Second VLAN access over Dialer

Unanswered Question
Aug 27th, 2010

Hi all,

Question, below I made a setup for my Cisco 867 annex B router. My goal is to setup two VLAN's connection to the internet trough the same dialer. I'm not sure that VLAN2 (192.168.10.x FE2 and FE3) can connect to the internet trough dialer1. Did I set it up right? (unfortunately I can't test the setup from my location) Thanks!

no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname r1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret ****
!
no aaa new-model
!
resource policy
!
clock timezone GMT +1
clock summer-time GMT date Mar 30 2002 1:00 Oct 26 2035 1:59
!
!
ip subnet-zero
no ip source-route
ip cef
!
!
ip tcp synwait-time 10
no ip bootp server
no ip domain lookup
ip domain name < domein naam>
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
username admin privilege 15 secret ****
!
!
controller DSL 0
mode atm
line-term cpe
line-mode 2-wire line-zero
dsl-mode shdsl symmetric annex B
line-rate auto
no shut
!
!
!
!
interface BRI0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation hdlc
ip route-cache flow
shutdown
!
interface ATM0
no ip address
no atm ilmi-keepalive
no shut
!
interface ATM0.1 point-to-point
description ****
pvc 0/0
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
switchport access vlan 2
!
!
interface Vlan1
description Business Connect FE0 - FE1
ip address 192.168.1.254 255.255.255.0
ip tcp adjust-mss 1452
!
interface Vlan2
description Private Connect FE2 - FE3
ip address 192.168.10.254 255.255.255.0
ip tcp adjust-mss 1452
!
interface Dialer0
ip unnumbered vlan1
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username **** password ****
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
logging trap debugging
! access-list t.b.v vty beveiliging
access-list 23 remark TTY security
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 remark *
access-list 23 permit *.*.0.0 0.0.255.255
access-list 23 permit 172.*.*.* 0.0.0.255
!
!
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end 

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 08/27/2010 - 02:44

Hello Stendec75,

unless your real IP address in vlan1 and vlan2 are public you need to perform NAT to access the public internet

see this link

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080093fca.shtml

you can NAT the IP subnets associated to the two vlans if required

access-list 133 deny ip 192.168.1.0 0.0.0.255 192.168.10.0 0.0.0.255

access-list 133 deny ip 192.168.10.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 133 permit ip 192.168.1.0 0.0.0.255 any

access-list 133 permit ip 192.168.10.0 0.0.0.255 any

! traffic between internal subnets is not translated so it is denied in ACLS used for NAT but this still allows communication

int vlan1

ip nat inside

int vlan2

ip nat inside

int dialer0

ip nat outside

ip nat inside source list 133 interface dialer0 overload

Hope to help

Giuseppe

Tim Roelands Fri, 08/27/2010 - 06:38

No, both IP's on the VLAN's are local IP's. Our purpose is to share one internet connection with two VLAN's. The VLAN's are designed to seperate two local networks. So, the VLAN's needs to be seperated at any time.Point is, I'm not sure computers within VLAN2 can connect to the internet.. ?

Thanks in advance!

Richard Burts Fri, 08/27/2010 - 06:53

If the addresses of the VLANs are private then Giuseppe is absolutely correct that you can not access the Internet without translating the addresses.

Assuming that Internet access from this router is working, and assuming that you get a correct configuration of address translation that includes VLAN2, and assuming that the devices in VLAN2 are configured with this router as their default gateway then I do not see any reason why VLAN 2 would not be able to access the Internet. Is there some particular aspect of the configuration that makes you concerned about the ability of VLAN 2 to access the Internet?

HTH

Rick

Actions

This Discussion