Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

802.1Q trunking Problem

--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --

Hello,

Since i configure Trunking between my Cat 3548 and 2600, i cann´t ping or telnet to my switch IP address more (VLAN1) cann some one help ?

between Router and Switch ping and telnet are ok. but from desktop no ping on the switch, ping on both trunking address is ok but not the native Vlan1.

Thanks

my config

Router

User Access Verification

Password:

RouterTest>en

Password:

Router#sh run

Building configuration...

Current configuration:

!

version 12.1

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname RouterTest

!

enable secret xxxxxxx!

!

!

!

!

ip subnet-zero

no ip domain-lookup

ip name-server nnnn.nn.n.129

!

ip dhcp pool WLAN-ClIENT

import all

network 10.60.119.0 255.255.255.0

dns-server nnnn.nn.n.129

default-Router 10.60.19.254

!

!

!

!

!

!

!

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

crypto isakmp key xxxxxxx address xxx.xx.xxx.36

crypto isakmp keepalive 10

!

crypto ipsec security-association lifetime seconds 28800

!

crypto ipsec transform-set DVAGset esp-3des esp-md5-hmac

!

crypto map DVAG local-address Ethernet1/0

crypto map DVAG 1 ipsec-isakmp

set peer xxx.xx.xxx.36

set transform-set DVAGset

match address 100

!

!

!

!

!

interface FastEthernet0/0

no ip address

ip nat inside

speed 100

full-duplex

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.60.19.254 255.255.255.0

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip address 10.60.119.254 255.255.255.0

!

interface Ethernet1/0

ip address xxx.xx.xxx.62 255.255.255.224

ip nat outside

crypto map DVAG

!

ip nat inside source route-map nonat interface Ethernet1/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet1/0

no ip http server

!

access-list 100 permit ip 10.60.19.0 0.0.0.255 172.24.0.0 0.0.255.255

access-list 100 permit ip 10.60.19.0 0.0.0.255 10.100.0.0 0.0.255.255

access-list 100 permit ip 10.60.19.0 0.0.0.255 10.61.0.0 0.0.255.255

access-list 110 permit esp host xxx.xx.xxx.36 any

access-list 110 permit udp host xxx.xx.xxx.36 eq isakmp any

access-list 110 permit tcp host xxx.xx.xxx.36 any

access-list 110 permit ip 172.24.0.0 0.0.255.255 10.60.19.0 0.0.0.255

access-list 110 permit ip 10.61.0.0 0.0.255.255 10.60.19.0 0.0.0.255

access-list 110 deny ip any any

access-list 120 deny ip 10.60.19.0 0.0.0.255 172.24.0.0 0.0.255.255

access-list 120 deny ip 10.60.19.0 0.0.0.255 10.100.0.0 0.0.255.255

access-list 120 deny ip 10.60.19.0 0.0.0.255 10.61.0.0 0.0.255.255

access-list 120 deny ip 10.60.119.0 0.0.0.255 172.24.0.0 0.0.255.255

access-list 120 deny ip 10.60.119.0 0.0.0.255 10.100.0.0 0.0.255.255

access-list 120 deny ip 10.60.119.0 0.0.0.255 10.61.0.0 0.0.255.255

access-list 120 permit ip 10.60.119.0 0.0.0.255 any

route-map nonat permit 10

match ip address 120

!

-----------------------------

Switch

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

duplex full

speed 100

!

interface FastEthernet0/2

no ip address

!

interface FastEthernet0/3

...................

interface FastEthernet0/48

switchport access vlan 2

no ip address

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

no ip address

!

interface Vlan1

ip address 10.60.19.250 255.255.255.0

no ip redirects

no ip route-cache

no ip mroute-cache

!

ip default-gateway 10.60.19.254

ip classless

ip http server

thanks for your help

2 REPLIES
Bronze

Re: 802.1Q trunking Problem

Just a guess because i can't find doc on the route-map and interface references in the IP NAT INSIDE statement, but it looks like your lost traffic is getting permitted in the route map and forced out e0/0.

New Member

Re: 802.1Q trunking Problem

Hi

Cannot see any ip nat inside command. But try to get rid of this

"access-list 120 permit ip 10.60.119.0 0.0.0.255 any" and be specific. Hope that will work

Agnelo Dcunha

98
Views
0
Helpful
2
Replies
CreatePlease to create content