Solved wireless network thru 2800 series router and 3 switches

January 16, 2015 at 00:16:46
Specs: Windows 7 64, I7 Intel 3.80 GHZ / 16
My network consists of the following

Wireless router > Switch

Switch trunk > switch on 2nd floor

switch 2nd flr trunk > garage

switch garage plugged into Cisco 2800 series router

I have created 3 networks

172.148.1.1 1st wireless router on 1st floor trunked into switch
192.168.0.1 cisco router
172.143.1.1 2nd wireless router plugged into switch located with cisco 2800 series router

I have vlan 10(voice) 20(data) 99(MGMT) setup on all switches

I'm trying to figure out how to have the switches configured for the vlan 20 and pull from one of the 2 wireless routers to push dhcp ip's to my clients however when i enable vlan switchport mode access on my switch it kills the internet because its pulling the private IP for the closed network on 192.168.0.1

should i configure another vlan but how would i tell the port to push to that specific network for the dhcp client on the wireless router


See More: wireless network thru 2800 series router and 3 switches

Report •


✔ Best Answer
January 25, 2015 at 06:40:03
Sorry I've been away so long. I've been sicker'n a dog for 4 days now. I believe I'm over the worst but I still feel like death warmed over.

macattack003

I'm sorry I can't be of more help but this is much more of a "hand-on" situation for me since your VLAN and cisco skills are lacking. If I had the equipment here, I could build the config for each piece and test. But I can't. Here's what I would do if this were me.

First, I'd get all the cisco equipment together into one room and I would lab this out one step at a time. Starting with zero'ing the config on all cisco devices. Once I had them all back to factory defaults I would start by configuring one switch at a time.

Give them an IP on the management VLAN (ie: VLAN 1)
switch 1: 192.168.1.1 SM 255.255.255.0
switch 2: 192.168.1.2 SM: 255.255.255.0
switch 3: 1921.68.1.3 SM: 255.255.255.0

Then configure uplink ports. On switch 1, set port 24 (48 if a 48 port switch) as a "trunk" port. On switch 2, set port 24 as a trunk port. Now connect the two with a crossover cable. Plug a client PC into any port on switch 1, and another on switch 2 and give them IP's in the same subnet as the switche (ex: 192.168.1.100, 101).

You should be able to ping one client from the other and vice versa. You should also be able to ping both switches from both clients as all are on the same subnet and plugged into VLAN 1 ports.

If this doesn't work, you're screwed and need some help from someone who can come to your house and give you a hand at the console.

If it does work, configure port 23 on switch 2 as an uplink (trunk) port to port 24 on switch 3. Now repeat the test procedure above and confirm all is working as it should.

At this point you should have the following:
switch 1:
IP: 192.168.1.1 SM: 255.255.255.0
VLAN 1 on all ports
Port 24 "trunk" port to switch 2

switch 2:
IP: 192.168.1.2 SM: 255.255.255.0
VLAN 1 on all ports
Port 24 "trunk" to port 24 on switch 1
Port 23 "trunk" to port 24 on switch 3

switch 3:
IP: 192.168.1.3 SM: 255.255.255.0
VLAN 1 on all ports
Port 24 "trunk" to port 23 on switch 2

Now you add a second VLAN. We'll call it VLAN 2 and lets make it your data (internet) VLAN. Once you've created VLAN 2 on all 3 switches assign it to some ports on each switch. Just for simplicity's sake, make ports 2-8 VLAN 2 (I always keep port 1 on every switch as VLAN 1 - a management port, so I can plug a laptop in to it in case I need to to troubleshoot an issue). Ensure you've removed VLAN 1 from ports 2-8 and ensure the primary VLAN ID for ports 2-8 is 2. Also, ensure you've added port 2 to your trunk ports. They should now show the following:
Primary VLAN ID (Base VLAN/baseband) = 1
Allowed VLANs = 1,2

Now plug your internet SOHO router into any VLAN 2 port and a DHCP enabled client into any other VLAN 2 port. Client should get TCP/IP settings from SOHO Router and have internet access. If this doesn't work, again, you've done something wrong and need help.

If it works, continue on to adding VLAN 3....same theory as adding VLAN 2. However, this is the VLAN you want segregated but to still have internet access so you'll have to have the 2800 connected to your network with an interface plugged into a VLAN 3 port on a switch and another to a VLAN 2 port. You will want to do this one interface at a time. Configure routing between the two so VLAN 3 has internet access through VLAN 2.

That's about all I can tell you. Again, it's been about ten years since I had to work with Cisco so I don't remember all the CLI commands offhand and have no interest in digging out a cisco switch to refresh my memory.

If you can't get it working after all this, I recommend you hit a cisco forum and ask for help there from someone who works with cisco every day.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***



#1
January 18, 2015 at 08:07:24
A couple points before I begin.

1) I'm a firm believer in the KISS principle
2) I haven't touched cisco equipment in a few years (thank goodness)

I point out #2 because it means my skill are rusting and the equipment I've mainly been working with uses some different terminology.

Ok, questions.........

First, why 99 as your management VLAN? Why not 1 which is the default VLAN built into every L2/L3 switch I've ever seen and used by most of us in industry as the management VLAN (KISS principle). I ask because if memory serves me, when you enable a trunk port in cisco, it's base VLAN will be 1. If it is, and you're trying to use 99 as your management VLAN, it's not going to work right.

Are you sure your uplinks are set as "trunk" ports?

Why is your 2800 router at the opposite end of your network from your SOHO Router? Not that it really matters a whole lot but if it were me, I'd configure like so:

Internet >> SOHO Router >> 2800 Router >> Switches/AP's & Clients

Why are you using routable IP's internally? It's not a huge deal, but doing so could lead to potential issues. Most folks use private IP's internally.

From what you're saying, you have your management VLAN mixed up somehow with your data VLAN and both are trying to use one DHCP server.

Your management VLAN doesn't require DHCP as all network appliances IP's should be statically assigned. This subnet should never touch client subnets and vice versa.

You should have one DHCP server for each separate subnet you're running.

If it were me, I'd setup like so:

VLAN 1 (mgmt) = 192.168.1.0/24
VLAN 2 (data) = 192.168.2.0/24
VLAN 3 (VoIP) = 192.168.3.0/24

You notice the VLAN number reflects the actual subnet. This is much simpler to remember than your VLAN/Subnet setup. Sure yours is easy enough in such a small environment but try it in a larger one like mine at work where I have over 100 VLAN's.

Again, VLAN 1 is separate and apart from data/VoIP. Trunk ports should be base 1 and carry all other VLAN's. Then when you enable a VLAN on a port, regardless of on which switch, the client plugged into that port will access that VLAN/subnet.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#2
January 19, 2015 at 00:52:31
Curt,

Great to see you again. Well in regards to vlan 99 and vlan 1 being the default that is a great point now that I have went back and looked at it. I will also go back and reconfigured the vlan ips to match what you recommended. I think I use 10 and 20 as they are nice and round #s the military I'm use to being stuck working with 58 and 59.

Wireless and 2800 configuration

This is configured this way for a few different reasons one I have moved most of my lab to a different area in my house so it will be a cooler environment as I haven't built a box yet for my router and switches. Another reason is because its noisy and puts off alot of heat in the computer room I also have small children and didn't want to take the chance of damaging equipment. I don't want to pay the cable company to come out and move the cable modem jack to a different spot on the splitter as I'm running cable internet from comcast and direct tv I've had many of problems with this already.

Okay so going back to Vlan 1 and 99 so basically (KISS) the vlan 1 should automatically allow the internet to be pushed into the devices that are pulling ip's from the router.

Question 1: The 2800 series router is only DHCP for the 192.168 ip scheme which is strictly running VOIP on the 192.168.10.1 subnet the 20 is just for management purposes of the CME gui. So with the Linksys thats pulling internet thru the switches and from the orignal router upstairs how can I make 2 subnets with dhcp clients hence the separation of networks with the vlan.

My thoughts

Vlan 1 is great as it allows for the internet to be piped thru but if your sep networks you use vlans which then for some reason in my case is killing the dhcp client from talking to these machines I'm thinking there is something missing from my configuration.

Network 1 Router upstairs Vlan 1 172.148.1.1 network
Network 2 Router downstairs Vlan 2 172.148.2.1 network for lack of the correct IP i just made one up
Network 3 would be from 2800 series router pushing CME for voip 172.148.3.1

so this would work ?? but I think it comes back to the vlan's see the dhcp server as I have a default-gateway assigned on the switch and on the router inside the ip dhcp pool for voip and data services

I'm really lost with this Curt.


Report •

#3
January 19, 2015 at 11:54:15
LOL - I'm getting a little lost too! It's always very hard to try to work on something like this over a forum but we'll see if we can't figure it out.

I had thought you had at least two different SOHO routers. If you did, you could have each of those doing DHCP for one subnet. One data, one VoIP. Alternatively, you could use the DHCP server service on the 2800 for one of them.

You do not need, or want, DHCP on your management VLAN as I said earlier.

Using my IP scheme from above, let's give VLAN one the following: 192.168.1.0/24 I would statically assign the following:
2800 Router = 192.168.0.10
Switch 1 = 192.168.1.1
Switch 2 = 192.168.1.2
Switch 3 = 192.168.1.3
All static, no DHCP on this subnet. From a management point of view, no "regular" users would have access to the management network. If I were doing this at my house, I'd have a second NIC in my PC that connected to the management network and the other, the data network. This way I could get out on the internet, and manage my network appliances. You could also give yourself access via the router if you wanted to but that does open a window to others access it as well.

Once you have the management network working properly, then you would deal with the data VLAN. Plug the SOHO Router you want doing DHCP for this subnet (ie: the one connected to the internet) into an appropriate port (again as per my example above) on VLAN 2. Now any other DHCP client plugged in to a VLAN 2 port should get TCP/IP settings and internet access.

For the VoIP VLAN you'll likely need to get the 2800 to hand the routing for it as it'll have to route to the data VLAN in order to get out on the internet. You'll either use the DHCP in the 2800 for this VLAN (I would) or you could use another SOHO router.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Related Solutions

#4
January 19, 2015 at 13:14:53
Curt,

Okay after reading my late post I apologize for jumping all over the place. Lets back up and make sure I get my network setup right so you understand how things look for the physical layer.

Room 1 Cable Modem>SOHO(wireless router pushing dhcp) > Switch with trunk port

Room 2 Switch trunk from Sw 1 upstairs

Room 3 Switch trunk from Sw 2 pulling internet services from upstairs the PoP in addition to 3rd Sw > Wireless router > 2800 router

The 2800 router is strictly providing the CME for the VOIP services
The 2nd wireless router is not in AP but is acting as one in the garage pulling services in thru the lan off switch 3 and then pushing a wifi signal out on a different subnet creating the 2nd network

Okay I hope that clears up that piece then what I want to accomplish
VOIP Vlan subnet
Room 1 pulling from dhcp router upstairs
Room 2 pulling from dhcp router upstairs thru the switch trunk port
Room 3 depends on which port I plug into as the vlan being enable prevents the port from pulling dhcp from the 2nd router that is pushing internet this is the problem I'm trying to solve I watched a cisco packet tracer video and it said something about an ip helper address would this solve my issue ??

Management Vlan 1

For the rooms above I would like them to all be on the same vlan/subnet however I would like to create a 2nd vlan/subnet with resources that will be specific to that vlan/subnet but still be able to access the internet this is where the 2nd WiFi router comes in that has a different IP scheme


Report •

#5
January 20, 2015 at 09:20:59
Sorry for taking so long to get back to you. I'm having some major fires at work yesterday and today and things going on at home. I'll read your latest post and get back to you ASAP but it may not be today

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#6
January 20, 2015 at 12:34:13
Ok, fires out and I have a few minutes while on lunch so I had a quick read of your last response.

Ok, I have the picture of your network in my head. And, I understand why your 2800 is where it is physically. Logically it doesn't matter as I'm sure you know. I just like to keep all my stuff together as much as is possible.

Room 3 depends on which port I plug into as the vlan being enable prevents the port from pulling dhcp from the 2nd router that is pushing internet this is the problem I'm trying to solve I watched a cisco packet tracer video and it said something about an ip helper address would this solve my issue ??

Right, if you have multiple VLAN's configured on this switch, and what port you plug into affects what network your client accesses. If you have the VLAN that DHCP on enabled on say, port 2 and you plug a client with DHCP enabled into port 2, you should get TCP/IP info from DHCP and be able to surf the web. If this isn't working, you need to check the config all the way back to the device doing DHCP for this network and ensure that you have the VLAN attached to the uplink (trunk) ports on every step.

For the rooms above I would like them to all be on the same vlan/subnet however I would like to create a 2nd vlan/subnet with resources that will be specific to that vlan/subnet but still be able to access the internet this is where the 2nd WiFi router comes in that has a different IP scheme

Here's the problem as I see it. You want two VLAN's that are separate, but you want them both to access the internet but not each other. I believe you can accomplish this using the 2800 router as a router. External traffic from the non-internet VLAN would have to be redirected to the SOHO Router that handles the internet. Let's call it 192.168.2.1 (LAN IP of that SOHO Router).

Since this second VLAN (VLAN 3) is: 192.168.3.0/24 it couldn't communicate with anything on VLAN 2 (192.168.2.0/24) and vice versa. But internet traffic would be sent directly to the router and out to the internet.

You will just have to figure out the correct configuration on the 2800 to make it happen.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#7
January 24, 2015 at 01:31:37
Curt,

I'm still lost with this and I think I'm missing something in my config file as the VLANs are killing the ability to pull from the DHCP client so once I turn on the access mode it kills the connectivity from the trunk thru the rest of the switch so here is an example to better illustrate it.

Port 10 no switchport access only spanning tree portfast pulls DHCP Good
Port 11 Switchport mode access switchport access vlan 20 for example to match the configs before I started changing it around it then automatically points back and grabs the DHCP IP

192.168.20.5 so I'm seeing the issue but lost with exactly how to fix it.

if I change the DHCP pool for g0/0.20 to match the network address on the WiFi network putting it in the live network maybe this would work ??

so example and I will test this and wait for you to get back to hopefully find out that it works

Vlan 3 IP 172.148.3.1 sub/int g0/0.3 excluded addresses etc etc

port 11 vlan 3 then pointing back and grabbing a 172.148.3.5 address then in turn should allow me to push out only if it will actually route traffic back thru from the vlan thru the switches trunks and back to the router to the outside that seems to be the issue is routing traffic


Report •

#8
January 24, 2015 at 01:34:45
If you have the VLAN that DHCP on enabled on say, port 2 and you plug a client with DHCP enabled into port 2, you should get TCP/IP info from DHCP and be able to surf the web. If this isn't working, you need to check the config all the way back to the device doing DHCP for this network and ensure that you have the VLAN attached to the uplink (trunk) ports on every step.

I'm assuming you mean the router as it is the dhcp client however the trunk and vlans are on the switch so I'm lost with this can i submit router configs on this forum maybe that would make life easier


Report •

#9
January 24, 2015 at 01:54:00
Is it too difficult to draw this up?

Report •

#10
January 24, 2015 at 01:55:46
not sure what you mean i have made a network topology similar to what i have built in my lab thru cisco packet tracer i have a diagram on powerpoint and i have several things identifying my devices can you explain?

Report •

#11
January 25, 2015 at 06:40:03
✔ Best Answer
Sorry I've been away so long. I've been sicker'n a dog for 4 days now. I believe I'm over the worst but I still feel like death warmed over.

macattack003

I'm sorry I can't be of more help but this is much more of a "hand-on" situation for me since your VLAN and cisco skills are lacking. If I had the equipment here, I could build the config for each piece and test. But I can't. Here's what I would do if this were me.

First, I'd get all the cisco equipment together into one room and I would lab this out one step at a time. Starting with zero'ing the config on all cisco devices. Once I had them all back to factory defaults I would start by configuring one switch at a time.

Give them an IP on the management VLAN (ie: VLAN 1)
switch 1: 192.168.1.1 SM 255.255.255.0
switch 2: 192.168.1.2 SM: 255.255.255.0
switch 3: 1921.68.1.3 SM: 255.255.255.0

Then configure uplink ports. On switch 1, set port 24 (48 if a 48 port switch) as a "trunk" port. On switch 2, set port 24 as a trunk port. Now connect the two with a crossover cable. Plug a client PC into any port on switch 1, and another on switch 2 and give them IP's in the same subnet as the switche (ex: 192.168.1.100, 101).

You should be able to ping one client from the other and vice versa. You should also be able to ping both switches from both clients as all are on the same subnet and plugged into VLAN 1 ports.

If this doesn't work, you're screwed and need some help from someone who can come to your house and give you a hand at the console.

If it does work, configure port 23 on switch 2 as an uplink (trunk) port to port 24 on switch 3. Now repeat the test procedure above and confirm all is working as it should.

At this point you should have the following:
switch 1:
IP: 192.168.1.1 SM: 255.255.255.0
VLAN 1 on all ports
Port 24 "trunk" port to switch 2

switch 2:
IP: 192.168.1.2 SM: 255.255.255.0
VLAN 1 on all ports
Port 24 "trunk" to port 24 on switch 1
Port 23 "trunk" to port 24 on switch 3

switch 3:
IP: 192.168.1.3 SM: 255.255.255.0
VLAN 1 on all ports
Port 24 "trunk" to port 23 on switch 2

Now you add a second VLAN. We'll call it VLAN 2 and lets make it your data (internet) VLAN. Once you've created VLAN 2 on all 3 switches assign it to some ports on each switch. Just for simplicity's sake, make ports 2-8 VLAN 2 (I always keep port 1 on every switch as VLAN 1 - a management port, so I can plug a laptop in to it in case I need to to troubleshoot an issue). Ensure you've removed VLAN 1 from ports 2-8 and ensure the primary VLAN ID for ports 2-8 is 2. Also, ensure you've added port 2 to your trunk ports. They should now show the following:
Primary VLAN ID (Base VLAN/baseband) = 1
Allowed VLANs = 1,2

Now plug your internet SOHO router into any VLAN 2 port and a DHCP enabled client into any other VLAN 2 port. Client should get TCP/IP settings from SOHO Router and have internet access. If this doesn't work, again, you've done something wrong and need help.

If it works, continue on to adding VLAN 3....same theory as adding VLAN 2. However, this is the VLAN you want segregated but to still have internet access so you'll have to have the 2800 connected to your network with an interface plugged into a VLAN 3 port on a switch and another to a VLAN 2 port. You will want to do this one interface at a time. Configure routing between the two so VLAN 3 has internet access through VLAN 2.

That's about all I can tell you. Again, it's been about ten years since I had to work with Cisco so I don't remember all the CLI commands offhand and have no interest in digging out a cisco switch to refresh my memory.

If you can't get it working after all this, I recommend you hit a cisco forum and ask for help there from someone who works with cisco every day.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

#12
January 25, 2015 at 16:30:34
Curt,

Hope you feel better soon and thanks so much for all your time and effort with this as it has been a great learning experience for my 2 upcoming tests. I think i will eventually get it all in working order i will report back on how it all turns out and once it all comes online. Cisco has been a headache with all the cmds i can agree if you don't have any reason to learn the cmds again they do clog up alot of space..... lol


Report •

#13
February 7, 2015 at 13:42:17
Curt,

Well I have made multiple attempts at this project and have made small amounts of progress with certain aspects of it but haven't been able to completely get it working. I wanted to let you know one large piece of the puzzle that I discovered was the default trunk vlan is 1 and becomes native once you enable the trunking protocol. So there is a command to use to tell the port to allow other vlans across the trunk. I have come to the conclusion that I have learned a great deal with your ideas and I will just stick with what I was able to get to work and continue to try things. The assumption i have made is that the linksys and netgear wifi routers are not friendly with cisco products and i believe because of the protocols im trying to use there is a conflict with the equipment making it impossible to do what i want. Thanks for all your help on this.


Report •

#14
February 7, 2015 at 21:11:58
I wanted to let you know one large piece of the puzzle that I discovered was the default trunk vlan is 1 and becomes native once you enable the trunking protocol

If you look back to my very first response, in the very first longish paragraph you'll see the following:

First, why 99 as your management VLAN? Why not 1 which is the default VLAN built into every L2/L3 switch I've ever seen and used by most of us in industry as the management VLAN (KISS principle). I ask because if memory serves me, when you enable a trunk port in cisco, it's base VLAN will be 1. If it is, and you're trying to use 99 as your management VLAN, it's not going to work right.

I believe I touch on the same subject later and mention that once you enable trunk mode on a cisco port, by default it will set VLAN 1 as "native" (Primary VLAN ID or PVID on the Avaya equipment I work on now) and should by default include all other VLAN's. Of course one has to keep in mind the last IOS release I worked on intimately was 12.1 so there may be new commands in newer versions.

The assumption i have made is that the linksys and netgear wifi routers are not friendly with cisco products

Actually, Cisco bought Linksys out some years ago so I doubt the issue is an incompatibility issue. The basis of VLAN tag's is that they (the VLAN's themselves) don't much care what you plug into them. As long as all devices, be they a client computer, an AP or a SOHO Router, as long as they're all on the same subnet, they'll communicate.

So back to my initial example:
VLAN 2 = 192.168.2.0/24

Now let's say you plug a Linksys SOHO Router in to a VLAN 2 port, as long as it's IP address is within 192.168.2.1 - 192.168.2.254, then it will communicate with everything else within that VLAN (subnet).

For example, give the router 192.168.2.1 with subnet mask 255.255.255.0 Now, give it a DHCP scope of 192.168.2.100 through to 192.168.2.200. So if you now plug a computer with DHCP enabled into a VLAN 2 port on the same switch, the client computer should get an IP within the DHCP scope of the SOHO router. Try setting this up on a single switch, get it working on one switch first, then you can look at adding a second and getting the trunk port to work properly.

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Ask Question