Question

Cisco Router Setup

Asked by: jlavetan

I am trying to setup vlans on a Cisco 520 router and I cannot get to the internet from a PC.

Topology:

Internet ---> Firewall ---> Switch ---> Cisco 520 Router ---> Vlan 10
                                                                        |
                                                                   Vlan 75

Router WAN port (ip 10.1.254.254) is connected to Switch with default gateway of firewall.
Router port 0 (Vlan 10) connected to switch on subnet 1 (10.1.0.0 network)
Router port 3 (Vlan 75) connected to switch on subnet 2 (192.168.1.0 network)

My PC is on the 10.1.0.0 network and I set my default gateway to WAN port of router, but I cannot get out to the internet.

I can ping web addresses fine from the router itself.

I have to be missing something and need a fresh set of eyes...

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-10-06 at 07:29:44ID24788999
Topics

Network Routers

,

Network Switches & Hubs

Participating Experts
2
Points
250
Comments
28

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Cisco router/ VLAN question
    Hi All, Our network is currently contained in one subnet, 192.168.1.0/24, across one site. We have an ISP managed Cisco 2500 router, then a PIX 506e Firewall, then 4 3Com 4228G switches which are connected to the patch panel/servers. We have contractors and visitors to the...
  2. Subnet / VLAN
    Hi! This is the Scenario: - 1 Catalyst 2950 Switch - Class C IP address/ 192.168.2.xxx / 255.255.255.224 - Cisco Network Assistant, software use for configuration Question: 1) How will I configure VLAN for each subnet on the Switch? 2) How will I configure Broadcast St...
  3. Cisco VTP, VLANs & Topologies
    We have three sites that we want to use VLANs on, Site1, Site2 & Site3. Each site has it's own 1841 with an HWIC-4ESW installed. All three sites are connected to an MPLS and each site has it's own Internet connection . We would like to put all PC's at all sites on VLAN 10...
  4. Cisco VLANS
    I have 2 Cisco switches in site A and 2 switches in site B, I also have a LES circuit connecting the 2 sites. The switches are configured in a vlan for the LES Circuit in each site. The connection to les circuit is configured as trunk. From the switch in Site A I can pin...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: ikalmarPosted on 2009-10-06 at 07:33:23ID: 25505468

did you set the nat?

 

by: ikalmarPosted on 2009-10-06 at 07:36:21ID: 25505513

could you show me the config?

 

by: jlavetanPosted on 2009-10-06 at 07:43:44ID: 25505592

Current configuration : 2191 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SR520
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
enable secret 5 $1$c2QR$H0Fl0UaLukYQnYIhneuXE0
enable password xxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login tango_authen_login line local
aaa authorization exec default local
aaa authorization exec tango_author_exec if-authenticated
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
no ip routing
!
!
!
!
no ip cef
ip name-server 10.1.100.100
ip name-server 10.1.100.101
!
no ipv6 cef
ip name-server 10.1.100.100
ip name-server 10.1.100.101
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username jasonl secret 5 $1$dV1a$tPPblAJ/SiKU7JNto.jb0/
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 10
 no cdp enable
!
interface FastEthernet1
 shutdown
 no cdp enable
!
interface FastEthernet2
 shutdown
 no cdp enable
!
interface FastEthernet3
 switchport access vlan 75
 no cdp enable
!
interface FastEthernet4
 ip address 10.1.254.254 255.255.0.0
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
 no cdp enable
!
interface Vlan1
 no ip address
 no ip route-cache
!
interface Vlan75
 ip address 192.168.1.25 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan10
 ip address 10.1.254.253 255.255.0.0
 ip nat inside
 ip virtual-reassembly
!
interface Vlan100
 no ip address
!
ip default-gateway 10.1.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.254
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 10.1.0.0 0.0.255.255
snmp-server community public RO
no cdp run
 
!
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line vty 0 4
 password xxxxxxxxxx
 authorization exec tango_author_exec
 login authentication tango_authen_login
!
scheduler max-task-time 5000
no process cpu extended
no process cpu autoprofile hog
end
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:

Select allOpen in new window

 

by: rochey2009Posted on 2009-10-06 at 07:52:11ID: 25505701

You have switched off ip routing.
no ip routing

Do the following in your config

ip routing

 

by: jlavetanPosted on 2009-10-06 at 08:31:55ID: 25506174

completely missed that...

although I cannot ping from Vlan 75 to Vlan 10...

 

by: rochey2009Posted on 2009-10-06 at 08:40:38ID: 25506300

Hi,

Do you have manually defined IP addresses?

Can you ping default gateway from your PC?

 

by: rochey2009Posted on 2009-10-06 at 08:41:41ID: 25506318

please post

show ip int brief

 

by: jlavetanPosted on 2009-10-06 at 08:43:58ID: 25506349

yes, ip addresses are static

Interface                  IP-Address      OK? Method Status   Protocol
FastEthernet0              unassigned      YES unset  up       up
 
FastEthernet1              unassigned      YES unset  administratively down down
 
FastEthernet2              unassigned      YES unset  administratively down down
 
FastEthernet3              unassigned      YES unset  up                    up
 
FastEthernet4              10.1.254.254    YES NVRAM  up                    up
 
Vlan1                      unassigned      YES NVRAM  up                    down
 
Vlan75                     192.168.1.25    YES NVRAM  up                    up
 
Vlan10                     10.1.254.253    YES NVRAM  up                    up
 
Vlan100                    unassigned      YES NVRAM  up                    down
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:

Select allOpen in new window

 

by: rochey2009Posted on 2009-10-06 at 08:49:05ID: 25506409

please can you post

show ip route

which port is your PC connected to?

what is it's ip config?

 

by: rochey2009Posted on 2009-10-06 at 08:51:39ID: 25506439

in addition to my previous post

please can you post the following

show vlan-switch

show vlan

 

by: jlavetanPosted on 2009-10-06 at 09:08:54ID: 25506656

My IP is 10.1.5.6 255.255.0.0 (connected to Vlan 10)
I cannot ping 192.168.1.25 (Vlan 75)

SR520#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.1.254 to network 0.0.0.0

     10.0.0.0/16 is subnetted, 1 subnets
C       10.1.0.0 is directly connected, FastEthernet4
                 is directly connected, Vlan10
C    192.168.1.0/24 is directly connected, Vlan75
S*   0.0.0.0/0 [1/0] via 10.1.1.254


SR520#show vlan-switch

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa1, Fa2
10   VLAN0010                         active    Fa0
75   VLAN0075                         active    Fa3
100  VLAN0100                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        1002   1003
10   enet  100010     1500  -      -      -        -    -        0      0
75   enet  100075     1500  -      -      -        -    -        0      0
100  enet  100100     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        1      1003
1003 tr    101003     1500  1005   0      -        -    srb      1      1002
1004 fdnet 101004     1500  -      -      1        ibm  -        0      0
1005 trnet 101005     1500  -      -      1        ibm  -        0      0



 

by: rochey2009Posted on 2009-10-06 at 09:12:23ID: 25506684

Is ip routing enabled now.

What is your default gateway on your PC?

 

by: jlavetanPosted on 2009-10-06 at 09:13:32ID: 25506697

yes, ip routing is enabled and the default gateway is 10.1.254.254 (Cisco 520 router)

 

by: rochey2009Posted on 2009-10-06 at 09:16:51ID: 25506733

Your wan interface is currently in the same subnet as vlan 10. You will need to put vlan 10 in a different subnet to your WAN interface.


 

by: jlavetanPosted on 2009-10-06 at 09:23:38ID: 25506797

I must be missing something...

If I set my gateway to the wan ip of the router, I can get out, but not ping Vlan 75.

Don't I want Vlan 10 to be on the same subnet as wan (to have internet access)?

 

by: rochey2009Posted on 2009-10-06 at 09:28:43ID: 25506871

I think you need to put vlan 10 into a different subnet.

try 192.168.2.0 255.255.255.0

also remove the following:

no ip default-gateway 10.1.1.254

Are you doing NAT on your firewall?

 

by: rochey2009Posted on 2009-10-06 at 09:40:19ID: 25506995

Actually ignore my previous post

try setting the default gateway on your pc to 10.1.254.253

 

by: jlavetanPosted on 2009-10-06 at 10:20:20ID: 25507428

Ok, I changed the WAN IP on the router to 10.2.1.254 (different subnet then vlan 10). I am able to get out to the web, but still cannot see vlan 75 (192.168.1.25)


ARP table from router sees both sides....

Internet  10.1.10.2               2   00e0.812c.9319  ARPA   Vlan10
Internet  10.1.90.1             112   0013.205c.8996  ARPA   Vlan10
Internet  10.1.90.5              50   0013.205c.8996  ARPA   Vlan10
Internet  10.1.90.6               8   0013.205c.8996  ARPA   Vlan10
Internet  10.1.90.8             111   0013.205c.8996  ARPA   Vlan10
Internet  10.1.100.100            0   0013.72f8.aa12  ARPA   Vlan10
Internet  10.1.254.253            -   0025.84c7.9a84  ARPA   Vlan10
Internet  10.2.1.254              -   0025.84c7.9a8e  ARPA   FastEthernet4
Internet  192.168.1.2            10   0800.0f1c.f972  ARPA   Vlan75
Internet  192.168.1.4             6   000e.0c74.0744  ARPA   Vlan75
Internet  192.168.1.25            -   0025.84c7.9a84  ARPA   Vlan75
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:

Select allOpen in new window

 

by: rochey2009Posted on 2009-10-06 at 11:14:34ID: 25508014

what is your current ip address, default gateway and subnet mask on your pc.

 

by: ikalmarPosted on 2009-10-06 at 11:23:58ID: 25508119

what shows the following:

ping 255.255.255.255

 

by: jlavetanPosted on 2009-10-06 at 11:51:57ID: 25508436

My current ip is:

IP: 10.1.5.6
subnet mask: 255.255.0.0
gateway: 10.2.1.254


ikalmar:
When I ping 255.255.255.255 from the router, I get replies from both Vlans

Reply to request 4 from 10.1.3.28, 20 ms
Reply to request 4 from 10.1.3.19, 20 ms
Reply to request 4 from 10.1.2.15, 20 ms
Reply to request 4 from 10.1.3.20, 20 ms
Reply to request 4 from 192.168.0.2, 20 ms
Reply to request 4 from 192.168.0.4, 20 ms
Reply to request 4 from 192.168.0.3, 20 ms
Reply to request 4 from 192.168.0.1, 20 ms
Reply to request 4 from 10.1.3.27, 16 ms
Reply to request 4 from 10.1.2.21, 16 ms

 

by: rochey2009Posted on 2009-10-06 at 11:57:48ID: 25508494

Are you running personal firewalls on your PCs?

Can you ping

192.168.1.25

 

by: jlavetanPosted on 2009-10-06 at 11:59:59ID: 25508517

no firewalls...

I cannot ping 192.168.1.25 from any PC on the 10.1.0.0 network

 

by: rochey2009Posted on 2009-10-06 at 12:04:58ID: 25508576

Please can you repost your latest router config.

 

by: jlavetanPosted on 2009-10-06 at 12:11:18ID: 25508644

Building configuration...

Current configuration : 1944 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SR520
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 4096
enable secret 5
enable password xxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login tango_authen_login line local
aaa authorization exec default local
aaa authorization exec tango_author_exec if-authenticated
!
!
aaa session-id common
!
!
dot11 syslog
ip source-route
!
!
!
!
ip cef
ip name-server 10.1.100.100
ip name-server 10.1.100.101
!
no ipv6 cef
multilink bundle-name authenticated
!
!
username jasonl secret 5
!
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 10
 no cdp enable
!
interface FastEthernet1
 shutdown
 no cdp enable
!
interface FastEthernet2
 shutdown
 no cdp enable
!
interface FastEthernet3
 switchport access vlan 75
 no cdp enable
!
interface FastEthernet4
 ip address 10.2.1.254 255.255.0.0
 duplex auto
 speed auto
 no cdp enable
!
interface Vlan1
 no ip address
!
interface Vlan75
 ip address 192.168.1.25 255.255.255.0
!
interface Vlan10
 ip address 10.1.254.253 255.255.0.0
!
interface Vlan100
 no ip address
!
ip default-gateway 10.1.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.1.1.254
ip route 10.1.0.0 255.255.0.0 Vlan10
ip route 10.1.0.0 255.255.0.0 FastEthernet4
ip route 192.168.1.0 255.255.255.0 Vlan75
!
ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 no modem enable
line aux 0
line vty 0 4
 password xxxxxxxxxx
 authorization exec tango_author_exec
 login authentication tango_authen_login
!
scheduler max-task-time 5000
no process cpu extended
no process cpu autoprofile hog
end

 

by: rochey2009Posted on 2009-10-06 at 12:19:26ID: 25508742

You shouldn't need any of these

no ip source-route
no ip default-gateway 10.1.1.254

no ip route 10.1.0.0 255.255.0.0 Vlan10
no ip route 10.1.0.0 255.255.0.0 FastEthernet4
no ip route 192.168.1.0 255.255.255.0 Vlan75

What is the next hop device of your default route 0.0.0.0 ?

 

by: ikalmarPosted on 2009-10-06 at 12:28:30ID: 25508869

if you get reply from all vlans the router working correctly....
but please disable that you not nedd on the config (rochey.....)

 

by: jlavetanPosted on 2009-12-21 at 10:49:57ID: 26098628

We ended up shelving the Router for now... points go to rochey2009 for the majority of the help.

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...