Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
647
Views
0
Helpful
2
Replies

IR1101 - VLAN issue? Unable to ping

Go to solution
cadamwil
Level 1
Level 1

‎09-07-2023 09:26 AM - last edited on ‎09-19-2023 01:09 PM by Community Manager

I wasn't sure if I should place this in the switching or routing sub-forum of Networking.  I have a IR1101 I have begun to setup.  This is the second I've setup and I mostly copied and pasted the config from the first IR1101, which is working as intended.  The only change I am aware of is I have added a Loopback interface to eliminate router from the ISP.

The issue I am experiencing is traffic on Port 1 and port 2 can't ping the routers'

VLAN1 interface of 10.78.55.1

from a device set to a static of

10.78.55.51

and DHCP doesn't seem to be working on those ports either.  Config attached.

Also, the scenario, in general I am trying to accomplish is this.

ISP normally provides a cheap home grade "wifi router" that is configured with

2.1.1.2

on it's WAN side and

2.1.2.1

on it's LAN side.  My device is supposed to be configured at

2.1.2.2

In order to eliminate an unreliable piece of equipment in a small box, I have configured the loopback at

2.1.2.2 and the GE as 2.1.1.2

The IR1101 is supposed to establish a VPN back to my city hall, and pass traffic from

FE0/0/1 and FE0/0/2

along that VPN allowing cameras to be recorded.  Let me know if I have left any needed details out.  I'm sure it's something simple I missed.

 

Labels:
Preview file
6 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
cadamwil
Level 1
Level 1

‎09-11-2023 08:02 AM - last edited on ‎09-19-2023 01:14 PM by Community Manager

Issue turned out to be removing the

ip access-group Allow_CH_CCTV-to_LAN in

from the VLAN1 interface.  Worked with TAC to get it solved.

 

View solution in original post

0 Helpful
2 Replies 2

Go to solution
pieterh
VIP
VIP

‎09-08-2023 06:12 AM - last edited on ‎09-19-2023 01:13 PM by Community Manager

the router has WAN / Layer3 interfaces

(routed, Gi0/0/0 and Gi0/0/1)


and LAN (Layer2) interfaces

( Fa0/0/0 - Fa0/0/x)


the Gi interfaces only work al Layer3 (routed)
the Fa interfaces  can be seen as a local switch within this route

so you need to treat them differently
the loopback interface will not replace (/function as) the providers ip-address

if you do not configure multiple VLANs all

Fa0/0/x

ports will be vlan1
the routers vlan-1 address will be reachable from the LAN side of the router
-> you need to connect your client to another

Fa0/0/x port

I think you DHCP does not function as desired because you do not allow DCHP broadcast in your

access-list


you can confirm this by adding an explicit deny rule at the end of the

access-list

with logging enabled

     deny any any log

0 Helpful

Go to solution
cadamwil
Level 1
Level 1

‎09-11-2023 08:02 AM - last edited on ‎09-19-2023 01:14 PM by Community Manager

Issue turned out to be removing the

ip access-group Allow_CH_CCTV-to_LAN in

from the VLAN1 interface.  Worked with TAC to get it solved.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card