04-23-2013 10:48 AM - edited 03-04-2019 07:41 PM
Hi all,
Writing my first router config from scratch for an 1801. I have wireless devices able to connect & authenticate with WPA. Wired devices can talk with wireless devices & on both interfaces devices obtain a DHCP lease. I can ping web based resources from the FA0 interface; the problem is, LAN devices can't ping has FA0. I'm pretty sure (well a hunch) that this is going to be down to NAT
Have I gone completely wrong with this?
Thanks for any help
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router0
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxx
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid TEST_NETWORK
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii xxxxxxxxx
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.126 192.168.1.254
!
ip dhcp pool Client-Pool
import all
network 192.168.1.0 255.255.255.0
domain-name domain.com
dns-server 192.168.1.1 8.8.8.8
default-router 192.168.1.1
!
!
ip domain name domain.com
ip name-server 192.168.1.1
ip name-server 8.8.8.8
ip name-server 4.2.2.2
ip name-server 208.67.220.220
ip name-server 208.67.222.222
!
multilink bundle-name authenticated
!
!
username xxxxxxxxx privilege 15 password xxxxxxxxx
!
!
archive
log config
hidekeys
!
!
bridge irb
!
!
!
interface FastEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
description test
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Dot11Radio0
no ip address
!
encryption mode ciphers tkip
!
ssid TEST_NETWORK
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption mode ciphers tkip
!
ssid TEST_NETWORK
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface BVI1
description $ES_LAN$
ip address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
!
!
ip http server
ip http port 2002
no ip http secure-server
ip nat pool NAT_POOL 192.168.1.0 192.168.2.0 netmask 0.0.0.255
ip nat inside source list 1 interface FastEthernet0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
!
Solved! Go to Solution.
04-24-2013 11:20 AM
Hi,
yes indeed if it is cable modem then no need for DSL module
Regards
Alain
Don't forget to rate helpful posts.
04-24-2013 12:33 PM
Hi,
int vlan 1
no ip nat inside
int bvi1
ip nat inside
Regards
Alain
Don't forget to rate helpful posts.
04-23-2013 11:25 AM
I think command 'IP ROUTING' should solve the purpose.
Regards,
Pawan Sharma
04-23-2013 11:54 AM
Thanks Pawan
I issued this command at global config mode however it hasn't made a difference
04-23-2013 12:20 PM
OK, I have previously been going through the config guide here
When issuing the command "vpdn enable" I am not put into the mode Hostname(config-vpdn)# as the instructions state I should be; "vpdn enable" has no visible effect and leaves me at the global configuration mode. I therefore can't follow the rest of the commands and can't set up the virtual dialup private network. With a bit of experimentation, I can enter the following:
I enter:: Hostname(config)#vpdn-group 1
Guide says:: Hostname(config-vpdn)# vpdn group 1
I enter:: Hostname(config-vpdn)#request-dialin
Guide Says:: Hostname(config-vpdn-grp)# request-dialin
These are the only commands I can enter that bear any resemblance to the guide; however the commands differ slightly and are at different modes. The guide also has Hostname(config-vpdn-grp)# initiate to 192.168.1.1 which I simply can't enter.
Does anyone know the correct syntax, whether or not I actually need to configure this to achieve my aim & also why the guide for the 1800 series router contains commands I can't enter at the CLI ???
04-23-2013 01:19 PM
Scratch the above... the first line of this section in the guide reads "The Cisco 1811 and Cisco 1812 integrated services fixed-configuration routers support Point-to-Point Protocol over Ethernet (PPPoE) clients and network address translation (NAT). "
As I have an 1801 these commands obviously won't work!! Now i'm really stumped - the guide for the 1801 shows WAN configuration using the ATM interface & DSL
04-23-2013 11:25 PM
Hi,
You'll need this: http://www.cisco.com/en/US/prod/collateral/routers/ps221/product_data_sheet0900aecd8028aa5a_ps5853_Products_Data_Sheet.html
Regards
Alain
Don't forget to rate helpful posts.
04-24-2013 11:11 AM
Thanks cadet alain, but I don't have a DSL, I am connecting to a cable modem via the FA0 port on my 1801!
As per the OP, I can ping www.google.com from the router - so my cable modem is assigning an IP address and I have connectivity at the WAN. LAN devices talk to each other (wired & wireless) the problem is with the LAN talking to the WAN. I just don't know how to get traffic from the LAN to the WAN and back again I may be wrong, but I don't this an ADSL module would rectify this
04-24-2013 11:20 AM
Hi,
yes indeed if it is cable modem then no need for DSL module
Regards
Alain
Don't forget to rate helpful posts.
04-24-2013 11:28 AM
OK, cheers CA. Any ideas where I'm going wrong with the config
04-24-2013 12:33 PM
Hi,
int vlan 1
no ip nat inside
int bvi1
ip nat inside
Regards
Alain
Don't forget to rate helpful posts.
05-01-2013 05:59 AM
Sorry it has taken so long to get back, I have been away.
Cadet Alain, your answer worked a treat, thanks very much