02-17-2013 11:51 AM - edited 03-04-2019 07:03 PM
Guys
I've been struggling with some configs on this router I'm setting up for a friend and just can't get Internet to work
- Wifi association works fine
- The router can ping the internet fine and tried with 4.2.2.2
- Client is getting IP address and gateway info fine
- Client can ping default gw but not an internet address like 4.2.2.2
- This router's gateway is 10.5.5.168 and that part of the network is fine and tested out
Building configuration...
Current configuration : 3157 bytes
!
! Last configuration change at 04:22:07 UTC Fri Mar 1 2002
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname jaybuddy
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 U3m4oAxPL6U2QZg5dXhsBS7y6IpWl4NjAhg1.bHP0Vo
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
crypto pki token default removal timeout 0
!
!
dot11 syslog
!
dot11 ssid GUESTRITS
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 test2231
!
dot11 ssid jaybuddy
vlan 1
authentication open
authentication key-management wpa
wpa-psk ascii 0 test2231
!
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.254
!
ip dhcp pool GUESTRITS
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
bridge irb
!
!
!
interface FastEthernet0
switchport trunk allowed vlan 1,2,1002-1005
switchport mode trunk
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 mode ciphers tkip
!
encryption vlan 2 mode ciphers tkip
!
ssid GUESTRITS
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.2
encapsulation dot1Q 2
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 spanning-disabled
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
!
interface Vlan1
no ip address
bridge-group 1
!
interface Vlan2
no ip address
bridge-group 2
!
interface BVI1
ip address 10.0.0.2 255.255.255.0
!
interface BVI2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat source list 100 interface FastEthernet4 overload
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
bridge 2 protocol ieee
bridge 2 route ip
alias exec si show ip int brief
alias exec sir show ip route
alias exec fi show running-config | include
alias exec fb show running-config | begin
alias exec sri show run interface
alias exec sal show access-list
alias exec sib show ip bgp
alias exec sio show ip ospf
alias exec sie show ip eigrp top
alias exec srm show route-map
privilege exec all level 5 configure
privilege exec level 5 reload
!
line con 0
no modem enable
line aux 0
line vty 0 4
transport input all
!
scheduler max-task-time 5000
end
jaybuddy#show ip interface brief
BVI1 10.0.0.2 YES manual up up
BVI2 192.168.1.1 YES manual up up
Dot11Radio0 unassigned YES unset up up
Dot11Radio0.1 unassigned YES unset up up
Dot11Radio0.2 unassigned YES unset up up
FastEthernet0 unassigned YES unset up down
FastEthernet1 unassigned YES unset up down
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up up
FastEthernet4 10.5.5.106 YES DHCP up up
NVI0 192.168.1.1 YES unset up up
Vlan1 unassigned YES unset up up
Vlan2 unassigned YES unset up down
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.5.5.168 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 10.5.5.168
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.0.0/24 is directly connected, BVI1
L 10.0.0.2/32 is directly connected, BVI1
C 10.5.5.0/24 is directly connected, FastEthernet4
L 10.5.5.106/32 is directly connected, FastEthernet4
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, BVI2
L 192.168.1.1/32 is directly connected, BVI2
If anybody can help out, I'll appreciate it
02-17-2013 12:42 PM
ip dhcp pool GUESTRITS
network 192.168.1.0 255.255.255.0
dns-server x.x.x.x
default-router 192.168.1.1
ip name-server DNS1 X.X.X.X
ip name-server DNS2 X.X.X.X
Do Rate Post If u find helpful
02-19-2013 07:05 PM
Unfortuantely that didn't help - I know you've added DNS info in but right now, the ping itself or L3 isn't working so want to get that working before I get to L4. This definitely seems a problem with NAT
02-19-2013 07:49 PM
Because you have "ip nat outside" on the wan interface, you'll want to remove "ip nat enable" on the bvi.
interface BVI2
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip nat enable
This is a different way of doing nat. Your nat statement also references a "nat enabled" statement instead of a directional statement. It may be easier to remove "ip nat outside" on fa4 and put in "ip nat enable" on that interface as well.
Otherwise, so to sum it up, you need to do one of two things:
1.) Change fa4 to "ip nat enable" and remove "ip nat outside"
OR
2.) Remove "ip nat enable" from the BVI AND
3.) Change the nat state to support point 2 to "ip nat inside soure list 100 interfa fa4 overload"
HTH,
John
*** Please rate all useful posts ***
02-20-2013 12:54 AM
interface FastEthernet0
no ip address
interfaceFastEtherne0.1
encapsulation dot1Q 1 bridge-group 1interfaceFastEtherne0.2
encapsulation dot1Q 2 bridge-group 2
***Do Rate All Helpful Posts***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide