No connection between different networks...

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hello everybody.
I have been working on my local network.
I have a Cisco 1721 with an ISDN card and a 4port switch.
I was planning to use the switch to separate my wired pcs from the wireless so, I created 2 VLANs.
The thing of it is that when having one pc on each network I have internet but I can't she either one of them for the shared folders I have set.
I can ping each other with no problem, just can't see each other's shared folders.
I am using windows 7 on booth pcs.
This is my conf. Is pretty basics. I haven't yet used password encryption and all that.
I must say that this is my first attempt at this as I had never two pc's each on their own network and sharing resources. I am using MCAFEE and the networks are allowed and have also disabled the firewall just in case.
If these two computers are connected to the same VLAN, I can see the shared resources with no problem.
Any comments on this would be great appreciated.
Cheers.

************************************************************
CR1721#sh run
Building configuration...

Current configuration : 1831 bytes
!
! Last configuration change at 23:17:35 UTC Sun Jan 10 2010
! NVRAM config last updated at 23:17:40 UTC Sun Jan 10 2010
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
no logging console
!
no aaa new-model
ip subnet-zero
!
ip dhcp pool WIRED
network 192.168.28.224 255.255.255.248
default-router 192.168.28.230
dns-server 194.72.9.34 62.6.40.178
!
ip dhcp pool WIRELESS
network 192.168.28.232 255.255.255.248
default-router 192.168.28.238
dns-server 194.72.9.34 62.6.40.178
!
ip cef
no scripting tcl init
no scripting tcl encdir
!
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface FastEthernet0
no ip address
shutdown
speed auto
!
interface FastEthernet1
switchport access vlan 10
no ip address
!
interface FastEthernet2
switchport access vlan 20
no ip address
!
interface FastEthernet3
no ip address
shutdown
!
interface FastEthernet4
no ip address
shutdown
!
interface Vlan20
ip address 192.168.28.238 255.255.255.248
ip nat inside
!
interface Vlan10
ip address 192.168.28.230 255.255.255.248
ip nat inside
!
interface Vlan1
no ip address
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp chap hostname ***************@***********.***
ppp chap password 0 **********************
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.28.225 7609 interface Dialer1 7609
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
access-list 1 permit 192.168.28.224 0.0.0.31
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
end

CR1721#

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I believe you need a No Nat statement between the two networks as the default route takes them out to the internet.

 

Meh for now

 

When I done that booth my networks couldn't go out to the internet.

I have, however, set a static route;

ip route 192.168.28.224 255.255.255.248 Vlan10
ip route 192.168.28.232 255.255.255.248 Vlan20

and now I can see the shared resources as long as I type the \\hostip on the browser to see them, so not so bad for now but I can't just see them on my local network as I would normally see them.

 

You need WINS in order for the computer browsing service to function properly across VLANS.

I would try configuring each client's LMHOSTS file.

 

I done the LMHOSTS file and still I can't see the other pc from the other network there on my network places or by browsing the network.
I can still access it by typing \\itsipaddress and also, after doing the LMHOSTS file, by doing \\thepc'sname.

I must say I have never messed with WINS ever. Maybe it's time to give it a go.

About this post, I got an e-mail saying that ThomasMc has just replied to a thread you have subscribed to entitled - No connection between different networks... - in the General forum of CertForums.

Here is the message that has just been posted:
***************
Not that good with cisco stuff but isn't your ACL 1 missing something, coming at it from a diffrent angle did you configure and join the homegroup properly?
***************

I can't see it posted here. Am I going blind? lol

Anyways, any easier to be able to browse my network and see pc's from the other network?

Any help well appreciated.

 

I removed it after re-reading the post. Like i said not to great with this stuff(just trying to chip in and learn) but what I was trying to work out is this bit of the config

Code:

ip nat inside source list 1 interface Dialer1 overload
ip nat inside source static tcp 192.168.28.225 7609 interface Dialer1 7609
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
!
access-list 1 permit 192.168.28.224 0.0.0.31

and then you applied ip nat inside to both vlans

 

I think you are stressing too much about network neighbourhood and that legacy way of seeing resources on your network. The right way of sharing resources is to map drives and or publish the shared items in Active Directory.

 

I know what you are saying and makes absolutely sense. I have the Dialler 1 as NAT outside and the access list as the inside NAT statement. I think this would have been enough but as I removed the NAT inside statement from the VLANs I then was without a connection to the internet.
We do need one port to act as outside NAT and one as NAT inside.
I am also a bit confused.
I am still looking into it.
Cheers for yours and everybody's comments and please keep them coming.
We are always learning.

 

I would have thought you would have to list both vlans in the ACL and then reapply the "ip nat inside", the only experiance I have with cisco routers are with an 877 and it was smart enough to operate without having to tell it the ip route of the vlans that it was serving.

 

Booth VLANs are there mate.
I've summarized them.

224=1110 0000
232=1110 1000

summarized = .224/27=.31

Done it so many times that I might been doing wrong now...

I know that as far as routes go, you can summarize them as an easier way rather than having to input them all manually into a certain amount of lines, instead you get only one line for the route.
I think the same can be applied to ACLs.
Cheers

 

Ah right you lost me there will need to read up me thinks