Good morning Community,
I am having a problem setting up VLAN's on my home network. Here is the scenario:
My ISP router is in transparent mode.
I have an 1841 running in PPPoE mode and the public address is dynamic.
I have verified that the IV Routing is configured correctly because I can ping up to the default gateway from a client on a VLAN, but I cannot go further. The subnet for the VLAN is: 192.168.30.0/24 if you need that info.
I believe the problem lies either with the Dialer interface or with an ACL I have not configured. I have attached the configs of the router. I have tried removing the firewall commands with no luck. There is a static route in the routing table that creates a route out the Dialer interface, but the VLAN traffic will not go across the router to the outside interface.
Any help would be appreciated. Please see the attached configs and let me know if there is more information that is needed.
Thank you in advance.
Solved! Go to Solution.
description description ADSL LAN Interface$FW_INSIDE$
ip address 192.168.0.2 255.255.255.252
why do you have the above ?
You are using subinterfaces so you should apply any configuration there.
You should remove all configuration from the main interface including the ip address and then try again.
If that still doesn't work try removing the firewall configuration temporarily to see if that is stopping it working.
Your NAT acl is -
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
but you say the subnet is 192.168.30.0/24 which the above acl would not match.
The only network the above acl matches is 192.168.0.0/24.
So you either need to add another line for the 192.168.30.0/24 subnet or modify the wildcard mask on your existing entry.
Sorry Jon, I forgot to mention that I tried that too. Although my command might have been off. I did:
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
because I have other VLANS to config as well. Is that ACL right?
Yes that acl would have worked.
The other thing I have just spotted is your router does not have a route back to 192.168.30.0/24 which it would need.
So for each vlan/IP subnet not directly connected to the router you need a route pointing to the next hop internal IP which would be from the same subnet as the internal interface on your router.
Or you could use a summary route instead of one per subnet.
Up to you.
The 1841 is the only L3 router in the network. It does the VLAN routing. I do not have the sub-interfaces configured on it now because I went back to the original configs that work. When I do have them configured on the 1841, the traffic stops at the f0/1 (192.168.0.2) interface.
That is why I say that there must be something with the Dialer interface. It does not seem to be passing the traffic across the router. SHOULD there be another L3 router in the net that only does the VLAN routing?
Ohhh. As I type this response, I understand. Since my ISP router is in transparent mode, the 1841 is acting as the ISP router and it cannot pass the traffic. It has not interface to pass it to... right?
There is a switch and I have configured the trunk, subinterfaces and added IP's. The IV Routing works when configured. The only thing I did not do is the ip nat inside to subinterfaces.
So let me get all the changes straight:
On the router-
That should do it?
I am alright with the subinterfaces. Everything will be static addresses except for wireless and I will create a pool on the AP. Do I really need pools on the router if I am statically addressing?
Sorry for the long delay.
I configured the router and switch with the sub-interfaces and vlans as we discussed. I was able to ping everything on the network- default gateways of all vlans, my default gateway and the internal interface of the router.
I was not able to get a routable IP address outside the network meaning I was not getting internet connectivity. I am not sure why that is. As soon as I put in the configurations for the sub-interfaces on the router, there is no connectivity. I am not sure if it is because my Cisco 1841 is behaving like the ISP router. (the ISP modem is in transparent mode)
It is like either the WAN or the LAN interface does not know to give the sub-interfaces routable addresses. I have just about given up on it.
Is there a possibility that since the 1841 is just acting like the ISP router, there needs to be another router between it and the switch- an edge router? Then again, I don't know because the problem is not routing it is an address allocation problem.