02-26-2014 10:47 AM - edited 03-04-2019 10:27 PM
Hello, in my home lab, I have a Cisco 871W named cants. I connected cants to my BT (ISP) router (BT.homeblahblah) using the wan link f 4, then I created a vlan 2 and assign it to por f1 on the 871 router. Im unable to ping from that vlan to router 192.168.1.254 which is my bt router.
Please see my config file:
Building configuration...
Current configuration : 1845 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname cants
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
!
!
dot11 syslog
ip cef
!
!
no ip domain lookup
ip domain name canterburyhub.local
!
!
!
!
no spanning-tree vlan 1
no spanning-tree vlan 2
username
username
!
!
archive
log config
hidekeys
!
!
ip ssh version 2
!
!
!
interface FastEthernet0
!
interface FastEthernet1
switchport access vlan 2
!
interface FastEthernet2
switchport mode trunk
!
interface FastEthernet3
switchport mode trunk
!
interface FastEthernet4
description INTRANET ROUTER CONNECTION
ip address 192.168.1.253 255.255.255.0
ip access-group 100 in
speed 100
full-duplex
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
ip address 172.16.0.1 255.255.0.0
!
interface Vlan2
ip address 172.18.0.1 255.255.0.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 192.168.1.0 255.255.255.0 192.168.1.254
!
no ip http server
no ip http secure-server
!
access-list 100 permit ip any any
access-list 101 permit ip any any
!
!
!
control-plane
!
banner motd ^CC
**********************************************
DO NOT LOG ON
**********************************************
^C
!
line con 0
password 7 12290446431C5C162E
logging synchronous
login
no modem enable
line aux 0
password 7 12290446431C5C162E
login
line vty 0 4
password 7 12290446431C5C162E
logging synchronous
login local
transport input ssh
!
scheduler max-task-time 5000
end
cants#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
C 172.18.0.0/16 is directly connected, Vlan2
C 192.168.1.0/24 is directly connected, FastEthernet4
S* 0.0.0.0/0 [1/0] via 192.168.1.254
cants#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Dot11Radio0 unassigned YES NVRAM administratively down down
FastEthernet0 unassigned YES unset down down
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
FastEthernet4 192.168.1.253 YES NVRAM up up
Vlan1 172.16.0.1 YES NVRAM up down
Vlan2 172.18.0.1 YES NVRAM up up
Now when I try to ping from a laptop connected using a cable to f 1 I get request timed out. Also when I try to pring from the router, nothing:
cants#ping 192.168.1.254 source 172.18.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
Packet sent with a source address of 172.18.0.1
.....
Success rate is 0 percent (0/5)
I hope I have given enough information, but please let me know if you need more. I understand the the basics how vlan advertise themselves, I understand the basics of routing, thats why I created 192.168.1.254 (BT router) as my last resort default gateway, so that everything can go there if no other route given.
Many thanks in advance.
02-26-2014 10:58 AM
The BT router does not know how to get to that subnet.
So you have two options -
1) add a route to the BT router. Don't know the syntax for that but in IOS it would be -
ip route 172.18.0.0 255.255.0.0 192.168.1.253
2) if you can't add a route to the BT router then you can NAT all your 172.18.x.x addresses to 192.168.1.253 because your BT router knows how to get to that so on your router -
int vlan 2
ip nat inside
int fa4
ip nat outside
access-list 101 permit ip 172.18.0.0 0.0.255.255 any
ip nat inside source list 101 interface fa4 overload
Jon
02-26-2014 01:57 PM
Hello Jon,
Many thanks for your reply. I thought about what you has just replied which I appreciated because reassure me. I figured out with your reply where I failed. When I tracert from a windows machine on vlan 2 (172.18.0.2) to 192.168.1.254 I saw that it stopped on 172.18.0.1, so I thought I must be missing something because Im not getting a reply from .253, but I guess now that 192.168.1.253 its not on route, so therefore the next hop is 192.168.1.254 which is on my route table.
Again, thank you very much for your time and reply.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide