cisco 1841 and HWIC vlan routing

Local Server 192.168.10.59 > SonicWall NAT 192,168.10.59 to 205.232.70.138 >1841 w/HWIC
I am adding a 2nd ip range to fastethernet 0/0/1 and vlan2. The first ip range 199.72.66.66 on fastethernet 0/0/0  vlan1 works with out a problem using SonicWall Nat. Attached is the running config as it is currently. When I ping 205.232.70.137 which is 0/0/1 it works correctly. When I ping 205.232.70.138 it is not found and ends up at 169.130.144.177 the default final route.

I am notsure the next step...
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
ip cef
!
!
!
!
ip domain name yourdomain.com
 
!
!
interface FastEthernet0/0
 description ISP
 ip address 169.130.144.178 255.255.255.252
 speed 100
 full-duplex
!
interface FastEthernet0/1
 description ADMIN
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 description ADMIN
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet0/0/1
 description ADMIN
 switchport access vlan 2
 duplex full
 speed 100
 vlan-id dot1q 1
  exit-vlan-config
 !
!
interface FastEthernet0/0/2
 description STUDENT
 switchport access vlan 3
!
interface FastEthernet0/0/3
 description STUDENT
 switchport access vlan 3
 vlan-id dot1q 2
  exit-vlan-config
 !
!
interface Vlan1
 description ADMIN
 ip address 199.72.66.65 255.255.255.240
!
interface Vlan2
 description ADMIN
 ip address 205.232.70.137 255.255.255.248
!
interface Vlan3
 description STUDENT
 ip address 205.232.70.129 255.255.255.252
!
ip route 0.0.0.0 0.0.0.0 169.130.144.177
!
ip http server
ip http access-class 23
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
!
access-list 23 permit 169.130.66.83
access-list 23 permit 199.72.66.0 0.0.0.15
access-list 23 permit 192.168.10.0 0.0.0.255
access-list 23 permit 199.72.66.0 0.0.0.255
access-list 23 permit 205.232.70.0 0.0.0.255
access-list 23 permit 205.232.70.0 0.0.0.15
!
control-plane
!
banner login ^CC
-----------------------------------------------------------------------         
Welcom
-----------------------------------------------------------------------
^C
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet
!
scheduler allocate 20000 1000
end

Open in new window

Bigdog1742Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ksims1129Commented:
that sounds like the sonicwall device not translating the 192.168.10.159 to 205.232.70.138.
0
Bigdog1742Author Commented:
I don;t think it is getting to the Sonic Wall the way pathping returns 169.130.144.177. The Sonic Wall is set up like all of the other NAT IP's on the 192.72.66.65. This is the first 205.2232.70 nat
0
Bigdog1742Author Commented:
However I can ping 205.232.70.137 from the server on the Lan side of the sonicwall...I will check the policy's again
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Faruk Onder YerliOwnerCommented:
Can you ping 205.232.70.138 on 1841?
Also did you create vlan on 1841? Please check with "show vlans".
0
ksims1129Commented:
I dont understand how the traffic is being sent out of the default gateway as the network you are pinging is directly attached to the router. Routers forward based on the most specific route and being that this is directly connected it should be in your routing table. Can you paste a  "show ip route"  
0
Faruk Onder YerliOwnerCommented:
It is easy. If vlan is not active, there is no related route in routing table. For this reason packet is going thorugh default route.

I asked show vlans command output. it will help to explain us what is problem.
0
Bigdog1742Author Commented:
Here is the the show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 169.130.144.177 to network 0.0.0.0

     169.130.0.0/30 is subnetted, 1 subnets
C       169.130.144.176 is directly connected, FastEthernet0/0
     205.232.70.0/24 is variably subnetted, 2 subnets, 2 masks
C       205.232.70.128/30 is directly connected, Vlan3
C       205.232.70.136/29 is directly connected, Vlan2
     199.72.66.0/28 is subnetted, 1 subnets
C       199.72.66.64 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 169.130.144.177

SC#show vlans

No Virtual LANs configured.

I do not show any Virtual vlans

show vlan-switch

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/0/0
2    VLAN0002                         active    Fa0/0/1
3    VLAN0003                         active    Fa0/0/2, Fa0/0/3
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        1002   1003
2    enet  100002     1500  -      -      -        -    -        0      0
3    enet  100003     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        1      1003
1003 tr    101003     1500  1005   0      -        -    srb      1      1002
1004 fdnet 101004     1500  -      -      1        ibm  -        0      0
1005 trnet 101005     1500  -      -      1        ibm  -        0      0

Since not virtual vlans are showing did i miss somethjing in the config?
0
ksims1129Commented:
interface FastEthernet0/0/3
 description STUDENT
 switchport access vlan 3
 vlan-id dot1q 2
  exit-vlan-config

The vlan-id command under this interface is also responsible for handling vlan2 traffic also. this enables vlan 2 & 3 to overlap. is this what you want as this could be the cause of the problem?
0
Bigdog1742Author Commented:
vlan 3 is only for vlan3 and goes to adifferent router for our student network. It is seperate from vlan1 and vlan2 which should work together going to our admin network. How is FastEthernet 0/0/3 handling vlan 2 traffic?
0
ksims1129Commented:
with that command you are telling the interface to tag its packets with a dot1q tag of 2 and vice versa as it will send its traffic tagged with a dot1q tag of 2 also
0
Bigdog1742Author Commented:
ok i changed the dot1q in vlan 3 to 3 and took out 2. No change in connection. Any ideals?
0
Bigdog1742Author Commented:
I am back on this problem. I have checked all config on the sonic wall. I added another interface with the new ip range and 205.232.70.138 will nat but 139 will not. Any ideals on where to check??
0
Bigdog1742Author Commented:
i went back to IOS 12.4.10a and it solved the problem.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Routers

From novice to tech pro — start learning today.