Cannot ping Lan devices in Vlan
Hello
I looked for a solution to this for the week without success. I came across a Cisco C3560, which is used because of its ability of poe to power some Deskphones Voip. While the works of great poe, machines connected to the switch can only communicate with each other and don't can't ping or otherwise access any device connected directly to the router of the network.
The Cisco switch is configured with a vlan and a default gateway, but nothing comes out by behind the switch. On connected devices can ping by default gateway (192.168.0.1 - a tp-link router), receive a lease dhcp from the router said successfully and can connect to the internet, but on the local network, nothing works. (unable to connect to the printer connetced directly to the router or other computers connected directly to the router.
Any advice? I am new to cisco switches, don't know what I'm doing here. I'm just trying to get devices that are connected directly to the switch to communicate with devices connected directly to the router.
Switch#show runBuilding configuration...
Current configuration : 1528 bytes!version 12.2service configno service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Switch!enable secret 5 {}{}{}{}{}{}{}{}{}{}{}{}!no aaa new-modelclock timezone UTC 2system mtu routing 1500ip subnet-zero!!!!no file verify autospanning-tree mode pvstspanning-tree extend system-id!vlan internal allocation policy ascending!interface FastEthernet0/1!interface FastEthernet0/2!interface FastEthernet0/3!interface FastEthernet0/4!interface FastEthernet0/5!interface FastEthernet0/6!interface FastEthernet0/7!interface FastEthernet0/8!interface FastEthernet0/9!interface FastEthernet0/10!interface FastEthernet0/11!interface FastEthernet0/12!interface FastEthernet0/13!interface FastEthernet0/14!interface FastEthernet0/15!interface FastEthernet0/16!interface FastEthernet0/17!interface FastEthernet0/18!interface FastEthernet0/19!interface FastEthernet0/20!interface FastEthernet0/21!interface FastEthernet0/22!interface FastEthernet0/23!interface FastEthernet0/24 switchport mode access!interface GigabitEthernet0/1!interface GigabitEthernet0/2!interface Vlan1 ip address 192.168.0.26 255.255.255.0 no ip route-cache!ip default-gateway 192.168.0.1ip classlessip default-network 192.168.0.0ip http server!access-list 1 permit any log!control-plane!!line con 0line vty 0 4 password XXXXXXXXX login length 0line vty 5 15 password XXXXXXXX login length 0!end
Switch#show interface
Vlan1 is up, line protocol is up Hardware is EtherSVI, address is 001e.bd27.c4c0 (bia 001e.bd27.c4c0) Internet address is 192.168.0.26/24 MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:00, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 3 packets/sec 138534 packets input, 9472693 bytes, 0 no buffer Received 0 broadcasts (68 IP multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 30296 packets output, 2248820 bytes, 0 underruns 0 output errors, 1 interface resets 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/2 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c484 (bia 001e.bd27.c484) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:56, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 46000 bits/sec, 37 packets/sec 5 minute output rate 582000 bits/sec, 71 packets/sec 1941044 packets input, 327622438 bytes, 0 no buffer Received 38375 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 30699 multicast, 0 pause input 0 input packets with dribble condition detected 3224783 packets output, 2069682884 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out FastEthernet0/4 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c486 (bia 001e.bd27.c486) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:01, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 129069 packets input, 64947010 bytes, 0 no buffer Received 9953 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9759 multicast, 0 pause input 0 input packets with dribble condition detected 600269 packets output, 45540585 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/6 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c488 (bia 001e.bd27.c488) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:50, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 32693 packets input, 4244428 bytes, 0 no buffer Received 9942 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9759 multicast, 0 pause input 0 input packets with dribble condition detected 588460 packets output, 45003331 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/8 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48a (bia 001e.bd27.c48a) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:30, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32694 packets input, 4243413 bytes, 0 no buffer Received 9934 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9757 multicast, 0 pause input 0 input packets with dribble condition detected 588485 packets output, 45009466 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/12 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48e (bia 001e.bd27.c48e) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:28, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 32742 packets input, 4252075 bytes, 0 no buffer Received 9947 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9763 multicast, 0 pause input 0 input packets with dribble condition detected 588497 packets output, 45019272 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/13 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c48f (bia 001e.bd27.c48f) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:13, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 148160 packets input, 73818106 bytes, 0 no buffer Received 9973 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9760 multicast, 0 pause input 0 input packets with dribble condition detected 599666 packets output, 49045070 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/14 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c490 (bia 001e.bd27.c490) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:05, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 129165 packets input, 68409495 bytes, 0 no buffer Received 9982 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 9773 multicast, 0 pause input 0 input packets with dribble condition detected 600283 packets output, 45551497 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/18 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c494 (bia 001e.bd27.c494) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:49, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 21000 bits/sec, 18 packets/sec 5 minute output rate 13000 bits/sec, 16 packets/sec 606386 packets input, 88151136 bytes, 0 no buffer Received 159883 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 55198 multicast, 0 pause input 0 input packets with dribble condition detected 941617 packets output, 308269004 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/20 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c496 (bia 001e.bd27.c496) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input 00:00:54, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 1000 bits/sec, 1 packets/sec 5 minute output rate 1000 bits/sec, 2 packets/sec 515813 packets input, 87006769 bytes, 0 no buffer Received 21466 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 19952 multicast, 0 pause input 0 input packets with dribble condition detected 1858112 packets output, 1700009146 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
FastEthernet0/24 is up, line protocol is up (connected) Hardware is Fast Ethernet, address is 001e.bd27.c49a (bia 001e.bd27.c49a) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s, media type is 10/100BaseTX input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:01, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 1000 bits/sec, 1 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 0 multicast, 0 pause input 0 input packets with dribble condition detected 546556 packets output, 41182636 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/1 is up, line protocol is up (connected) Hardware is Gigabit Ethernet, address is 001e.bd27.c481 (bia 001e.bd27.c481) MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive not set Full-duplex, 1000Mb/s, link type is auto, media type is 10/100/1000BaseTX SFP input flow-control is off, output flow-control is unsupported ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output 00:00:00, output hang never Last clearing of "show interface" counters never Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 556000 bits/sec, 83 packets/sec 5 minute output rate 76000 bits/sec, 63 packets/sec 4457827 packets input, 3961330567 bytes, 0 no buffer Received 15028 broadcasts (0 multicasts) 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 watchdog, 11213 multicast, 0 pause input 0 input packets with dribble condition detected 3822373 packets output, 728132696 bytes, 0 underruns 0 output errors, 0 collisions, 1 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier, 0 PAUSE output 0 output buffer failures, 0 output buffers swapped out
Switch#show vlan
VLAN Name Status Ports---- -------------------------------- --------- -------------------------------1 default active Fa0/1, Fa0/2, Fa0/3, Fa0/4, Fa0/5, Fa0/6, Fa0/7, Fa0/8, Fa0/9, Fa0/10, Fa0/11, Fa0/12, Fa0/13, Fa0/14, Fa0/15, Fa0/16 Fa0/17, Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22, Fa0/23, Fa0/24, Gi0/1, Gi0/21002 fddi-default act/unsup1003 token-ring-default act/unsup1004 fddinet-default act/unsup1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------1 enet 100001 1500 - - - - - 0 01002 fddi 101002 1500 - - - - - 0 01003 tr 101003 1500 - - - - - 0 01004 fdnet 101004 1500 - - - ieee - 0 01005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs------------------------------------------------------------------------------
Primary Secondary Type Ports------- --------- ----------------- ------------------------------------------
Hello
first thing, please edit your post and remove your remote vty lines access password
never send passwords on a public forum for the just in case production equipment
line vty 0 4
password xxxxxx
***********************
Your question
What is the configuration of the router as a switch which seems to work correctly you're saying and I configured its doing its job, don't forget you said that you cannot route no between the router and the router switch should take care of this, whats the vlan ports on the router are on is - what the same subnet do they get an ip address in the same subnet off dhcp as devices of switching, if they do, and you cannot ping them to the same subnet theres something upward on the side of the router it would treat for layer 3 routing ip traffic
the ping to the router devices connected to the cisco switch and can the device on the router cannot ping devices switches
If you move a device out of the router and attach it to the doe sit switch still work ok, reach the talk of the internet to other devices on the switch?
As there is a layer 2 switch you don't need this command you have your entry door you can remove it.. .IP default-network 192.168.0.0
Tags: Cisco Network
Similar Questions
-
Customer quick RV042 VPN cannot ping lan network
Hi guys,.
I just created a client2gateway on RV042 IPSec tunnel and use the remote PC quick VPN client tries to connect to this router.
Fast VPN showed that the tunnel has been established. But I couldn't ping the LAN behind the router RV042.
Can someone help me?
Thank you.
Hello
Yes, you are right. To use the fast with RV042 VPN, it is necessary to configure the user name and a password for access to the VPN Client page. As this router does not support VLANs, you can only connect the VPN client to the LAN subnet (you cannot connect the client to any beach IP configured with multiple subnets)
Kind regards
Bismuth
-
VPN tunnel is up but cannot ping LAN stations
Hello
I'm trying to set up easy vpn server on cisco 881/k9 router.
Using the version of cisco vpn client 5.0, I can connect to the vpn server.
Can get the IP address of the LAN subnet on the vpn client.
On the side of vpn, I can see the vpn session using isakmp crypto #show her
But I can't ping from client vpn to any LAN station.
Someone please check my setup and find out.
This is my first time setting on the router cisco VPN.
Building configuration...
Current configuration: 5938 bytes
!
! Last configuration change at 01:38:31 UTC Thursday, April 21, 2011 by evantage
!
version 15.0
no service button
tcp KeepAlive-component snap-in service
a tcp-KeepAlive-quick service
horodateurs service debug datetime localtime show-timezone msec
Log service timestamps datetime localtime show-timezone msec
encryption password service
sequence numbers service
!
hostname FarEastP
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
recording console critical
!
AAA new-model
!
!
AAA authentication login default local
AAA authentication login ciscocp_vpn_xauth_ml_1 local
AAA authorization exec default local
AAA authorization ciscocp_vpn_group_ml_1 LAN
!
!
!
!
!
AAA - the id of the joint session
iomem 10 memory size
!
Crypto pki trustpoint TP-self-signed-3333835941
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 3333835941
revocation checking no
rsakeypair TP-self-signed-3333835941
!
!
TP-self-signed-3333835941 crypto pki certificate chain
certificate self-signed 01
30820240 308201A 9 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
69666963 33333333 38333539 6174652D 3431301E 170 3131 30343230 31363434
30355A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
4F532D53 5369676E 656C662D 43 65727469 66696361 74652 33 33333338 65642D
33353934 3130819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
810094A 1 7C2D79CE A6BEE368 3EB0B5B7 9A2CFE42 6A 145915 E67EF01D 350558E3
040B 6379 E6360CB3 4 D 0360DA61 184225 AAB44CA5 6BE23D05 55DAA45A 4647 5 FEB
6F143346 6BF18824 EFC3A31F 2A48AD8D 524F2324 EB331E50 8407577F E751DFF2
DD926D88 25 23143 11 C 66750 68267 C 61 C38B62C4 3B16E5AE AC91B2F8 ABA3546D
02 30203 010001A 3 68306630 1 130101 FF040530 030101FF 30130603 0F060355 D
551D 1104 08466172 45617374 50301F06 23 04183016 8014E95E 03551D 0C300A82
66B6A8C2 CF1BD38F 684FD4DF C3854AEB ACA7301D 0603551D 0E041604 14E95E66
B6A8C2CF 1BD38F68 4FD4DFC3 854AEBAC A7300D06 092 HAS 8648 86F70D01 01040500
03818100 05803840 EFBF9A3B F4D64899 8E03C836 34861307 57193CC5 DA510446
E4081D1A 2CF243BF 41AC9F36 83DAE9DB 9480F154 7CF792A5 76C1452C EEFD8661
8443DC4C 8E507A8F B2ECCAEB CDE26E41 E477E290 79AE5D72 FD81057C B5DCE1C2
36E0F740 65108014 A8992360 92F0423D E14F9240 1D162BC3 EFBB75A2 9E64ABC6 D76BE894
quit smoking
no ip source route
!
!
DHCP excluded-address 192.168.1.1 IP 192.168.1.100
DHCP excluded-address IP 192.168.1.201 192.168.1.254
!
dhcp pool IP CCP-pool1
network 192.168.1.0 255.255.255.0
domain FarEastP
default router 192.168.1.1
DNS-server 192.168.1.2 165.21.83.88
!
!
no ip cef
no ip domain search
name-server IP 192.168.1.2
name of the IP-server 165.21.83.88
No ipv6 cef
!
!
license udi pid CISCO881-K9 sn FHK142971LH
!
!
username admin privilege 15 secret 5 $1$ W2eu$ lr. TpEfJuOE1iKQjFPHIT /.
username privilege 15 secret 5 evantage P602 $1$$ 8TeJh5.SCHsY2TGd0.TnD1
username privilege 5 secret 5 sshukla $1$ oflM$ cHZdlpLdWr.nn1UwiCEs7.
username privilege 5 secret 5 rtandon $1$ yGAU$ BxJ6eQqG32WeI2gI4BDWh1
sagrawal privilege 5 secret 5 username $1$ $1Kkz E6NOTt9LCXiGTarAxrc/i1
username secret privilege 5 asarie $5 1. CVw $0ohz3WtLqU8USiMBqxIjA.
username secret privilege 5 rbiyani 5 $1$ KkY / $02lEPCahuIpzoQcXln2yD.
username privilege 5 secret 5 clovejoy $1$ WMbu$ t.er4RPRTnYNNwwkVGMuX.
username privilege 5 secret 5 Lakshmi $1$ ZMC4$ Sjlcmcw2uvhzU9bwEw1Us.
username privilege 5 secret 5 benmansour yPMa $1$$ I.q.7NW2uQo0s5FTHkxZM1
username secret privilege 5 usha 5 $1$ bX1I$ X6X4eSSeq48k0Kq8Qt7Rn.
username privilege 5 secret 5 aditya $1$ w2Vt$ HOz81M2UfLeni.PNUX2aJ.
!
!
synwait-time of tcp IP 10
!
!
crypto ISAKMP policy 1
BA 3des
preshared authentication
Group 2
!
crypto ISAKMP policy 10
!
ISAKMP crypto group configuration of VPN client
TP!zlflN\2\4go,xtP+xFapuWlKDvr#dVrS6L4TF5NJl2GXugUgv%LfQ+!drgUK key
DNS 192.168.1.2 165.21.83.88
fareastp field
pool SDM_POOL_1
ACL 101
max - 20 users
netmask 255.255.255.0
!
!
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
!
crypto dynamic-map DYNVPN 1
game of transformation-ESP-3DES-SHA
!
!
map clientmap client to authenticate crypto list ciscocp_vpn_xauth_ml_1
card crypto clientmap isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address map clientmap crypto answer
clientmap card crypto 65535-isakmp dynamic ipsec DYNVPN
!
!
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
WAN description $ ES_WAN$
IP 119.75.60.170 255.255.255.252
penetration of the IP stream
NAT outside IP
IP virtual-reassembly
automatic duplex
automatic speed
clientmap card crypto
!
interface Vlan1
LAN description
IP 116.12.248.81 255.255.255.240 secondary
IP 192.168.1.1 255.255.255.0
penetration of the IP stream
IP nat inside
IP virtual-reassembly
!
local IP SDM_POOL_1 192.168.1.201 pool 192.168.1.254
local IP POOL_2 10.10.1.2 pool 10.10.1.200
IP forward-Protocol ND
IP http server
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
IP nat inside source static tcp 192.168.1.2 1723 1723 interface FastEthernet4
IP nat inside source static tcp 192.168.1.4 5003 interface FastEthernet4 5003
IP nat inside source static tcp 192.168.1.4 16000 16000 FastEthernet4 interface
IP nat inside source static tcp 192.168.1.4 16001 interface FastEthernet4 16001
overload of IP nat inside source list 111 interface FastEthernet4
IP nat inside source overload map route SDM_RMAP_1 interface FastEthernet4
IP route 0.0.0.0 0.0.0.0 119.75.60.169
!
recording of debug trap
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
allowed SDM_RMAP_1 1 route map
corresponds to the IP 101
!
!
control plan
!
!
Line con 0
no activation of the modem
line to 0
line vty 0 4
transport input telnet ssh
!
max-task-time 5000 Planner
Scheduler allocate 4000 1000
Scheduler interval 500
endThe VPN pool assigned to the VPN client must be in another unique subnet as internal networks.
Please also post all your ACL to see if NAT and crypto ACL has been set up correctly.
Your NAT ACL must include "deny ip" above all permit declarations.
-
ASA 5520: Remote VPN Clients cannot ping LAN, Internet
I've set up a few of them in my time, but I am confused with this one. Can I establish connect via VPN tunnel but I can't ping or go on the internet. I searched the forum for similar and found a little issues, but none of the fixes seem to match. I noticed a strange thing is when I run ipconfig/all of the vpn client, the IP address that has been leased over the Pool of the VPN is also the default gateway!
I have attached the config. Help, please.
Thank you!
Exemption of NAT ACL has not yet been applied.
NAT (inside) 0-list of access Inside_nat0_outbound
In addition, you have not split tunnel, not sure you were using internet ASA for the vpn client internet browsing.
You can also enable icmp inspection if you test in scathing:
Policy-map global_policy
class inspection_defaultinspect the icmp
Hope that helps.
-
Cannot ping hosts on the same vlan on the 2 switches.
Hey guys so I create my own network in Packet Tracer 6.3. While the hosts can ping others on the same switch 2960 and VLAN, they are unable to ping a host on another switch in the same VLAN. For example. Josh PC on S1 (192.168.10.10) cannot ping PC Doge on S2 (192.168.10.13). I'm sure that they are on the same subnet, so I thing it is a problem of junction...
S1:
S1 #show ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual up up
FastEthernet0/4 unassigned YES manual up up
FastEthernet0/5 unassigned YES manual administratively down down
FastEthernet0/6 unassigned YES manual administratively down down
FastEthernet0/7 unassigned YES manual administratively down down
FastEthernet0/8 unassigned YES manual administratively down down
FastEthernet0/9 unassigned YES manual administratively down down
FastEthernet0/10 unassigned YES manual administratively down down
FastEthernet0/11 unassigned YES manual administratively down down
FastEthernet0/12 unassigned YES manual administratively down down
FastEthernet0/13 unassigned YES manual administratively down down
FastEthernet0/14 unassigned YES manual administratively down down
FastEthernet0/15 unassigned YES manual administratively down down
FastEthernet0/16 unassigned YES manual administratively down down
FastEthernet0/17 unassigned YES manual administratively down down
FastEthernet0/18 unassigned YES manual administratively down down
FastEthernet0/19 unassigned YES manual administratively down down
FastEthernet0/20 unassigned YES manual administratively down down
FastEthernet0/21 unassigned YES manual administratively down down
FastEthernet0/22 unassigned YES manual administratively down down
FastEthernet0/23 unassigned YES manual administratively down down
FastEthernet0/24 unassigned YES manual administratively down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan2 unassigned YES manual downwards upwards
Vlan10 unassigned YES manual up up
S1 #show interface f0/1 switchport
Name: Fa0/1
Switchport: enabled
Administrative mode: trunk
Operational mode: trunk
Encapsulation of administrative circuits: dot1q
Operational Trunking encapsulation: dot1q
Trunking negotiation: Off
The VIRTUAL LAN access mode: (default) 1
Native mode VLAN Trunking: 2 (native)
The voice of VLAN: no
Private-vlan host association Directors: no
Mapping of private - vlan management: no
Private-vlan trunk administration VLAN native: no
Private - vlan administration trunk encapsulation: dot1q
Private-vlan trunk administration VLAN normal: no
Private-vlan trunk administration private VLAN: no
Private-vlan operational: no
VLAN Trunking enabled: ALL
Pruning VLANS enabled: 2-1001
Capture Mode disabled
Capture VLAN allowed: ALL
Protected: false
The unit trust: no
S1 #show vlan br
Ports of status for the name of VLAN
---- -------------------------------- --------- -------------------------------
1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
FA0/13, Fa0/14, Fa0/15, Fa0/16
FA0/17, Fa0/18, Fa0/19, Fa0/20
FA0/21, Fa0/22, Fa0/23 and Fa0/24
Gig0/1, Gig0/2
2 active native
5 active
10 active VLAN0010 Fa0/2, Fa0/3, Fa0/4
active by default fddi 1002
assets of token-ring-default 1003
1004 fddinet - default active
1005 trnet - default active
Trunk interface #show S1
VLAN Mode Encapsulation native port State
FA0/1 on 802. 1 trunking q 2
Port VLAN allowed on trunk
5,10,20 FA0/1
Port VLAN authorized and active in the field of management
FA0/1 5,10
VLAN port extending on transmission State and no tree pruned
FA0/1 5,10
S1 #show mac-address-table
Mac address table
-------------------------------------------
VLAN Mac Address Type Ports
---- ----------- -------- -----
5 00d0.d37a.ed01 DYNAMICS Fa0/1
S2:
S2 #show ip int br
Interface IP-Address OK? Method State Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual up up
FastEthernet0/4 unassigned YES manual up up
FastEthernet0/5 unassigned YES manual administratively down down
FastEthernet0/6 unassigned YES manual administratively down down
FastEthernet0/7 unassigned YES manual administratively down down
FastEthernet0/8 unassigned YES manual administratively down down
FastEthernet0/9 unassigned YES manual administratively down down
FastEthernet0/10 unassigned YES manual administratively down down
FastEthernet0/11 unassigned YES manual administratively down down
FastEthernet0/12 unassigned YES manual administratively down down
FastEthernet0/13 unassigned YES manual administratively down down
FastEthernet0/14 unassigned YES manual administratively down down
FastEthernet0/15 unassigned YES manual administratively down down
FastEthernet0/16 unassigned YES manual administratively down down
FastEthernet0/17 unassigned YES manual administratively down down
FastEthernet0/18 unassigned YES manual administratively down down
FastEthernet0/19 unassigned YES manual administratively down down
FastEthernet0/20 unassigned YES manual administratively down down
FastEthernet0/21 unassigned YES manual administratively down down
FastEthernet0/22 unassigned YES manual administratively down down
FastEthernet0/23 unassigned YES manual administratively down down
FastEthernet0/24 unassigned YES manual administratively down down
GigabitEthernet0/1 unassigned YES manual down down
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan2 unassigned YES manual downwards upwards
Vlan5 unassigned YES manual up up
Vlan10 unassigned YES manual up up
Vlan20 unassigned YES manual up up
Vlan99 unassigned YES manual administratively down down
S2 #show interface f0/1 switchport
Name: Fa0/1
Switchport: enabled
Administrative mode: trunk
Operational mode: trunk
Encapsulation of administrative circuits: dot1q
Operational Trunking encapsulation: dot1q
Trunking negotiation: on
The VIRTUAL LAN access mode: (default) 1
Native mode VLAN Trunking: 2 (native)
The voice of VLAN: no
Private-vlan host association Directors: no
Mapping of private - vlan management: no
Private-vlan trunk administration VLAN native: no
Private - vlan administration trunk encapsulation: dot1q
Private-vlan trunk administration VLAN normal: no
Private-vlan trunk administration private VLAN: no
Private-vlan operational: no
VLAN Trunking enabled: ALL
Pruning VLANS enabled: 2-1001
Capture Mode disabled
Capture VLAN allowed: ALL
Protected: false
The unit trust: no
S2 #show vlan br
Ports of status for the name of VLAN
---- -------------------------------- --------- -------------------------------
1 by default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
FA0/13, Fa0/14, Fa0/15, Fa0/16
FA0/17, Fa0/18, Fa0/19, Fa0/20
FA0/21, Fa0/22, Fa0/23 and Fa0/24
Gig0/1, Gig0/2
2 active native
5 active
10 VLAN0010 active Fa0/4
20 VLAN0020 active Fa0/2, Fa0/3
active by default fddi 1002
assets of token-ring-default 1003
1004 fddinet - default active
1005 trnet - default active
S2 #show mac-address-table
Mac address table
-------------------------------------------
VLAN Mac Address Type Ports
---- ----------- -------- -----
2 0030.f2c1.94e5 STATIC Fa0/1
2 0060.5c83.3401 STATIC Fa0/1
10 0002.4ae9.6964 STATIC Fa0/4
10 0060.5c83.3401 STATIC Fa0/1
20 0009.7c9a.a134 STATIC Fa0/2
----------------------------------------------------------------------------------
Let me know what I missed here. All connections are made with a straight through cable.
See you soon
Josh
Try to remove the S2 switchport port-security:
interface FastEthernet0/1 no switchport port-security
-
WAG320N - LAN clients cannot ping clients WLAN.
Hi all
I wonder if you can help. I currently have a router WAG320N, which seems to work out for a small problem.
However, the problem I am facing is that my LAN clients cannot ping my clients wireless and vice versa.
I googled this problem which has recommended that the AP isolation is off which is was by default.
Any other ideas?
Thanking in advance.
Sprite
As you are not able to ping customers wireless to wireline customers. Turn on the isolation of the AP.
See if that helps you.
-
Once the VPN connection is established, cannot ping or you connect other IP devices
Try to get a RV016 installed and work so that people can work from home. You will need to charge customers remote both WIN XP and MAC OS X.
Have the configured router and works fine with the VPN Linksys client for WIN XP users. Can connect, ping, mount the shared disks, print to printers to intellectual property, etc.
Can connect to the router fine with two VPN clients third 3 for Mac: VPN Tracker and IPSecuritas. However, once the connection is established, cannot ping the VPN LinkSYS router or any other IP address on the LAN Office. Turn the firewall on or off makes no difference.
Is there documentation anywhere that describes how the LinksysVPN for Windows Client communicates so these can be replicated in 3rd VPN clients from third parties for the Mac in OS X?
The connection with IPSecuritas and VPN Tracker is performed using a shared key and a domain name. It is not a conflict of IP address network between the client and the VPN 192.168.0.0/24 network.
VPN Tracker and IPSecuritas are able to connect to the routers CISCO easy VPN with no poblem.
Any ideas on how to get the RV016 to work for non-Windows users?
We found and fixed the problem, so using VPN Tracker or current IPSecuritas on OS X people have access to the LAN via the RV016 machines. The "remote networks" in the screen BASE in VPN Tracker has been set on the entire subnet: 192.168.0.0/255.255.255.0 the in the RV016 has been set to the IP of 192.168.0.1 to 192.168.0.254 range. Even if the addresses are essentially the same, without specifying the full subnet in the RV016 has allowed the connection to do but prevented the VPN client machine to connect because the RV016 would pass all traffic to the Remote LAN. Change the setting of 'local group' in RV016 settings in the screen "VPN/summary/GroupVPN', 'Local Group Zone' for the subnet 192.168.0.0/24 full solved the problem.
-
cannot ping between remote vpn site?
vpn l2l site A, site B is extension vpn network, connect to the same vpn device 5510 to the central office and work well. I can ping from central office for two remote sites, but I cannot ping between these two vpn sites? Tried to debug icmp, I can see the icmp side did reach central office but then disappeared! do not send B next? Help, please...
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
!
object-group network SITE-a.
object-network 192.168.42.0 255.255.255.0
!
object-group network SITE-B
object-network 192.168.46.0 255.255.255.0
!
extended OUTSIDE allowed a whole icmp access list
HOLT-VPN-ACL extended access-list allow ip object-CBO-NET object group SITE-a.
!
destination SITE-a NAT (outside, outside) static source SITE - a static SITE to SITE-B-B
!
address for correspondence card crypto VPN-card 50 HOLT-VPN-ACL
card crypto VPN-card 50 peers set *. *.56.250
card crypto VPN-card 50 set transform-set AES-256-SHA ikev1
VPN-card interface card crypto outside
!
internal strategy group to DISTANCE-NETEXTENSION
Remote CONTROL-NETEXTENSION group policy attributes
value of DNS server *. *. *. *
VPN-idle-timeout no
Ikev1 VPN-tunnel-Protocol
Split-tunnel-policy tunnelspecified
Split-tunnel-network-list value REMOTE-NET2
value by default-field *.org
allow to NEM
!
remote access of type tunnel-group to DISTANCE-NETEXTENSION
Global DISTANCE-NETEXTENSION-attributes tunnel-group
authentication-server-group (inside) LOCAL
Group Policy - by default-remote CONTROL-NETEXTENSION
IPSec-attributes tunnel-group to DISTANCE-NETEXTENSION
IKEv1 pre-shared-key *.
tunnel-group *. *.56.250 type ipsec-l2l
tunnel-group *. *.56.250 ipsec-attributes
IKEv1 pre-shared-key *.
!!
ASA - 5510 # display route. include the 192.168.42
S 192.168.42.0 255.255.255.0 [1/0] via *. *. 80.1, outside
ASA - 5510 # display route. include the 192.168.46
S 192.168.46.0 255.255.255.0 [1/0] via *. *. 80.1, outside
ASA-5510.!
Username: Laporte-don't Index: 10
Assigned IP: 192.168.46.0 public IP address: *. *.65.201
Protocol: IKEv1 IPsecOverNatT
License: Another VPN
Encryption: 3DES hash: SHA1
TX Bytes: bytes 11667685 Rx: 1604235
Group Policy: Group remote CONTROL-NETEXTENSION Tunnel: remote CONTROL-NETEXTENSION
Opening time: 08:19:12 IS Thursday, February 12, 2015
Duration: 6 h: 53 m: 29 s
Inactivity: 0 h: 00 m: 00s
Result of the NAC: unknown
Map VLANS: VLAN n/a: no
!
ASA - 5510 # display l2l vpn-sessiondbSession type: LAN-to-LAN
Connection: *. *.56.250
Index: 6 IP Addr: *. *.56.250
Protocol: IPsec IKEv1
Encryption: AES256 3DES hash: SHA1
TX Bytes: bytes 2931026707 Rx: 256715895
Connect time: 02:00:41 GMT Thursday, February 12, 2015
Duration: 13: 00: 10:00Hi Rico,
You need dynamic nat (for available IP addresses) for the two side to every subset of remote access to the other side remote subnet and so they can access every other subnet as if both from the traffic from your central location.
example:
Say, this IP (10.10.10.254) is unused IP to the central office, allowed to access remote tunnel 'A' and 'B' of the site.
object-group network SITE-a.
object-network 192.168.42.0 255.255.255.0
!
object-group network SITE-B
object-network 192.168.46.0 255.255.255.0dynamic source destination SITE-a. 10.10.10.254 NAT (outdoors, outdoor)
public static SITE SITE-B-Bdestination NAT (outdoors, outdoor) SITE-B 10.10.10.254 dynamic source
SITE static-SITE aHope this helps
Thank you
Rizwan James
-
Cannot find NI0DAQmx devices on the network. Test Panel button grey
Hello
I have a Dell than T710 Win Server 2008 R2 64-bit. NidaqMX 9.3 is installed. The dialog box search for network OR-DAQmx devices cannot find my NI ENET-9163 carrier with a card NI 9215. This card has a static IP address in the same subnet as the LAN of the PC port. I ping the device.
However in the search network OR-DAQmx devices dialogue box I can add the Board manually by specifying the IP address. This seems to half work as long as it saves the map MAX, but the test panels button is grayed.
I installed Nidaq MX 9.3 on my win 7 64 bit laptop and I can find the card properly and test it. Clearly there is something wrong with the config on the Dell software, but I have no idea what. Any help is appreciated. I stumbled on, IP addresses etc. I also disabled the 3 other network ports on the Dell server in case that is the question.
Thank you
Andrew
Hello Andrew,.
I could do some tests on our Windows 2008 R2 server. I was able to replicate this but not as easily as you did. We have 2 network adapters on that server. We have solved this problem is to do the following:
1. disable IPv6 IP addressing all the ports of the network.
2. change the metric of the Interface on the network adapter. We have high, so a value of 50. You can get this metric by going into the properties of your network card > your IPv4 properties > advanced on the general tab > UN select Automatic metric and replace with static. (the entries are 1-60). Do this for all of your network adapters. Given that we have this setting that we have never seen the question re occur.
We also checked that it doesn't happen at all on the new cDAQ-9181 chassis. This chassis is intended to replace the ENET-9163. If it is possible for your upgrade I would recommend this option. You should be able to work with your local sales channel to get one to test with. We have 20 + 9181 in this system and have never seen the issue of not being able to Max commonality to the chassis.
Let me know your results to adjust the parameters I mentioned above.
Thank you!
Corby
CDAQ PES of R & D network
-
Reference Dell powerconnect 5524 cannot ping between coelio and trunk port
Hello...
We set up a new switch of 5524 I untagged on vlan 20 and access ports where vlan 20 I allowed. I created a computer on the access port on the same trunk port ip net... cant ping beween them. I'm no expert of switch, so I wonder what I missed. I did the same thing on a dell old 3524 and it works directly...
Here's the port config I tried to do a ping beween is 6 and 10 ports
(Another thing, how how to remove):
switchport mode trunk
switchport access vlan none)Any help would be greatly appreciated!
interface vlan 1
IP 88.131.90.252 255.255.255.240
!
interface vlan 5
the name 'SCE CJA'
!
interface vlan 6
the name "out of Tele2.
!
interface vlan 7
name "Outside Telenor"
!
interface vlan 8
name "TDC Multivrf"
!
interface vlan 20
TDC-CISCO-LAN name
!
[0mMore:, quit: q or CTRL + Z, one line: interface vlan 21]
the name "FW inside."
!
interface vlan 99
name «FW sync»
!
gigabitethernet1/0/1 interface
Description CPE1
switchport access vlan 5
!
interface gigabitethernet1/0/2
Description CPE2
switchport access vlan 5
!
interface gigabitethernet1/0/3
Df description
spanning tree portfast
switchport mode trunk
switchport access vlan no
!
interface gigabitethernet1/0/4
Description Oupps-cb2
[0mMore:, quit: q or CTRL + Z, a single line: spanning tree portfast]
switchport mode trunk
switchport access vlan no
!
interface gigabitethernet1/0/5
Upp-ccm1 description
spanning tree portfast
switchport access vlan 20
!
interface gigabitethernet1/0/6
Oupps-ccm2 description
spanning tree portfast
switchport access vlan 20
!
interface gigabitethernet1/0/7
Tdc-multivrf1 description
switchport access vlan 8
!
interface gigabitethernet1/0/8
TDC-multivrf2 description
switchport access vlan 8
!
[0mMore:, quit: q or CTRL + Z, one line: interface gigabitethernet1/0/9]
Description Oupps-cb-tq03
spanning tree portfast
switchport mode trunk
!
interface gigabitethernet1/0/10
Description Oupps-cb-tq04
spanning tree portfast
switchport mode trunk
!
interface gigabitethernet1/0/11
Tele2-outside description
switchport access vlan 6
!
interface gigabitethernet1/0/12
Tele2-outside description
switchport access vlan 6
!
interface gigabitethernet1/0/13
Telenor-outside description
switchport access vlan 7
!
[0mMore:, quit: q or CTRL + Z, one line: interface gigabitethernet1/0/14]
Telenor-outside description
switchport access vlan 7
!
interface gigabitethernet1/0/15
Description Word-Oupps-fw-tq01-inside
switchport mode trunk
!
interface gigabitethernet1/0/16
Description Word-Oupps-fw-tq02-inside
switchport mode trunk
!
interface gigabitethernet1/0/17
FW-sync description
switchport access vlan 99
!
interface gigabitethernet1/0/18
FW-sync description
switchport access vlan 99
!
interface gigabitethernet1/0/19
Description Word-Oupps-fw-tq01-outside
[0mMore:, quit: q or CTRL + Z, a single line: switchport mode trunk]
!
interface gigabitethernet1/0/20
Description Word-Oupps-fw-tq02-outside
switchport mode trunk
!
interface gigabitethernet1/0/22
FW-Sync description
switchport access vlan 99
!
interface gigabitethernet1/0/23
Description Word-Oupps-FW-tq01-outside
192.168.11.1 IP address 255.255.255.0
switchport mode trunk
!
interface gigabitethernet1/0/24
Description Word-AIN-LAN-SW
switchport access vlan 20
!
IP route 0.0.0.0 0.0.0.0 88.131.90.241[0mMore:
, quit: q or CTRL + Z, a single line:] Information of VLAN
The name of the VLAN Tag Ports Ports unmarked Type permission
---- ------------ ------------------ ------------------ --------- -------------
1 1 article gi1/0/3-4, default required
Article gi1/0/9-10
item in gi1/0/15-16,
item in gi1/0/19-21,
item in gi1/0/23,
item in gi1/0/25-48,
TE1/0/1-2.
GI2/0/1-48.
TE2/0/1-2.
IG3/0/1-48.
TE3/0/1-2.
IG4/0/1-48.
TE4/0/1-2.
IG5/0/1-48.
TE5/0/1-2.
GI6/0/1-48.
TE6/0/1-2.
gi7/0/1-48.
TE7/0/1-2.
gi8/0/1-48.
TE8/0/1-2, m 1-32
5 CPE TDC article gi1/0/3-4, item in gi1/0/1-2 permanent required
[0mMore:, quit: q or CTRL + Z, one line: article gi1/0/9-10]
item in gi1/0/15-16,
item in gi1/0/19-20,
item in gi1/0/23
6 outside section gi1/0/3-4, item in gi1/0/11-12 permanent required
Tele2 item in gi1/0/9-10,
item in gi1/0/15-16,
item in gi1/0/19-20,
item in gi1/0/23
7 outside article gi1/0/3-4, item in gi1/0/13-14 required permanent
Telenor item in gi1/0/9-10,
item in gi1/0/15-16,
item in gi1/0/19-20,
item in gi1/0/23
8 TDC Multivrf item in gi1/0/3-4, item in gi1/0/7-8 permanent required
Article gi1/0/9-10
item in gi1/0/15-16,
item in gi1/0/19-20,
item in gi1/0/23
TDC-CISCO-LA 20, article gi1/0/3-4, item in gi1/0/5-6, item in gi1/0/24 required permanent
N item in gi1/0/9-10,
item in gi1/0/15-16,
[0mMore:, quit: q or CTRL + Z, one line: item in gi1/0/19-20,]
item in gi1/0/23In safe mode the PVID is 1 VLAN by default. You can do this by entering the command #switchport trunk vlan native {number of vlan}. If Cisco is configured to accept and send the marked packets and has an IP address in the subnet of VLAN 20, it should be able to communicate with other devices in VLAN 20.
-
Already registered on the portal OnPlus - cannot add a device already enabled/customer
Hello
I am registered on OnPlus.
Then my colleague registered and activated a device.
I could not activate the device - even if my PC is on the same subnet and can connect to it very well (with the password provided by my colleague).
When he sends me an invitation for the device - it takes me to the registration page.
If I get my information from record (again) - I get (not surprisingly)...
"We had a problem with your submission. Please correct the following errors. This user ID is already registered. »
Still-, there is no choice because "I am already registered.
When I connect OnPlus and try to "Add Customer" - I put in the details, then it goes to the activation screen with
"CustomerX / status".
To activate this client:
Install the Agent network OnPlus on the premises of the customer and connect it to the LAN client.
Turn the Network Agent OnPlus the switch zipper on the back panel of the Network Agent OnPlus.
If your computer is connected to the same network as the network OnPlus Agent, click on the button activate now below.
Otherwise, follow the instructions for activation in the guide getting started for the Cisco OnPlus Network Agent.
Activation for this customer information are:
Activation ID:... »
If I click on activate it says
"Unable to determine a local IP address for all Agent OnPlus of network into your current network.
Check that the Network Agent OnPlus is connected to the same local network as this browser. OnPlus Network Agent must be on the same public WAN IP address (203.25.x.x) in your web browser block current.
Not enabled OnPlus network Agents will attempt to disseminate their IP up to 30 minutes and if successful will appear here for 4 hours. Try to stop power OnPlus Network Agent if it has been online for more than 30 minutes.
Verify that the DHCP service is running on the local network so that network OnPlus Agent is able to acquire an IP via DHCP. You will be able to change Agent of the OnPlus network to use a static IP address if you choose to (recommended), but the DHCP service is required to access the Network Agent OnPlus start.
Ensure that DHCP clients can route to the Internet.
If the Network Agent OnPlus hosting site has multiple WAN paths to the Internet, try refreshing this page. Your browser must Access this page from the IP WAN as the Agent of OnPlus network address. »
We even tried power cycling it, and I'm definitely on the same subnet.
There was no possibility of entering an IP address no matter where manually - process regarding the "Impossible to determine an IP address local for all Agent OnPlus network on your current network."
I ping the device and even connect to its graphical interface. It simply does not appear as any way to add this unit to my own account on the portal OnPlus.
That please?
Hello Brett.
The On100 device can be associated with a single customer and a customer cannot exist in more than one Agent account. From your description, I understand that your colleague registered as a OnPlus Agent, created an account customer, and then active the On100 device under this new client.
However, it is possible for you to have access to the customer site by becoming a sub-agent under account OnPlus Agent of your colleague. And according to the description above, it seems that your colleague has already sent you an invitation to become a subagent. The problem now is that you have previously registered your EAC as OnPlus Agent id. It is not possible for a single CCE id or an Agent and a secondary agent in the OnPlus portal.
To allow your registration as sub-agent, we remove your EAC to your portal id. It is a manual step that I am happy to help you. Simply unicast your Agent account information to [email protected] / * / . Once I take off your CEC id you will be OK to complete the registration of subagent.
Here's some more information about the creation of the sub-agents in the portal OnPlus. A previous post jamwyatt courtesy of response:
In the account that contains the Agent network ON100, you can add other agents, on invitation. On the overview page, there is a menu agent at the top that will allow you to invite the officers. Once you invite an agent, and they sign up, they will be able to see the same view you see. The design intent is that you set up a master account for your business, then you invite other employees and contractors to adhere as agents of this account. Each guest will need a Cisco ID and once that they sign up, they will have to be approved by the owner of the main account (same menu agent, selection "of Agents in waiting"). Using this approach, the owner of the company retains the main account and allows you to manage completely all agents.
Kind regards
-r.
-
I can mutually ping in router RVS4000 VLAN without another router
One of our clients has RVS400 router with 4-port LAN VIRTUAL. We have recently added Crestron devices to our network and have some network problem. Search Google points to this page: Network slow question as discessed in this article: Troubleshooting network slow issues... There are two things happening with the Crestron system:... www.chicagotech.net/NetForums/viewtopic.php?f=1&t=7737 It recommends to create a local network VIRTUAL for Crestron. However, the Cisco RVS400 manual States: "function VLANS at layer 2.» VLANS isolate traffic within the VIRTUAL LAN, router layer 3 functioning router is needed to allow traffic between the VLANS. Layer 3 routers identify segments and coordinate with local networks virtual. "If we create two VLANS on the router without another router, can access us each other in these two VLAN?
Hi chicagotech.
I implemented a RVS4000 in our laboratory and created 2 VLAN, VLAN 1 and VLAN 2. I connected two PCs, 1 on each VLAN and they were able to ping each other with Inter-VLAN routing active. Here are the steps I followed:
- Go to L2 Switch-> create a VLAN. I have added VLAN ID: 2 and click Add VLAN
- Go to membership to a VLAN and select VLAN 2 from the drop-down. In the table for Port 2, select the Untagged radio button and click on save at the bottom.
- Go to settings-> Advanced Routing and ensure that the Inter-VLAN routing is enabled. (It is enabled by default)
- Connect a PC to port 2 and make sure he gets an IP to VLAN 2. (in this case 192.168.2.100) Ping this address in VLAN 1 PC-> success. From VLAN 2 PC, ping 192.168.1.101 (VLAN 1 PC)-> success.
- As a test I gave then the PCs in each VLAN to an IP address static and turned off the DHCP server on the router. 192.168.1.102 was able to ping 192.168.2.102 and vice versa.
- I then disabled Inter-VLAN routing and the PC could ping is no longer among them. They still had full access to the internet.
It seems that the devices connected to the RVS4000 in different VLANS have no trouble to access each other with Inter-VLAN routing active.
-
Peer AnyConnect VPN cannot ping, RDP each other
I have an ASA5505 running ASA 8.3 (1) and ASDM 7.1 (1). I have a remote access VPN set up and remote access users are able to connect and access to network resources. I can ping the VPN peers between the Remote LAN. My problem counterparts VPN cannot ping (RDP, CDR) between them. Ping a VPN peer of reveals another the following error in the log of the SAA.
Asymmetrical NAT rules matched for flows forward and backward; Connection for icmp outside CBC: 10.10.10.8 outside dst: 10.10.10.9 (type 8, code 0) rejected due to the failure of reverse NAT.
Here's my ASA running-config:
ASA Version 8.3 (1)
!
ciscoasa hostname
domain dental.local
activate 9ddwXcOYB3k84G8Q encrypted password
2KFQnbNIdI.2KYOU encrypted passwd
names of
!
interface Vlan1
nameif inside
security-level 100
IP 192.168.1.1 255.255.255.0
!
interface Vlan2
nameif outside
security-level 0
IP address dhcp setroute
!
interface Ethernet0/0
switchport access vlan 2
!
interface Ethernet0/1
!
interface Ethernet0/2
!
interface Ethernet0/3
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
passive FTP mode
clock timezone CST - 6
clock to summer time recurring CDT
DNS lookup field inside
DNS server-group DefaultDNS
192.168.1.128 server name
domain dental.local
permit same-security-traffic inter-interface
permit same-security-traffic intra-interface
network obj_any object
subnet 0.0.0.0 0.0.0.0
network of the RAVPN object
10.10.10.0 subnet 255.255.255.0
network of the NETWORK_OBJ_10.10.10.0_28 object
subnet 10.10.10.0 255.255.255.240
network of the NETWORK_OBJ_192.168.1.0_24 object
subnet 192.168.1.0 255.255.255.0
access-list Local_LAN_Access note VPN Customer local LAN access
Local_LAN_Access list standard access allowed host 0.0.0.0
DefaultRAGroup_splitTunnelAcl list standard access allowed 192.168.1.0 255.255.255.0
Note VpnPeers access list allow peer vpn ping on the other
permit access list extended ip object NETWORK_OBJ_10.10.10.0_28 object NETWORK_OBJ_10.10.10.0_28 VpnPeers
pager lines 24
Enable logging
asdm of logging of information
logging of information letter
address record [email protected] / * /
exploitation forest-address recipient [email protected] / * / level of information
record level of 1 600 6 rate-limit
Outside 1500 MTU
Within 1500 MTU
mask 10.10.10.5 - 10.10.10.10 255.255.255.0 IP local pool VPNPool
ICMP unreachable rate-limit 1 burst-size 1
ASDM image disk0: / asdm - 711.bin
don't allow no asdm history
ARP timeout 14400
NAT (inside, all) static source all electricity static destination RAVPN RAVPN
NAT (inside, outside) static static source NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28
NAT (inside, outside) static source all all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination
!
network obj_any object
NAT dynamic interface (indoor, outdoor)
network of the RAVPN object
dynamic NAT (all, outside) interface
Timeout xlate 03:00
Timeout conn 01:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
Sunrpc timeout 0:10:00 h323 0:05:00 h225 mgcp from 01:00 0:05:00 mgcp-pat 0:05:00
Sip timeout 0:30:00 sip_media 0:02:00 prompt Protocol sip-0: 03:00 sip - disconnect 0:02:00
Timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-registration DfltAccessPolicy
Enable http server
http 192.168.1.0 255.255.255.0 inside
No snmp server location
No snmp Server contact
Community SNMP-server
Server enable SNMP traps snmp authentication linkup, linkdown cold start
Crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac
Crypto ipsec transform-set ESP-DES-SHA esp - esp-sha-hmac
Crypto ipsec transform-set esp-SHA-ESP-3DES-3des esp-sha-hmac
Crypto ipsec transform-set ESP-DES-MD5 esp - esp-md5-hmac
Crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac
Crypto ipsec transform-set ESP-3DES-MD5-esp-3des esp-md5-hmac
Crypto ipsec transform-set ESP-AES-256-SHA 256 - aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-MD5-esp - aes esp-md5-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-TRANS-aes - esp esp-sha-hmac
Crypto ipsec transform-set ESP-AES-128-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-DES-SHA-TRANS esp - esp-sha-hmac
Crypto ipsec transform-set ESP-DES-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-AES-192-SHA-TRANS esp-aes-192 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-192-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-AES-256-SHA-TRANS esp-aes-256 esp-sha-hmac
Crypto ipsec transform-set ESP-AES-256-SHA-TRANS mode transit
Crypto ipsec transform-set ESP-3DES-SHA-TRANS esp-3des esp-sha-hmac
Crypto ipsec transform-set ESP-3DES-SHA-TRANS mode transit
life crypto ipsec security association seconds 28800
Crypto ipsec kilobytes of life - safety 4608000 association
Crypto dynamic-map SYSTEM_DEFAULT_CRYPTO_MAP 65535 value transform-set ESP ESP-AES-128-SHA ESP - AES - 192 - SHA ESP - AES - 256 - SHA ESP - 3DES - SHA - OF - SHA ESP - AES - 128 - SHA - TRANS ESP - AES - 192 - SHA - TRANS ESP - AES - 256 - SHA - ESP ESP - 3DES - SHA - TRANS TRANS-DES - SHA - TRANS
outside_map card crypto 65535-isakmp dynamic ipsec SYSTEM_DEFAULT_CRYPTO_MAP
outside_map interface card crypto outside
trustpoint crypto ca-CA-SERVER ROOM
LOCAL-CA-SERVER key pair
Configure CRL
Crypto ca trustpoint ASDM_TrustPoint0
registration auto
name of the object CN = ciscoasa
billvpnkey key pair
Proxy-loc-transmitter
Configure CRL
crypto ca server
CDP - url http://ciscoasa/+CSCOCA+/asa_ca.crl
name of the issuer CN = ciscoasa
SMTP address [email protected] / * /
crypto certificate chain ca-CA-SERVER ROOM
certificate ca 01
* hidden *.
quit smoking
string encryption ca ASDM_TrustPoint0 certificates
certificate 10bdec50
* hidden *.
quit smoking
crypto ISAKMP allow outside
crypto ISAKMP policy 10
authentication crack
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 20
authentication rsa - sig
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 30
preshared authentication
aes-256 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 40
authentication crack
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 50
authentication rsa - sig
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 60
preshared authentication
aes-192 encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 70
authentication crack
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 80
authentication rsa - sig
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 90
preshared authentication
aes encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 100
authentication crack
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 110
authentication rsa - sig
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 120
preshared authentication
3des encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 130
authentication crack
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 140
authentication rsa - sig
the Encryption
sha hash
Group 2
life 86400
crypto ISAKMP policy 150
preshared authentication
the Encryption
sha hash
Group 2
life 86400
enable client-implementation to date
Telnet 192.168.1.1 255.255.255.255 inside
Telnet timeout 5
SSH timeout 5
Console timeout 0
management-access inside
dhcpd outside auto_config
!
dhcpd address 192.168.1.50 - 192.168.1.99 inside
dhcpd allow inside
!
a basic threat threat detection
threat detection statistics
a statistical threat detection tcp-interception rate-interval 30 burst-400-rate average rate 200
SSL-trust outside ASDM_TrustPoint0 point
WebVPN
allow outside
SVC disk0:/anyconnect-win-3.1.04072-k9.pkg 1 image
SVC profiles DellStudioClientProfile disk0: / dellstudioclientprofile.xml
enable SVC
tunnel-group-list activate
internal-password enable
chip-tunnel list SmartTunnelList RDP mstsc.exe windows platform
internal DefaultRAGroup group strategy
attributes of Group Policy DefaultRAGroup
Server DNS 192.168.1.128 value
Protocol-tunnel-VPN l2tp ipsec
Split-tunnel-policy tunnelspecified
value of Split-tunnel-network-list DefaultRAGroup_splitTunnelAcl
Dental.local value by default-field
WebVPN
SVC value vpngina modules
internal DefaultRAGroup_1 group strategy
attributes of Group Policy DefaultRAGroup_1
Server DNS 192.168.1.128 value
Protocol-tunnel-VPN l2tp ipsec
Dental.local value by default-field
attributes of Group Policy DfltGrpPolicy
Server DNS 192.168.1.128 value
VPN - 4 concurrent connections
Protocol-tunnel-VPN IPSec l2tp ipsec svc webvpn
value of group-lock RAVPN
value of Split-tunnel-network-list Local_LAN_Access
Dental.local value by default-field
WebVPN
the value of the URL - list DentalMarks
SVC value vpngina modules
SVC value dellstudio type user profiles
SVC request to enable default webvpn
chip-tunnel enable SmartTunnelList
wketchel1 5c5OoeNtCiX6lGih encrypted password username
username wketchel1 attributes
VPN-group-policy DfltGrpPolicy
WebVPN
SVC value DellStudioClientProfile type user profiles
username privilege 15 encrypted password 5c5OoeNtCiX6lGih wketchel
username wketchel attributes
VPN-group-policy DfltGrpPolicy
WebVPN
modules of SVC no
SVC value DellStudioClientProfile type user profiles
jenniferk 5.TcqIFN/4yw0Vq1 of encrypted password privilege 0 username
jenniferk username attributes
VPN-group-policy DfltGrpPolicy
WebVPN
SVC value DellStudioClientProfile type user profiles
attributes global-tunnel-group DefaultRAGroup
address pool VPNPool
LOCAL authority-server-group
IPSec-attributes tunnel-group DefaultRAGroup
pre-shared key *.
tunnel-group DefaultRAGroup ppp-attributes
PAP Authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group RAVPN remote access
attributes global-tunnel-group RAVPN
address pool VPNPool
LOCAL authority-server-group
tunnel-group RAVPN webvpn-attributes
enable RAVPN group-alias
IPSec-attributes tunnel-group RAVPN
pre-shared key *.
tunnel-group RAVPN ppp-attributes
PAP Authentication
ms-chap-v2 authentication
eap-proxy authentication
type tunnel-group WebSSLVPN remote access
tunnel-group WebSSLVPN webvpn-attributes
enable WebSSLVPN group-alias
!
class-map inspection_default
match default-inspection-traffic
!
!
type of policy-card inspect dns preset_dns_map
parameters
maximum message length automatic of customer
message-length maximum 512
Policy-map global_policy
class inspection_default
inspect the preset_dns_map dns
inspect the ftp
inspect h323 h225
inspect the h323 ras
inspect the rsh
inspect the rtsp
inspect esmtp
inspect sqlnet
inspect the skinny
inspect sunrpc
inspect xdmcp
inspect the sip
inspect the netbios
inspect the tftp
Review the ip options
!
global service-policy global_policy
173.194.64.108 SMTP server
context of prompt hostname
HPM topN enable
Cryptochecksum:3304bf6dcf6af5804a21e9024da3a6f8
: end
Hello
Seems to me that you can clean the current NAT configuration a bit and make it a little clearer.
I suggest the following changes
network of the VPN-POOL object
10.10.10.0 subnet 255.255.255.0
the object of the LAN network
subnet 192.168.1.0 255.255.255.0
PAT-SOURCE network object-group
object-network 192.168.1.0 255.255.255.0
object-network 10.10.10.0 255.255.255.0
NAT static destination LAN LAN (indoor, outdoor) static source VPN-VPN-POOL
destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL
NAT interface (it is, outside) the after-service automatic PAT-SOURCE dynamic source
The above should allow
- Dynamic PAT for LAN and VPN users
- NAT0 for traffic between the VPN and LAN
- NAT0 for traffic between the VPN users
You can then delete the previous NAT configurations. Naturally, please save the configuration before you make the change, if you want to revert to the original configuration.
no static source nat (inside, everything) all electricity static destination RAVPN RAVPN
No source (indoor, outdoor) nat static static NETWORK_OBJ_10.10.10.0_28 destination NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_192.168.1.0_24 NETWORK_OBJ_10.10.10.0_28
No source (indoor, outdoor) nat static everything all NETWORK_OBJ_10.10.10.0_28 of NETWORK_OBJ_10.10.10.0_28 static destination
No network obj_any object
No network object RAVPN
In case you do not want to change the settings a lot you might be right by adding this
network of the VPN-POOL object
10.10.10.0 subnet 255.255.255.0
destination VPN VPN-POOL POOL static NAT (outside, outside) 1 static source VPN-VPN-POOL
But the other above configurations changes would make NAT configurations currently simpler and clearer to see every goal of "nat" configurations.
-Jouni
-
Router and Switch cannot ping each other
Hello
I just build a lab at home.
In my current lab, I have 2 SW and 3 the router.
I have a problem, I do not know what Miss me in my config. My router cannot ping my SW.
and I also want to change my LAN from VLAN 1 interface connection at 30 of VLAN... but when I configure the VLAN 30 he show me line is in PLACE but the Protocol is DOWN.
Another question, if I want to create a VLAN with a different address, what should I do?
for example
VLAN 10 > 10.10.10.1
VLAN 20 > 20.20.20.1
etc...interface Vlan1 description LAN ip address 10.10.10.1 255.255.255.0 secondary ip address 30.30.30.1 255.255.255.0 secondary ip address 40.40.40.1 255.255.255.0 secondary ip address 20.20.20.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly dot1q tunneling ethertype 0x9100 hold-queue 100 out!
Here's the conf for my RT. ROUTER > 877SW > 2950 24 WSCISCO_877#sh runBuilding configuration... Current configuration : 3468 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname CISCO_877!boot-start-markerboot-end-marker!enable secret 5 $1$.ISW$71jzJ0Or0nenXZd/8D8.x/!no aaa new-model!!dot11 syslogip cefno ip dhcp use vrf connectedip dhcp excluded-address 20.20.20.0 20.20.20.30!ip dhcp pool LAN network 20.20.20.0 255.255.255.0 domain-name SYS.local default-router 20.20.20.1 dns-server 202.123.2.6 202.123.2.11 lease 0 4!!!!!username admin privilege 15 secret 5 $1$A1V4$GR9sPtPVXDRoOiDKRtC1M1! ! archive log config hidekeys!!!!!interface ATM0 description (OUTSIDE)ADSL_WAN no ip address no ip redirects no ip unreachables no ip proxy-arp no atm ilmi-keepalive pvc 8/35 encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto !interface FastEthernet0!interface FastEthernet1 dot1q tunneling ethertype 0x9100!interface FastEthernet2!interface FastEthernet3!interface Vlan1 description LAN ip address 20.20.20.1 255.255.255.0 no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip virtual-reassembly dot1q tunneling ethertype 0x9100 hold-queue 100 out!interface Vlan30 description LAN no ip address no ip redirects no ip unreachables no ip proxy-arp shutdown hold-queue 100 out!interface Dialer0 description WAN_OUTSIDE ip address negotiated ip mtu 1498 ip nat outside ip virtual-reassembly max-reassemblies 1024 encapsulation ppp ip tcp adjust-mss 1400 dialer pool 1 dialer-group 1 no cdp enable ppp authentication chap callin ppp chap hostname [email protected]/* */ ppp chap password 7 071C385F5C001D0403 ppp pap sent-username [email protected]/* */ password 7 120A1C04000208053E ppp ipcp mask request ppp ipcp route default ppp ipcp address accept!ip default-gateway 20.20.20.1ip forward-protocol ndip route 0.0.0.0 0.0.0.0 Dialer0ip route 10.10.10.0 255.255.255.0 Vlan1!no ip http serverno ip http secure-serverip nat inside source list 110 interface Dialer0 overload!access-list 110 permit ip 20.20.20.0 0.0.0.255 anyaccess-list 110 permit ip 10.10.10.0 0.0.0.255 anyaccess-list 110 permit ip 30.30.30.0 0.0.0.255 anyaccess-list 110 permit ip 40.40.40.0 0.0.0.255 anyaccess-list 110 permit ip 50.50.50.0 0.0.0.255 anyaccess-list 110 permit ip 60.60.60.0 0.0.0.255 any!!!control-plane!banner motd ^C :'######::'##::::'##:'########::'######::'##::::'##:'##... ##: ##:::: ##: ##.....::'##... ##: ##:::: ##: ##:::..:: ##:::: ##: ##::::::: ##:::..:: ##:::: ##:. ######:: #########: ######:::. ######:: #########::..... ##: ##.... ##: ##...:::::..... ##: ##.... ##:'##::: ##: ##:::: ##: ##:::::::'##::: ##: ##:::: ##:. ######:: ##:::: ##: ########:. ######:: ##:::: ##::......:::..:::::..::........:::......:::..:::::..:: ^C!line con 0 no modem enableline aux 0line vty 0 4 password 7 xxxx login!scheduler max-task-time 5000end CISCO_877#
And this is for my SWCATALYST_2960_01#sh runBuilding configuration... Current configuration : 5166 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeservice password-encryption!hostname CATALYST_2960_01!enable secret 5 $1$MGrN$PtHgL3KfH0vy7Mr1Fo0hF.!ip subnet-zero!ip ssh time-out 120ip ssh authentication-retries 3vtp mode transparent!!spanning-tree mode rapid-pvstno spanning-tree optimize bpdu transmissionspanning-tree extend system-idspanning-tree vlan 1-4093 priority 16384!!!!vlan 10 name ADSL!vlan 20 name GUEST!vlan 30 name MANAGEMENT!interface Port-channel1 switchport trunk allowed vlan 1,10,20,30 switchport mode trunk switchport nonegotiate spanning-tree cost 1!interface FastEthernet0/1 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/2 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/3 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/4 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/5 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/6 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/7 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/8 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/9 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/10 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/11 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/12 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/13 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/14 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/15 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/16 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/17 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/18 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/19 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/20 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/21 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/22 description SPARE switchport mode access switchport nonegotiate spanning-tree portfast spanning-tree bpduguard enable spanning-tree cost 1000!interface FastEthernet0/23 switchport trunk allowed vlan 1,10,20,30 switchport mode trunk switchport nonegotiate channel-group 1 mode active!interface FastEthernet0/24 switchport trunk allowed vlan 1,10,20,30 switchport mode trunk switchport nonegotiate channel-group 1 mode active!interface Vlan1 ip address 20.20.20.2 255.255.255.0 no ip route-cache!interface Vlan10 no ip address no ip route-cache shutdown!interface Vlan30 no ip address no ip route-cache shutdown!ip default-gateway 20.20.20.1ip http server!line con 0line vty 0 4 password 7 xxxx loginline vty 5 15 login!!end
Thanks in advance.Eliane,
Please remove the etherchannel port f0/24 of the switch configuration and store it in the trunk.
interface FastEthernet0/24 switchport trunk allowed vlan 1,10,20,30 switchport mode trunk switchport nonegotiate channel-group 1 mode active <<< Remove this
Configure f0 on the router as trunk I think has 877, a switchport which fe interfaces are a part of. To display the corresponding Lass on the router, that you need to configure the VLANS corresponding on the router, then only the Lass will be in a State of going / up otherwise it will be in a down state. See if that helps. Thank you, hyacinth -
DLR Uplink and GSS internal transit same VXLAN cannot ping each other.
Start with, I run NSX 6.2.2 firewall rules on 'allow all' to 'all' to 'all' "all protocols", in other words disabled...
I have a VXLAN 5000 transit, with an uplink DLR interface attached to it, and an internal interface GSS in the appendix in which neither of the parties can ping to another. So for troubleshooting, I added 2 VM Windows attached to the same transit VXLAN 5000, a virtual machine is on ESXi host 1 and the other is on host ESXi 4. They can fine ping each other, and two virtual machines can ping both the uplink of DLR and internal interfaces of the GSS.
This question has puzzled me because it makes no sense, why the DLR and the GSS cannot ping each other but 2 virtual machines that VXLAN can ping all adjacent devices. I can even put bridges on those virtual machines with a rule NAT on the GSS and those virtual machines can get internet through the GSS, but no matter what I try, the DLR cannot ping the GSS, and the GSS cannot ping DLR...
I need to define a static route between the GSS DLR <>- but if I can't even answer ping interfaces I'm dead in the water.
If I install virtual machines in a network LAN DLR interface such as WebApp and test for example database, I can ping throughout the DLR together until the IP DLR Uplink, but then he cannot ping the GSS internal.
Does anyone have suggestions for troubleshooting? Test commands that I can run? I tried many things and then lots of websites with the troubleshooting steps. Everything seems fine, all green checks in the installation steps... All roads, MACs, ARP tables appear as expected when I run test on host computers commands and controllers. I don't know what is the cause except for a bug in the code...
All ideas are welcome... Thank you
UPDATE:
Yes, so it has need of a static NAT rule on the GSS...
In my environment, I added a SNAT rule on adapter: ESG_Uplink with 0.0.0.0/24 CBC-translation dst: 1.1.1.101 (my lab ESG IP Uplink).
It works now... VM tenant box connected to WebApp portgroup (192.168.13.115) can now ping gateway DLR, through routing OSPF to the GSS and ping on physical bridge of...
I learned a lot on this one... I'm not going to worry about why the static route, I tried first post didn't work, since I was the OSPF running instead (which is more appropriate for my laboratory for realistic scenario anyway), and the Foundation will now suffice to build the rest of this POC vRA / vRO lab...
Thank you in any case, sometimes it's just nice to have someone to listen.
Maybe you are looking for
-
Hi, I have a problem with my brand new Tecra S11 and hope someone here can help! After Windows starts, a very high-pitched is present constantly while working. The noise just stops, if I really have nothing (Okay now, by writing, I don't hear no noie
-
BlackBerry phone passport number non-active links in the emails
The blue highlight phone # s in an e-mail message are not active as a hyperlink; more annoying, is not available in the OS 10? My 9900 if she had Thank you
-
FTP - open the site in question from the file Explorer.
Hi all I am here today with a common question, which seems to have been answered several times, but none of the above worked for me. My problem is the following: http://prntscr.com/39ebdv It's my current installation: Ubuntu Server running 12.04 with
-
Create the content table gives error since the site Explorer
Hi allI'm new to the web sites of the centre.Trying to create the table from the Explorer of sites.Tied at the top of the screen for creating the table.Get above error after clicking OK.No idea what I can do wrong. I logged in Site Explorer using adm
-
In Adobe Muse, my company is looking to have a collection of PDF files that are not a hyperlink on the website, but can be kept in a file repository/active where links can be sent directly from the name of a PDF file. Is this possible in Muse? Can I