1. Home
  2. Cisco Systems
  3. 2600 + VLAN routing

2600 + VLAN routing

router config:

! ! version 12.2 service tcp-keepalives-in service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname cerberus ! boot system flash c2600-js-mz.122-12a.bin no logging console aaa new-model aaa authentication login default group radius aaa authentication ppp default group radius aaa authorization network default group radius aaa accounting network default start-stop group radius enable secret 5 xxx enable password 7 xxx ! clock timezone EST -5 ip subnet-zero ! ! no ip domain-lookup ! no ip bootp server ip cef ! class-map match-all radmin-rdp match access-group 101 class-map match-all ipsec match access-group 103 class-map match-all voice match access-group 105 class-map match-all www match access-group 102 ! ! policy-map voip class voice bandwidth 150 class class-default fair-queue policy-map outbound_shaper class ipsec bandwidth percent 50 random-detect class www bandwidth percent 25 random-detect class radmin-rdp bandwidth percent 25 random-detect class class-default fair-queue ! call rsvp-sync ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address no ip mroute-cache duplex auto speed auto no cdp enable ! interface FastEthernet0/0.1 encapsulation dot1Q 2 ip address 192.168.44.253 255.255.255.0 ip nat inside no cdp enable ! interface FastEthernet0/0.4 encapsulation dot1Q 1 native ip address 192.168.0.253 255.255.255.0 ip nat inside no cdp enable ! interface Serial0/0 bandwidth 1536 ip address 12.87.aa.aa 255.255.255.252 ip access-group 125 in ip nat outside encapsulation ppp service-module t1 timeslots 1-24 service-module t1 remote-alarm-enable no cdp enable ! interface FastEthernet0/1 ip address 10.0.0.253 255.255.255.0 ip nat inside duplex auto speed auto no cdp enable ! interface Serial0/1 ip address 10.1.1.2 255.255.255.0 ip nat inside encapsulation ppp service-policy output voip service-module t1 clock source internal no cdp enable hold-queue 200 in hold-queue 200 out ! router rip network 10.0.0.0 network 192.168.0.0 network 192.168.1.0 network 192.168.44.0 ! ip nat pool OVERLOAD 12.87.aa.aa 12.87.aa.aa netmask 255.255.255.252 ip nat pool warehouse 12.170.bb.bb 12.170.bb.bb netmask

255.255.255.252 ip nat pool it-dept-vlan 12.170.bb.cc 12.170.bb.cc netmask 255.255.255.252 ip nat inside source list 1 pool OVERLOAD overload ip nat inside source list 2 pool warehouse overload ip nat inside source list 3 pool it-dept-vlan overload ip nat inside source static udp 192.168.0.200 3389 12.170.bb.cc 3389 extendable ip nat inside source static tcp 192.168.0.200 3389 12.170.bb.cc 3389 extendable ip nat inside source static tcp 192.168.0.200 1723 12.170.bb.cc 1723 extendable ip nat inside source static tcp 192.168.0.55 3389 12.87.aa.aa 3389 extendable ip nat inside source static udp 192.168.0.55 3389 12.87.aa.aa 3389 extendable ip nat inside source static udp 10.0.0.254 5060 12.87.aa.aa 5060 extendable ip nat inside source static udp 192.168.0.235 4326 12.87.aa.aa 4326 extendable ip nat inside source static tcp 192.168.0.235 4326 12.87.aa.aa 4326 extendable ip nat inside source static tcp 10.0.0.254 6600 12.87.aa.aa 6600 extendable ip nat inside source static udp 10.0.0.254 6600 12.87.aa.aa 6600 extendable ip nat inside source static tcp 192.168.0.199 443 12.170.bb.bb 443 extendable ip nat inside source static udp 192.168.0.199 4500 12.170.bb.bb 4500 extendable ip nat inside source static udp 192.168.0.199 500 12.170.bb.bb 500 extendable ip nat inside source static tcp 192.168.0.111 22 12.170.bb.bb 22 extendable ip nat inside source static tcp 192.168.0.111 80 12.170.bb.bb 80 extendable ip nat inside source static tcp 10.0.0.254 22 12.87.aa.aa.22 extendable ip nat inside source static tcp 10.0.0.254 80 12.87.aa.aa 80 extendable ip nat inside source static tcp 192.168.0.45 3306 12.170.bb.cc 3306 extendable ip nat inside source static udp 192.168.0.41 3389 12.170.bb.aa 3389 extendable ip nat inside source static tcp 192.168.0.41 3389 12.170.bb.aa 3389 extendable ip classless ip route 0.0.0.0 0.0.0.0 Serial0/0 12.87.16.37 name at&t ip route 192.168.1.0 255.255.255.0 Serial0/1 10.1.1.1 permanent no ip http server ip pim bidir-enable ! access-list 1 permit 10.0.0.0 0.0.0.255 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 2 permit 192.168.1.0 0.0.0.255 access-list 3 permit 192.168.44.0 0.0.0.255 access-list 101 remark remote admin acl access-list 101 permit tcp any eq 4326 any time-range business_hr access-list 101 permit tcp any eq 3389 any time-range business_hr access-list 102 remark www protocol access-list 102 permit tcp any eq www any time-range business_hr access-list 102 permit tcp any eq 443 any time-range business_hr access-list 102 permit tcp any eq ftp any time-range business_hr access-list 103 remark ipsec/lt2p/pptp/esp access-list 103 permit esp any any time-range business_hr access-list 103 permit udp any eq isakmp any time-range business_hr access-list 103 permit udp any eq 1701 any time-range business_hr access-list 103 permit udp any eq 1723 any time-range business_hr access-list 103 permit udp any eq 4500 any time-range business_hr access-list 103 permit ahp any any time-range business_hr access-list 103 permit gre any any time-range business_hr access-list 103 permit tcp any eq 1723 any time-range business_hr access-list 105 remark VOIP (SIP/IAX/IAX2) traffic gets top priority (5) access-list 105 permit udp any any eq 4569 access-list 105 permit udp any any eq 5004 access-list 105 permit udp any any eq 5036 access-list 105 permit udp any any eq 5060 access-list 105 permit ip host 10.0.0.254 any access-list 105 permit ip any host 10.0.0.254 access-list 125 deny tcp any any eq telnet access-list 125 deny tcp any any eq chargen access-list 125 deny tcp any any eq ident access-list 125 deny tcp any any eq nntp access-list 125 deny tcp any any eq hostname access-list 125 deny tcp any any eq exec access-list 125 deny tcp any any eq cmd access-list 125 permit ip any any access-list 125 permit gre any any access-list 125 permit ip any host 192.168.0.200 access-list 126 permit gre any any access-list 126 permit ip any any access-list 126 permit udp any any access-list 126 permit icmp any any access-list 126 permit esp any any access-list 126 permit ahp any any dialer-list 1 protocol ip permit dialer-list 1 protocol ipx permit no cdp run ! snmp-server community public RO snmp-server contact jzakhar snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps isdn call-information snmp-server enable traps isdn layer2 snmp-server enable traps hsrp snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps envmon snmp-server enable traps bgp snmp-server enable traps rsvp snmp-server enable traps frame-relay snmp-server enable traps syslog snmp-server enable traps rtr snmp-server host 192.168.0.111 public radius-server host 192.168.0.52 auth-port 1645 acct-port 1646 radius-server retransmit 3 radius-server key 7 140702021C077E7A7478 radius-server vsa send accounting ! dial-peer cor custom ! ! ! ! line con 0 line aux 0 line vty 0 4 password 7 12170A223F2A2D45 logout-warning 60 absolute-timeout 15 ! ntp clock-period 17179984 ntp server 10.0.0.254 time-range business_hr periodic weekdays 8:00 to 18:00 ! time-range name periodic weekdays 8:00 to 18:00 ! end

I cannot get the 192.168.44.0 vlan to route. When I plug into the switch (2924 XL) I can assign an address in teh range. Ping all networks internally, but not route out. Using an extended ping I can ping from every interface but the 192.168.44.253

Wondering if anyone see's any glaring issues with my config. Everything (nat statements) work minus the one vlan ip nat inside

Any help would be much appreciated

Reply to
turnip
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.