Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1613
Views
5
Helpful
3
Replies

VLAN Routing on Cisco 881

Go to solution
atlantis_elsass
Level 1
Level 1

‎09-18-2017 11:41 AM - edited ‎03-05-2019 09:09 AM

Hello !!

 

I need you help.

I get some trouble to configure the 881 router...

 

I will explain :

 

I get the WAN access x.x.x.58 255.255.255.252

On the router x.x.x.57 255.255.255.252

 

I get VLAN 1 on 10.10.10.1 255.255.255.248 on Fa0

I add a default static route to the WAN and I can access to internet.

 

After that i create a VLAN 2 192.168.5.1 255.255.255.0 for Fa1 & fa2

But impossible to access to internet.

I can ping the x.x.x.57, but not the x.x.x.58 and also not google ...

 

I tried many configuration, i put here the simple configuration...

Is it maybe ACLS ? I tried things from other forums but nothing is working

Did i need to put in trunk my port2 ?

 

Thank you...

 


no cdp run

crypto isakmp policy 1

interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface FastEthernet2

switchport access vlan 2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
description PrimaryWANDesc_$ES_WAN$$FW_OUTSIDE$
ip address x.x.x.57 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$
ip address 10.10.10.1 255.255.255.248
ip access-group 100 in
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source list nat-list interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.58
!
!
access-list 1 permit 10.10.10.0 0.0.0.7
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 permit udp any eq bootps any eq bootpc
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip any any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
-----------------------------------------------------------------------

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP
VIP

‎09-18-2017 12:01 PM - edited ‎09-18-2017 12:07 PM

Hi

Assuming it is your NAT statment

ip nat inside source list 1 interface FastEthernet4 overload

 

Your need to create other ACL entry, just type it:

access-list 1 permit 192.168.5.0 0.0.0.255

 

so you will have

 

access-list 1 permit 10.10.10.0 0.0.0.7

access-list 1 permit 192.168.5.0 0.0.0.255

 

Also you can remove this NAT statement because it isn't being used.

 

ip nat inside source list nat-list interface FastEthernet4 overload

 

Hope it is useful

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

3 Replies 3

Go to solution
Julio E. Moisa
VIP
VIP

‎09-18-2017 12:01 PM - edited ‎09-18-2017 12:07 PM

Hi

Assuming it is your NAT statment

ip nat inside source list 1 interface FastEthernet4 overload

 

Your need to create other ACL entry, just type it:

access-list 1 permit 192.168.5.0 0.0.0.255

 

so you will have

 

access-list 1 permit 10.10.10.0 0.0.0.7

access-list 1 permit 192.168.5.0 0.0.0.255

 

Also you can remove this NAT statement because it isn't being used.

 

ip nat inside source list nat-list interface FastEthernet4 overload

 

Hope it is useful

:-)

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Go to solution
atlantis_elsass
Level 1
Level 1
In response to Julio E. Moisa

‎09-20-2017 02:47 AM

Omg,

 

It's working! Perfect, thank you !! :)

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to atlantis_elsass

‎09-20-2017 03:58 AM

Hi

Great news!! It was a pleasure. 

Please don't forget to rate or mark as answered the useful comments.

Have a great day.

 

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card