Hi Charles, its been a long time since I configured a CISCO, but I think that you have to add the physical interfaces to the vlans. Sorry, don't remember the command.
Dave. On Sun, 2008-05-18 at 16:03 -0400, Charles Beneby wrote: > I am a novice to the cisco world, and have run into my first issue. I have a > cisco 871 router and a dlink DIR-615 router. I am attempting to seperate my > network into two networks by vlaning them. Vlan 1 is 172.16.1.0 and Vlan 2 is > 10.168.1.0. The C871 has 5 ports on the back, one of them being a WAN. I have > setup FE0 - FE2 to be VLAN 1, I setup FE3 for Vlan 2. I have assigned an IP > address to Vlan 2 as 10.168.1.1 and connected it (FE3/Vlan 2) to the Dlink > 615 router. I connected it (10.168.1.1) into the switch side of the dlink > not the wan port. I can ping 10.168.1.1 from my 172.16.10 network, but I > cannot ping the device attached to the Vlan 2 from the 172.16.1.0 network. > Can anyone give me some suggestions. This is also ADVIPSERVICESK9-M version > 12.4 > > This is my config: > > version 12.4 > no service pad > service timestamps debug datetime msec > service timestamps log datetime msec > service password-encryption > ! > hostname GW871 > ! > boot-start-marker > boot-end-marker > ! > logging buffered 51200 warnings > ! > no aaa new-model > ! > resource policy > ! > clock timezone EST -5 > clock summer-time EDT recurring 1 Sun Mar 2:00 2 Sun Nov 2:00 > ip cef > ! > ! > no ip domain lookup > ip domain name marben.com > ip name-server 172.16.1.5 > ! > ! > crypto pki trustpoint TP-self-signed-2919889876 > enrollment selfsigned > subject-name cn=IOS-Self-Signed-Certificate-2919889876 > revocation-check none > rsakeypair TP-self-signed-2919889876 > ! > ! > crypto pki certificate chain TP-self-signed-2919889876 > certificate self-signed 01 > 30820248 308201B1 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 > 31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 > 69666963 6174652D 32393139 38383938 3736301E 170D3037 31303331 31313437 > 32395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 > 4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 39313938 > 38393837 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 > 8100CE89 2FA3C94B 9171269A B7E37BC5 4DB6682F 84B83C6E 6F113AC8 05C22AD2 > D6F16DB9 707A4900 9547BCFE 7CB03B97 CB720AAB 45A1784E 7CCC8881 9702760D > 623FFB61 D47D523C D9046A35 992B416A 8C288276 ED2CA981 51A27AFC DF06A12F > BEED20AC A1E657A8 8F1A70D5 CD9770AB 802BE4A2 DA10C3D8 62A2C3C4 1C455162 > 87410203 010001A3 70306E30 0F060355 1D130101 FF040530 030101FF 301B0603 > 551D1104 14301282 10475738 37312E6D 61726265 6E2E636F 6D301F06 03551D23 > 04183016 801461BB 62AADF69 9199B8E4 284F600C 8FA846FA 10B3301D 0603551D > 0E041604 1461BB62 AADF6991 99B8E428 4F600C8F A846FA10 B3300D06 092A8648 > 86F70D01 01040500 03818100 C86048BE 9E81585B A8BEB018 0B3F1D83 A906A492 > E3C6AAA2 F7A06CA9 4E11F0FA 24F0B9EE 59B7BF6D E5594E15 F0536439 6FA19506 > C4141322 2CFC2A94 479A65D4 C4284BEE 36774A95 ED1BA00A AE3C698C D5F8A52E > D9851687 25DC74CE 01185F03 784A2C91 30F709B0 406AFF97 BE20F4BB 9409BA67 > 344A5AF3 1B4C33B6 2F8C5AB8 > quit > username ******* privilege 15 secret 5 $1*************************. > username ******* privilege 15 secret 5 $1************************. > ! > ! > interface FastEthernet0 > ! > interface FastEthernet1 > ! > interface FastEthernet2 > ! > interface FastEthernet3 > switchport access vlan 2 > ! > interface FastEthernet4 > description connected to comcast$ETH-LAN$ > ip address dhcp > ip nat outside > ip virtual-reassembly > duplex auto > speed auto > ! > interface Vlan1 > description interface connected to local lan > ip address 172.16.1.1 255.255.255.0 > ip nat inside > ip virtual-reassembly > ! > interface Vlan2 > description Wireless Network > ip address 10.168.1.1 255.255.255.0 > ip helper-address 172.16.1.5 > ip nat inside > ip virtual-reassembly > ! > ip route 192.168.1.0 255.255.255.0 172.16.1.10 > ip route 192.168.1.0 255.255.255.0 192.168.1.25 > ip route 0.0.0.0 0.0.0.0 dhcp > ! > ! > ip http server > ip http authentication local > ip http secure-server > ip nat inside source list 10 interface FastEthernet4 overload > ip nat inside source static tcp 172.16.1.10 1723 interface FastEthernet4 1723 > ip nat inside source static tcp 172.16.1.15 21 interface FastEthernet4 21 > ip nat inside source static tcp 172.16.1.15 80 interface FastEthernet4 80 > ip nat inside source static tcp 172.16.1.15 8080 interface FastEthernet4 8080 > ! > access-list 10 permit 172.16.1.0 0.0.0.255 > access-list 10 permit 10.168.1.0 0.0.0.255 > access-list 20 permit ************** log > access-list 20 permit ************** > access-list 20 permit 172.16.1.0 0.0.0.255 > access-list 20 deny any > ! > ! > ! > ! > control-plane > ! > banner motd ^C > I hope your authorized for this... Incursion > ^C > ! > line con 0 > exec-timeout 0 0 > logging synchronous > login local > no modem enable > line aux 0 > line vty 0 4 > access-class 20 in > privilege level 15 > logging synchronous > login local > transport input telnet ssh > ! > scheduler max-task-time 5000 > sntp logging > sntp server 172.16.1.5 > ! > webvpn context Default_context > ssl authenticate verify all > ! > no inservice > ! > end > > ________________________________ >
