. What are you using for a dhcp server? The configuration of the dhcp server needs to be in place for the helper address command to be of any use.

Hello

I know that book talks about static configs but it would make sence to expalin some dhcp setups. What do you mean when you ask me " what do you use for dhcp server" i just began with this study so im not sure where to look. The conf is a few posts above.

Something is telling me that i should give up on this because im just waisting your time with this.

ip dhcp excluded-address 192.168.1.250 192.168.1.255
!
ip dhcp pool LAN_DHCP_POOL
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254

Whatever you are using to assign ip addresses (the dhcp server) needs to be setup with multiple pools (one for each vlan). The router can be your dhcp server or a linux box or a windows server. It needs to be setup with these pools and their options set for default router.

The book is using static addressing I presume because it is trying to teach vlans and the use of inter vlan routing. Maybe a later chapter discusses dhcp and the use of the ip helper-address command which you could then apply to vlans.

If you want to work with static addressing and be able to communicate between vlans than change as follows:

interface FastEthernet0/1
description LAN connection
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
no mop enabled
!
interface FastEthernet0/1.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.2
description VLAN 2
encapsulation dot1Q 2
ip address 192.168.2.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.3
description VLAN 3
encapsulation dot1Q 3
ip address 192.168.3.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
!
interface FastEthernet0/1.5
description VLAN 5
encapsulation dot1Q 5
ip address 192.168.5.254 255.255.255.0
ip nat inside
ip virtual-reassembly
no cdp enable
 

If you want to use dhcp and the helper-address command maybe read through this on setting up the router as a dhcp server with multiple pools:

»www.cisco.com/en/US/docs ··· hcp.html

Hello

the person who helped me configure the dhcp config told me that the router is configured for dhcp server. Looking at the document i see that the router has Most of the dhcp commands allready configured.

Your current config is only a single pool for native vlan1. You'll need to create additional pools for each vlan.

Ok thanks i willnsee if I can figure this dhcp headache out and if not i will leave it lile it is

OK I did some research and came up with something but havent tried it out yet. I dont need helper adress with a router on a stick. I would only need to use ip heper adress if I had a real DHCP server such as linux or win2k3 but I only have a router with a basic dhcp config on it. If I want to add dhcp to each vlan than this came up

router(config)# int fa0/1.3
router(config-if)# encaps dot1q 3
router(config-if)# ip address dhcp

Has anyone ever treid this one.

Still have a problem Now that I have figured everything out LOL i cant get out to the internet. Looks like that the PC's on diffrent vlans are getting the right assigned IP address. When I click on manage network connections and go to local area connections it tells me that I only have LOcal Internet access

Config is bellow does anyone see anything that I missed. I read the book that coverd this and did exacly what it told me

Router1#sh run
Building configuration...
Current configuration : 4293 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5
enable password
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
no ip source-route
no ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool vlan1
import all
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
!
ip dhcp pool vlan2
import all
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
!
ip dhcp pool vlan3
import all
network 192.168.30.0 255.255.255.0
default-router 192.168.30.1
!
ip dhcp pool vlan4
import all
network 192.168.40.0 255.255.255.0
default-router 192.168.40.1
!
!
no ip bootp server
no ip domain lookup
ip domain name bosanci.net
ip name-server 4.2.2.2
ip inspect audit-trail
ip inspect udp idle-time 1800
ip inspect dns-timeout 7
ip inspect tcp idle-time 14400
ip inspect name FW_CBAC dns
ip inspect name FW_CBAC http
ip inspect name FW_CBAC https
ip inspect name FW_CBAC tcp
ip inspect name FW_CBAC udp
ip inspect name autosec_inspect cuseeme timeout 3600
ip inspect name autosec_inspect ftp timeout 3600
ip inspect name autosec_inspect http timeout 3600
ip inspect name autosec_inspect rcmd timeout 3600
ip inspect name autosec_inspect realaudio timeout 3600
ip inspect name autosec_inspect smtp timeout 3600
ip inspect name autosec_inspect tftp timeout 30
ip inspect name autosec_inspect udp timeout 15
ip inspect name autosec_inspect tcp timeout 3600
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip urlfilter allow-mode on
ip urlfilter exclusive-domain deny www.myspace.com
!
!
!
username admin password 0 ciscoprees
archive
log config
logging enable
!
!
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 1
!
!
!
!
interface FastEthernet0/0
description Cable ISP Connection
ip address dhcp
ip access-group INBOUND_ACL in
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect FW_CBAC out
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1.1
description VLAN1
encapsulation dot1Q 1 native
ip nat inside
ip address 192.168.10.1 255.255.255.0
no cdp enable
!
interface FastEthernet0/1.2
description VLAN 2 - connection to PC1
encapsulation dot1Q 2
ip nat inside
ip address 192.168.20.1 255.255.255.0
no cdp enable
!
interface FastEthernet0/1.3
description VLAN3 - connection to Wireless Router
encapsulation dot1Q 3
ip nat inside
ip address 192.168.30.1 255.255.255.0
no cdp enable
!
interface FastEthernet0/1.4
description VLAN 4 - connection to PC3-main
encapsulation dot1Q 4
ip nat inside
ip address 192.168.40.1 255.255.255.0
no cdp enable
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
ip access-list extended INBOUND_ACL
permit udp any eq bootps any eq bootpc log
permit tcp any any eq 22 log
deny ip any any log
ip access-list extended INBOUND_SCL
ip access-list extended autosec_firewall_acl
permit udp any any eq bootpc
deny ip any any
!
logging trap debugging
logging facility local2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
no cdp run
!
!
!
line con 0
exec-timeout 30 30
password onmlk123
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
login authentication local_auth
transport input ssh
!
scheduler allocate 20000 1000
end
Router1#
c2950#sh run
Building configuration...
Current configuration : 1198 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname c2950
!
no logging console
enable secret 5 $1$ObI3$Vhx9BsjTrcUORIrZGdGH9/
enable password password
!
ip subnet-zero
!
ip ssh time-out 120
ip ssh authentication-retries 3
vtp mode transparent
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
vlan 2-5
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 3
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 4
spanning-tree portfast
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface Vlan1
ip address 192.168.1.253 255.255.255.0
no ip route-cache
shutdown
!
ip default-gateway 192.168.10.1
ip http server
!
line con 0
line vty 0 4
password password
login
line vty 5 15
login
!
!
end
c2950#

thanks

Because of this:

ip nat inside source list 1 interface FastEthernet0/0 overload
 

Modify access-list 1 to this:

access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.30.0 0.0.0.255
access-list 1 permit 192.168.40.0 0.0.0.255
 

That did it. Im upset with my self I have been concetrating so badly on this that I forgot the access list even though I was looking at it last night

Thanks again for the help.

Hello

I was wondering even though everything works now how come I cant ping each PC or from the router the IP address I assigned to VLAN1 for managment purposes. I cant even ping the PC's from the router but I can ping each sub-interface from each PC.

The book tells me not to configure EIGRP1 on the router but I did it anyway to see if it's going to work and it didint so I removed it.

I am confused now because I cant ping the PC's from eather the switch or the router but yet those devices are able to go out to the internet and send emails and messages between each other. :-\

For the PCs check ICMP settings in Windows firewall. Your VLAN1 interface on the switch is shutdown so it won't respond to anything.

Hello. I enabled vlan1 and still nothing. I did that last night after i posted this when i saw it. All firewalls are disaabled and still cant ping. Also whrn i did this lab in static i was able to ping everything on the network. Not sure why not with dhcp.

Something tells me it may have to do with the IP address currently assigned
to the VLAN1 interface on your switch -- it's in the 192.168.1.0 /24 network,
while the rest of the subints on your router are in the 192.168.10 / .20 /
.30 / .40.0 /24 ranges -- ergo a different network than what the router is
aware of itself, and the 192.168.10.x is supposed to be carrying the native VLAN across.

Regards

you were right... I didint even noticed that.. Now that I changed it from 192.168.1.253 to 192.168.10.253 it startd to work

I thought I changed that allready but maybe didnt save the config... but now it works so I can put it in production...

Thanks