Hi I'm having an issue setting up a router on a stick configuration with a 4006 running CatOS and a 2621 router. I have set up vlans on the 4006, and set up sub interfaces on the 2621 that corrospond to the different vlan's however when I connect a workstation to the vlan I can only ping out to the ip address of the subinterface on the router not the other VLAN's or to the internal interface on the PIX or internet. I've had this config working on a 2621 previously when working with an IOS switch so I'm wondering if the issue is just my lack of knowledge of CatOS. I have posted the configs of the different devices below as well as the topology, any help with this would be appreciated.
Internet || PIX ||
2621 || 4006 || VLAN106 VLAN1044006 Configuration
This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ................. ..........................
..........................
..
begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Fri Jan 22 2010, 07:12:02 ! #version 7.6(17) ! ! #system web interface version(s) !
--More-- #dot1x set feature dot1x-radius-keepalive disable ! #frame distribution method set port channel all distribution mac both ! #vtp set vtp mode transparent set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active stp ibm set vlan 104,106 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active mode srb aremaxhop 7 stemaxhop 7 backupcrf off ! #ip set interface sc0 1 192.168.1.14/255.255.255.0 192.168.1.255
set interface sl0 down set interface me1 down set ip route 0.0.0.0/0.0.0.0 192.168.1.1 ! #set boot command set boot config-register 0x2
--More-- set boot system flash bootflash:cat4000-k8.7-6-17.bin set boot system flash bootflash:cat4000-k8.7-6-5.bin ! #multicast filter set igmp filter disable ! #module 1 : 2-port 1000BaseX Supervisor set trunk 1/2 on dot1q 1-1005,1025-4094 ! #module 2 : 6-port 1000BaseX Ethernet ! #module 3 : 48-port 10/100BaseTx Ethernet set vlan 104 3/25-36 set vlan 106 3/13-24 set port speed 3/1-48 100 set port duplex 3/1-48 full set trunk 3/48 desirable dot1q 1-1005,1025-4094 ! #module 4 empty ! #module 5 empty ! #module 6 empty
2621 Configurationversion 12.3
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!hostname tstrtr
!boot-start-marker
boot-end-marker
!enable secret ###################
!no aaa new-model
ip subnet-zero
no ip source-route
--More-- !
!no ip domain lookup
!no ip bootp server
ip cef
! ! ! ! ! ! ! ! ! ! ! ! !interface FastEthernet0/0
description Connection to Edge
ip address 10.1.2.254 255.255.255.0
duplex auto
speed auto
!interface FastEthernet0/1
no ip address
speed 100
full-duplex
!interface FastEthernet0/1.1
description Management VLAN
encapsulation dot1Q 1 native
ip address 192.168.1.1 255.255.255.0
!interface FastEthernet0/1.4
description Home VLAN
encapsulation dot1Q 104
ip address 192.168.104.1 255.255.255.0
!interface FastEthernet0/1.6
description Work VLAN
encapsulation dot1Q 106
ip address 192.168.106.1 255.255.255.0
!router rip
network 10.0.0.0
network 192.0.0.0
!no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.2.1
! ! ! ! ! !dial-peer cor custom
! !
! !
line con 0
exec-timeout 15 0
password ############
logging synchronous
login
length 22
history size 30
line aux 0
exec-timeout 5 0
login
length 22
transport output none
line vty 0 4
exec-timeout 20 30
password ###############
login
length 22
history size 30
PIX Configuration
PIX Version 6.3(5)
interface ethernet0 auto
interface ethernet1 100full
nameif ethernet0 outside security0
nameif ethernet1 inside security100
enable password ################## encrypted
passwd ################# encrypted
hostname testpix
domain-name testdomain.local
fixup protocol dns maximum-length 512
fixup protocol ftp 21
fixup protocol h323 h225 1720
fixup protocol h323 ras 1718-1719
fixup protocol http 80
fixup protocol rsh 514
fixup protocol rtsp 554
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol skinny 2000
no fixup protocol smtp 25
fixup protocol sqlnet 1521
fixup protocol tftp 69
names
access-list 101 permit ip 10.1.2.0 255.255.255.0 10.1.3.0
255.255.255.0access-list 102 permit icmp any any
access-list 102 permit ip 10.1.3.0 255.255.255.0 10.1.2.0
255.255.255.0access-list 103 permit ip any any
pager lines 24
mtu outside 1500
mtu inside 1500
ip address outside 111.111.111.111 255.255.255.252
ip address inside 10.1.2.1 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool pptp-pool 10.2.3.10-10.2.3.50
pdm logging informational 100
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list 101
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
conduit permit icmp any any
route outside 0.0.0.0 0.0.0.0 111.111.111.111 1
timeout xlate 0:05:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
1:00:00timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-pptp
telnet 192.168.0.0 255.255.0.0 inside
telnet 10.0.0.0 255.0.0.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
vpdn group 1 accept dialin pptp
vpdn group 1 ppp authentication pap
vpdn group 1 ppp authentication chap
vpdn group 1 ppp authentication mschap
vpdn group 1 ppp encryption mppe auto
vpdn group 1 client configuration address local pptp-pool
vpdn group 1 client configuration dns 192.168.6.50
vpdn group 1 pptp echo 60
vpdn group 1 client authentication local
vpdn username testuser password *********
vpdn enable outside
dhcpd lease 3600
dhcpd ping_timeout 750
username cisco password ############### encrypted privilege 15
terminal width 80