购买或续订
购买或续订
Umbrella 发布说明和公告现已在 Cisco 社区发布!点击查看详情。
取消
开启建议
自动建议可通过在您键入时建议可能的匹配,而快速缩小您的搜索结果范围。
显示结果 
搜索替代 
您的意思是: 
cancel
开始对话
223
查看次数
0
有帮助
3
回复

【求助】c1100配置pppoe后VLAN到ISP可通,但是内网设备无法上网

查看解答
Sampson Luo
Level 1
Level 1

发布时间 ‎07-21-2025 06:34 PM

c1100路由,配置如下:

version 17.16
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform hardware throughput crypto 50000
!
hostname BJ_JYGJ_2502
!
boot-start-marker
boot system bootflash:c1100-universalk9.17.16.01a.SPA.bin
! Warning: Booting with bundle mode will be deprecated in the near future. Migration to install mode is required.
boot-end-marker
!
!
no aaa new-model
!
ip name-server 8.8.8.8 114.114.114.114
ip domain name BJ_JYGJ_2502
!
!
!
!
!
!
ip dhcp excluded-address 192.168.0.0 192.168.0.2
ip dhcp excluded-address 192.168.0.255 255.255.255.255
!
ip dhcp pool BJ_JYGJ_2502
 network 192.168.0.0 255.255.255.0
 lease infinite
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
! 
! 
! 
! 
!
!
vpdn enable
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1499619169
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1499619169
 revocation-check none
 rsakeypair TP-self-signed-1499619169
 hash sha512
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
 hash sha512
!
!
crypto pki certificate chain TP-self-signed-1499619169
crypto pki certificate chain SLA-TrustPoint
!
!
!
!
!
!
!
!
!
diagnostic bootup level minimal
!
no license feature hseck9
license udi pid C1161-8P sn FGL2448L6HM
license boot suite FoundationSuiteK9
license boot level uck9
memory free low-watermark processor 71884
!
spanning-tree extend system-id
!
!
username cisco privilege 15 secret 9 $9$wvJtETEeVlhlwk$tTuSsPU9xv2rpHENQYGBzvzpagu4DCcC4LSY/Dytf0c
!
redundancy
 mode none
!
!
!
!
!
!
!
vlan group BEIJING_UNICOM vlan-list 3961
vlan internal allocation policy ascending
!
vlan 3961
 name 2_INTERNET_R_VID_3961
!
no lldp tlv-select management-address
no lldp tlv-select port-description
no lldp tlv-select system-capabilities
no lldp tlv-select system-description
no lldp tlv-select system-name
no lldp tlv-select port-vlan
no lldp tlv-select mac-phy-cfg
no lldp tlv-select power-management
no lldp tlv-select 4-wire-power-management
lldp run
!
! 
!
!
!
!
!
!
!
!
!
!
!
!
!
! 
! 
!
!
interface GigabitEthernet0/0/0
 no ip address
 ip mtu 1452
 ip tcp adjust-mss 1412
 media-type sfp
 no negotiation auto
 ipv6 mtu 1500
 ipv6 tcp adjust-mss 1400
!
interface GigabitEthernet0/0/0.100
 encapsulation dot1Q 3961
 ip nat inside
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
 switchport
!
interface GigabitEthernet0/1/7
 switchport
!
interface Vlan1
 ip address 192.168.0.254 255.255.255.0
!
interface Dialer1
 mtu 1492
 ip address negotiated
 no ip redirects
 ip nat outside
 ip access-group NAT_ACL in
 ip access-group 1 out
 encapsulation ppp
 dialer pool 1
 ppp authentication chap pap callin
!
ip forward-protocol nd
ip forward-protocol udp
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list NAT_ACL interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
ip ssh bulk-mode 131072
!
ip access-list extended NAT_ACL
 10 permit ip any any
ip access-list standard 1
 10 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit
route-map track-primary-if permit 1 
 match ip address 197
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
 stopbits 1
line vty 0 4
 login local
 length 0
 transport input ssh
line vty 5 14
 login
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
!
!
!
!
!
!
end

目前测试从vlan1可联通外网

sampsonlor_0-1753147966398.png

 

但是内网设备仍然无法上网,已经配置静态路由到Dialer1,相关nat也已配置,请教各位老师目前问题出在哪里,谢谢

0 有帮助
1 个已接受解答

已接受的解答

查看解答
Sampson Luo
Level 1
Level 1
回复 ilay

发布时间 ‎07-22-2025 03:40 AM

谢谢ilay,排查了一天。是我犯了个愚蠢的错误,我把DNS配置设在了路由上,但是DHCP池的DNS并未设置,导致内网设备无法获取DNS无法上网。

在原帖中查看解决方案

0 有帮助
3 条回复3

查看解答
ilay
VIP
VIP

发布时间 ‎07-21-2025 11:13 PM

1. 如果路由器下边接了其他的网段,那么需要补充配置一下静态路由

2.NAT_ACL any any的写法可能不会剩下,建议改写成标准ACL的形式,或者使用扩展ACL明确指定源地址或源地址段

0 有帮助

查看解答
Sampson Luo
Level 1
Level 1
回复 ilay

发布时间 ‎07-22-2025 03:40 AM

谢谢ilay,排查了一天。是我犯了个愚蠢的错误,我把DNS配置设在了路由上,但是DHCP池的DNS并未设置,导致内网设备无法获取DNS无法上网。

0 有帮助

查看解答
Sampson Luo
Level 1
Level 1

发布时间 ‎07-22-2025 03:41 AM

自己犯了个愚蠢的错误,消耗了公共资源,向大家道歉

0 有帮助
快捷链接

浏览社区快速链接并以您的母语获取个性化内容:

发布或浏览文章 分享想法或新闻 观看我们的所有视频
Customers Also Viewed These Support Documents