vlan1 problem on cisco 1812

Discussion in 'Cisco' started by bongosw, Oct 6, 2006.

  1. bongosw

    bongosw Guest

    I have setup a cisco 1812 router.

    I can telnet to the router on vlan1, but when I am logged in I can not
    ping the vlan1 address or the pc that is connected to it.

    The wan interface FastEthernet0 is find I can connect to the Internet
    and all. put I can not access the WAN from the pc connected to the
    switch/router

    Any Help would be much appreciated
     
    bongosw, Oct 6, 2006
    #1
    1. Advertising

  2. bongosw

    Darren Green Guest

    "bongosw" <> wrote in message
    news:...
    >I have setup a cisco 1812 router.
    >
    > I can telnet to the router on vlan1, but when I am logged in I can not
    > ping the vlan1 address or the pc that is connected to it.
    >
    > The wan interface FastEthernet0 is find I can connect to the Internet
    > and all. put I can not access the WAN from the pc connected to the
    > switch/router
    >
    > Any Help would be much appreciated
    >

    Without the config it is always difficult to help, please post.

    My first thought was to check the IP's and default gateway addresses are set
    correctly & access-lists. Then the NAT - I assume that you have NAT enabled
    to allow you to connect to the Interntet. Are you trying to NAT eveything
    from the inside to the outside by mistake.

    Again I am guessing because there is no cofig to go off.

    Regards

    Darren
     
    Darren Green, Oct 7, 2006
    #2
    1. Advertising

  3. bongosw

    bongosw Guest

    Re: vlan1 problem on cisco 1812

    Darren
    Thanks for the reply My config file is below, I removed my external ip
    address.


    !This is the running config of the router: X.X.X.X
    !----------------------------------------------------------------------------
    !version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 $1$tCQB$SKZgnRnE2FLb.FUDNjz5Y/
    enable password 7 071D2E595A0C0B57
    !
    aaa new-model
    !
    !
    aaa authentication login local_authen local
    aaa authorization exec local_author local
    !
    aaa session-id common
    !
    resource policy
    !
    no ip source-route
    !
    !
    ip cef
    no ip dhcp use vrf connected
    ip dhcp excluded-address 10.10.10.1
    !
    ip dhcp pool sdm-pool1
    import all
    network 10.10.10.0 255.255.255.0
    dns-server X.X.X.3 X.X.X.8
    default-router 10.10.10.1
    !
    !
    ip tcp synwait-time 10
    no ip bootp server
    ip domain name cinario.com
    ip name-server X.X.X.3
    ip name-server X.X.X.8
    ip ssh time-out 60
    ip ssh authentication-retries 2
    ip inspect log drop-pkt
    ip inspect name SDM_HIGH appfw SDM_HIGH
    ip inspect name SDM_HIGH icmp
    ip inspect name SDM_HIGH dns
    ip inspect name SDM_HIGH esmtp
    ip inspect name SDM_HIGH https
    ip inspect name SDM_HIGH imap reset
    ip inspect name SDM_HIGH pop3 reset
    ip inspect name SDM_HIGH tcp
    ip inspect name SDM_HIGH udp
    !
    appfw policy-name SDM_HIGH
    application im aol
    service default action reset alarm
    service text-chat action reset alarm
    server deny name login.oscar.aol.com
    server deny name toc.oscar.aol.com
    server deny name oam-d09a.blue.aol.com
    audit-trail on
    application im msn
    service default action reset alarm
    service text-chat action reset alarm
    server deny name messenger.hotmail.com
    server deny name gateway.messenger.hotmail.com
    server deny name webmessenger.msn.com
    audit-trail on
    application http
    strict-http action reset alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action reset alarm
    application im yahoo
    service default action reset alarm
    service text-chat action reset alarm
    server deny name scs.msg.yahoo.com
    server deny name scsa.msg.yahoo.com
    server deny name scsb.msg.yahoo.com
    server deny name scsc.msg.yahoo.com
    server deny name scsd.msg.yahoo.com
    server deny name cs16.msg.dcn.yahoo.com
    server deny name cs19.msg.dcn.yahoo.com
    server deny name cs42.msg.dcn.yahoo.com
    server deny name cs53.msg.dcn.yahoo.com
    server deny name cs54.msg.dcn.yahoo.com
    server deny name ads1.vip.scd.yahoo.com
    server deny name radio1.launch.vip.dal.yahoo.com
    server deny name in1.msg.vip.re2.yahoo.com
    server deny name data1.my.vip.sc5.yahoo.com
    server deny name address1.pim.vip.mud.yahoo.com
    server deny name edit.messenger.yahoo.com
    server deny name messenger.yahoo.com
    server deny name http.pager.yahoo.com
    server deny name privacy.yahoo.com
    server deny name csa.yahoo.com
    server deny name csb.yahoo.com
    server deny name csc.yahoo.com
    audit-trail on
    !
    !
    crypto pki trustpoint TP-self-signed-1822211251
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1822211251
    revocation-check none
    rsakeypair TP-self-signed-1822211251
    !
    !
    crypto pki certificate chain TP-self-signed-1822211251
    certificate self-signed 01
    3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101
    04050030
    31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D
    43657274
    69666963 6174652D 31383232 32313132 3531301E 170D3036 31303036
    31313430
    33315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504
    03132649
    4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31
    38323232
    31313235 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030
    81890281
    8100CE3A DC98A200 B8CDFCFA 06D2069F 2B4ADCAA 0A451143 9E4AC4CB
    75C64548
    C2EB7E01 E78FC7BD 24113090 97EEE34D F6B30FF1 498C7B29 8ED1782E
    C36E62A8
    6E054D60 3B144A77 7C1D061D FB433867 FF8A1051 3822B3DA 1375EB25
    687AF699
    BC10D5B4 ABFBDC08 0EFAC3DE C8971ADC A86C4333 28C08561 FDB2142D
    576FE767
    F19F0203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF
    301D0603
    551D1104 16301482 12526F75 7465722E 63696E61 72696F2E 636F6D30
    1F060355
    1D230418 30168014 68F32795 D81AD799 FB23D500 DA731DD6 BD2914DB
    301D0603
    551D0E04 16041468 F32795D8 1AD799FB 23D500DA 731DD6BD 2914DB30
    0D06092A
    864886F7 0D010104 05000381 81009F3F F5A4E991 D4859DE3 AF5DAC29
    7E4B040D
    5963BCFB AD6920F6 6253113E 0CC3AAC9 F6AC64D0 D97DA060 C71E2C31
    C50C198C
    32A94C05 6001172D CC905E7B 5985E22B CC9B8441 19D03D40 7DDCDF6B
    3D219793
    AFAED399 BEBDB902 BAC488D6 BBFF376C 19881E0E 98BC8806 D49CFCFF
    E4D2B0F4
    4570CDC8 5BD5B247 D71DBFC6 EF90
    quit
    username cinario privilege 15 secret 5 $1$DC5q$hq5ymhkJVfzQYbcx5GaQ0.
    !
    !
    class-map match-any sdm_p2p_kazaa
    match protocol fasttrack
    match protocol kazaa2
    class-map match-any sdm_p2p_edonkey
    match protocol edonkey
    class-map match-any sdm_p2p_gnutella
    match protocol gnutella
    class-map match-any sdm_p2p_bittorrent
    match protocol bittorrent
    !
    !
    policy-map sdmappfwp2p_SDM_HIGH
    class sdm_p2p_gnutella
    drop
    class sdm_p2p_bittorrent
    drop
    class sdm_p2p_edonkey
    drop
    class sdm_p2p_kazaa
    drop
    !
    !
    !
    !
    !
    !
    interface Null0
    no ip unreachables
    !
    interface FastEthernet0
    description $ETH-WAN$$FW_OUTSIDE$
    ip address X.X.X.X 255.255.255.0
    ip access-group 101 in
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip inspect SDM_HIGH out
    ip virtual-reassembly
    ip route-cache flow
    duplex auto
    speed auto
    service-policy input sdmappfwp2p_SDM_HIGH
    service-policy output sdmappfwp2p_SDM_HIGH
    !
    interface FastEthernet1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet2
    !
    interface FastEthernet3
    shutdown
    !
    interface FastEthernet4
    shutdown
    !
    interface FastEthernet5
    shutdown
    !
    interface FastEthernet6
    shutdown
    !
    interface FastEthernet7
    shutdown
    !
    interface FastEthernet8
    shutdown
    !
    interface FastEthernet9
    shutdown
    !
    interface Vlan1
    description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$$FW_INSIDE$
    ip address 10.10.10.1 255.255.255.0
    ip access-group 100 in
    ip verify unicast reverse-path
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip virtual-reassembly
    ip route-cache flow
    ip tcp adjust-mss 1452
    !
    interface Async1
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation slip
    !
    ip default-gateway X.X.X.254
    ip route 0.0.0.0 0.0.0.0 X.X.X.254
    !
    !
    ip http server
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat pool e1 10.10.11.0 10.10.11.255 netmask 255.255.255.0
    ip nat pool e0 10.10.12.0 10.10.12.255 netmask 255.255.255.0
    ip nat inside source list 1 interface FastEthernet0 overload
    !
    logging trap debugging
    access-list 100 remark auto generated by SDM firewall configuration
    access-list 100 remark SDM_ACL Category=1
    access-list 100 deny ip X.X.X.0 0.0.0.255 any
    access-list 100 deny ip host 255.255.255.255 any
    access-list 100 deny ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit ip any any
    access-list 101 remark auto generated by SDM firewall configuration
    access-list 101 remark SDM_ACL Category=1
    access-list 101 permit udp host X.X.X.8 eq domain host X.X.X.40
    access-list 101 permit udp host X.X.X.3 eq domain host X.X.X.40
    access-list 101 deny ip 10.10.10.0 0.0.0.255 any
    access-list 101 permit icmp any host X.X.X.40 echo-reply
    access-list 101 permit icmp any host X.X.X.40 time-exceeded
    access-list 101 permit icmp any host X.X.X.40 unreachable
    access-list 101 permit tcp X.X.X.0 0.0.0.255 host X.X.X.40 eq 443
    access-list 101 permit tcp X.X.X.0 0.0.0.255 host X.X.X.40 eq 22
    access-list 101 permit tcp X.X.X.0 0.0.0.255 host X.X.X.40 eq cmd
    access-list 101 deny ip 10.0.0.0 0.255.255.255 any
    access-list 101 deny ip 172.16.0.0 0.15.255.255 any
    access-list 101 deny ip 192.168.0.0 0.0.255.255 any
    access-list 101 deny ip 127.0.0.0 0.255.255.255 any
    access-list 101 deny ip host 255.255.255.255 any
    access-list 101 deny ip host 0.0.0.0 any
    access-list 101 deny ip any any log
    access-list 102 remark VTY Access-class list
    access-list 102 remark SDM_ACL Category=1
    access-list 102 permit ip 10.10.10.0 0.0.0.255 any
    access-list 102 deny ip any any
    no cdp run
    !
    !
    !
    !
    !
    !
    control-plane
    !
    banner login ^CNon Autherised access is allowed^C
    !
    line con 0
    login authentication local_authen
    transport output telnet
    line 1
    modem InOut
    stopbits 1
    speed 115200
    flowcontrol hardware
    line aux 0
    login authentication local_authen
    transport output telnet
    line vty 0 4
    access-class 102 in
    password 7 120B0A02060E1E57
    authorization exec local_author
    login authentication local_authen
    transport input telnet ssh
    !
    scheduler allocate 4000 1000
    scheduler interval 500
    !
    webvpn context Default_context
    ssl authenticate verify all
    !
    no inservice
    !
    end




    Darren Green wrote:
    > "bongosw" <> wrote in message
    > news:...
    > >I have setup a cisco 1812 router.
    > >
    > > I can telnet to the router on vlan1, but when I am logged in I can not
    > > ping the vlan1 address or the pc that is connected to it.
    > >
    > > The wan interface FastEthernet0 is find I can connect to the Internet
    > > and all. put I can not access the WAN from the pc connected to the
    > > switch/router
    > >
    > > Any Help would be much appreciated
    > >

    > Without the config it is always difficult to help, please post.
    >
    > My first thought was to check the IP's and default gateway addresses are set
    > correctly & access-lists. Then the NAT - I assume that you have NAT enabled
    > to allow you to connect to the Interntet. Are you trying to NAT eveything
    > from the inside to the outside by mistake.
    >
    > Again I am guessing because there is no cofig to go off.
    >
    > Regards
    >
    > Darren
     
    bongosw, Oct 9, 2006
    #3
  4. bongosw

    Merv Guest

    Re: vlan1 problem on cisco 1812

    try moving all of the vvlan 1 config to interface bvi 1
     
    Merv, Oct 9, 2006
    #4
  5. bongosw

    bongosw Guest

    Re: vlan1 problem on cisco 1812

    Merv wrote:
    > try moving all of the vvlan 1 config to interface bvi 1

    Do I have to create a bvi 1 interface to move the vlan to
     
    bongosw, Oct 9, 2006
    #5
  6. bongosw

    Merv Guest

    Re: vlan1 problem on cisco 1812

    bongosw wrote:
    > Merv wrote:
    > > try moving all of the vvlan 1 config to interface bvi 1

    > Do I have to create a bvi 1 interface to move the vlan to


    yes
    config t
    int bvi 1
    .....
    end
    wri mem
     
    Merv, Oct 9, 2006
    #6
  7. bongosw

    bongosw Guest

    Re: vlan1 problem on cisco 1812

    Merv wrote:
    > bongosw wrote:
    > > Merv wrote:
    > > > try moving all of the vvlan 1 config to interface bvi 1

    > > Do I have to create a bvi 1 interface to move the vlan to

    >
    > yes
    > config t
    > int bvi 1
    > ....
    > end
    > wri mem


    Many thanks for all your help, I was missing a NAT rule for the routing

    R.
    Bongosw
     
    bongosw, Oct 10, 2006
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris Marva

    Re: vlan1 on trunks 2924XL 2950

    Chris Marva, Jul 7, 2003, in forum: Cisco
    Replies:
    0
    Views:
    1,749
    Chris Marva
    Jul 7, 2003
  2. Mirek
    Replies:
    1
    Views:
    6,416
    Martin Bilgrav
    Feb 12, 2004
  3. Replies:
    0
    Views:
    752
  4. Steffen M. Steck

    VLAN1 tagged on trunk?

    Steffen M. Steck, Feb 13, 2006, in forum: Cisco
    Replies:
    2
    Views:
    5,238
    Scott Lowe
    Apr 20, 2006
  5. thomasek
    Replies:
    0
    Views:
    1,180
    thomasek
    Sep 26, 2008
Loading...

Share This Page