Question

Locked

Routing between 2 vlans on 877W

By michael.chandler ·
Hi,

Hi I'm still learning CISCO and I'd like someone to give me advice on the issue below to help with my learning :

My setup is :

Bridge BVI10 is setup with IP address of 10.10.20.1 subnet mask 255.255.255.0. VLAN10 is configured as a VLAN for IRB and part of the BVI10 bridge group.
Fast Ethernet Port 0 is assigned to this VLAN.
It also has its own DHCP Scope.


Bridge BVI20 is setup with IP address of 10.10.30.1 subnet mask 255.255.255.0 VLAN20 is configured as a VLAN for IRB and part of the BVI20 bridge group.
Fast Ethernet Port 1 is assigned to this VLAN>
It also has its own DHCP Scope.


A PC attached to FE0 can ping 10.10.20.1 and itself and the internet.

A PC attached to FE1 can ping 10.10.30.1 and itself and the internet.

I want the PC in FE0 to be able to ping the PC attached to FE1 i.e 10.10.30.1 (the other VLAN) but not the other way round.

Can someone advise how to modify the configuration to achieve this.

Thanks,


M.


Running Config is :

!This is the running config of the router: 10.10.20.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 $1$zxP4$I4ty0GUKfkYNvGiCuJxEs0
!
no aaa new-model
clock timezone PCTime 0
clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
!
crypto pki trustpoint TP-self-signed-2763833099
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2763833099
revocation-check none
rsakeypair TP-self-signed-2763833099
!
!
crypto pki certificate chain TP-self-signed-2763833099
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373633 38333330 3939301E 170D3037 30393039 31303036
30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37363338
33333039 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BDAF 2EC196F0 492076ED AD385569 2F801729 24568964 04F38929 2609CA77
CEE17F5E 5B7A07BD 5F23AF86 02D60B76 EF4A290A FD6394CA F5CA6719 A855298C
2373F845 16816F06 62E48DF8 5484BDB3 2D7D1370 E12D73F7 FCE5C028 C39D2654
D51F9A09 27C765B6 9D5AA2A2 135830FE 9284835C 4B935CF0 58E08E78 A14C2CF7
73390203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14D5E4F6 C818A916 B5FA05AE 0A870C09 8448374F
73301D06 03551D0E 04160414 D5E4F6C8 18A916B5 FA05AE0A 870C0984 48374F73
300D0609 2A864886 F70D0101 04050003 81810086 4A14EE13 94B01355 151182E9
2FB96A6C 7B8B3845 38DB3230 2E524EFC 11**8B98 6C0B5C47 23FD361E 0A63ECE0
7A33D7D6 967D374D 91E967F5 06E70C4A 7EC4A5AE 56E8B101 228BA30A 2CA8AFAF
C8E0F486 E82AF077 C73BCE0E 7ABAEED7 A6729075 0627A3FC 3E85AC94 D6FEC7C4
D452FDCC 80CFB3DD 2C07EDB7 BD474001 02FBCA
quit
!
!
!
dot11 ssid thefamilyness
authentication open
!
no ip source-route
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.30.1
!
ip dhcp pool VLAN10
import all
network 10.10.20.0 255.255.255.0
dns-server 62.241.163.200 62.241.162.201
default-router 10.10.20.1
!
ip dhcp pool VLAN20
import all
network 10.10.30.0 255.255.255.0
dns-server 62.241.163.200 62.241.162.201
default-router 10.10.30.1
!
!
no ip bootp server
ip domain name thefamilyness.com
ip name-server 62.241.163.200
ip name-server 62.241.162.201
ip name-server 62.241.163.201
!
multilink bundle-name authenticated
!
!
username xxxxxxx privilege 15 secret 5 $1$Enbd$nZSpmyjQF9Y1aIj7dfGq8.
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
bridge irb
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
description $ES_WAN$$FW_OUTSIDE$
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
switchport access vlan 10
!
interface FastEthernet1
switchport access vlan 20
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Dot11Radio0
no ip address
shutdown
!
ssid thefamilyness
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan10
no ip address
bridge-group 10
!
interface Vlan20
no ip address
bridge-group 20
!
interface Dialer0
ip address 81.86.xxx.xx 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip route-cache flow
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap callin
ppp chap hostname
ppp chap password 7 030052190900244E4F
!
interface BVI10
ip address 10.10.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface BVI20
ip address 10.10.30.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface Dialer0 overload
!
logging trap debugging
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 1 permit 10.10.20.0 0.0.0.255
access-list 1 permit 10.10.30.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
control-plane
!
bridge 10 protocol ieee
bridge 10 route ip
bridge 20 protocol ieee
bridge 20 route ip
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Router and Security Device Manager (SDM) is installed on this device and
it provides the default username "cisco" for one-time use. If you have already
used the username "cisco" to login to the router and your IOS image supports the
"one-time" user option, then this username has already expired. You will not be
able to login to the router with this username after you exit this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500

!
webvpn cef
end

This conversation is currently closed to new comments.

1 total post (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

BVI's?

by steve.holloway In reply to Routing between 2 vlans o ...

I'm not sure why you are using bridge groups unless your extended your network somewhere. From what you said you want to be able to accomplish, I would recommend interface vlans.

Example:

interface vlan 10
network 10.10.20.0 255.255.255.0
ip nat inside
ip access-group ?

interface vlan 20
network 10.10.30.0 255.255.255.0
ip nat inside
ip access-group ?

router eigrp 1
network 10.10.20.0
network 10.10.30.0

This creates a virtual router interface like another fa port on your router and acts like one. Get rid of the BVI interfaces and put that input into vlan interfaces.

This will allow you to be able to routing between these networks.

As far as the ping issue, I would tackle that with an access list.

I would use ip access-lists extended instead of access-list. This allow you to modify your access list without reloading the access list.

Hope this helps.

Back to Networks Forum
1 total post (Page 1 of 1)  

Related Discussions

Related Forums