cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
458
Views
5
Helpful
3
Replies

Cannot ping VLAN on test lab router from home network

Daravae
Level 1
Level 1

Hey everyone,

I'm kind of a beginner but I am hoping someone can help me with this..

So, I'm in the process of setting up an isolated test lab using a Cisco 881 IOS router and a L3 Netgear 16 port switch and one simple VLAN (VLAN2) (created on the 881) (I'm planning to use VLANs on the switch later) but I am unable to ping the VLAN2 on my 881 in the test lab from my home network.

My home router (192.168.1.1) is directly connected through a LAN port on the 881's router's WAN interface (fa/4) (192.168.1.130).
I created a simple VLAN2 (10.0.1.0) with a dhcp pool on the 881 and assigned it to one of the LAN interfaces of my router (fa/3) which my Netgear switch (10.0.1.2) is assigned to.

Anyway, that all works well. I am able to ping my home router (192.168.1.1) and my home PC (192.168.1.107) from the 881 and vice versa but as soon as I try to ping the VLAN gateway or one of the hosts (10.0.1.0-4) it doesn't work.

Things I have tried:
- I tried assigning WAN interface to my VLAN. But I don't think this is possible nor the solution?
- Directly connecting the home PC to my Netgear switch gives it an IP from the VLAN DHCP and everything works well but I want to kinda approach it as an isolated network from my home network (192.168.1.0).
- Added static routes to my home PC:

  • route add -p 192.168.1.130 mask 255.255.255.0 192.168.1.1
  • route add -p 192.168.1.130 mask 255.255.255.0 10.0.1.1

- Created an ACL, added my PC (192.168.1.107) to it and applied the ACL to VLAN2.

Is my ACL wrong? Kinda feel like I am missing something.
Any answers are highly appreciated! Attached the config.

I'm also kind of a beginner so there are some things like NAT in there that I have yet to disable and experiment with but please let me know if it interferes with anything.

3 Replies 3

Richard Burts
Hall of Fame
Hall of Fame

There are multiple issues here. Let me start with the most important and when that is solved we can look at other things.

You have configured vlan 2 to use network 10.0.1.0. You have applied an access list to it which has only a single permit for 192.168.1.107. Traffic arriving on vlan 2 will never have that IP address, so that address will not work and all other addresses are denied by default. So the first step is to remove that access list.

I note that you have configured 4 static default routes. The first one is perhaps ok. The other 3 each have problems. Remove the last 3 static default routes.

After these changes things might start to work a bit better. If still not working as expected then please post updated config and the output of these commands

show ip interface brief

show ip route

show arp

HTH

Rick

Daravae
Level 1
Level 1

@Richard BurtsThanks for the answer and help!

  • I've removed the access-list with the single permit from 192.168.1.107
  • I've removed the last three static routes you mentioned.

Though, I am still unable to ping the VLAN from my home PC without directly connecting it to the VLAN.
Could this be a route or access-list issue?

Attached the updated config including the requested commands. Would appreciate any more pointers as to what the issue could be.

Thank you for the updated config and requested information. Here are some comments and suggestions:

- I note that you have both enable password and enable secret. When enable secret is present then enable password is ignored and has no effect. I suggest that you remove enable password (this does not relate to your original issue but is good housekeeping).

- the interface config for vlan 2 still references the access list, which has been removed. I suggest that you remove the access-group from the interface. 

- you have access list 1. I am not clear what you intend it to be used for and what you intend it to match. Please either remove it or explain to me what you intend it to do.

- you configure Fast4 with ip nat enable. I wonder if you change it to ip nat outside if it would help.

- you have some king of nat on Fast4 and on vlan 2 but the only nat you have configured is some static nat. Are you intending to translate vlan 2 addresses as they are forwarded out Fast4? If so then configure the dynamic nat. If you are not planning to translate vlan 2 addresses then a question becomes whether your main router has a route for the 10.0.1.0 network?

HTH

Rick
Review Cisco Networking for a $25 gift card