So i have deleted all the ip route as you suggested here is the running config of the router on the main campus

Router#sh ru

Building configuration...

Current configuration : 2279 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

!

!

!

ip dhcp excluded-address 192.16.10.1

ip dhcp excluded-address 192.168.10.1 192.168.10.99

ip dhcp excluded-address 192.168.20.1 192.168.20.199

ip dhcp excluded-address 192.168.100.1 192.168.100.9

ip dhcp excluded-address 192.168.10.1

!

ip dhcp pool vlan10

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

option 150 ip 192.168.10.1

domain-name wr

ip dhcp pool vlan20

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

ip dhcp pool vlan100

network 192.168.100.0 255.255.255.0

default-router 192.168.100.1

ip dhcp pool staff

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO2811/K9 sn FTX1017K2HN-

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

!

interface FastEthernet0/0.100

encapsulation dot1Q 100

ip address 192.168.100.1 255.255.255.0

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.80

encapsulation dot1Q 80

ip address 192.168.80.1 255.255.255.0

!

interface FastEthernet0/1.90

encapsulation dot1Q 90

ip address 192.168.90.1 255.255.255.0

!

interface Serial0/2/0

ip address 172.16.10.1 255.255.255.252

clock rate 2000000

!

interface Serial0/2/1

no ip address

clock rate 2000000

shutdown

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 192.168.60.0 255.255.255.0 172.16.10.2

ip route 192.168.70.0 255.255.255.0 172.16.10.2

!

ip flow-export version 9

!

!

!

!

!

!

!

dial-peer voice 70 voip

destination-pattern 5...

session target ipv4:172.16.10.2

!

telephony-service

max-ephones 5

max-dn 5

ip source-address 192.168.10.1 port 2000

auto assign 4 to 6

!

ephone-dn 1

number 1111

!

ephone-dn 2

number 5555

!

ephone-dn 3

number 1234

!

ephone-dn 4

number 4000

!

ephone-dn 5

number 3000

!

ephone 1

device-security-mode none

mac-address 0060.5CE6.9B6B

type 7960

button 1:4

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

The issue that I am having is that I cannot ping from the Central office server to any of the vlans in the main campus, however I am able to ping from vlans to the wireless devices. So I can ping from inside the vlans such as vlan 10, vlan 20, vlan 100 to the smartphone and tablet and central office server.  I am trying to establish a two way ping and not sure if it's an ACL i need to do or static route if so where? Hope that makes sense. 

Thanks for the update. The config with the extra static routes removed looks ok now. The diagram was clear about vlans 10, 20, and 100 and they are clear in the config. The diagram was not so clear about the Central Server and wireless. Would I be correct in assuming that they are in vlans 80 and 90 on FastE0/1?

Based on this config I would expect that a ping from the server should be forwarded to vlans 80 and 90 (assuming that the serial interface is active and working). If the ping is not successful I would expect the issue to be more with the other router. Do you have access to its config? If so can you post it?

Yes you are correct I have attached the zipped file of it, hopefully that makes it easier to see the config. 

Thank you. I do not do PT. If you post the other router config I can check it. Or we can wait for @Martin L to check the PT file.

Hi Richard this is the config for the second router in the smaller campus.  However, I am trying to get a ping from the smart phone and tablet to the main campus , i can ping one way from the main but not to the new network I've set up. Hope that's clear.

Router>en

Router#sh ru

Building configuration...

Current configuration : 2287 bytes

!

version 15.1

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Router

!

!

!

!

ip dhcp excluded-address 192.168.100.1

ip dhcp excluded-address 192.168.60.1

!

ip dhcp pool voice

network 192.168.60.0 255.255.255.0

default-router 192.168.60.1

option 150 ip 192.168.60.1

ip dhcp pool vlan60

network 192.168.60.0 255.255.255.0

default-router 192.168.60.1

option 150 ip 192.168.60.1

domain-name wr

ip dhcp pool vlan70

network 192.168.70.0 255.255.255.0

default-router 192.168.70.1

option 150 ip 192.168.70.1

domain-name wr

ip dhcp pool vlan80

network 192.168.80.0 255.255.255.0

default-router 192.168.80.1

domain-name wr

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

license udi pid CISCO2811/K9 sn FTX1017I891-

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.60

encapsulation dot1Q 60

ip address 192.168.60.1 255.255.255.0

!

interface FastEthernet0/0.70

encapsulation dot1Q 70

ip address 192.168.70.1 255.255.255.0

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/2/0

ip address 172.16.10.2 255.255.255.252

!

interface Serial0/2/1

no ip address

clock rate 2000000

shutdown

!

interface Vlan1

no ip address

shutdown

!

ip classless

ip route 192.168.10.0 255.255.255.0 172.16.10.1

ip route 192.168.20.0 255.255.255.0 172.16.10.1

ip route 192.168.100.0 255.255.255.0 172.16.10.1

!

ip flow-export version 9

!

!

!

!

!

!

!

dial-peer voice 10 voip

destination-pattern 4...

session target ipv4:172.16.10.1

!

telephony-service

max-ephones 5

max-dn 5

ip source-address 192.168.70.1 port 2000

auto assign 1 to 4

auto assign 4 to 6

!

ephone-dn 1

number 5000

!

ephone-dn 2

number 3679

!

ephone-dn 4

number 5050

!

ephone-dn 5

number 5051

!

ephone 1

device-security-mode none

mac-address 00D0.BC9B.CA00

type 7960

button 1:1

!

ephone 2

device-security-mode none

mac-address 0002.1716.4D01

type ata

button 1:2

!

ephone 3

device-security-mode none

mac-address 0004.9ABC.1A6A

type 7960

button 1:4

!

ephone 4

device-security-mode none

mac-address 0040.0BCC.206E

type 7960

button 1:5

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

!

!

end

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

Hi thank you, please see attached the zipped file

Try this ; remove FastEthernet0/1.90 and FastEthernet0/1.80 configs from MC router and add only this (1st ping always fails)

interface FastEthernet0/1

ip address 192.168.90.1 255.255.255.0

Regards, ML
**Please Rate All Helpful Responses **

perhaps it would be eaier if I attached the assignment so you can see what I am trying to accomplish.

Expanding the Network with a Wireless Network and Firewall

Objective: The objective of this assignment is to extend the network created in the midterm by:

1. Integrating a wireless network, which includes one cell tower, a central office server, and mobile devices
2. Introduce a firewall (ASA 5505) to restrict traffic from the wireless network to the servers in VLAN 100.

Task 1: Design the Network Topology

Expand your network by adding the following components:

• A Central Office Server connected to the main campus router.
• One Cell Tower (represented as a wireless access point).
• Two Mobile Devices (a Tablet and a Smartphone) connected to the cell tower.

Task 2: Configuration of Network Components

1. Configure the main campus router: Establish a connection between the Central Office Server and the main campus network.
1. Router Outside Interface f0/0: This connects to the Central Office Server.

IP address: 192.168.90.1        Subnet mask: 255.255.255.0

1. Router Inside Interface f0/1: This connects to the inside campus network, which is already configured with 3 sub-interfaces. DO NOT configure this interface.

1. Configure Central Office Server IP:

IP address: 192.168.90.2        Subnet mask: 255.255.255.0

1. Configure the Cell Tower (Access Point): Configure wireless settings, including SSIDs and IP addresses in the range of 192.168.90.0
2. Configure the Mobile Devices: Configure the Tablet and Smartphone to connect to the wireless network from the cell towers and ensure they receive IP addresses in the range of 192.168.90.0
3. Verify Connectivity: Ensure that mobile devices can ping devices on the faculty & staff network.

Task 3: Add ASA Firewall to Block Traffic

Description: In this task, you will introduce an ASA 5505 firewall to the network, with the specific goal of restricting traffic from the wireless network to access servers in VLAN 100.

1. Add an ASA 5505 Firewall: Integrate the ASA 5505 firewall into the main campus network between the router and the switch.
2. Configure the ASA Firewall:
• Access the CLI and enter configure terminal mode.
• Create an ACL that defines which traffic should be denied from the wireless network (cell towers) to VLAN 100.

  access-list block-wireless-to-vlan100 extended deny ip <source-IP-range> <destination-IP-range>

Replace <source-IP-range> and <destination-IP-range> with the specific IP addresses or IP ranges you want to block.

• Apply the access list to the interface that connects the wireless network (cell towers) to the ASA. For example:

               access-group block-wireless-to-vlan100 in interface outside

This command instructs the ASA to apply the ACL to traffic entering the outside interface. Note that the wireless network is on the outside interface and VLAN 100 is on the inside interface.

1. Verify Firewall Rules: Verify the functionality of the firewall rules to ensure that access from the mobile devices to servers in VLAN 100 is denied.

I've also tried this and it is still the one way ping I am thinking it has something to do with an access list permission the interface that is connected to the router is fa0/1 to the wireless network, based on the assignment the backbone should be give 192.168.90.2 and the wireless is static 192.168.80.1 , the both got their IP address from the server but i don't understand why i can't ping within the campus network