Solved: bryan p

bryanperrine78 · ‎01-27-2015

please help!!!

Im using a cisco 1841 router with one vlan1 on it to access internet and it work..recently i wanted to create a second vlan 2 i have done all the configuration nat,access-list i can ping vlan2 from the pcs but this vlan2 cant access internet ..what config should i do?thank you

Karsten Iwen · ‎01-27-2015

You duplicated to much of the config as both VLANs will use the same NAT and dialer-interface to communicate to the internet.

First remove the unneeded config:

no ip nat inside source list 2 interface dialer2 overload
no dialer-list 2 protocol ip permit
no access-list 2 permit 192.168.x.x 0.0.0.255

The only thing you need in addition to your new vlan is the config that the new VLAN should also do NAT:

access-list 1 permit 192.168.x.x 0.0.0.255

View solution in original post

Karsten Iwen · ‎01-27-2015

no, the new line will be added to the list and both networks will get NATed.

View solution in original post

Karsten Iwen · ‎01-27-2015

Are the PCs using the vlan2-ip as the default-gateway?

If yes, there is probably something wrong with your ACL or NAT-config. Please post your config (with removed passwords).

bryanperrine78 · ‎01-27-2015

yeah vlan2 will be use as gateway..here is the config

interface fastethernet0
switchport access vlan2
no ip address
!
interface fastethernet1
no ip address
!
interface fastethernet2
no ip address
!
interface fastethernet3
no ip address
!
interface fastethernet4
description wan interface to
no ip address
load-interval 30
duplex full
speed 100
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface vlan1
description to custumer lan
ip address 10.1.x.x 255.255.0.0
ip nat inside
ip virtual-reassembly in
!
interface vlan2
ip address 192.168.x.x 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface dialer 1
description pppoe session customer 6/2 mb
ip ddns update hostname xxxxxxxxxxxx
ip ddns update noip
ip address negociated
ip mtu 1452
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip top adjust-mss 1452
load-interval 30
dialer pool 1
dialer-group 1
ppp chap hostname xxxxxxxx
ppp chap password xxxxxxxx
!
ip forward-protocol nd
no ip http server
no ip fttp secure-server
!
!
ip nat inside source list 1 interface dialer1 overload
ip nat inside source list 2 interface dialer2 overload
ip route 0.0.0.0 0.0.0.0 dialer1
!
dialer-list 1 protocol ip permit
dialer-list 2 protocol ip permit
!
snmp-server community
access-list 1 permit 10.1.x.x 0.0.255.255
access-list 2 permit 192.168.x.x 0.0.0.255
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role non
mgcpbehavior comedia-check-media-src disable
mgcp behavior comedia-sdp-fore disable
!
mgcp profile default
!
!

Karsten Iwen · ‎01-27-2015

You duplicated to much of the config as both VLANs will use the same NAT and dialer-interface to communicate to the internet.

First remove the unneeded config:

no ip nat inside source list 2 interface dialer2 overload
no dialer-list 2 protocol ip permit
no access-list 2 permit 192.168.x.x 0.0.0.255

The only thing you need in addition to your new vlan is the config that the new VLAN should also do NAT:

access-list 1 permit 192.168.x.x 0.0.0.255

bryanperrine78 · ‎01-27-2015

thank you..but will the command 'access-list 1 permit 192.168.x.x 0.0.0.255' will make vlan1 stop working?

Karsten Iwen · ‎01-27-2015

no, the new line will be added to the list and both networks will get NATed.

bryanperrine78 · ‎01-27-2015

thanks a lot karsten it works :) cheers

Karsten Iwen · ‎01-27-2015

One more thing. For PPPoE, the MTU is typically 1492 unless told from the ISP to use something different:

interface dialer 1
 ip mtu 1492