Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Cisco > 2600 + VLAN routing

Reply
Thread Tools

2600 + VLAN routing

 
 
turnip
Guest
Posts: n/a
 
      11-02-2007
router config:

!
!
version 12.2
service tcp-keepalives-in
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname cerberus
!
boot system flash c2600-js-mz.122-12a.bin
no logging console
aaa new-model
aaa authentication login default group radius
aaa authentication ppp default group radius
aaa authorization network default group radius
aaa accounting network default start-stop group radius
enable secret 5 xxx
enable password 7 xxx
!
clock timezone EST -5
ip subnet-zero
!
!
no ip domain-lookup
!
no ip bootp server
ip cef
!
class-map match-all radmin-rdp
match access-group 101
class-map match-all ipsec
match access-group 103
class-map match-all voice
match access-group 105
class-map match-all www
match access-group 102
!
!
policy-map voip
class voice
bandwidth 150
class class-default
fair-queue
policy-map outbound_shaper
class ipsec
bandwidth percent 50
random-detect
class www
bandwidth percent 25
random-detect
class radmin-rdp
bandwidth percent 25
random-detect
class class-default
fair-queue
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
no ip mroute-cache
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/0.1
encapsulation dot1Q 2
ip address 192.168.44.253 255.255.255.0
ip nat inside
no cdp enable
!
interface FastEthernet0/0.4
encapsulation dot1Q 1 native
ip address 192.168.0.253 255.255.255.0
ip nat inside
no cdp enable
!
interface Serial0/0
bandwidth 1536
ip address 12.87.aa.aa 255.255.255.252
ip access-group 125 in
ip nat outside
encapsulation ppp
service-module t1 timeslots 1-24
service-module t1 remote-alarm-enable
no cdp enable
!
interface FastEthernet0/1
ip address 10.0.0.253 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
!
interface Serial0/1
ip address 10.1.1.2 255.255.255.0
ip nat inside
encapsulation ppp
service-policy output voip
service-module t1 clock source internal
no cdp enable
hold-queue 200 in
hold-queue 200 out
!
router rip
network 10.0.0.0
network 192.168.0.0
network 192.168.1.0
network 192.168.44.0
!
ip nat pool OVERLOAD 12.87.aa.aa 12.87.aa.aa netmask 255.255.255.252
ip nat pool warehouse 12.170.bb.bb 12.170.bb.bb netmask
255.255.255.252
ip nat pool it-dept-vlan 12.170.bb.cc 12.170.bb.cc netmask
255.255.255.252
ip nat inside source list 1 pool OVERLOAD overload
ip nat inside source list 2 pool warehouse overload
ip nat inside source list 3 pool it-dept-vlan overload
ip nat inside source static udp 192.168.0.200 3389 12.170.bb.cc 3389
extendable
ip nat inside source static tcp 192.168.0.200 3389 12.170.bb.cc 3389
extendable
ip nat inside source static tcp 192.168.0.200 1723 12.170.bb.cc 1723
extendable
ip nat inside source static tcp 192.168.0.55 3389 12.87.aa.aa 3389
extendable
ip nat inside source static udp 192.168.0.55 3389 12.87.aa.aa 3389
extendable
ip nat inside source static udp 10.0.0.254 5060 12.87.aa.aa 5060
extendable
ip nat inside source static udp 192.168.0.235 4326 12.87.aa.aa 4326
extendable
ip nat inside source static tcp 192.168.0.235 4326 12.87.aa.aa 4326
extendable
ip nat inside source static tcp 10.0.0.254 6600 12.87.aa.aa 6600
extendable
ip nat inside source static udp 10.0.0.254 6600 12.87.aa.aa 6600
extendable
ip nat inside source static tcp 192.168.0.199 443 12.170.bb.bb 443
extendable
ip nat inside source static udp 192.168.0.199 4500 12.170.bb.bb 4500
extendable
ip nat inside source static udp 192.168.0.199 500 12.170.bb.bb 500
extendable
ip nat inside source static tcp 192.168.0.111 22 12.170.bb.bb 22
extendable
ip nat inside source static tcp 192.168.0.111 80 12.170.bb.bb 80
extendable
ip nat inside source static tcp 10.0.0.254 22 12.87.aa.aa.22
extendable
ip nat inside source static tcp 10.0.0.254 80 12.87.aa.aa 80
extendable
ip nat inside source static tcp 192.168.0.45 3306 12.170.bb.cc 3306
extendable
ip nat inside source static udp 192.168.0.41 3389 12.170.bb.aa 3389
extendable
ip nat inside source static tcp 192.168.0.41 3389 12.170.bb.aa 3389
extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0 12.87.16.37 name at&t
ip route 192.168.1.0 255.255.255.0 Serial0/1 10.1.1.1 permanent
no ip http server
ip pim bidir-enable
!
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 3 permit 192.168.44.0 0.0.0.255
access-list 101 remark remote admin acl
access-list 101 permit tcp any eq 4326 any time-range business_hr
access-list 101 permit tcp any eq 3389 any time-range business_hr
access-list 102 remark www protocol
access-list 102 permit tcp any eq www any time-range business_hr
access-list 102 permit tcp any eq 443 any time-range business_hr
access-list 102 permit tcp any eq ftp any time-range business_hr
access-list 103 remark ipsec/lt2p/pptp/esp
access-list 103 permit esp any any time-range business_hr
access-list 103 permit udp any eq isakmp any time-range business_hr
access-list 103 permit udp any eq 1701 any time-range business_hr
access-list 103 permit udp any eq 1723 any time-range business_hr
access-list 103 permit udp any eq 4500 any time-range business_hr
access-list 103 permit ahp any any time-range business_hr
access-list 103 permit gre any any time-range business_hr
access-list 103 permit tcp any eq 1723 any time-range business_hr
access-list 105 remark VOIP (SIP/IAX/IAX2) traffic gets top priority
(5)
access-list 105 permit udp any any eq 4569
access-list 105 permit udp any any eq 5004
access-list 105 permit udp any any eq 5036
access-list 105 permit udp any any eq 5060
access-list 105 permit ip host 10.0.0.254 any
access-list 105 permit ip any host 10.0.0.254
access-list 125 deny tcp any any eq telnet
access-list 125 deny tcp any any eq chargen
access-list 125 deny tcp any any eq ident
access-list 125 deny tcp any any eq nntp
access-list 125 deny tcp any any eq hostname
access-list 125 deny tcp any any eq exec
access-list 125 deny tcp any any eq cmd
access-list 125 permit ip any any
access-list 125 permit gre any any
access-list 125 permit ip any host 192.168.0.200
access-list 126 permit gre any any
access-list 126 permit ip any any
access-list 126 permit udp any any
access-list 126 permit icmp any any
access-list 126 permit esp any any
access-list 126 permit ahp any any
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
snmp-server community public RO
snmp-server contact jzakhar<(E-Mail Removed)>
snmp-server enable traps snmp authentication linkdown linkup coldstart
warmstart
snmp-server enable traps tty
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps hsrp
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps envmon
snmp-server enable traps bgp
snmp-server enable traps rsvp
snmp-server enable traps frame-relay
snmp-server enable traps syslog
snmp-server enable traps rtr
snmp-server host 192.168.0.111 public
radius-server host 192.168.0.52 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server key 7 140702021C077E7A7478
radius-server vsa send accounting
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 12170A223F2A2D45
logout-warning 60
absolute-timeout 15
!
ntp clock-period 17179984
ntp server 10.0.0.254
time-range business_hr
periodic weekdays 8:00 to 18:00
!
time-range name
periodic weekdays 8:00 to 18:00
!
end


I cannot get the 192.168.44.0 vlan to route. When I plug into the
switch (2924 XL) I can assign an address in teh range. Ping all
networks internally, but not route out. Using an extended ping I can
ping from every interface but the 192.168.44.253

Wondering if anyone see's any glaring issues with my config.
Everything (nat statements) work minus the one vlan ip nat inside

Any help would be much appreciated

 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
PWR-2600-AC 2600 power supply to switch over a DC router? dehusk@gmail.com Cisco 2 08-09-2008 10:47 PM
VLAN Security vs. Inter-VLAN Routing JohnD Cisco 3 12-18-2007 11:07 PM
2950 / 2600 VLAN help needed. TF Cisco 9 11-01-2006 05:27 AM
Cisco 2600 / VLAN Paul Guthrie Cisco 1 03-04-2004 12:35 AM
Two ethernet ports on 2600 to same vlan Dan Jenkins Cisco 3 02-19-2004 09:00 PM



Advertisments