×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

VLAN Issue

Unanswered Question
Mar 27th, 2006
User Badges:

I have a Cisco 1721 router and switches in the network I am working on. The router configuration does not have any access-lists defined. I have two VLANs (VLAN1 and VLAN2) defined on the router. The switches just tag VLAN traffic so when it goes through, it knows where it is going. Here is my problem:


VLAN1 can access the internet and can access both VLAN1 and VLAN2.


VLAN2 can access VLAN1 anad VLAN2 but not the internet.


Why can't VLAN2 hit the internet?


Router Config:

Using 1323 out of 29688 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FV

!

boot-start-marker

boot-end-marker

!

enable secret 5 XXXXXXXXXXXXXXXX

enable password XXXXXXX

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

no aaa new-model

ip subnet-zero

ip cef

!!

ip dhcp excluded-address 192.168.1.1

ip dhcp excluded-address 192.168.1.2

ip dhcp excluded-address 192.168.1.3

ip dhcp excluded-address 192.168.1.4

ip dhcp excluded-address 192.168.1.5

!

ip dhcp pool DHCPPool1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.254.100

netbios-name-server 192.168.254.100

!

no ftp-server write-enable

!

!

!

!

interface FastEthernet0

ip address 192.168.254.17 255.255.255.0

speed auto

no cdp enable

!interface FastEthernet0.1

no cdp enable

!

interface FastEthernet0.2

encapsulation dot1Q 2

ip address 192.168.1.1 255.255.255.0

!

interface Serial0

ip address 10.254.0.2 255.255.255.252

no fair-queue

service-module t1 remote-alarm-enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.254.0.1 permanent

no ip http server

!

snmp-server community provsol RW

snmp-server enable traps tty

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

!

end



Switch Configuration


Running configuration:

; J4813A Configuration Editor; Created on release #F.05.17

hostname "Main-7"

snmp-server location "Internet Cafe"

cdp run

ip default-gateway 192.168.1.1

snmp-server community "public" Unrestricted

vlan 1

name "DEFAULT_VLAN"

ip address 192.168.254.229 255.255.255.0

no untagged 1-26

exit

vlan 2

name "CAFE"

untagged 1-23,25-26

ip address 192.168.1.4 255.255.255.0

tagged 24

exit

stack join 00110ad21100

no aaa port-access authenticator active

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pkhatri Mon, 03/27/2006 - 15:34
User Badges:
  • Purple, 4500 points or more

Was that your full router config ? You have shown an access-list 101 applied to the FastEthernet0.2 interface but it does not seem to be defined anywhere...


Paresh

jbrunsting Mon, 03/27/2006 - 15:48
User Badges:

I cut-n-pasted the correct config in the main message. The one listed is the right one without access lists.

pkhatri Mon, 03/27/2006 - 15:53
User Badges:
  • Purple, 4500 points or more

In that case, ACL 101 does not really matter.


Can you confirm that your hosts in VLAN 2 are using 192.168.1.1 as their default gateway address ?


Paresh

jbrunsting Mon, 03/27/2006 - 16:01
User Badges:

Plugging my laptop into the network on VLAN2 gives me the default gateway address of 192.168.1.1


The switch itself (config listed above)and hosts on VLAn2 are unable to access the internet but can access servers on VLAN1. Machines on VLAN1 can access the internet and even the switch on VLAN2.

pkhatri Mon, 03/27/2006 - 16:18
User Badges:
  • Purple, 4500 points or more

It's possible that your NAT device is expecting a source address in the 192.168.254.0/24 range.


Could you try the following:


Firstly, find an unused 192.168.254.x address. Then, configure the following:


interface FastEthernet0.2

ip nat inside

!

interface Serial0

ip nat outside

!

ip nat pool NATPOOL 192.168.254.x 192.168.254.x netmask 255.255.255.0

ip nat inside source list 10 pool NATPOOL overload

!

access-list 10 permit 192.168.1.0 0.0.0.255


Hope that helps - pls rate the post if it does.

Paresh


Actions

This Discussion