Basic VLan routing on 861-W

Answered Question
Apr 13th, 2009

Hello,

I have a new 861-W, whose WAN port on 65.19.88.211/27 is connected to the LAN side of an 831 on 65.19.88.193/27. I setup static ip 207.136.203.109/30 on VLan2 on the 861-W and assigned port FA3 to VLan2. I connected a notebook to FA3 with static ip 207.136.203.110/30. I'm just trying to ping from the notebook to the 831, but can't (I can ping to 65.19.88.211). This shouldn't be rocket science. Here' the config:

pa-router#sh running-conf

Building configuration...

Current configuration : 1433 bytes

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname pa-router

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

!

!

no ip source-route

!

!

ip cef

!

!

!

!

username Thomas privilege 15 secret 5 $1$nJ10$jwjN8ByuuJYvRjfd8EIRo0

!

!

!

archive

log config

hidekeys

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

switchport access vlan 2

no cdp enable

!

interface FastEthernet4

ip address 65.19.88.211 255.255.255.224

ip access-group WAN_IN in

ip access-group WAN_OUT out

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

no ip address

shutdown

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

!

interface Vlan1

no ip address

!

interface Vlan2

ip address 207.136.203.109 255.255.255.252

!

interface Vlan3

no ip address

!

ip default-network 0.0.0.0

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 65.19.88.193 permanent

no ip http server

no ip http secure-server

!

!

no cdp run

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

line vty 0 4

password xxxxxxxx

login

!

scheduler max-task-time 5000

end

I have this problem too.
0 votes
Correct Answer by lamav about 7 years 9 months ago

Hi:

1) Why the access group commands on the WAN interface with no ACLs configured?

2. Get rid of the default network command.

3.) Does the 831 have a route back to your VLAN?

HTH

Victor

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Correct Answer
lamav Mon, 04/13/2009 - 09:38

Hi:

1) Why the access group commands on the WAN interface with no ACLs configured?

2. Get rid of the default network command.

3.) Does the 831 have a route back to your VLAN?

HTH

Victor

thomasmcleod Mon, 04/13/2009 - 10:53

Victor, you're the man.

I thought I could ping off the 831 LAN interface without setting up an internal route. In other words, I assumed the 831 would know to send the ICMP packet back the same way it came.

Thomas

lamav Mon, 04/13/2009 - 13:53

LOL..you're welcome. Glad it worked and thanks for the rating...

Victor

Actions

This Discussion