01-01-2017 07:30 AM - edited 03-05-2019 07:46 AM
Hello, buddies.
I'm trying to configure cisco 871 for Internet access through pppoe.
Here is my config:
Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat pool pool1 192.168.1.1 192.168.1.254 netmask 255.255.255.0 add-route
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end
The route connects OK and give IP addresses by dhcp server.
I can ping 8.8.8.8. But ping 8.8.8.8 source 192.168.1.1 doesn't work.
show ip nat st
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0, occurred 02:10:20 ago
Outside interfaces:
FastEthernet4
Inside interfaces:
Vlan1
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface Dialer0 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
show ip nat tr - empty.
Could you advise me something?
01-01-2017 07:42 AM
Hello,
use the configuration below:
Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
archive
log config
hidekeys
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat pool pool1 192.168.1.1 192.168.1.254 netmask 255.255.255.0 add-route
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end
01-01-2017 10:42 AM
Thank you!
Now ping 8.8.8.8 source 192.168.1.1 works, but ping 8.8.8.8 from client fails.
debug ip nat - shows nothing.
What else could cause this problem?
01-01-2017 10:49 AM
Hello,
remove the two lines in bold from your config:
Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
archive
log config
hidekeys
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat pool pool1 192.168.1.1 192.168.1.254 netmask 255.255.255.0 add-route
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end
01-01-2017 11:13 AM
I removed, it didn't help. Ping from route works, from client doesn't.
01-01-2017 11:30 AM
Hello,
I made a few adjustments (in bold), I added an extended access list instead of a standard. If this doesn't work, we'll try a route map. Configure the below first...
Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
archive
log config
hidekeys
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ip tcp adjust-mss 1420
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end
01-01-2017 11:44 AM
Hello,
if the previous doesn't work, configure the route map overload as below:
Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
archive
log config
hidekeys
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ip tcp adjust-mss 1420
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
ip nat inside source route-map NAT_OUT interface Dialer0 overload
!
route-map NAT_OUT permit 10
match ip address NAT
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
!
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end
01-01-2017 11:00 PM
Nope. Pings from client don't work.
01-01-2017 11:48 PM
Hello,
the problem might be related to the DHCP pool configuration. Try and remove the line 'import all', and add 'dns-server 8.8.8.8 8.8.8.4'
So:
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
should become:
ip dhcp pool pooldhcp
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.8.4
lease 0 2
01-02-2017 12:01 AM
Hello,
also remove the lines below from your configuration:
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
01-02-2017 12:45 AM
Again, nothing has changed.
Here is las configuration:
Current configuration : 1881 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end
01-02-2017 12:55 AM
Hello,
you are missing the DNS part of the DHCP pool. Also, can you post the output of ;show ip nat translations'...
Current configuration : 1881 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.8.4
lease 0 2
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1420
!
interface Dialer0
ip address negotiated
ip mtu 1460
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1420
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat inside source list NAT interface Dialer0 overload
!
ip access-list extended NAT
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
dialer-list 1 protocol ip permit
no cdp run
!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end
01-02-2017 01:03 AM
I added dns-server.
Router#show ip nat translations
Router#sh ip nat st
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 1, occurred 00:19:16 ago
Outside interfaces:
Dialer0, Virtual-Access1
Inside interfaces:
Vlan1
Hits: 10 Misses: 0
CEF Translated packets: 5, CEF Punted packets: 0
Expired translations: 1
Dynamic mappings:
-- Inside Source
[Id: 1] access-list NAT interface Dialer0 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
01-02-2017 01:17 AM
Hello,
what is the IP configuration of your clients ? Can your clients ping the default router 192.168.1.1 ?
Clear the IP NAT translations (clear ip nat translation *), the try to ping 8.8.8.8 from a client, and check if there are eny entries in the NAT translation table.
Are these Windows clients ?
01-02-2017 01:38 AM
The client -Win7 gets 192.168.1.2
mask 255.255.255.0
default gate. . . . . . . . . : 192.168.1.1
DHCP-server. . . . . . . . . . . : 192.168.1.1
DNS-servers. . . . . . . . . . . : 8.8.8.8 8.8.4.4
I can ping 192.168.1.1 from client.
Here is client's route print output:
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
192.168.145.0 255.255.255.0 On-link 192.168.145.1 276
192.168.145.1 255.255.255.255 On-link 192.168.145.1 276
192.168.145.255 255.255.255.255 On-link 192.168.145.1 276
192.168.152.0 255.255.255.0 On-link 192.168.152.1 276
192.168.152.1 255.255.255.255 On-link 192.168.152.1 276
192.168.152.255 255.255.255.255 On-link 192.168.152.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 278
224.0.0.0 240.0.0.0 On-link 192.168.152.1 276
224.0.0.0 240.0.0.0 On-link 192.168.145.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 192.168.152.1 276
255.255.255.255 255.255.255.255 On-link 192.168.145.1 276
clear ip nat translation * didn't help.
sh ip nat tr is empty.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide