Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Guest Vlan Routing

Hello,

i have three VLAN'S  Vlan10 (Privat) and Vlan15 (Guest) and Vlan100 (Manage) and each of them have a DHCP Pool.

I wan't that each VLAN can access the Internet (VDSL) but can't access each other.

My Problem is that with my Config each Vlan get routed and they can access each other.

I think the Problem is my access-list 101 can someone give me a hint where the Problem is ?

ip nat inside source list 101 interface Dialer1 overload

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.15.0 0.0.0.255 any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

Router Confing

ip dhcp excluded-address 192.168.1.1 192.168.1.100

ip dhcp excluded-address 192.168.10.1 192.168.10.100

ip dhcp excluded-address 192.168.15.1 192.168.15.100

!

ip dhcp pool Manage

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 192.168.1.1

!

ip dhcp pool DataPrivat

import all

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 192.168.10.1

!

ip dhcp pool DataGuest

import all

network 192.168.15.0 255.255.255.0

default-router 192.168.15.1

dns-server 192.168.15.1

!

!

!

ip inspect name myfw tcp

ip inspect name myfw udp

ip cef

no ipv6 cef

!

!

multilink bundle-name authenticated

!

!

username cisco privilege 15 password 0 xxxxxx

!

!

!

!

!

controller VDSL 0

!

csdb tcp synwait-time 30

csdb tcp idle-time 3600

csdb tcp finwait-time 5

csdb tcp reassembly max-memory 1024

csdb tcp reassembly max-queue-length 16

csdb udp idle-time 30

csdb icmp idle-time 10

csdb session max-session 65535

!

!

!

!

!

!

!

!

!

interface Ethernet0

no ip address

no ip route-cache

!

interface Ethernet0.7

encapsulation dot1Q 7

no ip route-cache

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface BRI0

no ip address

encapsulation hdlc

shutdown

isdn termination multidrop

no cdp enable

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

!

interface FastEthernet0

no ip address

shutdown

no cdp enable

!

interface FastEthernet1

no ip address

shutdown

no cdp enable

!

interface FastEthernet2

no ip address

shutdown

no cdp enable

!

interface FastEthernet3

switchport mode trunk

no ip address

no cdp enable

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan15

ip address 192.168.15.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Vlan100

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

interface Dialer1

ip address negotiated

ip access-group 111 in

no ip redirects

no ip unreachables

no ip proxy-arp

ip mtu 1492

ip nat outside

ip inspect myfw out

ip virtual-reassembly in max-reassemblies 1024

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication pap callin

ppp ipcp dns request

ppp ipcp mask request

ppp ipcp route default

no cdp enable

!

no ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 600 life 86400 requests 10000

!

!

ip dns server

ip nat inside source list 101 interface Dialer1 overload

!

no service-routing capabilities-manager

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 101 permit ip 192.168.15.0 0.0.0.255 any

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 111 permit icmp any any administratively-prohibited

access-list 111 permit icmp any any echo-reply

access-list 111 permit icmp any any packet-too-big

access-list 111 permit icmp any any time-exceeded

access-list 111 permit icmp any any unreachable

access-list 111 permit udp any eq domain any

access-list 111 permit tcp any eq domain any

access-list 111 permit gre any any

access-list 111 permit tcp any any eq 5900

access-list 111 permit tcp any any eq 8080

access-list 111 permit tcp any any eq 50000

access-list 111 permit tcp any any eq 50001

access-list 111 permit tcp any any eq 50002

access-list 111 permit tcp any any eq 55554

access-list 111 permit tcp any any eq 55555

access-list 111 permit tcp any any eq 10800

access-list 111 deny   ip any any

dialer-list 1 protocol ip list 101

2958
Views
0
Helpful
0
Replies
CreatePlease to create content