06-21-2012 07:00 AM - edited 03-04-2019 04:44 PM
Hi Friends,
One of my client has cisco 877 router on which we have VLAN1 which is 10.0.140.1 and this router is connected to firewall on port 0.
the firewall ip is 10.0.140.2
the cisco 877 has got total 4 ports.
Now my client wants me to create a different subnet for the lan directly from the router, so it shouldn't go through the firewall.
So I have choosed port 2 for this and configured interface vlan 2 with 172.16.15.1
Problem is Vlan 1 got access to the internet but vlan 2 is not getting internet at all. Any help would be highly appreciated.
Below is the config:
!
hostname Internet
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
logging console critical
enable secret 5 $1$g364$22w6N7fgr65zx3z6E9CUqCli/
!
aaa new-model
!
!
aaa authentication login default local
!
!
aaa session-id common
clock timezone GMT 0
!
!
dot11 syslog
no ip source-route
ip cef
no ip dhcp use vrf connected
!
!
!
no ip bootp server
no ip domain lookup
!
!
!
username xxxx password 7 xxxx
!
!
archive
log config
hidekeys
!
!
!
!
!
interface ATM0
description $ES_WAN$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
switchport access vlan 2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.0.140.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface Vlan2
ip address 172.16.15.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname xxxx
ppp chap password 7 xxxx
ppp pap sent-username xxx password 7 yyyy
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.0.0.0 255.255.255.0 10.0.140.2
ip route 172.16.15.0 255.255.255.0 172.10.15.2
!
ip http server
ip http port 8080
no ip http secure-server
ip nat inside source static 10.0.140.2 interface Dialer0
!
no cdp run
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 0001955
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp clock-period 17175070
ntp server 4.2.2.2
end
02-24-2013 01:35 PM
I added Below lines and everything working fine.
ip access-list extended NAT
permit ip 172.16.15.0 0.0.0.255 any
ip nat inside source list NAT interface Dialer0 overlaod
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide