Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

interconnect between 2 VLANs in 1800/1811 Cisco router

Status
Not open for further replies.
azsquall

azsquall

IS-IT--Management
Jun 29, 2009
3
US
i recently bought a router 1811 8-port switches and 2xFE ports
The network goes like this
(webserver_set_1)-----(VLAN1) ----- (FE0) 111.222.333.444
(webserver_set_2)-----(VLAN2) ----- (FE1) 444.333.222.111

Below are there my configuration. set_1 hosts domain.com, set_2 host apps.domain.com.
I ran into these problems.

1. from set_1, i tried to access domain.com and traffic was blocked somehow.
2. from set_2, I tried to access set_2 via HTTP request (or vice versa), instead reading responses from the webservers, I was directed to GUI interface of the router it self.

3. I was ABLE to ping from VLAN to another VLAN using local ip address, 192.168.xxx.xxx

I'm not sre whatwas going wrong. :shock:
Can you please help?

Code: 
ip cef
ip dhcp excluded-address 10.10.10.1
!
!
no ip domain lookup
ip inspect name firewall http
ip inspect name firewall https
ip inspect name firewall tcp router-traffic
ip inspect name firewall udp router-traffic
ip inspect name firewall icmp router-traffic
ip inspect name firewall dns
ip inspect name firewall imap
ip inspect name firewall imaps
ip inspect name firewall imap3
ip inspect name firewall ftp
ip inspect name firewall ipsec-msft
!
multilink bundle-name authenticated
!
!
username admin privilege 15 password 0 ehuman1811
username ehuman privilege 7 password 0 ehuman875
!
!
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
ip address 111.222.333.444 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed 100
!
interface FastEthernet1
ip address 555.444.333.222.111 255.255.255.248
ip nat outside
ip virtual-reassembly
speed 100
full-duplex
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet2

interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
switchport access vlan 2
speed 100
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan2
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 65.19.158.121
ip route 0.0.0.0 0.0.0.0 66.220.4.129
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source static tcp 192.168.1.3 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.1.3 3390 interface FastEthernet0 3390
ip nat inside source static tcp 192.168.1.3 21 interface FastEthernet0 21
ip nat inside source static tcp 192.168.1.20 3392 interface FastEthernet0 3392
ip nat inside source list list-1 interface FastEthernet0 overload
ip nat inside source list list-2 interface FastEthernet1 overload
!
ip access-list extended list-1
deny   ip 192.168.1.0 0.0.0.255 192.168.0.0 0.0.0.255
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended list-2
deny   ip 192.168.0.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip 192.168.0.0 0.0.0.255 any
!
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run
 
Sort by date Sort by votes
should not have two gateways of last resort:
ip route 0.0.0.0 0.0.0.0 65.19.158.121
ip route 0.0.0.0 0.0.0.0 66.220.4.129

when you creat 'virtual' lans, they have to be associated with physical ports. so you have the vlans set up, which switch port do you have those devices plugged in to?

like your server should be 192.168.1.10
config t
int fa0/2
switchport access vlan 1


ip address 192.168.1.1 255.255.255.0
 
Upvote 0 Downvote
You can only statically NAT one port per server.

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!
 
Upvote 0 Downvote
thanks!!
the 2 IP address blocks have come up with 2 gateways.
How can I route that correctly?

vlan1 is default. all switch port also binds to vlan1 by default.

can you help?
thanks!
 
Upvote 0 Downvote
have to decide what you want the gateway to be then you can try doing some policy based routing
 
Upvote 0 Downvote
Those two gateways are given to me by the ISP for 2 separated IP blocks.
Thanks for your advise.

The problem seem to be the internal route itself ?
1. from vlan1, I request which is hosted by servers in vlan2. Instead of getting a http response from the web severs, I was directed to the router's SDM web-based interface.

thanks again!
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
250
bdk76
bdk76
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
241
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
226
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
242
Hayden09
Hayden09
JMarine0811
  • Locked
  • Question
CISCO VG450 Factory reset
Replies
1
Views
297
whykap
whykap

Part and Inventory Search

Sponsor

Back
Top