07-22-2006 06:02 AM - edited 03-03-2019 01:25 PM
Hello, all. I'm having difficulty setting up a VLAN to be on the same subnet as my ATM0.1 interface. I have static IPs provided by my ISP, the last one is the router, and I want the first one on my server. I recently upgraded my flash from 24M to 28M and installed the c870-advipservicesk9-mz.124-9.T to get VLAN capability, amongst other things. I can bridge my VLAN1 and DOT110, move the IP address and the ip nat commands to BVI1, and add the "bridge 1 route ip" command and my wireless seams together perfectly with my fastether ports, which can all get out to the internet. I can also create a second bridge group with the ATM0.1 interface and VLAN2, again assigning the ip address and ip nat commands to BVI2. Any fastether port on VLAN2 in this config can get to the outside world. I can even setup a DHCP pool for my remaining IPs and connect clients using DHCP. BUT, VLAN1 can no longer communicate with VLAN2. What other IOS commands do I need to issue? I've looked at some of the config on my Cisco's at work, noticed things like "ip classless" and routes to the various VLANs, and "vlan access-map XXX XX <CR> action forward", but I just can't figure out how to get BVI1 and BVI2 to talk.
Solved! Go to Solution.
07-22-2006 10:41 AM
Hello,
I made a few adjustments to your config, can you try and see if this works for you ? Basically, the outside interface is moved to the Dialer. You need to add the networks that you have configured for BVI1 and BVI2 to access list 1, in order for those networks to be translated.
ip cef
bridge irb
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
no ip address
no snmp trap link-status
pvc 0/32
encapsulation aal5snap ppp dialer
dialer pool-member 1
interface FastEthernet0
switchport access vlan 2
interface FastEthernet1
interface Dot11Radio0
no ip address
ssid ##########
authentication open
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
Interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
Interface Vlan2
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username yourname@adsl-planet password 7 005C
interface BVI1
ip address a.b.c.d w.x.y.z
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
interface BVI2
ip address a.b.c.d w.x.y.z
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip nat inside source list 1 interface Dialer 0 overload
!
access-list 1 permit x.x.x.x
dialer-list 1 protocol ip permit
!
bridge 1 route ip
bridge 2 route ip
Does that make sense ? Let me know if you need more help...
Regards,
GNT
07-22-2006 07:13 AM
Hello Andrew,
can you post your configuration, the one you got so far ? You might be missing a small piece...
Regards,
GNT
07-22-2006 07:57 AM
No problem... As a note, I pulled out my VPN, DNS, DHCP, and NTP config...
ip cef
bridge irb
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
no ip address
no snmp trap link-status
atm route-bridged ip
pvc 0/32
encapsulation aal5snap
bridge-group 2
bridge-group 2 spanning-disabled
interface FastEthernet0
switchport access vlan 2
interface FastEthernet1
interface Dot11Radio0
no ip address
ssid ##########
authentication open
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
Interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
Interface Vlan2
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
interface BVI1
ip address a.b.c.d w.x.y.z
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
interface BVI2
ip address a.b.c.d w.x.y.z
ip nat outside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
ip route 0.0.0.0 0.0.0.0 BVI2
bridge 1 route ip
bridge 2 route ip
07-22-2006 10:41 AM
Hello,
I made a few adjustments to your config, can you try and see if this works for you ? Basically, the outside interface is moved to the Dialer. You need to add the networks that you have configured for BVI1 and BVI2 to access list 1, in order for those networks to be translated.
ip cef
bridge irb
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
interface ATM0.1 point-to-point
no ip address
no snmp trap link-status
pvc 0/32
encapsulation aal5snap ppp dialer
dialer pool-member 1
interface FastEthernet0
switchport access vlan 2
interface FastEthernet1
interface Dot11Radio0
no ip address
ssid ##########
authentication open
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
Interface Vlan1
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
Interface Vlan2
no ip address
bridge-group 2
bridge-group 2 spanning-disabled
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username yourname@adsl-planet password 7 005C
interface BVI1
ip address a.b.c.d w.x.y.z
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
interface BVI2
ip address a.b.c.d w.x.y.z
ip nat inside
ip virtual-reassembly
no ip route-cache cef
no ip route-cache
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip nat inside source list 1 interface Dialer 0 overload
!
access-list 1 permit x.x.x.x
dialer-list 1 protocol ip permit
!
bridge 1 route ip
bridge 2 route ip
Does that make sense ? Let me know if you need more help...
Regards,
GNT
07-22-2006 11:15 AM
I'm going to try the "ip nat inside source list 1 int (BVI2) overload" command, I don't require a login to my DSL provider, but I will try the Dialer0 config as a last resort. I noticed the ip nat inside command in previous config files, but it mentioned SDM in description so I thought it referred to the IPSec VPN I set up through SDM. Do I need the access-list, as well? I'll try all of these when I have the opportunity to bring the connection down. Thanks for your help!
07-22-2006 01:29 PM
Thanks for your help. After adding the ip nat inside source item (already had the ACL from an earlier portion of the config), everything went swimmingly. I happen to not need the Dialer interface because I don't login (DSL provider/Phone company own and run all aspects of DSL).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide