cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1476
Views
35
Helpful
21
Replies

Inter-VLAN Routing

tglasco11
Level 1
Level 1

Good morning Community,

I am having a problem setting up VLAN's on my home network. Here is the scenario:

My ISP router is in transparent mode.

I have an 1841 running in PPPoE mode and the public address is dynamic.

I have verified that the IV Routing is configured correctly because I can ping up to the default gateway from a client on a VLAN, but I cannot go further. The subnet for the VLAN is: 192.168.30.0/24 if you need that info.

I believe the problem lies either with the Dialer interface or with an ACL I have not configured. I have attached the configs of the router. I have tried removing the firewall commands with no luck. There is a static route in the routing table that creates a route out the Dialer interface, but the VLAN traffic will not go across the router to the outside interface.

Any help would be appreciated. Please see the attached configs and let me know if there is more information that is needed.

 

Thank you in advance.

1 Accepted Solution

Accepted Solutions

interface FastEthernet0/1
description description ADSL LAN Interface$FW_INSIDE$
ip address 192.168.0.2 255.255.255.252

why do you have the above ?

You are using subinterfaces so you should apply any configuration there. 

You should remove all configuration from the main interface including the ip address and then try again.

If that still doesn't work try removing the firewall configuration temporarily to see if that is stopping it working.

Jon

View solution in original post

21 Replies 21

Jon Marshall
Hall of Fame
Hall of Fame

Your NAT acl is -

access-list 100 permit ip 192.168.0.0 0.0.0.255 any

but you say the subnet is 192.168.30.0/24 which the above acl would not match.

The only network the above acl matches is 192.168.0.0/24. 

So you either need to add another line for the 192.168.30.0/24 subnet or modify the wildcard mask on your existing entry.

Jon

Sorry Jon, I forgot to mention that I tried that too. Although my command might have been off. I did:

access-list 100 permit ip 192.168.0.0 0.0.255.255 any

because I have other VLANS to config as well. Is that ACL right?

Yes that acl would have worked.

The other thing I have just spotted is your router does not have a route back to 192.168.30.0/24 which it would need.

So for each vlan/IP subnet not directly connected to the router you need a route pointing to the next hop internal IP which would be from the same subnet as the internal interface on your router.

Or you could use a summary route instead of one per subnet.

Up to you.

Jon

So that would be: ip route 192.168.30.0 255.255.0.0 f0/1 (or 192.168.0.2)

Correct?

No, it would be whatever the next hop IP is in that 192.168.0.x subnet.

What is doing the routing between vlans in your internal network ?

Jon

The 1841 is the only L3 router in the network. It does the VLAN routing. I do not have the sub-interfaces configured on it now because I went back to the original configs that work. When I do have them configured on the 1841, the traffic stops at the f0/1 (192.168.0.2) interface.

That is why I say that there must be something with the Dialer interface. It does not seem to be passing the traffic across the router. SHOULD there be another L3 router in the net that only does the VLAN routing?

Ohhh. As I type this response, I understand. Since my ISP router is in transparent mode, the 1841 is acting as the ISP router and it cannot pass the traffic. It has not interface to pass it to... right?

So do you have a switch in your network ?

If so then make the link to the router a trunk, create your subinterfaces, add IPs and "ip nat inside" to all subinterfaces, update your NAT acl and test again.

Jon

There is a switch and I have configured the trunk, subinterfaces and added IP's. The IV Routing works when configured. The only thing I did not do is the ip nat inside to subinterfaces.

So let me get all the changes straight:

On the router-

  1. Configure all subinterfaces
  2. Add "ip nat inside" to all subinterfaces
  3. Add access-list 100 permit ip 192.168.0.0 0.0.255.255 any

That should do it?

Yes, that should do it although you may want to create DHCP pools for each subnet.

Don't know where you are getting IPs from currently.

Are you okay with the subinterface configuration ?

Jon

I am alright with the subinterfaces. Everything will be static addresses except for wireless and I will create a pool on the AP. Do I really need pools on the router if I am statically addressing?

No you don't.

The only thing to watch out for with the subinterfaces is the native vlan.

Ideally don't use the native vlan (vlan 1 by default) for any of your vlans and there is nothing extra to configure.

Let me know how you get on.

Jon

Will try it out tonight or tomorrow night and let you know.

 

Thank you.

Sorry for the long delay.

I configured the router and switch with the sub-interfaces and vlans as we discussed. I was able to ping everything on the network- default gateways of all vlans, my default gateway and the internal interface of the router.

I was not able to get a routable IP address outside the network meaning I was not getting internet connectivity. I am not sure why that is. As soon as I put in the configurations for the sub-interfaces on the router, there is no connectivity. I am not sure if it is because my Cisco 1841 is behaving like the ISP router. (the ISP modem is in transparent mode)

It is like either the WAN or the LAN interface does not know to give the sub-interfaces routable addresses. I have just about given up on it.

Is there a possibility that since the 1841 is just acting like the ISP router, there needs to be another router between it and the switch- an edge router? Then again, I don't know because the problem is not routing it is an address allocation problem.

Suggestions????

From the router itself can you ping internet IPs ?

If so can you post the current configuration of the router with the subinterfaces etc.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco