cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4108
Views
0
Helpful
7
Replies

Cisco 1941 HWIC-4ESW Vlan

scubee1969
Level 1
Level 1

                   Hi,

I'm trying to setup up a vlan on my 1941 router. Tried different things nothing works where am i going wrong.

I can ping the vlan 192.168.130.1 and the GE0/0,GE0/1 from the FE0/0/0.


Building configuration...

Current configuration : 2152 bytes
!
! Last configuration change at 17:09:53 UTC Mon Jul 23 2012 by
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1941
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip name-server ***.***.***.*
ip name-server ***.***.***.**
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FGL160421CB
!
!
username ***** privilege 15 secret 5 $1$H1dO$zaaQ012GGKAWK2nN1hjxx/
!
!
no ip ftp passive
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address ***.***.***.*** 255.255.255.252
ip virtual-reassembly in
duplex full
speed 100
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address ***.***.***.*** 255.255.255.224 secondary
ip address ***.***.***.*** 255.255.255.224
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/0/0
no ip address
!
interface FastEthernet0/0/1
no ip address
!
interface FastEthernet0/0/2
no ip address
!
interface FastEthernet0/0/3
no ip address
spanning-tree portfast
!
interface Vlan1
ip address 192.168.130.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip default-gateway ***.***.***.***
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 ***.***.***.***
!
access-list 1 remark INSIDE_IF=GigabitEthernet0/1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit ***.***.***.*** 0.0.0.31
!
!
!
control-plane
!
!
banner login ^C  ^C
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
end

7 Replies 7

scubee1969
Level 1
Level 1

I should add my problem is i can't access the internet from the Vlan.

Yes the internet Works on the GE0/1 interface with static ip in either 204 or 216. Want to add multiple vlans so i can remove routers from the configuration.


Building configuration...

Current configuration : 2152 bytes
!
! Last configuration change at 17:09:53 UTC Mon Jul 23 2012 by admin
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1941
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
no ipv6 cef
no ip source-route
ip cef
!
!
!
!
!
no ip bootp server
no ip domain lookup
ip name-server 204.174.***.*
ip name-server 205.233.***.**
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941/K9 sn FGL1604
!
!
username ***** privilege 15 secret 5 $1$H1dO$zaaQ012GGKAWK2nN1hjxx/
!
!
no ip ftp passive
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 209.89.***.*** 255.255.255.252
ip virtual-reassembly in
duplex full
speed 100
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 204.191.***.*** 255.255.255.224 secondary
ip address 216.123.***.** 255.255.255.224
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/0/0
no ip address
!
interface FastEthernet0/0/1
no ip address
!
interface FastEthernet0/0/2
no ip address
!
interface FastEthernet0/0/3
no ip address
spanning-tree portfast
!
interface Vlan1
ip address 192.168.130.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip default-gateway 209.89.***.***
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 209.89.***.***
!
access-list 1 remark INSIDE_IF=GigabitEthernet0/1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 216.123.***.*** 0.0.0.31
!
!
!
control-plane
!
!
banner login ^C  ^C
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet
!
scheduler allocate 20000 1000
end

Steve

You tell us that access to the Internet from the VLAN does not work but do not tell us whether access to the Internet from the LAN (Gig0/1) works. Knowing this would be helpful in analyzing where the problem is.

Your obscuring so many addresses makes it difficult to be sure of what is going on. But I will make a guess at the problem. I  believe that the problem is that you are not doing address translation for the traffic from the VLAN. I see ip nat inside on the VLAN but I do not see ip nat outside configured. And while you have obscured the addresses of access list 1, which controls address translation, I see that it is using 0.0.0.31 mask which does not match the addressing of the VLAN.

HTH

Rick

HTH

Rick

Yes it was nat that needed to be properly configured. i can access the internet. Thanks.

Now i'm trying multiple vlans through fe0/0/1 have the port trunked, but i can only access the internet on the native vlan not the others?

If i change the navtie vlan then i can access the internet on that vlan.

How do i get them all to work? Have a managed Trendnet switch that the FE0/0/1 is connected to.

interface FastEthernet0/0/1

description Trunk

  switchport mode trunk

no ip address

interface Vlan1

ip address 192.168.130.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan2

ip address 192.168.131.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan3

ip address 192.168.132.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

I am glad that my suggestion that the problem involved address translation helped you to find a solution.

I am a bit puzzled in the description of the new problem. If FastEth0/0/1 is a trunk, then what is it connected to? Is that device trunking also? What VLANs are configured on the trunk? How are you determining the native VLAN?

If you have configured additional VLANs and additional VLAN interfaces, have you also added to the address translation to translate these additional subnets?

HTH

Rick

HTH

Rick

The FE0/0/1 is connected to the Trendnet TEG-2248 Switch. No trunking i was trying tagging? All vlans are allowed on the trunk.         

I have been using CCP to change the native vlan on the FE0/0/1.

Yes i have added them to the NAT, If i change native vlan 2 and have ip address 192.168.131.xxx in my pc it works

ip nat inside source list 2 interface GigabitEthernet0/0 overload

ip nat inside source list 3 interface GigabitEthernet0/0 overload

!

access-list 2 remark CCP_ACL Category=2

access-list 2 permit 192.168.130.0 0.0.0.255

access-list 3 remark CCP_ACL Category=2

access-list 3 permit 192.168.131.0 0.0.0.255

access-list 3 permit 192.168.132.0 0.0.0.255

I am quite confused. You have configured FastEth0/0/1 as a trunk. But it is connected to Trendnet switch that is not trunking? How is that supposed to work?

And how are you trying tagging if it is not trunking? What good is tagging if it is not on a trunk?

HTH

Rick

HTH

Rick

I think my problem is that my switch is only layer 2 and i need a layer 3.

Is this right ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco