interVLan routing between WAN and LAN links - un-rubbish me

[agermoses]

Hey. I am studying for my CCNA. Infact almost finished.
I get bored of study material quick and like to get my hands of cisco equipment at home to practice. I have had a few routers set up at home connected to my ISP and internal network but had to sacrifice wifi to do this. I got bored of this and bought a 877w so i can have wifi and still mess about with the IOS.

I am in the UK with bt infinity which comes through a VDSL Modem...

Here is what they dont teach you for CCNA
1 VDSL
2 Wireless



so, as you can imagine, I have spent plenty of time banging my head against a wall. I have finally.... FINALLY managed to set up the VDSL connection to my ISP. (different to the 3725 router I had) It turns out I had to move my WAN over to vlan2 and my LAN is now on VLAN1.

I have DHCP running and my devices on VLAN1 have all picked up an internal IP address 192 ect.
I can ping from the IOS CLI to public IP addresses.
I can ping from my device to the router using the VLAN1 Private IP address
BUT
I can NOT ping from the router to my laptop (even though its IP address came from the routers DHCP pool)

AND I can not get my laptop out into the internet.


So... I think I am missing some config which enables routing between the 2 vlans??? But I dont know what.

I have tried loads of things but as I say, I am doing CCNA and not of this is covered so I am just trying to troubleshoot this by google searching. With no Joy.

Here is my config..

!
ip dhcp pool DSL_DHCP
import all
network 192.168.1.0 255.255.255.0
dns-server 212.159.13.49 212.159.13.50
default-router 192.168.1.1
!
!
ip name-server 212.159.13.49
ip name-server 212.159.13.50

interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface FastEthernet0
switchport access vlan 2
speed 100
pppoe enable group global
pppoe-client dial-pool-number 10
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3

interface Vlan1
description INTERNAL NETWORK
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
pppoe enable group global
pppoe-client dial-pool-number 10
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 10
ppp authentication chap callin
ppp chap hostname '''''''''
ppp chap password 0 ''''''''
!
router rip
version 2
network 192.168.1.0
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer1 overload
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
!
!
!
scheduler max-task-time 5000

 

[CubanlB]

Doesn't look like you have vlan 1 connected to any actual interfaces (or subinterfaces for that matter).

so, you would need vlan 1 (not required but you are trying to setup vlans here so...) on the interface that is going to your switch gear. You shouldn't need a vlan for the pppoe dialer at all. Do you have a managed switch behind this router?

Also, why are you running RIP?

You should have...

VDSL <--no vlan required--> (fa0)Router(fa1) <--vlan 1--> switch

The interfaces on the router aren't going to act as a switch like a standard linksys or netgear, etc... so you are going to want a switch behind the router.

For wifi you are going to need to config a dot11 ssid name and then assign that ssid to a dot11radio interface and also associate it with a vlan. (A good practice is to make wireless on a different vlan than wired to keep broadcasts over the air to a minimum)

http://www.cisco.com/en/US/docs/routers/access/800/850/software/configuration/guide/routconf.html

 

[agermoses]

I have some cisco 2950 switches here sat idle so introducing them is no problem.

Why am I running RIP? Because I am an idiot. Am i right in assuming with only 1 internal LAN plus my WAN, I do not need to run any routing protocols? a simple default route to 0.0.0.0. via the dialer should do?

Also...you have lost me a little bit with
VDSL <--no vlan required--> (fa0)Router(fa1) <--vlan 1--> switch

I tried at first just setting up the dialer and using FE0 to use the dialer to connect to my ISP but it did not work. I read loads online and found some info about them needing to be in vlans so i did that and suddenly my ppp connection went up succesfully.

But your saying I do not need to do that?

My intention was to get my laptop on FE1(vlan1) to be able to reach the ourside WAN... once succesful I was going to introduce the switch into that port... then connect the rest of my devices into that switch.

as it stand.. I still do not have connection between my LAN and WAN

When I read your comment... are you saying all i need to do is create an interface for vlan 1 and that should allow my WAN to reach the LAN?

 

[agermoses]

Sorry, If my reply is confusing. I learnt how to route between vlans using either router on a stick with subinterfaces but I dont see how I can do that here.

 

[CubanlB]

A vlan being required for a dsl wan interface is odd. I've never setup a dialer on a Cisco router so this may be the case for this config. I have however setup my own dsl (PPPoE) on many platforms and it never required a vlan.

Anyhow, assign vlan 1 to fa1 then. This would be what you would do with a dumb switch behind that interface.

You would want to define a trunking protocol (dot1q) and make that port a trunk as well as the port on the managed switch a trunk as well.

On the RIP question, I just want to re-enforce the idea that dynamic routing protocols just populate the route tables, they don't actually do the routing. You only have 2 networks your router needs to know about now, the internal network and the want network.

You'd need to introduce some more routers if you want to give setting up a dynamic routing protocol a shot.