We help IT Professionals succeed at work.
Get Started
VLAN 2 won't route to Internet with Cisco 891
For some reason VLAN 2 won't route to the internet . I have used this configuration many times without a problem. What is even stranger is that when I do a ping on the router to 8.8.8.8 with 192.168.70.1 as a source address it works. But when I plug into VLAN 2 I get an IP address but can't get to the Internet. VLAN 1 works all the time. I am stumped.
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 4096000
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2187075706
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-2187075706
!
!
crypto pki certificate chain TP-self-signed-2187075706
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
!
!
!
!
!
ip dhcp excluded-address 192.168.70.1
!
!
ip dhcp pool wirelesspool2
network 192.168.70.0 255.255.255.0
default-router 192.168.70.1
dns-server 75.75.75.75 75.75.76.76
lease 0 1
!
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C891F-K9 sn FTX1908806S
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
description Internet Access
ip address xx.xx.153.186 255.255.255.248
ip access-group inboundfilters in
ip access-group outboundfilters out
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
switchport access vlan 2
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
switchport mode trunk
no ip address
!
interface GigabitEthernet8
description Connection to COLO
ip address 192.168.1.159 255.255.255.0
duplex full
speed 100
!
interface Vlan1
description Connection to LAN
ip address 10.xx.xx.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
description Connection to Public_Wireless
ip address 192.168.70.1 255.255.255.0
ip access-group protect_corp_in in
ip access-group protect_corp_out out
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
!
router eigrp 100
network 10.0.0.0
network 192.168.0.0 0.0.255.255
redistribute static
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-export source Vlan1
ip flow-export version 5
ip flow-export destination 10.xx.xx.17 9996
!
ip nat pool main-nat-pool xx.xx.153.187 xx.xx.153.187 netmask 255.255.255.248
ip nat inside source list 101 pool main-nat-pool overload
ip route 0.0.0.0 0.0.0.0 xx.xx.153.185
!
ip access-list extended inboundfilters
evaluate iptraffic
permit tcp host xx.xx.xx.32 host xx.xx.153.186 eq telnet
deny ip any host xx.xx.153.186
permit ip 10.xx.xx.0 0.0.0.255 10.xx.xx.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
ip access-list extended outboundfilters
permit ip any any reflect iptraffic timeout 300
ip access-list extended protect_corp_in
evaluate corptraffic
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.0.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any
ip access-list extended protect_corp_out
permit ip any any reflect corptraffic timeout 300
!
!
snmp-server community
snmp-server enable traps tty
access-list 101 deny ip 10.xx.xx.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 deny ip 10.xx.xx.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 101 deny ip 10.xx.xx.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 172.16.0.0 0.15.255.255 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
login local
no modem enable
line aux 0
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 4096000
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2187075706
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-2187075706
!
!
crypto pki certificate chain TP-self-signed-2187075706
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
!
!
!
!
!
ip dhcp excluded-address 192.168.70.1
!
!
ip dhcp pool wirelesspool2
network 192.168.70.0 255.255.255.0
default-router 192.168.70.1
dns-server 75.75.75.75 75.75.76.76
lease 0 1
!
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C891F-K9 sn FTX1908806S
!
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface FastEthernet0
description Internet Access
ip address xx.xx.153.186 255.255.255.248
ip access-group inboundfilters in
ip access-group outboundfilters out
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
switchport access vlan 2
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
switchport mode trunk
no ip address
!
interface GigabitEthernet8
description Connection to COLO
ip address 192.168.1.159 255.255.255.0
duplex full
speed 100
!
interface Vlan1
description Connection to LAN
ip address 10.xx.xx.1 255.255.255.0
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface Vlan2
description Connection to Public_Wireless
ip address 192.168.70.1 255.255.255.0
ip access-group protect_corp_in in
ip access-group protect_corp_out out
ip flow ingress
ip nat inside
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
!
router eigrp 100
network 10.0.0.0
network 192.168.0.0 0.0.255.255
redistribute static
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-export source Vlan1
ip flow-export version 5
ip flow-export destination 10.xx.xx.17 9996
!
ip nat pool main-nat-pool xx.xx.153.187 xx.xx.153.187 netmask 255.255.255.248
ip nat inside source list 101 pool main-nat-pool overload
ip route 0.0.0.0 0.0.0.0 xx.xx.153.185
!
ip access-list extended inboundfilters
evaluate iptraffic
permit tcp host xx.xx.xx.32 host xx.xx.153.186 eq telnet
deny ip any host xx.xx.153.186
permit ip 10.xx.xx.0 0.0.0.255 10.xx.xx.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
ip access-list extended outboundfilters
permit ip any any reflect iptraffic timeout 300
ip access-list extended protect_corp_in
evaluate corptraffic
deny ip any 10.0.0.0 0.255.255.255
deny ip any 172.16.0.0 0.0.255.255
deny ip any 192.168.0.0 0.0.255.255
permit ip any any
ip access-list extended protect_corp_out
permit ip any any reflect corptraffic timeout 300
!
!
snmp-server community
snmp-server enable traps tty
access-list 101 deny ip 10.xx.xx.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 deny ip 10.xx.xx.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 101 deny ip 10.xx.xx.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 172.16.0.0 0.15.255.255 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
login local
no modem enable
line aux 0
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Why Experts Exchange?
Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.
Jim Murphy
Programmer at Smart IT Solutions
When asked, what has been your best career decision?
Deciding to stick with EE.
Mohamed Asif
Technical Department Head
Being involved with EE helped me to grow personally and professionally.
Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question
Connect with Certified Experts to gain insight and support on specific technology challenges including:
- Troubleshooting
- Research
- Professional Opinions
Did You Know?
We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE