Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
275
Views
1
Helpful
1
Replies

inter vlan routing problem

rauca 12345
Level 1
Level 1

‎07-24-2023 07:51 AM

i have this config on this router, can you guys help me out to find the issue?

i want the vlan 20, 30,40 50 and 100 to communicate between each other and vlan 10, and 60 be restrictet and to have acces only to internet. 

 

Building configuration...


Current configuration : 4831 bytes
!
! Last configuration change at 13:59:04 UTC Mon Jul 24 2023
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CONNECTIUM_ROUTER
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/0
!
no aaa new-model
!
ip cef
!
!
!
!
ip dhcp pool RENTALOAD
network 192.168.1.0 255.255.255.248
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
lease 14
!
ip dhcp pool CONNECTIUM_SALE
network 192.168.2.0 255.255.255.248
default-router 192.168.2.1
dns-server 8.8.8.8 8.8.4.4
lease 14
!
ip dhcp pool CONNECTIUM_OFFICE
network 192.168.3.0 255.255.255.240
default-router 192.168.3.1
dns-server 8.8.8.8 8.8.4.4
lease 14
!
ip dhcp pool WAREHOUSE
network 192.168.4.0 255.255.255.240
default-router 192.168.4.1
dns-server 8.8.8.8 8.8.4.4
lease 14
!
ip dhcp pool SERVERS
network 192.168.5.0 255.255.255.248
default-router 192.168.5.1
dns-server 8.8.8.8 8.8.4.4
lease 14
!
ip dhcp pool WIFI_GUESTS
network 192.168.6.0 255.255.255.252
default-router 192.168.6.1
dns-server 8.8.8.8 8.8.4.4
lease 14
!
ip dhcp pool PRINTERS
network 192.168.10.0 255.255.255.248
default-router 192.168.5.1
dns-server 8.8.8.8 8.8.4.4
lease 14
!
!
!
no ip domain lookup
ip domain name cisco.net
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2921/K9 sn FCZ175360JV
hw-module pvdm 0/0
!
!
!
username admin password 0 cisco
!
redundancy
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
ip access-group VLAN10_WIFI_GUEST_OUTBOUND out
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.2.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.3.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.4.1 255.255.255.240
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.50
encapsulation dot1Q 50
ip address 192.168.5.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.60
encapsulation dot1Q 60
ip address 192.168.6.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.90
encapsulation dot1Q 90
ip address 175.16.4.145 255.255.255.252
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.100
encapsulation dot1Q 100
ip address 192.168.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
description INTERNET LINE
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
router ospf 10
network 192.168.1.0 0.0.0.7 area 0
network 192.168.2.0 0.0.0.7 area 0
network 192.168.3.0 0.0.0.15 area 0
network 192.168.4.0 0.0.0.15 area 0
network 192.168.5.0 0.0.0.7 area 0
network 192.168.6.0 0.0.0.3 area 0
network 192.168.9.0 0.0.0.3 area 0
network 192.168.10.0 0.0.0.7 area 0
!
router ospf 1
router-id 1.1.1.1
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat source list 10 interface GigabitEthernet0/1 overload
ip nat inside source list 10 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
ip access-list extended VLAN10_WIFI_GUEST_OUTBOUND
deny ip 192.168.1.0 0.0.0.7 any
deny ip 192.168.6.0 0.0.0.3 any
permit ip 192.168.2.0 0.0.0.7 any
permit ip 192.168.3.0 0.0.0.15 any
permit ip 192.168.4.0 0.0.0.15 any
permit ip 192.168.5.0 0.0.0.7 any
permit ip 192.168.10.0 0.0.0.7 any
!
access-list 10 permit 192.168.1.0 0.0.0.7
access-list 10 permit 192.168.2.0 0.0.0.7
access-list 10 permit 192.168.3.0 0.0.0.15
access-list 10 permit 192.168.4.0 0.0.0.15
access-list 10 permit 192.168.5.0 0.0.0.7
access-list 10 permit 192.168.6.0 0.0.0.3
access-list 10 permit 192.168.10.0 0.0.0.7
access-list 10 permit 172.16.4.144 0.0.0.3
!
!
!
control-plane
!
!
!
!
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
shutdown
!
!
banner motd ^CNo Unathorised Access!!!^C
!
line con 0
password cisco
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end

 

#######and here are the config for the switch ###################

 

vlan 10
name RENTALOAD
exit
vlan 20
name CONNECTIUM_SALE
exit
vlan 30
name CONNECTIUM_OFFICE
exit
vlan 40
name WAREHOUSE
exit

vlan 50
name SERVER
exit

vlan 60
name WIFI_GUEST
exit

vlan 100
name PRINTERS
exit

interface GigabitEthernet2/0/1
switchport mode trunk
switchport access vlan 999

exit
interface range GigabitEthernet2/0/2-6
switchport mode access
switchport access vlan 10
no shutdown
exit
interface range GigabitEthernet2/0/7-10
switchport mode access
switchport access vlan 20
no shutdown
exit
interface range GigabitEthernet2/0/11-22
switchport mode access
switchport access vlan 30
no shutdown
exit

interface range GigabitEthernet2/0/31-38
switchport mode access
switchport access vlan 40
no shutdown
exit

interface range GigabitEthernet2/0/23-26
switchport mode access
switchport access vlan 40
no shutdown
exit

interface range GigabitEthernet2/0/27-30
switchport mode access
switchport access vlan 50
no shutdown


interface range Te2/1/1-4
switchport mode access
switchport access vlan 50
no shutdown
exit
interface GigabitEthernet2/0/39
switchport mode access
switchport access vlan 60
no shutdown
exit
interface range GigabitEthernet2/0/40-42
switchport mode access
switchport access vlan 100
no shutdown
exit
interface range GigabitEthernet2/0/43-48
switchport mode access
switchport access vlan 999
shutdown
exit

 

 

 

1 Reply 1

Flavio Miranda
VIP
VIP

‎07-24-2023 09:43 AM

Hello @rauca 12345 

 What you need to do is apply the following ACL

!

access-list 100 deny ip any 192.168.0.0 0.0.255.255

access-list 100 permit ip any any

!

On the Interface 10 and 60

interface GigabitEthernet0/0.10

encapsulation dot1Q 10

ip address 192.168.1.1 255.255.255.248

ip access-group 100 in

!

I did on the simulator and you can check from PC0, if you have this simulator.

 

acl_test.zip
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card