cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
679
Views
0
Helpful
1
Replies

VLAN setup question

jowen3400
Level 1
Level 1

Ok I am doing something really dumb and I should be able to see it.  But been working on this for 4 days now and I just give up

More or less this is the running-config.   What I need is VLAN 1 to be 192.168.0.0 network and the Wireless to conenct to it as well as wired PC's.  I also need the internet access as well.  But some reason I can't find where I am messing up at.

uilding configuration...

Current configuration : 9785 bytes

!

! Last configuration change at 22:56:02 PCTime Thu Jan 5 2006 by jowen

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname router

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 4 owFjOrjW38M9WMkNbFbcjCTRoDvrT.fnTRH/fHsW6eM

!

no aaa new-model

memory-size iomem 10

clock timezone PCTime -6 0

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-1200490230

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1200490230

revocation-check none

rsakeypair TP-self-signed-1200490230

!

!

ip source-route

!

!

ip port-map http port tcp 5222 list 1 description something

ip port-map https port tcp 80 list 3 description Surveilance

ip port-map https port udp 5060 list 2 description something

ip port-map https port udp 4569 list 4 descriptionsomething

ip port-map https port tcp 5269 list 5 description Chat

ip port-map https port tcp 443 list 6 description Mobile

ip port-map https port tcp from 10000 to 20000  list 7 description RT

ip port-map https port tcp from 4000 to 4031  list 8 description MobileR

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 192.168.10.1 192.168.10.199

!

ip dhcp pool ccp-pool

import all

network 10.10.10.0 255.255.255.248

default-router 10.10.10.1

lease 0 2

!

ip dhcp pool <name1>

import all

network 192.168.10.0 255.255.255.0

dns-server 66.180.96.12 192.168.0.116

!

ip dhcp pool Guests

import all

network 192.168.200.0 255.255.255.0

dns-server 8.8.8.8

!

!

!

no ip cef

ip domain name yourdomain.com

ip name-server 66.180.96.12

!

!

!

!

ip ftp username cisco

ip ftp password cisco

!

class-map type inspect match-all SDM_GRE

match access-group name SDM_GRE

class-map type inspect match-any CCP_PPTP

match class-map SDM_GRE

class-map type inspect match-any ccp-skinny-inspect

match protocol skinny

class-map type inspect match-any ccp-cls-insp-traffic

match protocol pptp

match protocol dns

match protocol ftp

match protocol https

match protocol icmp

match protocol imap

match protocol pop3

match protocol shell

match protocol realmedia

match protocol rtsp

match protocol smtp

match protocol sql-net

match protocol streamworks

match protocol tftp

match protocol vdolive

match protocol tcp

match protocol udp

class-map type inspect match-all ccp-insp-traffic

match class-map ccp-cls-insp-traffic

class-map type inspect match-any FONHUD

match protocol tcp

match protocol udp

class-map type inspect match-any ccp-h323nxg-inspect

match protocol h323-nxg

class-map type inspect match-any ccp-cls-icmp-access

match protocol icmp

match protocol tcp

match protocol udp

class-map type inspect match-any ccp-h225ras-inspect

match protocol h225ras

class-map type inspect match-any ccp-h323annexe-inspect

match protocol h323-annexe

class-map type inspect match-any Video

match protocol tcp

class-map type inspect match-all ccp-cls-ccp-permit-2

match class-map Video

match access-group name Surveilance

class-map type inspect match-all ccp-cls-ccp-permit-1

match class-map FONHUD

match access-group name FONHUD

class-map type inspect match-any ccp-h323-inspect

match protocol h323

class-map type inspect match-all ccp-invalid-src

match access-group 100

class-map type inspect match-all ccp-icmp-access

match class-map ccp-cls-icmp-access

class-map type inspect match-any ccp-sip-inspect

match protocol sip

class-map type inspect match-all ccp-protocol-http

match protocol http

!

!

policy-map type inspect ccp-permit-icmpreply

class type inspect ccp-icmp-access

  inspect

class class-default

  pass

policy-map type inspect ccp-inspect

class type inspect ccp-invalid-src

  drop log

class type inspect ccp-protocol-http

  inspect

class type inspect ccp-insp-traffic

  inspect

class type inspect ccp-sip-inspect

  inspect

class type inspect ccp-h323-inspect

  inspect

class type inspect ccp-h323annexe-inspect

  inspect

class type inspect ccp-h225ras-inspect

  inspect

class type inspect ccp-h323nxg-inspect

  inspect

class type inspect ccp-skinny-inspect

  inspect

class class-default

  drop

policy-map type inspect ccp-permit

class type inspect ccp-cls-ccp-permit-2

  inspect

class type inspect ccp-cls-ccp-permit-1

  inspect

class class-default

  drop

policy-map type inspect ccp-pol-outToIn

class type inspect CCP_PPTP

  pass

class class-default

  drop log

!

zone security in-zone

zone security out-zone

zone security DMZ

zone-pair security ccp-zp-self-out source self destination out-zone

service-policy type inspect ccp-permit-icmpreply

zone-pair security ccp-zp-in-out source in-zone destination out-zone

service-policy type inspect ccp-inspect

zone-pair security ccp-zp-out-zone-To-in-zone source out-zone destination in-zone

service-policy type inspect ccp-pol-outToIn

zone-pair security ccp-zp-out-self source out-zone destination self

service-policy type inspect ccp-permit

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

description $FW_OUTSIDE$$ETH-WAN$

ip address xx.xx.xxx.194 255.255.255.252

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly in

zone-member security out-zone

duplex auto

speed auto

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip address 192.168.100.1 255.255.255.0

arp timeout 0

!

interface Wlan-GigabitEthernet0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

no ip address

!

interface Vlan1

description $FW_INSIDE$

ip address 10.10.10.1 255.255.255.0

ip flow ingress

ip flow egress

ip nat inside

ip virtual-reassembly in

zone-member security in-zone

!

interface Vlan2

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

zone-member security DMZ

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip flow-export destination 192.168.0.59 2055

!

ip nat pool OPSOffice 192.168.0.20 192.168.0.200 netmask 255.255.255.0

ip nat inside source list 9 interface FastEthernet4 overload

ip nat inside source list 199 interface FastEthernet4 overload

ip route 0.0.0.0 0.0.0.0 FastEthernet4

ip route 192.168.0.0 255.255.255.0 Vlan1 dhcp

ip route 192.168.1.0 255.255.255.0 Vlan2 dhcp

!

ip access-list extended FONHUD

remark CCP_ACL Category=128

permit ip any host 192.168.0.117

ip access-list extended SDM_GRE

remark CCP_ACL Category=1

permit gre any any

ip access-list extended Surveilance

remark CCP_ACL Category=128

permit ip any host 192.168.0.74

!

access-list 1 remark CCP_ACL Category=1

access-list 1 permit 192.168.0.117

access-list 2 remark CCP_ACL Category=1

access-list 2 permit 192.168.0.117

access-list 3 remark CCP_ACL Category=1

access-list 3 permit 192.168.0.74

access-list 4 remark CCP_ACL Category=1

access-list 4 permit 192.168.0.117

access-list 5 remark CCP_ACL Category=1

access-list 5 permit 192.168.0.117

access-list 6 remark CCP_ACL Category=1

access-list 6 permit 192.168.0.117

access-list 7 remark CCP_ACL Category=1

access-list 7 permit 192.168.0.117

access-list 8 remark CCP_ACL Category=1

access-list 8 permit 192.168.0.117

access-list 9 remark CCP_ACL Category=2

access-list 9 permit 10.10.10.0 0.0.0.255

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 100 remark CCP_ACL Category=128

access-list 100 permit ip host 255.255.255.255 any

access-list 100 permit ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip 69.15.113.192 0.0.0.3 any

access-list 199 permit ip any any

no cdp run

snmp-server ifindex persist

!

line con 0

login local

no modem enable

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

line vty 0 4

access-class 23 in

exec-timeout 40 0

privilege level 15

password telnet

login local

transport input telnet ssh

!

end

1 Reply 1

Markus Thun
Level 1
Level 1

In your configuration is the vlan 1 set to " ip address 10.10.10.1 255.255.255.0" . Has the router another way to 192.168.0.0 or should u connect the router to the subnet 192.168.0.0 ?

If u want vlan 1 to 192.168.0.0 use this command:

interface vlan 1

ip add 192.168.0.1 255.255.255.0

Do not forget the vlan binding on the physical interface!

Regards

Markus

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: