cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
hcutechsupport
New Contributor

Cannot get VLAN 1 to communicate over eth 0/1

I have added new router at an existing location and have not been able to get it working as of yet.  We added the router due to switching from a T1 connection, to a Metro-E connection.  This location is on the 172.16.4.0 network and I have configured VLAN 1 on this network.  Eth 0/1 is on the 10.10.10.0 network because our existing Metro-E network is configured for that network.  From VLAN 1 I can communicate to the eth 0/1 interface but not any device after it.  From the eth 0/1 I can communicate to any device on the network but devices on the 172.16.4.0 network.  Below is my configuration.  Ask me any questions that may help.

interface eth 0/1

  description Metro-E

  ip address 10.10.10.4 255.255.255.0

  ip flow ingress

  ip flow egress

  no shutdown

!

!

interface vlan 1

  description LAN Uplink to Core Switch

  ip address 172.16.4.1 255.255.255.0

  ip flow ingress

  ip flow egress

  no shutdown

!

ip route 0.0.0.0 0.0.0.0 10.10.10.1

0 Kudos
2 Replies
ss_daveh
New Contributor III

Re: Cannot get VLAN 1 to communicate over eth 0/1

hcutechsupport:

Your interfaces have no access-policies on them. You would need to have an access list and policy class which allows the 172.16.4.0 network to be NAT'ed out of the 10.10.10.1 gateway. And have the corresponding access policies applied to the interfaces. Try something like this.

ip access-list standard NAT-ICS

  permit any

!

ip access-list extended DEVICE

  permit ip any  any     log

!

ip access-list extended MANAGE

permit <IP's you need to access device from outside>

!

ip policy-class Private

  allow list DEVICE self

  nat source list NAT-ICS interface eth 0/1 overload

!

ip policy-class Public

  allow list MANAGE self

And then add the access policies to your interfaces

interface eth 0/1

  description Metro-E

  ip address 10.10.10.4 255.255.255.0

  ip access-policy Public

  ip flow ingress

  ip flow egress

  no shutdown

!

!

interface vlan 1

  description LAN Uplink to Core Switch

  ip address 172.16.4.1 255.255.255.0

  ip access-policy Private

  ip flow ingress

  ip flow egress

  no shutdown

hcutechsupport
New Contributor

Re: Cannot get VLAN 1 to communicate over eth 0/1

I tried that but it did not seem to help, as I am still unable to ping out from 172.16.4.0

!

interface eth 0/1

  description Metro E

  ip address 10.10.10.4 255.255.255.0

  ip access-policy Public

  ip flow ingress

  ip flow egress

  no shutdown

!

interface vlan 1

  description LAN Uplink to Core Switch

  ip address 172.16.4.1 255.255.255.0

  ip access-policy Private

  ip flow ingress

  ip flow egress

  no shutdown

!

ip access-list standard NAT-ICS

  remark NAT list NAT-ICS

  permit any

!

!

ip access-list extended DEVICE

  permit ip any any log

!

ip access-list extended MANAGE

  permit ip 172.16.0.0 0.0.255.255 any

!

ip policy-class Private

  allow list VPN-10-vpn-selectors stateless

  allow list DEVICE self

  nat source list NAT-ICS interface eth 0/1 overload policy Public

!

ip policy-class Public

  allow reverse list VPN-10-vpn-selectors stateless

  allow list MANAGE self

!

ip route 0.0.0.0 0.0.0.0 10.10.10.1