cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1709
Views
0
Helpful
18
Replies

How can i create separate networks on a 881 router

obaroikoh
Level 1
Level 1

I have a cisco 881 router. I want to to have two network addresses on it. I have create SVI i.e int vlan 2 and int vlan 3 but host connected to these vlans can't communicate with themselves. How do i go about this. Thanks for your assistance

1 Accepted Solution

Accepted Solutions

So the vlans need to be created at layer 2 for them to be able to work at layer 3 intervlan routing ,

1 create vlan at layer 2

2 create svi (which you have done )

3 Add ports to specific vlans with switchport command

4 Intervlan routing, just make sure ip routing is enabled and your interface vlans are in up/up state then you will be able to ping from host to host between vlans , you don't have to allow it but most networks would

View solution in original post

18 Replies 18

Mark Malone
VIP Alumni
VIP Alumni

Ok so you have created svi 2  & 3 (that's layer 3) did you create the vlans at layer 2 aswell first?

And make sure you assign the specific ports to vlan 2 or 3 as well then they should be able to ping the SVI interface once there up

Make sure ip routing is enabled as well ion the config

(conf t)vlan2

(conf t)vlan3

set the ports for vlans --example

(conf-if)switchport access vlan 3

 

Thanks Mark. No i haven't don't that. But do i have to configure inter vlan routing?

So the vlans need to be created at layer 2 for them to be able to work at layer 3 intervlan routing ,

1 create vlan at layer 2

2 create svi (which you have done )

3 Add ports to specific vlans with switchport command

4 Intervlan routing, just make sure ip routing is enabled and your interface vlans are in up/up state then you will be able to ping from host to host between vlans , you don't have to allow it but most networks would

So i have created vlans and added ports to the vlan. Now on which port do i create the inter vlan routing. How do i enable ip routing and on which port. fastethernet 0-3 won't let me enable ip routing on them. i am a bit confused. I only have one wan port which is fa4.

no its done globally not on an actual port,your switch ports on an 881 device are purely layer 2 they wont even take an ip address,  just go to conf t mode and type ip routing and hit return that's it to enable routing on the device

The fe4 is a wan port usually connected to a modem

interface FastEthernet0
 no ip address
!
interface FastEthernet1
 switchport access vlan 2
 no ip address
!
interface FastEthernet2
 switchport access vlan 2
 no ip address
!
interface FastEthernet3
 switchport access vlan 3
 no ip address

 

 ip tcp adjust-mss 1452
!
interface Vlan2
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
 ip address 192.168.3.1 255.255.255.0
!
 

 

 

Still not working. is there something i'm not doing right?

 

 

 

when you do a show ip int brief are the SVIs up?

Did you apply ip routing ?

can you ping 192.168.2.1 source 192.168.3.1


Vlan2                      192.168.2.1     YES manual up                    up  
Vlan3                      192.168.3.1     YES manual up                    up  

 

I applied ip routing from the global config mode. 

I can now ping 192.168.3.2 from 192.168.2.2 but i can't ping 192.168.2.2 from 192.168.3.2 .

 

Do you think there's a problem in my config?

 

 

 intervlan is routing if you can ping between vlan ips , something else is blocking access back either something on router config such as ACL or something on local pc such as firewall/strong AV , theres no reason unless something's configured or set that it would block 1 way but not the other

You're a live saver Mark. It turned out the firewall on the other PC was blocking connection back to it. Immediately i turned it off, it worked. Thanks so much for your time and the assistance. I can now reach both devices on the 192.168.3.0 and 192.168.2.0 networks. 

How do i make them see the address on the wan port? say i have 192.168.10.1 just to test. is that possible?

If you want your vlans to talk to the internet just 1 line of config in global again like ip routing , you can put in the local interface or the far side wan ip address, that should allow you to ping say 8.8.8.8 (google) once your internet is up and functioning

 

ip route 0.0.0.0 0.0.0.0 fe4

DO i have to do NAT since i'd be having a public address on that interface and the addresses on my vlans are private addresses.

quick way to sort nat

create ACL 100 permitting your subnets , deny everything else

ip nat inside source list 100 interface fe4 overload

under each SVI vlan ---ip nat inside

under fe4 ---ip nat outside

Review Cisco Networking for a $25 gift card