03-27-2006 03:29 PM - edited 03-03-2019 02:30 AM
I have a Cisco 1721 router and switches in the network I am working on. The router configuration does not have any access-lists defined. I have two VLANs (VLAN1 and VLAN2) defined on the router. The switches just tag VLAN traffic so when it goes through, it knows where it is going. Here is my problem:
VLAN1 can access the internet and can access both VLAN1 and VLAN2.
VLAN2 can access VLAN1 anad VLAN2 but not the internet.
Why can't VLAN2 hit the internet?
Router Config:
Using 1323 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FV
!
boot-start-marker
boot-end-marker
!
enable secret 5 XXXXXXXXXXXXXXXX
enable password XXXXXXX
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.3
ip dhcp excluded-address 192.168.1.4
ip dhcp excluded-address 192.168.1.5
!
ip dhcp pool DHCPPool1
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.254.100
netbios-name-server 192.168.254.100
!
no ftp-server write-enable
!
!
!
!
interface FastEthernet0
ip address 192.168.254.17 255.255.255.0
speed auto
no cdp enable
!interface FastEthernet0.1
no cdp enable
!
interface FastEthernet0.2
encapsulation dot1Q 2
ip address 192.168.1.1 255.255.255.0
!
interface Serial0
ip address 10.254.0.2 255.255.255.252
no fair-queue
service-module t1 remote-alarm-enable
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.254.0.1 permanent
no ip http server
!
snmp-server community provsol RW
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
!
end
Switch Configuration
Running configuration:
; J4813A Configuration Editor; Created on release #F.05.17
hostname "Main-7"
snmp-server location "Internet Cafe"
cdp run
ip default-gateway 192.168.1.1
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
ip address 192.168.254.229 255.255.255.0
no untagged 1-26
exit
vlan 2
name "CAFE"
untagged 1-23,25-26
ip address 192.168.1.4 255.255.255.0
tagged 24
exit
stack join 00110ad21100
no aaa port-access authenticator active
03-27-2006 03:34 PM
Was that your full router config ? You have shown an access-list 101 applied to the FastEthernet0.2 interface but it does not seem to be defined anywhere...
Paresh
03-27-2006 03:48 PM
I cut-n-pasted the correct config in the main message. The one listed is the right one without access lists.
03-27-2006 03:53 PM
In that case, ACL 101 does not really matter.
Can you confirm that your hosts in VLAN 2 are using 192.168.1.1 as their default gateway address ?
Paresh
03-27-2006 04:01 PM
Plugging my laptop into the network on VLAN2 gives me the default gateway address of 192.168.1.1
The switch itself (config listed above)and hosts on VLAn2 are unable to access the internet but can access servers on VLAN1. Machines on VLAN1 can access the internet and even the switch on VLAN2.
03-27-2006 04:18 PM
It's possible that your NAT device is expecting a source address in the 192.168.254.0/24 range.
Could you try the following:
Firstly, find an unused 192.168.254.x address. Then, configure the following:
interface FastEthernet0.2
ip nat inside
!
interface Serial0
ip nat outside
!
ip nat pool NATPOOL 192.168.254.x 192.168.254.x netmask 255.255.255.0
ip nat inside source list 10 pool NATPOOL overload
!
access-list 10 permit 192.168.1.0 0.0.0.255
Hope that helps - pls rate the post if it does.
Paresh
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide