09-11-2008 12:58 PM - edited 03-03-2019 11:30 PM
Ok, all traffic need to go from vlan1 (192.168.4.0/24) to fe1 (dhcp) execpt any destination of 192.168.1.0/24 on fe0
if 192.168.1.0 destination go to fe0 from vlan1
if anything else need to go to fe1 from vlan1
I can not get anything to go out of fe0
router is 1811 attached is config
Solved! Go to Solution.
09-13-2008 01:13 PM
Wayne
Thanks for the information and for running the test that I suggested. Especially since the router can ping devices connected on FastEther0 with a standard ping it establishes that there is connectivity and that IP addressing is ok. When the router can not ping the device when it specifies a source address different from FastEther0 then it suggests that the problem is that the device does not have the correct default gateway configured. Since the address on the router interface is 192.168.1.215, that should be the default gateway on the devices connected on FastEther0. If you check I believe that you will find that they are configured with some other default gateway. And if you configure them to use 192.168.1.215 as their default gateway then I believe that VLAN 1 will be able to ping them.
HTH
Rick
09-11-2008 02:06 PM
Wayne
I have looked at the config that you posted and I believe that I see several issues that you need to correct:
- you specify ip nat inside on interface vlan 1 which I believe is correct. But you specify ip nat outside on interface FastEther0 which I believe is a mistake. Your nat translation will attempt to translate traffic going out FastEth0 using the address of FastEther1. I believe that this is the big problem preventing traffic from going out FastEther0.
- you also have a static route for 192.168.1.0 pointing to FastEther0. You do not need this. I am not sure that it is hurting anything. But you do not need static routes for connected subnets.
- you have a static route for 192.168.0.0 pointing to FastEther1. This may be ok. I expected to find a default route and do not see any. The result is that you will attempt to route for 192.168.0.0 but that is the only destination not on the local router that you will route.
- the access list inbound on FastEther1 will permit bootp/DHCP and a couple of ICMP message but nothing else. So there is very little useful that you can do with FastEther1.
I believe that the biggest problem is the ip nat outside on FastEther0. Remove it or change it to ip nat inside and I believe that you will be able to get traffic to go out that interface.
HTH
Rick
09-11-2008 06:35 PM
09-11-2008 06:50 PM
Wayne
You have done much of what I discussed. In particular you have removed the ip nat outside from FastEther0. And you have removed the access-group on FastEther1. And you have changed the static routes. Unfortunately there is a problem with the static default route that you have configured:
ip route 0.0.0.0 0.0.0.0 192.168.0.1
the next hop that you specify (192.168.0.1) is not any where that the router knows how to get to. In the original config that subnet was somewhere out the FastEther1 interface (based on the configured static route). But now the router has nothing to tell it where 192.168.0.1 is. So the default route will not be placed into the routing table (which you should be able to verify by using the shop ip route command).
Your original post focused on a problem of getting packets from devices in VLAN 1 to forward through FastEther0. It looks to me like that problem should be resolved. Does that work now?
HTH
Rick
09-12-2008 05:25 AM
I still cannot get out on fe0. Fe1 is internet. With current default route internet works. fe1 is for internet.
username
Replace
use.
-----------------------------------------------------------------------
flex-ing#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.0.1 to network 0.0.0.0
C 192.168.4.0/24 is directly connected, Vlan1
C 192.168.0.0/24 is directly connected, FastEthernet1
C 192.168.1.0/24 is directly connected, FastEthernet0
S* 0.0.0.0/0 [1/0] via 192.168.0.1
09-12-2008 08:16 AM
Wayne
Thanks for posting the output of show ip route. It makes clear that the address negotiated on Fe1 is in the 192.168.1.0 network and therefore the default route does work. It was not clear from the config, but the operational show ip route does make that clear.
So you seem to be saying that there is a problem with access on Fe0. What are you trying to do to access on Fe0? Note that with no ip nat statemet on Fe0 that traffic to and from the interface will not be translated. This means that its access to the Internet or Internet access to it will not work. But I would expect that access from VLAN 1 to Fe0 would work. Are you saying that access from VLAN 1 to Fe0 does not work?
HTH
Rick
09-12-2008 10:24 AM
yes, vlan1 can ping fe0, vlan1 cannot ping or access anything past it.
09-12-2008 11:43 AM
Wayne
I suggest a test to help determine what and where the problem is. Can you ping from the router to some device connected through FastEth0? If that works it demonstrates a level of connectivity from the router to the device.
Then please do an extended ping from the router. In the extended ping use the same destination address as the previous step. And in extended ping specify the source address as the VLAN 1 interface address.
Knowing whether step 1 works or not and whether step 2 works or not may help us determine what and where the problem is.
HTH
Rick
09-13-2008 09:40 AM
pc can ping fe0
vlan1 can ping fe0
outside fe0 can ping fe0
fe0 can ping outside
vlan1 cannot ping outside fe0
pc cannot ping outside fe0
flex-ing#ping
Protocol [ip]:
Target IP address: 192.168.1.216
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: vlan1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.216, timeout is 2 seconds:
Packet sent with a source address of 192.168.4.1
.....
Success rate is 0 percent (0/5)
flex-ing#
09-13-2008 01:13 PM
Wayne
Thanks for the information and for running the test that I suggested. Especially since the router can ping devices connected on FastEther0 with a standard ping it establishes that there is connectivity and that IP addressing is ok. When the router can not ping the device when it specifies a source address different from FastEther0 then it suggests that the problem is that the device does not have the correct default gateway configured. Since the address on the router interface is 192.168.1.215, that should be the default gateway on the devices connected on FastEther0. If you check I believe that you will find that they are configured with some other default gateway. And if you configure them to use 192.168.1.215 as their default gateway then I believe that VLAN 1 will be able to ping them.
HTH
Rick
09-16-2008 06:53 AM
That fixed the issue, thank you. now I have a problem the two locations are connected via wireless bridge fe0 is connected to antenna. both locations want seperate internet connections. vlan1 needs access to sql server for mrp app.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide