VLANs

Answered Question
Apr 27th, 2007
User Badges:

Hi.


I have Cisco 1801.

I have created 2 vlan.

Vlan1 is 8 static ip, from my provider

Vlan2 is 8 dynamic (internal 192.168.0.1???)

My problem:

Vlan1 have internet access

Vlan2 not.


When possible give to me link to manual, or small Example.

Sorry about my English.


Best Regards Andriy Harisios.


Correct Answer by royalblues about 10 years 1 month ago

You would require a NAT?PATconfiguration for your Private VLAN to access internet


Use any one IP from the pool provided by your ISP (say for eg.. if it is 1.1.1.1 )


ip nat pool Internet 1.1.1.1 1.1.1.1 prefix-length 29

ip nat inside source list 104 pool internet overload


access-list 101 permit ip 192.168.1.0 0.0.0.7 any


interface

ip nat inside


interface

ip nat outside


HTH, rate if it does

Narayan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
pstebner1 Fri, 04/27/2007 - 10:50
User Badges:

Andriy-

Can you clarify? I assume that your ISP gave you 8 public IPs.

Are you wanting to set this up so that VLAN2 does not have access to the net or are you saying that right now VLAN1 has access and VLAN2 does not, but you want it to?

Also, if you have any config on the 1801 please post it.


Paul

andriyhar Fri, 04/27/2007 - 11:11
User Badges:

Question:

How to make the Internet on VLAN2

---------------------------------


User Access Verification


Username: andriy

Password:

Cisco-1801#sh running-config

Building configuration...


Current configuration : 4839 bytes

!

! Last configuration change at 19:04:36 london Tue Apr 24 2007 by andriy

! NVRAM config last updated at 18:47:19 london Tue Apr 24 2007

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname Cisco-1801

!

boot-start-marker

boot-end-marker

!

logging buffered 4096

!

no aaa new-model

clock timezone london 1

clock calendar-valid

no ip source-route

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp ping packets 4

!

ip dhcp pool pool1

network 91.84.00.00 255.255.255.248

default-router 91.84.00.00

dns-server 212.104.000.0 212.104.000.00

lease infinite

!

ip dhcp pool pool2

network 192.168.0.2 255.255.255.248

default-router 91.84.00.00

dns-server 212.104.000.0 212.104.000.00

lease infinite

!

ip tcp synwait-time 10

no ip bootp server

ip name-server 212.104.000.0

ip name-server 212.104.000.00

ip ssh time-out 60

ip ssh authentication-retries 2

ip inspect name voip sip

!

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-1050249944

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1050249944

revocation-check none

rsakeypair TP-self-signed-1050249944

!

!


!

!

username andriy privilege 15 password 000000000000

!

!

!

!

!

!

interface FastEthernet0

no ip address

shutdown

duplex auto

speed auto

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

interface ATM0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0.1 point-to-point

no snmp trap link-status

pvc 0/38

encapsulation aal5snap

protocol ppp dialer

dialer pool-member 1

!

!

interface Vlan1

ip address 91.84.00.00 255.255.255.248

ip access-group vlan1_in in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1452

!


interface Vlan2

ip address 192.168.0.1 255.255.255.248

no ip redirects

no ip unreachables

ip nat outside

ip virtual-reassembly

ip tcp adjust-mss 1452

!


interface Dialer0

ip address negotiated

ip access-group dialer0_in in

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

encapsulation ppp

ip route-cache flow

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp chap hostname [email protected].00000000.00.00

ppp chap password 7 151B010D07253E2927

ppp pap sent-username [email protected].00000000.00.00 password 00000000000000


!

ip route 0.0.0.0 0.0.0.0 Dialer0

!

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 5 life 86400 requests 10000

!



!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet ssh

!

ntp clock-period 17180201

ntp server 213.170.141.38 prefer

ntp server 194.150.121.14

ntp server 81.187.121.162

end



Correct Answer
royalblues Fri, 04/27/2007 - 11:12
User Badges:
  • Green, 3000 points or more

You would require a NAT?PATconfiguration for your Private VLAN to access internet


Use any one IP from the pool provided by your ISP (say for eg.. if it is 1.1.1.1 )


ip nat pool Internet 1.1.1.1 1.1.1.1 prefix-length 29

ip nat inside source list 104 pool internet overload


access-list 101 permit ip 192.168.1.0 0.0.0.7 any


interface

ip nat inside


interface

ip nat outside


HTH, rate if it does

Narayan

pstebner1 Fri, 04/27/2007 - 12:35
User Badges:

FWIW, there's a typo in the above config. The source list should be 101, not 104.


HTH,

P

Actions

This Discussion