08-05-2018 11:29 AM
Here is a diagram of my local network. VLAN 1 in the private LAN, VLAN 2 is the DMZ. The router is a 891w
VLAN 1 has an IP address of 192.168.1.252 and has DHCP configured to hand out IP addresses in the 192.168.1.0/24 range. The desktop is connected to switchport F7 via Ethernet, is a DHCP client, and has been assigned 192.168.1.2/24.
VLAN 2 is statically configured with an IP address of 10.10.10.1/30, and the server is statically configured with an IP address of 10.10.10.2/30
The problem is that the desktop cannot ping the server, and the server can only ping it's default gateway (10.10.10.1). The router can ping the server, the server's default gateway, and the desktop's default gateway (VLAN 1s address, 192.168.1.252), but not the desktop.
Device |
Ping Server (10.10.10.2) |
Ping VLAN 1 (192.168.1.252) |
Ping VLAN 2 (10.10.10.1) |
Ping Desktop (192.168.1.2) |
Desktop | No | Yes | Yes | Yes |
Server | Yes | No | Yes | No |
Router | Yes | Yes | Yes | No |
Here is my running config
Current configuration : 6793 bytes ! ! Last configuration change at 17:11:52 UTC Sun Aug 5 2018 by ethman770 ! version 15.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname CISCO_ISR ! boot-start-marker boot config usbflash0:CVO-BOOT.CFG boot-end-marker ! ! logging buffered 51200 warnings no logging console ! no aaa new-model service-module wlan-ap 0 bootimage autonomous ! crypto pki trustpoint TP-self-signed-1859622296 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-1859622296 revocation-check none rsakeypair TP-self-signed-1859622296 ! ! crypto pki certificate chain TP-self-signed-1859622296 certificate self-signed 01 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 69666963 6174652D 31383539 36323232 3936301E 170D3138 30373330 30313135 33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353936 32323239 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BC5B 74D7E71E E3797220 13B902F1 A70F4AD2 4FE4D76C 3FA645D1 0F331DC6 5D686E91 E8E03C2C 28E4CA7A 6E1CBF1D F50682DE CD4E076C BE030AC4 7530E5F1 1556FF14 891C1512 97C12B10 F62F3014 6EA920B9 467260FB BAD59C6F 0542DBC3 A263B800 98760347 43C85EA4 1451EB06 D4A30D53 70350177 C8E4F521 262324AA 21EF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 551D2304 18301680 1425FDED FB5051DD 4F13FFB1 01B8E622 8EA93340 05301D06 03551D0E 04160414 25FDEDFB 5051DD4F 13FFB101 B8E6228E A9334005 300D0609 2A864886 F70D0101 05050003 818100B8 A1E3A4C4 43B885F3 4C221302 4FCCC98E DDAA4619 319643C9 A68F8198 CFE213F1 F917C195 3BC23993 9C11CD95 28805086 A0C81A54 4AE50EA1 1A8D359A 82FB8A70 406F914D AAB4F0FC 6D3AFEE3 840F9A6F 9F2CC9CF E39AF4AE 188DD138 F9034EE9 1DF41B66 21222311 A3AEE2AC 051BF7A8 B9BFABE4 0CD8281C 9EE88404 C62573 quit ! ! ! ! ! ! ! ! ! ! ip dhcp pool WLANpool import all network 192.168.1.0 255.255.255.0 default-router 192.168.1.252 domain-name gilkey.com lease 7 ! ! ! no ip domain lookup ip domain name gilkey.com ip inspect name DEFAULT100 ftp ip inspect name DEFAULT100 h323 ip inspect name DEFAULT100 icmp ip inspect name DEFAULT100 netshow ip inspect name DEFAULT100 rcmd ip inspect name DEFAULT100 realaudio ip inspect name DEFAULT100 rtsp ip inspect name DEFAULT100 esmtp ip inspect name DEFAULT100 sqlnet ip inspect name DEFAULT100 streamworks ip inspect name DEFAULT100 tftp ip inspect name DEFAULT100 tcp ip inspect name DEFAULT100 udp ip inspect name DEFAULT100 vdolive ip cef no ipv6 cef ! ! ! ! ! multilink bundle-name authenticated ! ! ! ! ! ! license udi pid CISCO891W-AGN-A-K9 sn FTX144701KF ! ! username ethman770 privilege 15 secret 5 $1$.gfL$upZTgGrtXGLMTIBI5sY1y1 ! redundancy ! ! ! ! no cdp run ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0 switchport access vlan 2 no ip address spanning-tree portfast ! interface FastEthernet1 no ip address spanning-tree portfast ! interface FastEthernet2 no ip address spanning-tree portfast ! interface FastEthernet3 no ip address spanning-tree portfast ! interface FastEthernet4 no ip address spanning-tree portfast ! interface FastEthernet5 no ip address spanning-tree portfast ! interface FastEthernet6 no ip address spanning-tree portfast ! interface FastEthernet7 no ip address spanning-tree portfast ! interface FastEthernet8 no ip address duplex auto speed auto ! interface GigabitEthernet0 description $ES_WAN$$FW_OUTSIDE$ ip address dhcp ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip inspect DEFAULT100 out ip virtual-reassembly in duplex auto speed auto ! interface wlan-ap0 description Service module interface to manage the embedded AP no ip address arp timeout 0 ! interface Wlan-GigabitEthernet0 description Internal switch interface connecting to the embedded AP no ip address ! interface Vlan1 description Private LAN ip address 192.168.1.252 255.255.255.0 ! interface Vlan2 description Web server ip address 10.10.10.1 255.255.255.252 ! interface Async1 no ip address encapsulation slip ! interface Dialer0 ip address negotiated no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip nat outside ip virtual-reassembly in ip tcp adjust-mss 1452 dialer pool 1 dialer-group 1 no cdp enable ! ip forward-protocol nd ip http server ip http access-class 23 ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ! ! ip nat inside source list 1 interface GigabitEthernet0 overload ip route 0.0.0.0 0.0.0.0 Dialer0 ip route 10.10.10.0 255.255.255.252 10.10.10.2 ! ! ! ! control-plane ! ! mgcp behavior rsip-range tgcp-only mgcp behavior comedia-role none mgcp behavior comedia-check-media-src disable mgcp behavior comedia-sdp-force disable ! mgcp profile default ! ! ! ! ! ! ! banner exec ^C % Password expiration warning. ----------------------------------------------------------------------- Cisco Configuration Professional (Cisco CP) is installed on this device and it provides the default username "cisco" for one-time use. If you have already used the username "cisco" to login to the router and your IOS image supports the "one-time" user option, then this username has already expired. You will not be able to login to the router with this username after you exit this session. It is strongly suggested that you create a new username with a privilege level of 15 using the following command. username <myuser> privilege 15 secret 0 <mypassword> Replace <myuser> and <mypassword> with the username and password you want to use. ----------------------------------------------------------------------- ^C banner login ^C ------------------------------------------------------------------------- Warning! This is a private router. Any unauthorized access will be discovered and prosecuted to the fullest extent of the law. ------------------------------------------------------------------------- ^C banner motd ^Cogin& ------------------------------------------------------------------------- ^C ! line con 0 login local line 1 modem InOut speed 115200 flowcontrol hardware line 2 no activation-character no exec transport preferred none transport input all transport output pad telnet rlogin udptn ssh line aux 0 line vty 0 4 access-class 23 in privilege level 15 login local transport input telnet ssh line vty 5 15 access-class 23 in privilege level 15 login local transport input telnet ssh ! ! end
This is a school project in progress, so don't mind the clutter. Thanks in advance any help!
Solved! Go to Solution.
08-06-2018 12:43 AM
Hello ethman770,
Please, have in mind that this part of the forum is for the Small business devices, while your router 891 is not a part of them.
I will highly recommend that you move your question to the proper forum sub-folder, so you can receive faster reply.
Thank you!
08-06-2018 12:43 AM
Hello ethman770,
Please, have in mind that this part of the forum is for the Small business devices, while your router 891 is not a part of them.
I will highly recommend that you move your question to the proper forum sub-folder, so you can receive faster reply.
Thank you!
08-06-2018 04:57 AM
Woops, sorry. This device was recommended for SOHO environments so I thought it would be considered a small business device.
I figured out what the problem was and it had nothing to do with the device. The default gateway was configured incorrectly on the server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide