04-13-2009 09:28 AM - edited 03-06-2019 05:08 AM
Hello,
I have a new 861-W, whose WAN port on 65.19.88.211/27 is connected to the LAN side of an 831 on 65.19.88.193/27. I setup static ip 207.136.203.109/30 on VLan2 on the 861-W and assigned port FA3 to VLan2. I connected a notebook to FA3 with static ip 207.136.203.110/30. I'm just trying to ping from the notebook to the 831, but can't (I can ping to 65.19.88.211). This shouldn't be rocket science. Here' the config:
pa-router#sh running-conf
Building configuration...
Current configuration : 1433 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname pa-router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
!
no ip source-route
!
!
ip cef
!
!
!
!
username Thomas privilege 15 secret 5 $1$nJ10$jwjN8ByuuJYvRjfd8EIRo0
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
no cdp enable
!
interface FastEthernet4
ip address 65.19.88.211 255.255.255.224
ip access-group WAN_IN in
ip access-group WAN_OUT out
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
shutdown
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 207.136.203.109 255.255.255.252
!
interface Vlan3
no ip address
!
ip default-network 0.0.0.0
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 65.19.88.193 permanent
no ip http server
no ip http secure-server
!
!
no cdp run
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
password xxxxxxxx
login
!
scheduler max-task-time 5000
end
Solved! Go to Solution.
04-13-2009 09:38 AM
Hi:
1) Why the access group commands on the WAN interface with no ACLs configured?
2. Get rid of the default network command.
3.) Does the 831 have a route back to your VLAN?
HTH
Victor
04-13-2009 09:38 AM
Hi:
1) Why the access group commands on the WAN interface with no ACLs configured?
2. Get rid of the default network command.
3.) Does the 831 have a route back to your VLAN?
HTH
Victor
04-13-2009 10:53 AM
Victor, you're the man.
I thought I could ping off the 831 LAN interface without setting up an internal route. In other words, I assumed the 831 would know to send the ICMP packet back the same way it came.
Thomas
04-13-2009 01:53 PM
LOL..you're welcome. Glad it worked and thanks for the rating...
Victor
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide