Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

CIsco 1841 VLAN routing

Hi everyone,

I'm having some trouble with routing traffic from one vlan to the other on a 1841.

What am I trying to do:

- route traffic from vlan1 to the internet with a specific public IP

- route traffic from vlan2 to the internet with a specific public IP

- allow traffic from vlan1 to vlan2 and vice versa

- NAT specific ports to a host on vlan1

What's not working:

- hosts from vlan1 can ping the vlan2 interface, but not the hosts on vlan2 and vice versa

Here's the config (I have disabled access-rules for simplicity):

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco1841
!
boot-start-marker
boot-end-marker
!
!

!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login ciscocp_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network ciscocp_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
!
no process cpu extended history
no process cpu autoprofile hog
dot11 syslog
ip source-route
no ip routing
!
!
!
!
!
no ip cef
ip inspect name CCP_LOW dns
ip inspect name CCP_LOW ftp
ip inspect name CCP_LOW h323
ip inspect name CCP_LOW sip
ip inspect name CCP_LOW icmp
ip inspect name CCP_LOW netshow
ip inspect name CCP_LOW rcmd
ip inspect name CCP_LOW realaudio
ip inspect name CCP_LOW rtsp
ip inspect name CCP_LOW sqlnet
ip inspect name CCP_LOW streamworks
ip inspect name CCP_LOW tftp
ip inspect name CCP_LOW tcp
ip inspect name CCP_LOW udp
ip inspect name CCP_LOW vdolive
ip name-server 1.2.3.4


multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
username admin privilege 15 password 0 notthepassword
!
redundancy
!
!
!
!
!
!
interface FastEthernet0/0
 description $FW_OUTSIDE$
 ip address 2.1.2.1 255.255.255.248 secondary
 ip address 2.1.2.2 255.255.255.248
 ip access-group 102 in
 ip inspect CCP_LOW out
 ip nat outside
 ip virtual-reassembly in
 no ip route-cache
 speed auto
 half-duplex
 no cdp enable
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 no ip route-cache
 duplex auto
 speed auto
 no cdp enable
!

interface FastEthernet0/0/0
 no ip address
 no cdp enable
!
interface FastEthernet0/0/1
 switchport access vlan 2
 no ip address
 no cdp enable
!
interface FastEthernet0/0/2
 no ip address
 shutdown
 no cdp enable
!
interface FastEthernet0/0/3
 no ip address
 shutdown
 no cdp enable
!
!
interface Vlan1
 description $FW_INSIDE$
 ip address 192.168.175.252 255.255.255.0
 ip access-group 100 in
 ip nat inside
 ip virtual-reassembly in
 no ip route-cache
!
interface Vlan2
 description $FW_INSIDE$
 ip address 192.168.176.254 255.255.255.0
 ip access-group 101 in
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
!
!
ip nat pool natvlan1  2.1.2.1 2.1.2.1 netmask 255.255.255.248
ip nat pool natvlan2 2.1.2.2 2.1.2.2 netmask 255.255.255.248
ip nat inside source list 100 pool natvlan1 overload
ip nat inside source list 101 pool natvlan2 overload
ip nat inside source static tcp 192.168.175.1 25 2.1.2.1 25 extendable
ip nat inside source static tcp 192.168.175.1 80 2.1.2.1 80 extendable
ip nat inside source static tcp 192.168.175.1 443 2.1.2.1 443 extendable
ip nat inside source static tcp 192.168.175.6 876 2.1.2.1 876 extendable
ip nat inside source static tcp 192.168.175.4 8550 2.1.2.1 8850 extendable
ip route 0.0.0.0 0.0.0.0 2.1.2.3
!
access-list 100 permit ip any any
access-list 101 permit ip any any
access-list 102 permit ip any any
!
!
!
!
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 password notthepassword
 transport input all
!
scheduler allocate 20000 1000
end

Any help is greatly appreciated!

Everyone's tags (1)
1 REPLY

Hello.You have "no ip routing

Hello.

You have "no ip routing" command that is preventing you from routing.

Btw, who wrote the config? It's really strange (no ip cef, ip source-route and etc.)

518
Views
0
Helpful
1
Replies
CreatePlease to create content