Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN Internet Routing

Hello,

I have configured a couple of VLANs on my network. Both are able to see eachother, but only one is able to browse the Internet. The following is my router config:

CorpRouter#sh run

Building configuration...

Current configuration:

!

version 12.0

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CorpRouter

!

enable secret 5 $1$kkaF$pE/7LIyhCqI2ZtdkIB4qz/

!

!

!

!

!

ip subnet-zero

no ip domain-lookup

!

!

!

!

interface FastEthernet0/0

ip address 10.1.1.254 255.255.255.0

no ip directed-broadcast

speed 100

full-duplex

!

interface Serial0/0

no ip address

no ip directed-broadcast

no ip mroute-cache

shutdown

no fair-queue

!

interface FastEthernet0/1

ip address 10.1.8.250 255.255.255.0

no ip directed-broadcast

speed 100

full-duplex

!

router eigrp 200

network 10.0.0.0

network 206.175.173.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.1.250

ip route 10.1.7.0 255.255.255.0 10.1.1.253

no ip http server

and "sh ip route"

Gateway of last resort is 10.1.1.250 to network 0.0.0.0

10.0.0.0/24 is subnetted, 3 subnets

C 10.1.8.0 is directly connected, FastEthernet0/1

C 10.1.1.0 is directly connected, FastEthernet0/0

S 10.1.7.0 [1/0] via 10.1.1.253

S* 0.0.0.0/0 [1/0] via 10.1.1.250

CorpRouter#

The switch is a Catalyst 2948G with the router ports in their own VLAN. The 10.1.8.x systems are in VLAN 20 and the 10.1.1.x systems are in VLAN 1. The 10.1.1.250 is our firewall (which the 10.1.1.x systems and the router can ping, but the 10.1.8.x systems can not).

Can you tell me if multiple VLANs can access the Internet over a single link and/or what my config problem is? Also, the "sh ip arp" shows that the router has the 10.1.1.250 address listed and the router can ping all addresses. The other static route is for our private dialup users.

Thank you for your time.

3 REPLIES
New Member

Re: VLAN Internet Routing

You havent told us where the Internet connection is coming from.

New Member

Re: VLAN Internet Routing

Celsius,

If you haven't already resolved the problem; check your firewall's routing table, I believe you'll find that since it has an interface in 10.1.1.x network it knows how to route traffic for 10.1.1.x but the routing table does not have an entry for 10.1.8.x so the traffic is dropped. If the fw has the ability to run eigrp you may want that setup to avoid problems in the future as you add more internal networks or add routes manually to the fw. Hope this helps.

Regrds,

New Member

Re: VLAN Internet Routing

Thanks for your responce. I will not have time to reconfigure the fw until next week. But that sounds like the fix.

128
Views
0
Helpful
3
Replies
CreatePlease to create content