We help IT Professionals succeed at work.
Get Started

VLAN 2 won't route to Internet with Cisco 891

245 Views
Last Modified: 2016-01-14
For some reason VLAN 2 won't route to the internet .  I have used this configuration many times without a problem.  What is even stranger is that when I do a ping on the router to 8.8.8.8 with 192.168.70.1 as a source address it works.  But when I plug into VLAN 2 I get an IP address but can't get to the Internet.  VLAN 1 works all the time.  I am stumped.



boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 4096000

!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-2187075706
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2187075706
 revocation-check none
 rsakeypair TP-self-signed-2187075706
!
!
crypto pki certificate chain TP-self-signed-2187075706
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
!
!
!
!
 
 
!
ip dhcp excluded-address 192.168.70.1
!
!
ip dhcp pool wirelesspool2
 network 192.168.70.0 255.255.255.0
 default-router 192.168.70.1
 dns-server 75.75.75.75 75.75.76.76
 lease 0 1
!
!
!
ip flow-cache timeout active 1
no ip domain lookup
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C891F-K9 sn FTX1908806S
!

!
!
interface BRI0
 no ip address
 encapsulation hdlc
 shutdown
 isdn termination multidrop
!
interface FastEthernet0
 description Internet Access
 ip address xx.xx.153.186 255.255.255.248
 ip access-group inboundfilters in
 ip access-group outboundfilters out
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 no ip address
!
interface GigabitEthernet2
 no ip address
!
interface GigabitEthernet3
 no ip address
!
interface GigabitEthernet4
 switchport access vlan 2
 no ip address
!
interface GigabitEthernet5
 no ip address
!
interface GigabitEthernet6
 no ip address
!
interface GigabitEthernet7
 switchport mode trunk
 no ip address
!
interface GigabitEthernet8
 description Connection to COLO
 ip address 192.168.1.159 255.255.255.0
 duplex full
 speed 100
!
interface Vlan1
 description Connection to LAN
 ip address 10.xx.xx.1 255.255.255.0
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1452
!
interface Vlan2
 description Connection to Public_Wireless
 ip address 192.168.70.1 255.255.255.0
ip access-group protect_corp_in in
ip access-group protect_corp_out out
 ip flow ingress
 ip nat inside
 ip virtual-reassembly in
!
interface Async3
 no ip address
 encapsulation slip
!
!
router eigrp 100
 network 10.0.0.0
 network 192.168.0.0 0.0.255.255
 redistribute static
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip flow-export source Vlan1
ip flow-export version 5
ip flow-export destination 10.xx.xx.17 9996
!
ip nat pool main-nat-pool xx.xx.153.187 xx.xx.153.187 netmask 255.255.255.248
ip nat inside source list 101 pool main-nat-pool overload
ip route 0.0.0.0 0.0.0.0 xx.xx.153.185
!
ip access-list extended inboundfilters
 evaluate iptraffic
 permit tcp host xx.xx.xx.32 host xx.xx.153.186 eq telnet
 deny   ip any host xx.xx.153.186
 permit ip 10.xx.xx.0 0.0.0.255 10.xx.xx.0 0.0.0.255
 permit ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
ip access-list extended outboundfilters
 permit ip any any reflect iptraffic timeout 300
ip access-list extended protect_corp_in
 evaluate corptraffic
 deny   ip any 10.0.0.0 0.255.255.255
 deny   ip any 172.16.0.0 0.0.255.255
 deny   ip any 192.168.0.0 0.0.255.255
 permit ip any any
ip access-list extended protect_corp_out
 permit ip any any reflect corptraffic timeout 300
!
!
snmp-server community
snmp-server enable traps tty
access-list 101 deny   ip 10.xx.xx.0 0.0.0.255 10.0.0.0 0.255.255.255
access-list 101 deny   ip 10.xx.xx.0 0.0.0.255 172.16.0.0 0.15.255.255
access-list 101 deny   ip 10.xx.xx.0 0.0.0.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 10.0.0.0 0.255.255.255 any
access-list 101 permit ip 172.16.0.0 0.15.255.255 any
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
 login local
 no modem enable
line aux 0
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line 3
 modem InOut
 speed 115200
 flowcontrol hardware
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
Comment
Watch Question
Instructor
CERTIFIED EXPERT
Top Expert 2015
Commented:
This problem has been solved!
Unlock 1 Answer and 6 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE