04-13-2009 09:28 AM - edited 03-06-2019 05:08 AM
Hello,
I have a new 861-W, whose WAN port on 65.19.88.211/27 is connected to the LAN side of an 831 on 65.19.88.193/27. I setup static ip 207.136.203.109/30 on VLan2 on the 861-W and assigned port FA3 to VLan2. I connected a notebook to FA3 with static ip 207.136.203.110/30. I'm just trying to ping from the notebook to the 831, but can't (I can ping to 65.19.88.211). This shouldn't be rocket science. Here' the config:
pa-router#sh running-conf
Building configuration...
Current configuration : 1433 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname pa-router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
!
!
no ip source-route
!
!
ip cef
!
!
!
!
username Thomas privilege 15 secret 5 $1$nJ10$jwjN8ByuuJYvRjfd8EIRo0
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
no cdp enable
!
interface FastEthernet4
ip address 65.19.88.211 255.255.255.224
ip access-group WAN_IN in
ip access-group WAN_OUT out
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
shutdown
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 207.136.203.109 255.255.255.252
!
interface Vlan3
no ip address
!
ip default-network 0.0.0.0
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 65.19.88.193 permanent
no ip http server
no ip http secure-server
!
!
no cdp run
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
line vty 0 4
password xxxxxxxx
login
!
scheduler max-task-time 5000
end
Solved! Go to Solution.
04-13-2009 09:38 AM
Hi:
1) Why the access group commands on the WAN interface with no ACLs configured?
2. Get rid of the default network command.
3.) Does the 831 have a route back to your VLAN?
HTH
Victor
04-13-2009 09:38 AM
Hi:
1) Why the access group commands on the WAN interface with no ACLs configured?
2. Get rid of the default network command.
3.) Does the 831 have a route back to your VLAN?
HTH
Victor
04-13-2009 10:53 AM
Victor, you're the man.
I thought I could ping off the 831 LAN interface without setting up an internal route. In other words, I assumed the 831 would know to send the ICMP packet back the same way it came.
Thomas
04-13-2009 01:53 PM
LOL..you're welcome. Glad it worked and thanks for the rating...
Victor
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: