I have a setup, where the single port 2600 router is in port 0/2 in the switch, outside network is on port 0/1, and the rest (0/3-0/24) should be clients for the second network that would be managed by the 2600 router.
I configured everything with two VLANs: 100 for outside (0/2-0/24), 200 for inside (0/1-0/2). 0/2 is a trunk port for the two VLANs.
The issue that came about is that I can't have two VLANs on at once: software doesn't allow it.
Now, I can ping the outside network devices (172.16.7.1, 172.16.7.103), and even google (8.8.8.8) from the router, but not the switch. Devices on connected get a DHCP lease properly but can't ping outside the network, just the router - 172.17.7.1 and the switch itself, 172.17.7.7.
The configuration for both the router and the switch are here, as well as below.
Router:
rt.throom#sho run
Building configuration...
Current configuration : 1015 bytes
!
version 12.1
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname rt.throom
!
enable password To053cret
!
!
!
!
!
no ip subnet-zero
ip dhcp excluded-address 172.17.7.1 172.17.7.2
ip dhcp excluded-address 172.17.7.3 172.17.7.4
ip dhcp excluded-address 172.17.7.5
!
ip dhcp pool VLAN200
network 172.17.7.0 255.255.255.0
default-router 172.17.7.1
dns-server 8.8.8.8
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.100
encapsulation dot1Q 100
ip address 172.16.7.15 255.255.255.0
ip nat outside
!
interface Ethernet0/0.200
encapsulation dot1Q 200
ip address 172.17.7.1 255.255.255.0
ip nat inside
!
router eigrp 20
network 172.16.0.0
network 172.17.0.0
no auto-summary
no eigrp log-neighbor-changes
!
no ip classless
no ip http server
!
access-list 1 permit 172.17.7.0 0.0.0.255
!
!
line con 0
line aux 0
line vty 0 4
login
!
end
Switch:
sw.throom#sho run
Building configuration...
Current configuration:
!
version 11.2
no service pad
no service udp-small-servers
no service tcp-small-servers
!
hostname sw.throom
!
enable password Oh5053cret
!
!
no spanning-tree vlan 100
no spanning-tree vlan 200
ip subnet-zero
!
!
interface VLAN1
no ip address
no ip route-cache
!
interface FastEthernet0/1
switchport access vlan 100
spanning-tree portfast
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/14
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/15
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/16
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/17
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/18
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/19
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/20
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/21
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/22
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/23
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 200
spanning-tree portfast
!
!
line con 0
stopbits 1
line vty 0 4
login
line vty 5 9
login
!
end
sho ip route gives:
Gateway of last resort is 172.16.7.1 to network 0.0.0.0
172.17.0.0/24 is subnetted, 1 subnets
C 172.17.7.0 is directly connected, Ethernet0/0.200
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.7.0 is directly connected, Ethernet0/0.100
S* 0.0.0.0/0 [1/0] via 172.16.7.1