Can you be a little bit clearer which ip can't you ping from which ip?

Regards.

Hello All,

Thank you for your prompt reaction

Sorry if I was not clear enough , but bellow you have the FULL WORKING ROUTER configuration.

When I connect my computer that is ALSO the TFTP SERVER (just for upload and download) , I receive :

On F0/0/0 = 192.168.10.x     PING 192.168.10.1 is OK

On F0/0/2 = 192.168.20.x     PING 192.168.20.1 is OK

On F0/0/3 = 192.168.30.x     PING 192.168.30.1 is OK

F0/0/4 is the TRUNK to the SWITCH

The ROUTER has a IP 192.168.1.250

The SWITCH  has a IP 192.168.1.251

From IN IOS I can PING : 192.168.1.250 and 192.168.1.251

But from one of the 3 VLANS (192.168.10.x or 192.168.20.x or 192.168.30.x) the ping does not work , so I presume something is wrong in my ACL ?!?

NOTE : I DO NOT NEED TO HAVE ACCES FROM ALL , IF I HAVE ACCES FROM ONE IT IS OK, I just need to have access to copy the file from my SWITCH to my COMPUTER (TFTP SERVER)

Thank You Again for your help. I hope that one day I will understand how the logic of ACL works

!

! Last configuration change at 21:02:50 gmt+1 Mon Nov 29 2010 by admin

! NVRAM config last updated at 23:06:14 gmt+1 Mon Nov 29 2010 by admin

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ROUTER1841

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable password 7 05080F1C2243

!

aaa new-model

!

!

aaa authentication banner 

THIS SYSTEM IS SOLELY FOR USE OF AUTHORISED USERS FOR OFFICIAL PURPOSES

!

!

aaa session-id common

clock timezone gmt+1 1

clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00

dot11 syslog

no ip source-route

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.10.1

ip dhcp excluded-address 192.168.20.1

ip dhcp excluded-address 192.168.30.1

ip dhcp excluded-address 192.168.100.1

!

ip dhcp pool vlan10

   import all

   network 192.168.10.0 255.255.255.0

   dns-server 8.8.8.8

   default-router 192.168.10.1

   lease 5

!

ip dhcp pool vlan20

   import all

   network 192.168.20.0 255.255.255.0

   dns-server 8.8.8.8

   default-router 192.168.20.1

   lease 5

!

ip dhcp pool vlan30

   network 192.168.30.0 255.255.255.0

   dns-server 8.8.8.8

   default-router 192.168.30.1

!

ip dhcp pool FIX-IP

   host 192.168.100.66 255.255.255.0

   client-identifier 0100.089b.ad17.8f

   client-name FIX-IP

!

ip dhcp pool TEST

   host 192.168.100.20 255.255.255.0

   client-identifier 0100.2241.353f.5e

!

ip dhcp pool internal

   network 192.168.100.0 255.255.255.0

   dns-server 192.168.100.1

   default-router 192.168.100.1

!

!

no ip bootp server

ip domain name dri

ip ddns update method DynDNS

HTTP

  add http://dri66:@members.dyndns.org/nic/update?system=dyndns&hostname=cisco1841.dyndns.info&myip=

interval maximum 1 0 0 0

interval minimum 1 0 0 0

!

multilink bundle-name authenticated

!

!

!

!

username Admin privilege 15 secret 5 $1$gAFQ$2ecAHSYEU9

archive

log config

  hidekeys

!

!

ip ssh time-out 60

ip ssh authentication-retries 2

ip ssh port 8096 rotary 1

ip ssh version 2

!

!

!

interface FastEthernet0/0

description DMZ

ip ddns update hostname cisco1841.dyndns.info

ip ddns update DynDNS

ip address dhcp

no ip unreachables

no ip proxy-arp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description INTERNAL$ETH-LAN$

ip address 192.168.100.1 255.255.255.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/0/0

switchport access vlan 10

spanning-tree portfast

!

interface FastEthernet0/0/1

switchport access vlan 20

spanning-tree portfast

!

interface FastEthernet0/0/2

switchport access vlan 30

spanning-tree portfast

!

interface FastEthernet0/0/3

switchport mode trunk

!

interface Vlan1

ip address 192.168.1.250 255.255.255.0

!

interface Vlan10

ip address 192.168.10.1 255.255.255.0

ip access-group 102 out

ip nat inside

ip virtual-reassembly

!

interface Vlan20

ip address 192.168.20.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan30

ip address 192.168.30.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip forward-protocol nd

!

!

ip http server

ip http authentication local

ip http secure-server

ip dns server

ip nat inside source list 101 interface FastEthernet0/0 overload

ip nat inside source static tcp 192.168.100.10 80 81.164.200.35 8095 extendable

!

access-list 101 permit ip 192.168.10.0 0.0.0.255 any

access-list 101 permit ip 192.168.20.0 0.0.0.255 any

access-list 101 permit ip 192.168.30.0 0.0.0.255 any

access-list 101 permit ip 192.168.100.0 0.0.0.255 any

access-list 102 permit ip any any

no cdp run

!

!

!

control-plane

!

!

banner exec 

WELCOME YOU ARE NOW LOGED IN

banner login 

WARNING !!!

IF YOU ARE NOT :

Didier Ribbens

Please Leave NOW !!!

YOUR IP and MAC address will be LOGGED !!!

!

line con 0

speed 115200

line aux 0

line vty 0 4

access-class 5 in

privilege level 15

rotary 1

transport input telnet ssh

line vty 5 15

access-class 5 in

rotary 1

!

scheduler allocate 20000 1000

ntp clock-period 17178446

ntp server 66.27.60.10

end

SWITCH:

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname SWITCH2950-12

!

!

username Admin privilege 15 secret 5 $1$qMty$HAjO6PjGEwDDl2FYHqnSY.

clock timezone gmt+1 1

clock summer-time gmt+2 recurring last Sun Mar 2:00 last Sun Oct 3:00

ip subnet-zero

!

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

!

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

switchport mode trunk

!

interface Vlan1

ip address 192.168.1.251 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.1.254

ip http server

!

line con 0

password 7 130105040606167C7D04

login

speed 115200

line vty 0 4

privilege level 15

password 7 050F14192C465C5F4F25

login local

transport input telnet

line vty 5 15

privilege level 15

password 7 050F14192C465C5F4F25

login local

transport input telnet

!

ntp clock-period 17178532

ntp server 66.27.60.10

!

end

I JUST FOUND THE PROBLEM :

THE DEFAULT GATEWAY IN THE SWITCH WAS WRONG !!!

IT HAS TO BE :

192.168.1.250 AND NOT 192.168.1.254

Best Regards,

Didier

Didier

I am glad that you got it working - and that you found the solution yourself. Thank you for posting back to the forum to inform us that you had solved it and what the problem was. It makes the forum more useful when people can read about a situtation and can read what the problem was and how it was solved. You have contributed to this and provided a reminder that sometimes it is simple things like is the gateway address correct that is the root of the problem.

HTH

Rick

Hello Rick,

I think that it is completely normal to post a reply when the case is solve , your time is really too expensive to spend it with a case that is already solved.

During this time you can maybe help someone that has a bigger problem.

In this forum , I miss the button solved , or maybe I do not know where it is

Best Regards,

Didier