Solved: Cisco 877 Inter Vlan Routing

byronclark1 · ‎01-20-2012

Hello all,

I am currently studying for my CCNA and have only got as far as Switching in CCENT - I have been put into a very difficult situation and need to configure what I would assume to be a simple network with a Cisco 877 and given my experience and understanding of Cisco Switching and Routing is not very good at all, I cannot seem to get this setup.

Here is my scenario :

The current internet connection is provided by a 3G dongle connected to a Simple PC (PC1) - the PC needs to have an IP address of 192.168.137.1 and must also be in a different VLAN to all other connected PCs. The other PC (PC2) currently connected must have an IP address of 192.168.168.99 and a default gateway and DNS of 192.168.168.1

I have got everything working to a point, however, when I connect to the cisco via console - I ping google and it resolves the IP correctly but cannot ping it. Also PC2 can ping PC1 from VLAN 2 but once I connect 3G on PC1 - all connection between the PCs is lost.

I have reconfigured this router so many times and been through forums for the last two days but cannot seem to find a setup like this, so all of the solutions I have tried don't seem to make any difference.

Please understand that I have very basic knowledge of Routing, in other words don't laugh at my config

This is my current setup:

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

dot11 syslog

ip cef

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

ip name-server 192.168.137.1

!

archive

log config

hidekeys

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet0

!

interface FastEthernet1

switchport access vlan 2

!

interface FastEthernet2

switchport access vlan 2

!

interface FastEthernet3

!

interface Vlan1

ip address 192.168.137.2 255.255.255.0

ip nat outside

ip nat enable

ip virtual-reassembly

!

interface Vlan2

ip address 192.168.168.1 255.255.255.0

ip nat inside

ip nat enable

ip virtual-reassembly

!

ip default-gateway 192.168.137.1

ip default-network 192.168.137.0

ip forward-protocol nd

ip route 192.168.137.2 255.255.255.255 192.168.137.1

ip route 192.168.168.1 255.255.255.255 192.168.137.1

!

no ip http server

no ip http secure-server

ip nat source list 100 interface Vlan1 overload

!

access-list 100 permit ip 192.168.168.0 0.0.0.255 any

!

control-plane

!

line con 0

no modem enable

line aux 0

line vty 0 4

login

!

scheduler max-task-time 5000

end

I have made sure all firewalls on the PCs are disabled and have tested directly connecting the PCs and putting PC2 on the same range as PC1 and all connectivity works fine, Just not via the 877.

If there is another way to do this or perhaps the 877 cannot do this, please point me in the right direction.

Neeraj Arora · ‎01-20-2012

Clark,

Couple of points that I would like to point out:

** the following statements are not required:

ip route 192.168.137.2 255.255.255.255 192.168.137.1

ip route 192.168.168.1 255.255.255.255 192.168.137.1

These are directly connected networks, so you don't need to add static routes for them.

** You need to have a default route:

ip route 0.0.0.0 0.0.0.0 192.168.137.1

** Name resolution of Google is happening because you have sepcified the DNS server as PC1, so even if the router is not able to reach internet/google, for DNS queries it will query PC1

** In terms of NAT, either use ip nat inside/outside commands or use "ip nat enable". Using both might have some unwanted effects. so try and keep the NAT command under interfaces as simple as possible. Also check "sh ip nat translation" output to confirm if NATing is actually happening when the traffic is sent from PC2 towards PC1 and internet

** Now when you connect to Internet using 3G Dongle on PC1, I am assuming that it gets a default route dynamically from the ISP, so at that point of time, when the internet connection is up on PC1, try and ping 192.168.137.2.

View solution in original post

Leo Laohoo · ‎01-20-2012

Where is "ip routing"?

Neeraj Arora · ‎01-20-2012

Clark,

Couple of points that I would like to point out:

** the following statements are not required:

ip route 192.168.137.2 255.255.255.255 192.168.137.1

ip route 192.168.168.1 255.255.255.255 192.168.137.1

These are directly connected networks, so you don't need to add static routes for them.

** You need to have a default route:

ip route 0.0.0.0 0.0.0.0 192.168.137.1

** Name resolution of Google is happening because you have sepcified the DNS server as PC1, so even if the router is not able to reach internet/google, for DNS queries it will query PC1

** In terms of NAT, either use ip nat inside/outside commands or use "ip nat enable". Using both might have some unwanted effects. so try and keep the NAT command under interfaces as simple as possible. Also check "sh ip nat translation" output to confirm if NATing is actually happening when the traffic is sent from PC2 towards PC1 and internet

** Now when you connect to Internet using 3G Dongle on PC1, I am assuming that it gets a default route dynamically from the ISP, so at that point of time, when the internet connection is up on PC1, try and ping 192.168.137.2.

byronclark1 · ‎01-20-2012

Thank you for your response leolaohoo, I forgot to add ip routing to that config and have done so now.

Thanks Neeraj,

I have corrected my config as per your suggestions and the router is now able to ping google perfectly!

As for the 3G connection, I have tried to ping once 3G is connected and I also assumed the default gateway is to blam, what I did try was to remove the "use default gateway on remote host" option in the connection properties which still allows connection on PC1 however still no connection between PC1 and 2.

an ipconfig /all on PC1 shows the following:

Link-local IPv6 Address . . . . . : fe80::8917:81ba:9997:a206%14(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.137.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.137.2
DHCPv6 IAID . . . . . . . . . . . : 314355397
DHCPv6 Client DUID. . . . . . . . : 00-01-00-18-16-96-3F-58-00-1E-10-1F-B4-DF

DNS Servers . . . . . . . . . . . : 127.0.0.1
Primary WINS Server . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

PPP adapter Dial-up Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dial-up Connection
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : x.x.x.x(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 209.212.96.1
209.212.97.1
NetBIOS over Tcpip. . . . . . . . : Disabled

Do you have any ideas on how I could resolve this issue now?

byronclark1 · ‎01-20-2012

Ok just to update, everything is now working...

I changed the metric on both PC connections to 1 and set a static route on PC1 in order for it to ping PC2 which is running Windows Server 2011 Standard, The Server took care of the rest!

Thank you very much for your help, I really appreciate it!