Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1052
Views
35
Helpful
21
Replies

Inter-VLAN Routing

Go to solution
tglasco11
Beginner
Beginner

‎03-10-2015 07:18 AM - edited ‎03-07-2019 11:01 PM

Good morning Community,

I am having a problem setting up VLAN's on my home network. Here is the scenario:

My ISP router is in transparent mode.

I have an 1841 running in PPPoE mode and the public address is dynamic.

I have verified that the IV Routing is configured correctly because I can ping up to the default gateway from a client on a VLAN, but I cannot go further. The subnet for the VLAN is: 192.168.30.0/24 if you need that info.

I believe the problem lies either with the Dialer interface or with an ACL I have not configured. I have attached the configs of the router. I have tried removing the firewall commands with no luck. There is a static route in the routing table that creates a route out the Dialer interface, but the VLAN traffic will not go across the router to the outside interface.

Any help would be appreciated. Please see the attached configs and let me know if there is more information that is needed.

 

Thank you in advance.

Labels:
Preview file
5 KB
0 Helpful
21 Replies 21

Go to solution
tglasco11
Beginner
Beginner
In response to Jon Marshall

‎03-26-2015 12:56 PM

With the attached configs for the 1841 router, I can ping outside addresses when I am on the router. I can also ping the default gateways of the vlans and the laptop connected to the switch. I did not submit the switch configs because the inter-vlan routing is working fine.

When I am on the laptop connected to the switch on one of the vlans, I receive a valid IP address from the DHCP server on the 1841 router and I can ping my default gateway, the default gateways of all the other vlans and the internal interface of the 1841 (192.168.0.2). I am not able to ping outside addresses.

I still feel that the issue lies with the Dialer1 interface. I think it does not know what to do with the vlan traffic coming from the sub-interfaces. I am sure that it can be configured to pass the data, but I am not sure how that would be done.

Preview file
6 KB
0 Helpful

Go to solution
Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend
In response to tglasco11

‎03-26-2015 01:11 PM

interface FastEthernet0/1
description description ADSL LAN Interface$FW_INSIDE$
ip address 192.168.0.2 255.255.255.252

why do you have the above ?

You are using subinterfaces so you should apply any configuration there. 

You should remove all configuration from the main interface including the ip address and then try again.

If that still doesn't work try removing the firewall configuration temporarily to see if that is stopping it working.

Jon

0 Helpful

Go to solution
tglasco11
Beginner
Beginner
In response to Jon Marshall

‎03-27-2015 08:17 AM

Thank you!!! I was able to get the IV-routing working after the configs of the internal interface were taken off. I also removed the firewall settings. I am not sure what was blocking traffic in that configuration. I configured the FW with SDM, so I do not know exactly what was done.

When I try to reconfigure the FW settings it blocks traffic, so I will have to go back to having my ISP router as the FW. That will be fine. I just wanted the Cisco to be the FW, but it will have to do. If you know of some simple FW configs for the Cisco I will try that out otherwise I am good.

Thanks again for the assistance.

0 Helpful

Go to solution
Jon Marshall
VIP Community Legend VIP Community Legend
VIP Community Legend
In response to tglasco11

‎03-27-2015 08:21 AM

Glad you got it working.

I haven't ever used zone firewalling on IOS so I can't really say.

I'll have a dig around to see if I can see what is wrong with it.

As long as you have firewalling functionality elsewhere you should be okay but it would be good to get it all working on the router.

Jon

0 Helpful

Go to solution
Bilal Nawaz
Engager
Engager
In response to Jon Marshall

‎03-27-2015 08:43 AM

One of the class maps dont make sense to me:

class-map type inspect match-all sdm-insp-traffic
 match class-map sdm-cls-insp-traffic

we are referring to a class map of type inspect already. So no need to inspect a class map within a class map :)

Instead follow this.

conf t
!
policy-map type inspect sdm-inspect
no class type inspect sdm-insp-traffic
!
no class-map type inspect match-all sdm-insp-traffic
!
policy-map type inspect sdm-inspect
class type inspect sdm-cls-insp-traffic
inspect
!
end
!
copy run start

Please let us know how that goes.

Bilal

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful

Go to solution
Bilal Nawaz
Engager
Engager
In response to Bilal Nawaz

‎03-27-2015 09:18 AM

by the way, your ZBFW statements on the interface should be on all the sub-interfaces instead of physical interface if you require it (inbound)

Please rate useful posts & remember to mark any solved questions as answered. Thank you.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents