07-05-2014 11:08 PM - edited 03-04-2019 11:17 PM
Cisco 1941-sec-k9, with EHWIC-D-8ESG.
running-config as follow:
Current configuration : 4866 bytes
!
! Last configuration change at 02:24:32 UTC Sun Jul 6 2014 by miaozhixu
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SkyHomeRouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
ip domain name yourdomain.com
ip name-server 202.96.128.166
ip name-server 202.96.128.86
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-3419031012
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3419031012
revocation-check none
rsakeypair TP-self-signed-3419031012
!
!
crypto pki certificate chain TP-self-signed-3419031012
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
......
0D7EB119 DEC27469 10F29A9D E6BC9692 C995985B 627B4CC4 637DCF85 7DCA6B2A
DF64FE1C C9A134AD 2FD98208 D7017E
quit
license udi pid CISCO1941/K9 sn FGL1723205C
!
!
redundancy
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description PPPoE Dialer Interface
ip address 192.168.0.1 255.255.255.0
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no mop enabled
!
interface GigabitEthernet0/1
description Management Interface
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
switchport access vlan 102
no ip address
!
interface GigabitEthernet0/1/1
switchport access vlan 102
no ip address
!
interface GigabitEthernet0/1/2
switchport access vlan 102
no ip address
!
interface GigabitEthernet0/1/3
switchport access vlan 102
no ip address
!
interface GigabitEthernet0/1/4
switchport access vlan 103
no ip address
!
interface GigabitEthernet0/1/5
switchport access vlan 103
no ip address
!
interface GigabitEthernet0/1/6
switchport access vlan 103
no ip address
!
interface GigabitEthernet0/1/7
switchport access vlan 103
no ip address
!
interface Vlan1
no ip address
!
interface Vlan102
description Floor 2 VLAN
ip address 192.168.2.1 255.255.255.0
!
interface Vlan103
description Floor 3 VLAN
ip address 192.168.3.1 255.255.255.0
!
interface Dialer1
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer-group 1
ppp pap sent-username (username) password 0 (password)
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip dns spoofing
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 5 permit 192.168.3.254
dialer-list 1 protocol ip permit
!
!
!
control-plane
!
!
!
line con 0
login local
length 50
width 190
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 5 in
exec-timeout 60 0
privilege level 0
lockable
login local
no domain-lookup
exec prompt timestamp
length 45
width 100
full-help
transport input ssh
!
scheduler allocate 20000 1000
!
end
On the router, I can access the internet.
my PC's ip is 192.168.3.3, gateway is 192.168.3.1. On my PC, I can ping 192.168.0.1,192.168.2.1, even another PC's ip 192.168.2.3. But I can not access internet, I can only access LAN.
07-05-2014 11:43 PM
Hi,
I can see the "ip nat inside" statement on your outside interface, however I see no "ip nat inside" statement on your inside interface. ie Gig0/1
07-05-2014 11:44 PM
sorry, I meant
I can see the "IP NAT OUTSIDE" statement on your outside interface, however I see no "IP NAT INSIDE" statement on your inside interface. ie Gig0/1
07-06-2014 12:23 AM
I have added the "ip nat inside" statement to Gigabitethernet 0/1, VLAN102, VLAN103, but it still not work.
Following is "ping www.baidu.com"; on router and PC.
SkyHomeRouter#ping www.baidu.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 180.97.33.71, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/32 ms
MacBookPro:~ miaozhixu$ ping www.baidu.com
PING www.a.shifen.com (180.97.33.71): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- www.a.shifen.com ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
07-06-2014 06:10 AM
Ok, I can see you'll need more-
interface Vlan102
description Floor 2 VLAN
ip address 192.168.2.1 255.255.255.0
ip nat inside
!
interface Vlan103
description Floor 3 VLAN
ip address 192.168.3.1 255.255.255.0
ip nat inside
then
remove this-
access-list 5 permit 192.168.3.254
ie . no access-list 5 permit 192.168.3.254
then -
add this
access-list 1 permit 192.168.0.0 0.0.7.255
remember the source list '1' in the PAT statement below relates to access list 1 (not 5)
ip nat inside source list 1 interface Dialer1 overload
try this first---and do you intend to use DHCP?
07-06-2014 10:06 AM
And I found that "Configuring Network Address Translation: Getting Started" helpful.
DHCP, yes, next step is configuring DHCP on Gig0/1 VLAN102 VLAN 103.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide