Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

routing issue

Greeting,

In my test lab, I have one 1811, 2950 and AP 1242.

AP 1242 has two VLANs associate to 2 SSIDs. And I build the trunk port to 2950. And from 2950 I build trunk port to 1811. Both using encapulation dot1q by default. In my 1811, I have two dhcp pools for those SSIDs. I can get ip addresses from the pools once I sign in with different SSID. The problem is I cannot ping outside from my inside interface. Please help.

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.20.1

ip dhcp excluded-address 10.10.30.1

!

ip dhcp pool internal

network 10.10.20.0 255.255.255.0

default-router 10.10.20.1

!

ip dhcp pool guest

network 10.10.30.0 255.255.255.0

default-router 10.10.30.1

dns-server 12.127.xx.xx 12.127.xx.xx

!

!

interface Loopback0

ip address 10.10.100.255 255.255.255.255

!

interface FastEthernet0

ip address 12.107.xxx.xxx 255.255.255.224

duplex auto

speed auto

!

interface FastEthernet1

ip address 10.10.10.1 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet1.1

description Internal VLAN

encapsulation dot1Q 20

ip address 10.10.20.1 255.255.255.0

no snmp trap link-status

bridge-group 1

bridge-group 1 spanning-disabled

!

interface FastEthernet1.2

description guest vlan 30

encapsulation dot1Q 30

ip address 10.10.30.1 255.255.255.0

no snmp trap link-status

bridge-group 1

bridge-group 1 spanning-disabled

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

switchport mode trunk

!

interface FastEthernet9

!

interface Vlan1

no ip address

!

!

interface Async1

no ip address

encapsulation slip

!

router eigrp 100

network 10.10.10.0 0.0.0.255

network 10.10.20.0 0.0.0.255

network 10.10.30.0 0.0.0.255

network 10.10.100.255 0.0.0.0

auto-summary

!

ip route 0.0.0.0 0.0.0.0 12.107.yyy.yyy

ip route 10.10.10.0 255.255.255.0 12.107.yyy.yyy

ip route 10.10.10.0 255.255.255.0 FastEthernet1

!

=====

1. I can ping internet from fe0. I can ping fe0 from fe1. But I cannot ping my default gateway from fe1 or loop0. What did I miss?

2. How do I make sure vlan 30 does not talk to vlan 20 or vlan 1 but vlan 20 talks to vlan 1?

thanks for your help!!!

2 REPLIES
Hall of Fame Super Blue

Re: routing issue

Hi

What is fa8 connected to ?. Is this the trunk connection to the switch. If so you need to connect the fa1 interface to the 2950 on that port not fa8.

Not sure why you have 3 static routes on router, you only need the default route.

Fa1 should not have an ip address on it - ie what is 10.10.10.0/24 used for, is this vlan 1 ?

To restrict access you would use acl's on the subinterfaces

access-list 101 deny ip 10.10.30.0 0.0.0.255 10.10.10.0 0.0.0.255

access-list 101 deny ip 10.10.30.0 0.0.0.255 10.10.20.0 0.0.0.255

access-list 101 permit ip any any

int fa1.2

ip access-group 101 in

HTH

Jon

New Member

Re: routing issue

Thank you very much for the reply.

10.10.10/24 vlan1

10.10.20/24 vlan 20

10.10.30/24 vlan 30

Before I did another test with trunk connection to the switch via fa8 (I shut down fa1) and enabled three vlan interface 1, 20 and 30. But still does not work. I also took out the fa1 ip address one time and still did not work.

Right now switch is connecting to fa1 via dot1q trunking port. It seems both fa0 and fa1 cannot talk to each other.

thanks!

141
Views
0
Helpful
2
Replies
CreatePlease to create content