Here is a diagram of my local network. VLAN 1 in the private LAN, VLAN 2 is the DMZ. The router is a 891w
VLAN 1 has an IP address of 192.168.1.252 and has DHCP configured to hand out IP addresses in the 192.168.1.0/24 range. The desktop is connected to switchport F7 via Ethernet, is a DHCP client, and has been assigned 192.168.1.2/24.
VLAN 2 is statically configured with an IP address of 10.10.10.1/30, and the server is statically configured with an IP address of 10.10.10.2/30
The problem is that the desktop cannot ping the server, and the server can only ping it's default gateway (10.10.10.1). The router can ping the server, the server's default gateway, and the desktop's default gateway (VLAN 1s address, 192.168.1.252), but not the desktop.
| Device |
Ping Server (10.10.10.2) |
Ping VLAN 1 (192.168.1.252) |
Ping VLAN 2 (10.10.10.1) |
Ping Desktop (192.168.1.2) |
| Desktop | No | Yes | Yes | Yes |
| Server | Yes | No | Yes | No |
| Router | Yes | Yes | Yes | No |
Here is my running config
Current configuration : 6793 bytes
!
! Last configuration change at 17:11:52 UTC Sun Aug 5 2018 by ethman770
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO_ISR
!
boot-start-marker
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
!
!
logging buffered 51200 warnings
no logging console
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint TP-self-signed-1859622296
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1859622296
revocation-check none
rsakeypair TP-self-signed-1859622296
!
!
crypto pki certificate chain TP-self-signed-1859622296
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383539 36323232 3936301E 170D3138 30373330 30313135
33355A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38353936
32323239 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BC5B 74D7E71E E3797220 13B902F1 A70F4AD2 4FE4D76C 3FA645D1 0F331DC6
5D686E91 E8E03C2C 28E4CA7A 6E1CBF1D F50682DE CD4E076C BE030AC4 7530E5F1
1556FF14 891C1512 97C12B10 F62F3014 6EA920B9 467260FB BAD59C6F 0542DBC3
A263B800 98760347 43C85EA4 1451EB06 D4A30D53 70350177 C8E4F521 262324AA
21EF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1425FDED FB5051DD 4F13FFB1 01B8E622 8EA93340 05301D06
03551D0E 04160414 25FDEDFB 5051DD4F 13FFB101 B8E6228E A9334005 300D0609
2A864886 F70D0101 05050003 818100B8 A1E3A4C4 43B885F3 4C221302 4FCCC98E
DDAA4619 319643C9 A68F8198 CFE213F1 F917C195 3BC23993 9C11CD95 28805086
A0C81A54 4AE50EA1 1A8D359A 82FB8A70 406F914D AAB4F0FC 6D3AFEE3 840F9A6F
9F2CC9CF E39AF4AE 188DD138 F9034EE9 1DF41B66 21222311 A3AEE2AC 051BF7A8
B9BFABE4 0CD8281C 9EE88404 C62573
quit
!
!
!
!
!
!
!
!
!
!
ip dhcp pool WLANpool
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.252
domain-name gilkey.com
lease 7
!
!
!
no ip domain lookup
ip domain name gilkey.com
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO891W-AGN-A-K9 sn FTX144701KF
!
!
username ethman770 privilege 15 secret 5 $1$.gfL$upZTgGrtXGLMTIBI5sY1y1
!
redundancy
!
!
!
!
no cdp run
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 2
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
no ip address
spanning-tree portfast
!
interface FastEthernet5
no ip address
spanning-tree portfast
!
interface FastEthernet6
no ip address
spanning-tree portfast
!
interface FastEthernet7
no ip address
spanning-tree portfast
!
interface FastEthernet8
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0
description $ES_WAN$$FW_OUTSIDE$
ip address dhcp
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly in
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
no ip address
!
interface Vlan1
description Private LAN
ip address 192.168.1.252 255.255.255.0
!
interface Vlan2
description Web server
ip address 10.10.10.1 255.255.255.252
!
interface Async1
no ip address
encapsulation slip
!
interface Dialer0
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 10.10.10.0 255.255.255.252 10.10.10.2
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.
It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.
username <myuser> privilege 15 secret 0 <mypassword>
Replace <myuser> and <mypassword> with the username and password you want to
use.
-----------------------------------------------------------------------
^C
banner login ^C
-------------------------------------------------------------------------
Warning! This is a private router. Any unauthorized access will be
discovered and prosecuted to the fullest extent of the law.
-------------------------------------------------------------------------
^C
banner motd ^Cogin&
-------------------------------------------------------------------------
^C
!
line con 0
login local
line 1
modem InOut
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
!
end
This is a school project in progress, so don't mind the clutter. Thanks in advance any help!
1 Accepted Solution
Accepted Solutions
