I am trying to learn about VLANs and attempting to create a 2nd VLAN on my Cisco 871 router on FastEthernet #3 as a secure "guest" network. I can't get my 2nd VLAN to access the internet.
VLAN1 (default): 192.168.3.1 255.255.255.0
VLAN2: 192.168.4.1 255.255.255.0 configured on FastEthernet #3
On VLAN2 I can get an address from the DHCP server and I can ping 192.168.4.1 and 192.168.3.1. However I can not access the internet or ping the WAN gateway on VLAN2. I have assigned FE3 to VLAN2. Added the 2nd vlan subnet to the DHCP pool and added the 2nd vlan subnet to the NAT ACL. What am I missing? Do I need to add a static route? I would be confused if this was the case, since I don't see any static routes defined for the default VLAN. I believe you can have 2 VLANs on the 871.
Unfortunetly I am using CCP mainly for config, but can sort of make my way through the CLI. Here is the relevant sections of my config. Sorry if CCP put extra junk in it, or if I deleted too much.
Cisco IOS Software, C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(15)T3,
ROM: System Bootstrap, Version 12.3(8r)YI4, RELEASE SOFTWARE
System image file is "flash:c870-advipservicesk9-mz.124-15.T3.bin"
version 12.4
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.4.1 192.168.4.99
ip dhcp excluded-address 192.168.4.201 192.168.4.254
ip dhcp excluded-address 192.168.3.1 192.168.3.99
ip dhcp excluded-address 192.168.3.151 192.168.3.254
!
ip dhcp pool DHCP_Pool
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server 192.168.3.12 167.206.251.129
!
ip dhcp pool DHCP_Vlan2
import all
network 192.168.4.0 255.255.255.0
dns-server 192.168.3.12 167.206.251.129
default-router 192.168.3.1
!
!
ip port-map user-1401-1410 port tcp from 1402 to 1410 description FTP Data Ports
ip port-map user-protocol--1 port tcp 7001
ip port-map user-ftp-1280 port tcp 1280 list 2 description FTP on Port 1280
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
!
interface FastEthernet4
description $ETH-WAN$$FW_OUTSIDE$$ES_WAN$
ip address dhcp client-id FastEthernet4 hostname Cisco-Router
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
!
interface Virtual-Template1 type tunnel
ip unnumbered FastEthernet4
ip nat inside
ip virtual-reassembly
zone-member security ezvpn-zone
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
zone-member security in-zone
!
interface Vlan2
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool SDM_POOL_1 192.168.3.200 192.168.3.210
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat inside source list 3 interface FastEthernet4 overload
!
!
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.3.0 0.0.0.255
access-list 3 permit 192.168.4.0 0.0.0.255
access-list 100 remark SDM_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 101 remark SDM_ACL Category=0
access-list 101 permit ip any host 192.168.3.21
