Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Guest Vlan Router Config

Hello,

i have three VLAN'S  Vlan10 (Privat) and Vlan15 (Guest) and Vlan100 (Manage) and each of them have a DHCP Pool.

I wan't that each VLAN can access the Internet (VDSL) but can't access each other.

My Problem is that with my Config each Vlan get routed and they can access each other.

I think the Problem is my access-list 101 can someone give me a hint where the Problem is ?

ip nat inside source list 101 interface Dialer1 overload

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.15.0 0.0.0.255 any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

Router Confing

ip dhcp excluded-address 192.168.1.1 192.168.1.100

ip dhcp excluded-address 192.168.10.1 192.168.10.100

ip dhcp excluded-address 192.168.15.1 192.168.15.100

!

ip dhcp pool Manage

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.1.1

!

ip dhcp pool DataPrivat

import all

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 192.168.10.1

!

ip dhcp pool DataGuest

import all

network 192.168.15.0 255.255.255.0

default-router 192.168.15.1

dns-server 192.168.15.1

!

!

!

ip inspect name myfw tcp

ip inspect name myfw udp

ip cef

no ipv6 cef

!

!

multilink bundle-name authenticated

!

!

username cisco privilege 15 password 0 xxxxxx

!

!

!

!

!

controller VDSL 0

!

csdb tcp synwait-time 30

csdb tcp idle-time 3600

csdb tcp finwait-time 5

csdb tcp reassembly max-memory 1024

csdb tcp reassembly max-queue-length 16

csdb udp idle-time 30

csdb icmp idle-time 10

csdb session max-session 65535

!

!

!

!

!

!

!

!

!

interface Ethernet0

no ip address

no ip route-cache

!

interface Ethernet0.7

encapsulation dot1Q 7

no ip route-cache

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

isdn termination multidrop

no cdp enable

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

!

interface FastEthernet0

no ip address

shutdown

no cdp enable

!

interface FastEthernet1

no ip address

shutdown

no cdp enable

!

interface FastEthernet2

no ip address

shutdown

no cdp enable

!

interface FastEthernet3

switchport mode trunk

no ip address

no cdp enable

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan15

ip address 192.168.15.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan100

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Dialer1

ip address negotiated

ip access-group 111 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

ip nat outside

ip inspect myfw out

ip virtual-reassembly in max-reassemblies 1024

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp pap sent-username xxxxx#0001@t-online.de password 0 xxxxxxx

ppp ipcp dns request

ppp ipcp mask request

ppp ipcp route default

no cdp enable

!

no ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

!

!

ip dns server

ip nat inside source list 101 interface Dialer1 overload

!

no service-routing capabilities-manager

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.15.0 0.0.0.255 any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq domain any

access-list 111 permit tcp any eq domain any

access-list 111 permit gre any any

access-list 111 permit tcp any any eq 5900

access-list 111 permit tcp any any eq 8080

access-list 111 permit tcp any any eq 50000

access-list 111 permit tcp any any eq 50001

access-list 111 permit tcp any any eq 50002

access-list 111 permit tcp any any eq 55554

access-list 111 permit tcp any any eq 55555

access-list 111 permit tcp any any eq 10800

access-list 111 deny   ip any any

dialer-list 1 protocol ip list 101

Everyone's tags (3)
2988
Views
0
Helpful
0
Replies
CreatePlease login to create content