Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

IP Routing Problem

Could someone please help me figure out why routing is not working on the ESwithes with in the LAN?

The WAN routing works fine.

I actually have 2 3550 and 1 2950 but if I can figure out the one 3550 I can fix the other two.

!1751 Router

version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

!

logging queue-limit 100

logging buffered 51200 debugging

logging console critical

!

memory-size iomem 25

ip subnet-zero

no ip source-route

no ip rcmd domain-lookup

!

!

ip tcp synwait-time 10

ip name-server

ip name-server

!

no ip bootp server

ip cef

ip inspect name DEFAULT100 cuseeme

ip inspect name DEFAULT100 ftp

ip inspect name DEFAULT100 h323

ip inspect name DEFAULT100 netshow

ip inspect name DEFAULT100 rcmd

ip inspect name DEFAULT100 realaudio

ip inspect name DEFAULT100 rtsp

ip inspect name DEFAULT100 smtp

ip inspect name DEFAULT100 sqlnet

ip inspect name DEFAULT100 streamworks

ip inspect name DEFAULT100 tftp

ip inspect name DEFAULT100 tcp

ip inspect name DEFAULT100 udp

ip inspect name DEFAULT100 vdolive

ip inspect name DEFAULT100 icmp

ip audit notify log

ip audit po max-events 100

ip ssh time-out 60

ip ssh authentication-retries 2

!

!

interface Loopback0

no ip address

!

interface ATM0/0

no ip address

ip route-cache flow

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/0.1 point-to-point

pvc 8/35

pppoe-client dial-pool-number 1

!

!

interface FastEthernet0/0

description $FW_INSIDE$$ETH-LAN$

no ip address

ip access-group 100 in

ip mtu 1452

ip nat inside

ip route-cache flow

ip tcp adjust-mss 1452

speed auto

no cdp enable

!

interface FastEthernet0/0.1

description VLAN 1 Interface

encapsulation dot1q VLAN 1

ip address 192.168.9.59 255.255.255.192

!

interface FastEthernet0/0.2

description VLAN 2 Interface

encapsulation dot1q VLAN 2

ip address 192.168.9.126 255.255.255.192

!

interface FastEthernet0/0.3

description VLAN 3 Interface

encapsulation dot1q VLAN 3

ip address 192.168.9.190 255.255.255.192

!

interface FastEthernet0/0.4

description VLAN 4 Interface

encapsulation dot1q VLAN 4

ip address 192.168.9.254 255.255.255.192

!

interface Dialer0

description $FW_OUTSIDE$

ip address negotiated

ip access-group 101 in

ip mtu 1452

ip nat outside

ip inspect DEFAULT100 out

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication pap callin

ppp pap sent-username

!

ip nat inside source list 7 interface Dialer0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer0

ip http server

ip http authentication local

ip http secure-server

!

!

!

logging trap debugging

access-list 7 permit 192.168.0.0 0.0.255.255

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration

access-list 101 remark SDM_ACL Category=1

access-list 101 deny ip 192.168.9.0 0.0.0.255 any

access-list 101 deny ip 10.0.0.0 0.255.255.255 any

access-list 101 deny ip 172.16.0.0 0.15.255.255 any

access-list 101 deny ip 192.168.0.0 0.0.255.255 any

access-list 101 deny ip 127.0.0.0 0.255.255.255 any

access-list 101 deny ip host 255.255.255.255 any

access-list 101 deny ip host 0.0.0.0 any

access-list 101 deny ip any any log

access-list 102 remark Restrict Web Access

access-list 102 remark SDM_ACL Category=1

access-list 102 permit ip 192.168.11.0 0.0.0.255 host 12.155.193.32

access-list 102 remark my.screenname.aol.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 64.12.151.141

access-list 102 remark login.passport.net

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 65.54.229.246

access-list 102 remark messenger.yahoo.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 66.163.172.51

access-list 102 remark www.aol.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 205.188.145.214

access-list 102 remark my.msn.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 207.68.171.254

access-list 102 remark www.mymsn.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 207.68.172.254

access-list 102 remark www.msn.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 207.68.173.244

access-list 102 remark www.hotmail.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 207.68.173.245

access-list 102 remark www.yahoo.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 216.109.118.65

access-list 102 remark mail.yahoo.com

access-list 102 deny ip 192.168.10.0 0.0.0.255 host 216.109.127.60

access-list 102 permit ip 192.168.10.0 0.0.0.255 any

access-list 102 permit ip 192.168.9.0 0.0.0.255 any

access-list 102 deny ip any any

access-list 103 remark Mac IN Access

access-list 103 remark SDM_ACL Category=1

access-list 103 permit ip host 192.168.9.87 any

dialer-list 1 protocol ip permit

no cdp run

!

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!

^C

!

line con 0

login local

transport output telnet

line aux 0

login local

transport output telnet

line vty 0 4

privilege level 15

login local

transport input telnet ssh

line vty 5 15

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 4000 1000

scheduler interval 500

end

!3550 ESwitch

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

!

!

clock timezone MDT 6

ip subnet-zero

ip routing

!

cluster enable

cluster member 1 mac-address

cluster member 2 mac-address

!

spanning-tree extend system-id

!

!

interface FastEthernet0/1

switchport access vlan 3

switchport mode access

no ip address

duplex full

speed 100

spanning-tree portfast trunk

!

interface FastEthernet0/2

switchport access vlan 3

switchport mode access

no ip address

duplex half

speed 10

!

interface FastEthernet0/3

switchport access vlan 3

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/4

switchport access vlan 3

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/5

switchport access vlan 4

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/6

switchport access vlan 3

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/7

switchport access vlan 3

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/8

switchport access vlan 3

switchport mode access

no ip address

duplex half

speed 10

!

interface FastEthernet0/9

switchport mode access

no ip address

duplex half

speed 10

!

interface FastEthernet0/10

switchport mode access

no ip address

!

interface FastEthernet0/11

switchport access vlan 3

switchport mode access

no ip address

!

interface FastEthernet0/12

switchport access vlan 2

switchport mode access

no ip address

!

interface FastEthernet0/13

switchport access vlan 3

switchport mode access

no ip address

!

interface FastEthernet0/14

switchport access vlan 3

switchport mode access

no ip address

!

interface FastEthernet0/15

switchport access vlan 3

switchport mode access

no ip address

!

interface FastEthernet0/16

switchport access vlan 2

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/17

switchport access vlan 2

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/18

switchport access vlan 2

switchport mode access

no ip address

!

interface FastEthernet0/19

switchport access vlan 2

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/20

switchport mode access

no ip address

duplex half

speed 10

!

interface FastEthernet0/21

switchport access vlan 4

switchport mode access

no ip address

duplex full

speed 100

!

interface FastEthernet0/22

switchport access vlan 4

switchport mode access

no ip address

!

interface FastEthernet0/23

switchport access vlan 4

switchport mode access

no ip address

!

interface FastEthernet0/24

switchport access vlan 4

switchport mode access

no ip address

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

!

interface Vlan1

ip address 192.168.9.58 255.255.255.192

!

interface Vlan2

ip address 192.168.9.125 255.255.255.192

!

interface Vlan3

ip address 192.168.9.189 255.255.255.192

!

interface Vlan4

ip address 192.168.9.253 255.255.255.192

!

router rip

redistribute connected

network 192.168.9.0

!

ip classless

ip http server

ip route 0.0.0.0 0.0.0.0 192.168.9.1

!

ip access-list extended CMP-NAT-ACL

dynamic Cluster-HSRP deny ip any any

dynamic Cluster-NAT permit ip any any

!

!

line con 0

line vty 0 4

password

login

line vty 5 15

password

login

!

end

2 REPLIES
Bronze

Re: IP Routing Problem

From your config, it looks like you have internal hosts connected to your fast ethernet interface that need to be translated to a routeable address to have internet access out the dialer interface. If the problem is, your internal 192.168.x.x hosts aren't getting out to the internet, try moving the command "ip nat inside" under the subinerfaces instead of the main interface.

interface FastEthernet0/0.1

ip nat inside

interface FastEthernet0/0.2

ip nat inside

interface FastEthernet0/0.3

ip nat inside

interface FastEthernet0/0.4

ip nat inside

You will also want to move the ip access-group 100 in command to each subinterface you want to filter traffic on. Hope that helps.

New Member

Re: IP Routing Problem

This solves the internet routing problems from the VLANs to the internet but does not solve the VLAN to VLAN routing on the switches. On the same switch I can not see between VLANs.

117
Views
0
Helpful
2
Replies
CreatePlease to create content