Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > vlan1 problem on cisco 1812

Reply
Thread Tools

vlan1 problem on cisco 1812

 
 
bongosw
Guest
Posts: n/a
 
      10-06-2006
I have setup a cisco 1812 router.

I can telnet to the router on vlan1, but when I am logged in I can not
ping the vlan1 address or the pc that is connected to it.

The wan interface FastEthernet0 is find I can connect to the Internet
and all. put I can not access the WAN from the pc connected to the
switch/router

Any Help would be much appreciated

 
Reply With Quote
 
 
 
 
Darren Green
Guest
Posts: n/a
 
      10-07-2006

"bongosw" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
>I have setup a cisco 1812 router.
>
> I can telnet to the router on vlan1, but when I am logged in I can not
> ping the vlan1 address or the pc that is connected to it.
>
> The wan interface FastEthernet0 is find I can connect to the Internet
> and all. put I can not access the WAN from the pc connected to the
> switch/router
>
> Any Help would be much appreciated
>

Without the config it is always difficult to help, please post.

My first thought was to check the IP's and default gateway addresses are set
correctly & access-lists. Then the NAT - I assume that you have NAT enabled
to allow you to connect to the Interntet. Are you trying to NAT eveything
from the inside to the outside by mistake.

Again I am guessing because there is no cofig to go off.

Regards

Darren


 
Reply With Quote
 
 
 
 
bongosw
Guest
Posts: n/a
 
      10-09-2006
Darren
Thanks for the reply My config file is below, I removed my external ip
address.


!This is the running config of the router: X.X.X.X
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$tCQB$SKZgnRnE2FLb.FUDNjz5Y/
enable password 7 071D2E595A0C0B57
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
aaa session-id common
!
resource policy
!
no ip source-route
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool sdm-pool1
import all
network 10.10.10.0 255.255.255.0
dns-server X.X.X.3 X.X.X.8
default-router 10.10.10.1
!
!
ip tcp synwait-time 10
no ip bootp server
ip domain name cinario.com
ip name-server X.X.X.3
ip name-server X.X.X.8
ip ssh time-out 60
ip ssh authentication-retries 2
ip inspect log drop-pkt
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
!
appfw policy-name SDM_HIGH
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action reset alarm
service text-chat action reset alarm
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.com
server deny name webmessenger.msn.com
audit-trail on
application http
strict-http action reset alarm
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action reset alarm
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on
!
!
crypto pki trustpoint TP-self-signed-1822211251
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1822211251
revocation-check none
rsakeypair TP-self-signed-1822211251
!
!
crypto pki certificate chain TP-self-signed-1822211251
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101
04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
43657274
69666963 6174652D 31383232 32313132 3531301E 170D3036 31303036
31313430
33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504
03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31
38323232
31313235 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030
81890281
8100CE3A DC98A200 B8CDFCFA 06D2069F 2B4ADCAA 0A451143 9E4AC4CB
75C64548
C2EB7E01 E78FC7BD 24113090 97EEE34D F6B30FF1 498C7B29 8ED1782E
C36E62A8
6E054D60 3B144A77 7C1D061D FB433867 FF8A1051 3822B3DA 1375EB25
687AF699
BC10D5B4 ABFBDC08 0EFAC3DE C8971ADC A86C4333 28C08561 FDB2142D
576FE767
F19F0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF
301D0603
551D1104 16301482 12526F75 7465722E 63696E61 72696F2E 636F6D30
1F060355
1D230418 30168014 68F32795 D81AD799 FB23D500 DA731DD6 BD2914DB
301D0603
551D0E04 16041468 F32795D8 1AD799FB 23D500DA 731DD6BD 2914DB30
0D06092A
864886F7 0D010104 05000381 81009F3F F5A4E991 D4859DE3 AF5DAC29
7E4B040D
5963BCFB AD6920F6 6253113E 0CC3AAC9 F6AC64D0 D97DA060 C71E2C31
C50C198C
32A94C05 6001172D CC905E7B 5985E22B CC9B8441 19D03D40 7DDCDF6B
3D219793
AFAED399 BEBDB902 BAC488D6 BBFF376C 19881E0E 98BC8806 D49CFCFF
E4D2B0F4
4570CDC8 5BD5B247 D71DBFC6 EF90
quit
username cinario privilege 15 secret 5 $1$DC5q$hq5ymhkJVfzQYbcx5GaQ0.
!
!
class-map match-any sdm_p2p_kazaa
match protocol fasttrack
match protocol kazaa2
class-map match-any sdm_p2p_edonkey
match protocol edonkey
class-map match-any sdm_p2p_gnutella
match protocol gnutella
class-map match-any sdm_p2p_bittorrent
match protocol bittorrent
!
!
policy-map sdmappfwp2p_SDM_HIGH
class sdm_p2p_gnutella
drop
class sdm_p2p_bittorrent
drop
class sdm_p2p_edonkey
drop
class sdm_p2p_kazaa
drop
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0
description $ETH-WAN$$FW_OUTSIDE$
ip address X.X.X.X 255.255.255.0
ip access-group 101 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect SDM_HIGH out
ip virtual-reassembly
ip route-cache flow
duplex auto
speed auto
service-policy input sdmappfwp2p_SDM_HIGH
service-policy output sdmappfwp2p_SDM_HIGH
!
interface FastEthernet1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
shutdown
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
shutdown
!
interface FastEthernet4
shutdown
!
interface FastEthernet5
shutdown
!
interface FastEthernet6
shutdown
!
interface FastEthernet7
shutdown
!
interface FastEthernet8
shutdown
!
interface FastEthernet9
shutdown
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
ip address 10.10.10.1 255.255.255.0
ip access-group 100 in
ip verify unicast reverse-path
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
interface Async1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation slip
!
ip default-gateway X.X.X.254
ip route 0.0.0.0 0.0.0.0 X.X.X.254
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat pool e1 10.10.11.0 10.10.11.255 netmask 255.255.255.0
ip nat pool e0 10.10.12.0 10.10.12.255 netmask 255.255.255.0
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap debugging
access-list 100 remark auto generated by SDM firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip X.X.X.0 0.0.0.255 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto generated by SDM firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host X.X.X.8 eq domain host X.X.X.40
access-list 101 permit udp host X.X.X.3 eq domain host X.X.X.40
access-list 101 deny ip 10.10.10.0 0.0.0.255 any
access-list 101 permit icmp any host X.X.X.40 echo-reply
access-list 101 permit icmp any host X.X.X.40 time-exceeded
access-list 101 permit icmp any host X.X.X.40 unreachable
access-list 101 permit tcp X.X.X.0 0.0.0.255 host X.X.X.40 eq 443
access-list 101 permit tcp X.X.X.0 0.0.0.255 host X.X.X.40 eq 22
access-list 101 permit tcp X.X.X.0 0.0.0.255 host X.X.X.40 eq cmd
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any log
access-list 102 remark VTY Access-class list
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip 10.10.10.0 0.0.0.255 any
access-list 102 deny ip any any
no cdp run
!
!
!
!
!
!
control-plane
!
banner login ^CNon Autherised access is allowed^C
!
line con 0
login authentication local_authen
transport output telnet
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
access-class 102 in
password 7 120B0A02060E1E57
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!
scheduler allocate 4000 1000
scheduler interval 500
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end




Darren Green wrote:
> "bongosw" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed) oups.com...
> >I have setup a cisco 1812 router.
> >
> > I can telnet to the router on vlan1, but when I am logged in I can not
> > ping the vlan1 address or the pc that is connected to it.
> >
> > The wan interface FastEthernet0 is find I can connect to the Internet
> > and all. put I can not access the WAN from the pc connected to the
> > switch/router
> >
> > Any Help would be much appreciated
> >

> Without the config it is always difficult to help, please post.
>
> My first thought was to check the IP's and default gateway addresses are set
> correctly & access-lists. Then the NAT - I assume that you have NAT enabled
> to allow you to connect to the Interntet. Are you trying to NAT eveything
> from the inside to the outside by mistake.
>
> Again I am guessing because there is no cofig to go off.
>
> Regards
>
> Darren


 
Reply With Quote
 
Merv
Guest
Posts: n/a
 
      10-09-2006
try moving all of the vvlan 1 config to interface bvi 1

 
Reply With Quote
 
bongosw
Guest
Posts: n/a
 
      10-09-2006

Merv wrote:
> try moving all of the vvlan 1 config to interface bvi 1

Do I have to create a bvi 1 interface to move the vlan to

 
Reply With Quote
 
Merv
Guest
Posts: n/a
 
      10-09-2006

bongosw wrote:
> Merv wrote:
> > try moving all of the vvlan 1 config to interface bvi 1

> Do I have to create a bvi 1 interface to move the vlan to


yes
config t
int bvi 1
.....
end
wri mem

 
Reply With Quote
 
bongosw
Guest
Posts: n/a
 
      10-10-2006

Merv wrote:
> bongosw wrote:
> > Merv wrote:
> > > try moving all of the vvlan 1 config to interface bvi 1

> > Do I have to create a bvi 1 interface to move the vlan to

>
> yes
> config t
> int bvi 1
> ....
> end
> wri mem


Many thanks for all your help, I was missing a NAT rule for the routing

R.
Bongosw

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
problem with webaccess into cisco 1812 thomasek Hardware 0 09-26-2008 04:01 PM
Cisco 1812 site to site vpn on checkpoint firewall martysharkey Hardware 0 10-25-2006 02:39 PM
Cisco 1812 stefano.codari@wpsit.net Cisco 5 08-15-2006 04:47 AM
Cisco 1812 (SDM and WebVPN on the same IP) boris.kocar@gmail.com Cisco 1 08-12-2006 06:31 PM
interface VlaN1 on Cisco Switch 2590 Mirek Cisco 1 02-12-2004 10:17 PM



Advertisments