terrywashington
Technical User
I have setup four VLANs on my 2621 router in my home network. The 2621 is connected to a 2940 switch. The 2621 routes traffic to a pix 501 which is connected to a cable modem. The ports on the 2940 are assigned to the different VLANs. The UNIX boxes and PCs that are connected to the 2940 on the different VLANs can talk to each other. My problem is that the only VLAN that will route to the Internet is VLAN 1 (192.168.50.0). The pix, the 2940 and the other devices that can reach the Internet are all on the 192.168.50 network. Traceroutes to websites or IPs from the devices that can't reach the Internet make one hop to the 2621 and go no further. Here is the config from my 2621. Do I need to add additional routes to the 2621?
dpirouter1#wr t
Building configuration...
Current configuration : 1630 bytes
!
! Last configuration change at 21:56:52 EST Sat Apr 30 2005
! NVRAM config last updated at 21:56:56 EST Sat Apr 30 2005
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname dpirouter1
!
boot-start-marker
boot-end-marker
!
enable password 7 XXXXXXXXXXXXXX
!
username admin password 7 XXXXXXXXXXXXXX
clock timezone EST -5
clock summer-time EST recurring
aaa new-model
!
!
aaa authentication login default local
aaa session-id common
ip subnet-zero
!
!
ip domain name dpibilling.corp
ip name-server 192.168.50.17
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
no clns route-cache
!
interface FastEthernet0/0.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 192.168.50.1 255.255.255.0
!
interface FastEthernet0/0.100
description VLAN 100
encapsulation dot1Q 100
ip address 172.16.100.1 255.255.255.0
!
interface FastEthernet0/0.200
description VLAN 200
encapsulation dot1Q 200
ip address 172.16.200.1 255.255.255.0
!
interface FastEthernet0/0.300
description VLAN 300
encapsulation dot1Q 300
ip address 192.168.1.10 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
no fair-queue
no clns route-cache
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
no clns route-cache
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.50.4 <- pix 501 firewall
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 XXXXXXXXXXXXXX
!
ntp clock-period 17180065
ntp server 132.236.56.250
ntp server 128.118.25.3
!
end
dpirouter1#
dpirouter1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.50.4 to network 0.0.0.0
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.200.0 is directly connected, FastEthernet0/0.200
C 172.16.100.0 is directly connected, FastEthernet0/0.100
C 192.168.50.0/24 is directly connected, FastEthernet0/0.1
C 192.168.1.0/24 is directly connected, FastEthernet0/0.300
S* 0.0.0.0/0 [1/0] via 192.168.50.4
dpirouter1#
dpirouter1#wr t
Building configuration...
Current configuration : 1630 bytes
!
! Last configuration change at 21:56:52 EST Sat Apr 30 2005
! NVRAM config last updated at 21:56:56 EST Sat Apr 30 2005
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname dpirouter1
!
boot-start-marker
boot-end-marker
!
enable password 7 XXXXXXXXXXXXXX
!
username admin password 7 XXXXXXXXXXXXXX
clock timezone EST -5
clock summer-time EST recurring
aaa new-model
!
!
aaa authentication login default local
aaa session-id common
ip subnet-zero
!
!
ip domain name dpibilling.corp
ip name-server 192.168.50.17
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
no clns route-cache
!
interface FastEthernet0/0.1
description VLAN 1
encapsulation dot1Q 1 native
ip address 192.168.50.1 255.255.255.0
!
interface FastEthernet0/0.100
description VLAN 100
encapsulation dot1Q 100
ip address 172.16.100.1 255.255.255.0
!
interface FastEthernet0/0.200
description VLAN 200
encapsulation dot1Q 200
ip address 172.16.200.1 255.255.255.0
!
interface FastEthernet0/0.300
description VLAN 300
encapsulation dot1Q 300
ip address 192.168.1.10 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
no fair-queue
no clns route-cache
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
no clns route-cache
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.50.4 <- pix 501 firewall
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password 7 XXXXXXXXXXXXXX
!
ntp clock-period 17180065
ntp server 132.236.56.250
ntp server 128.118.25.3
!
end
dpirouter1#
dpirouter1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.50.4 to network 0.0.0.0
172.16.0.0/24 is subnetted, 2 subnets
C 172.16.200.0 is directly connected, FastEthernet0/0.200
C 172.16.100.0 is directly connected, FastEthernet0/0.100
C 192.168.50.0/24 is directly connected, FastEthernet0/0.1
C 192.168.1.0/24 is directly connected, FastEthernet0/0.300
S* 0.0.0.0/0 [1/0] via 192.168.50.4
dpirouter1#
