Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
780
Views
5
Helpful
2
Replies

IPoE Cisco ADSL 877 ACL prevent traffic

Go to solution
Eddy.Cuevas
Beginner
Beginner

‎05-18-2018 09:07 PM - edited ‎03-05-2019 10:28 AM

Hello Folks, I need to to setup NAT on IPoE configured router, but traffics which should be permitted are blocked by the ACL. I hope you can help me to find the problem. Thank you

 

===== Here ACL===================

Extended IP access list NAT_TRAFFIC
10 permit ip 10.0.0.0 0.0.0.255 any (1 match)
20 deny ip any any (60 matches)

 

=========Here Configuration==========

R1#show running-config
Building configuration...

Current configuration : 3236 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip cef
!
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
crypto pki trustpoint TP-self-signed-1126812597
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1126812597
revocation-check none
rsakeypair TP-self-signed-1126812597
!
!
crypto pki certificate chain TP-self-signed-1126812597
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313236 38313235 3937301E 170D3032 30333031 30333138
31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31323638
31323539 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C337 5C13AB4C 652EF91E E7C7B964 EA49A0E1 D92F714A D7AB1009 842EB0C6
4BAFE948 0CA2B8D7 3F3C4BE0 22C36A85 5CC65665 C2DC1EEC 2E90D6BC 76FD6756
91DB246D 0EBF1DDE 3B5A95BA ABF3AC57 ED6179AD 3EC8D87F 9FD7AC04 3E7DD45E
3C54EB7E 54563F8C 0F32CDDF B0457544 7009A43D BBE9EACE AFE3945D 93264000
F7010203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14A205C2 87E520A9 961B3745 72548863 FD4D8572
F4301D06 03551D0E 04160414 A205C287 E520A996 1B374572 548863FD 4D8572F4
300D0609 2A864886 F70D0101 04050003 818100B0 32A2EDC3 EA851A63 5AD58FB4
9D9A52C2 6297A9C3 9A4E0AC9 7DB91620 2598B353 CBD419E4 D201AA70 5A08D6BA
E1D61385 9359862A 19F3674C EDD612B5 63CF9881 6CD02020 C9E9D201 7EA87889
D9CA233A 3B797AA2 03840B32 A2BD59CE EF635E5B 692AC3E5 19EBAF3C E1F079CD
71AF5B4D 8E76423E 62D5D1B8 B305EC3E CF5025
quit
username cisco privilege 15 secret 5 $1$Oh1p$oECZYZFhQgTbuC53K426D.
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address dhcp
ip nat outside
ip virtual-reassembly
no snmp trap link-status
atm route-bridged ip
pvc 8/35
encapsulation aal5snap
!
!
interface FastEthernet0
switchport access vlan 2
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 ATM0.1
!
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list NAT_TRAFFIC interface ATM0.1 overload
!
ip access-list extended NAT_TRAFFIC
permit ip 10.0.0.0 0.0.0.255 any
deny ip any any
!
no cdp run
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
password cisco
login local
transport input telnet
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP Master VIP Master
VIP Master

‎05-19-2018 12:13 AM

Hello,

 

I have made a few adjustments (marked in bold) to your config. You don't need an extended access list.

 

Current configuration : 3236 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip cef
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
crypto pki trustpoint TP-self-signed-1126812597
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1126812597
revocation-check none
rsakeypair TP-self-signed-1126812597
!
crypto pki certificate chain TP-self-signed-1126812597
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313236 38313235 3937301E 170D3032 30333031 30333138
31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31323638
31323539 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C337 5C13AB4C 652EF91E E7C7B964 EA49A0E1 D92F714A D7AB1009 842EB0C6
4BAFE948 0CA2B8D7 3F3C4BE0 22C36A85 5CC65665 C2DC1EEC 2E90D6BC 76FD6756
91DB246D 0EBF1DDE 3B5A95BA ABF3AC57 ED6179AD 3EC8D87F 9FD7AC04 3E7DD45E
3C54EB7E 54563F8C 0F32CDDF B0457544 7009A43D BBE9EACE AFE3945D 93264000
F7010203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14A205C2 87E520A9 961B3745 72548863 FD4D8572
F4301D06 03551D0E 04160414 A205C287 E520A996 1B374572 548863FD 4D8572F4
300D0609 2A864886 F70D0101 04050003 818100B0 32A2EDC3 EA851A63 5AD58FB4
9D9A52C2 6297A9C3 9A4E0AC9 7DB91620 2598B353 CBD419E4 D201AA70 5A08D6BA
E1D61385 9359862A 19F3674C EDD612B5 63CF9881 6CD02020 C9E9D201 7EA87889
D9CA233A 3B797AA2 03840B32 A2BD59CE EF635E5B 692AC3E5 19EBAF3C E1F079CD
71AF5B4D 8E76423E 62D5D1B8 B305EC3E CF5025
quit
username cisco privilege 15 secret 5 $1$Oh1p$oECZYZFhQgTbuC53K426D.
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address dhcp
ip nat outside
ip virtual-reassembly
no snmp trap link-status
atm route-bridged ip
pvc 8/35
encapsulation aal5snap
!
interface FastEthernet0
switchport access vlan 2
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 ATM0.1 dhcp
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map ISP interface ATM0.1 overload
!
access-list 1 permit 10.0.0.0 0.0.0.255
!
route-map ISP permit 10
match ip address 1
match interface ATM0.1
!
no cdp run
!
control-plane
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
password cisco
login local
transport input telnet
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

View solution in original post

2 Replies 2

Go to solution
Georg Pauwen
VIP Master VIP Master
VIP Master

‎05-19-2018 12:13 AM

Hello,

 

I have made a few adjustments (marked in bold) to your config. You don't need an extended access list.

 

Current configuration : 3236 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip cef
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
crypto pki trustpoint TP-self-signed-1126812597
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1126812597
revocation-check none
rsakeypair TP-self-signed-1126812597
!
crypto pki certificate chain TP-self-signed-1126812597
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31313236 38313235 3937301E 170D3032 30333031 30333138
31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 31323638
31323539 3730819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C337 5C13AB4C 652EF91E E7C7B964 EA49A0E1 D92F714A D7AB1009 842EB0C6
4BAFE948 0CA2B8D7 3F3C4BE0 22C36A85 5CC65665 C2DC1EEC 2E90D6BC 76FD6756
91DB246D 0EBF1DDE 3B5A95BA ABF3AC57 ED6179AD 3EC8D87F 9FD7AC04 3E7DD45E
3C54EB7E 54563F8C 0F32CDDF B0457544 7009A43D BBE9EACE AFE3945D 93264000
F7010203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 14A205C2 87E520A9 961B3745 72548863 FD4D8572
F4301D06 03551D0E 04160414 A205C287 E520A996 1B374572 548863FD 4D8572F4
300D0609 2A864886 F70D0101 04050003 818100B0 32A2EDC3 EA851A63 5AD58FB4
9D9A52C2 6297A9C3 9A4E0AC9 7DB91620 2598B353 CBD419E4 D201AA70 5A08D6BA
E1D61385 9359862A 19F3674C EDD612B5 63CF9881 6CD02020 C9E9D201 7EA87889
D9CA233A 3B797AA2 03840B32 A2BD59CE EF635E5B 692AC3E5 19EBAF3C E1F079CD
71AF5B4D 8E76423E 62D5D1B8 B305EC3E CF5025
quit
username cisco privilege 15 secret 5 $1$Oh1p$oECZYZFhQgTbuC53K426D.
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
ip address dhcp
ip nat outside
ip virtual-reassembly
no snmp trap link-status
atm route-bridged ip
pvc 8/35
encapsulation aal5snap
!
interface FastEthernet0
switchport access vlan 2
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 ATM0.1 dhcp
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source route-map ISP interface ATM0.1 overload
!
access-list 1 permit 10.0.0.0 0.0.0.255
!
route-map ISP permit 10
match ip address 1
match interface ATM0.1
!
no cdp run
!
control-plane
!
line con 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
password cisco
login local
transport input telnet
!
scheduler max-task-time 5000
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end

Go to solution
Eddy.Cuevas
Beginner
Beginner
In response to Georg Pauwen

‎05-19-2018 12:05 PM

Georg Pauwen!!! You are awesome and your solution was awesome. I wish you the best in this career. Thank you  

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents