Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6994
Views
0
Helpful
64
Replies

nat doesn't work on cisco 871

ssemenenko
Level 1
Level 1

‎01-01-2017 07:30 AM - edited ‎03-05-2019 07:46 AM

Hello, buddies.

I'm trying to configure cisco 871 for Internet access through pppoe.

Here is my config:


Current configuration : 1996 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
lease 0 2
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED> password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 Dialer0
no ip http server
no ip http secure-server
!
!
ip nat pool pool1 192.168.1.1 192.168.1.254 netmask 255.255.255.0 add-route
ip nat inside source list 1 interface Dialer0 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
access-list 1 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
no cdp run

!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end

The route connects OK and give IP addresses by dhcp server.

I can ping 8.8.8.8. But ping 8.8.8.8 source 192.168.1.1  doesn't work.

show ip nat st

Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0, occurred 02:10:20 ago
Outside interfaces:
FastEthernet4
Inside interfaces:
Vlan1
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface Dialer0 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

show ip nat tr - empty.

Could you advise me something?

Labels:
0 Helpful
64 Replies 64

paul driver
VIP
VIP
In response to ssemenenko

‎01-02-2017 08:04 AM

Hello

okay do the clients connect to a lan switch if so make sure that lan switch does NOT have ip routing enabled

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

paul driver
VIP
VIP

‎01-02-2017 06:29 AM

Hello

I am assume your ppoe session comes up and you have no issues with encapsulation etc given that you can ping google?

Your dhcp scope and PPOE config also looks okay however I can see you have two forms to NAT applied
(Domain based - inside/outside and NVI - nat enable)

As your current nat config is using domain based then we can go with this and remove the NVI nat)

Can you try the following please:

interface FastEthernet4
no ip nat enable

interface Dialer0
ip nat outside
ip tcp adjust-mss 1452
 
no ip route 192.168.1.0 255.255.255.0 Dialer0
no ip nat pool pool1 192.168.1.1 192.168.1.254 netmask 255.255.255.0 add-route



res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

ssemenenko
Level 1
Level 1
In response to paul driver

‎01-02-2017 07:39 AM

The current configuration is:

Current configuration : 1880 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$L/Qh$pAh6sCNUtAtG7tnANlFZy.
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool pooldhcp
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
vpdn-group 1
request-dialin
protocol pppoe
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description ISP
no ip address
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp chap refuse
ppp ms-chap-v2 refuse
ppp pap sent-username <CUTTED>password 0 <CUTTED>
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet4 overload
!
ip access-list extended TerminalAccess
permit tcp host 192.168.1.2 any eq telnet log
permit tcp host 192.168.1.2 any eq 22 log
deny tcp any any log
!
access-list 1 permit 192.168.1.0 0.0.0.255
no cdp run

!
!
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class TerminalAccess in
login
transport input ssh
!
scheduler max-task-time 5000
end

The route doesn't ping 8.8.8.8

0 Helpful

ssemenenko
Level 1
Level 1
In response to ssemenenko

‎01-02-2017 10:04 AM

Here is debug ip nat result:
IP NAT debugging is on
Router#
*Nov 23 18:05:23.856: NAT: TCP s=23->3, d=59248
*Nov 23 18:05:33.594: NAT: expiring 109.169.185.230 (192.168.1.1) icmp 6 (6)
*Nov 23 18:05:36.082: NAT: TCP s=23->4, d=6773
*Nov 23 18:05:40.763: NAT: expiring 109.169.185.230 (109.169.185.230) tcp 23231 (23231)
*Nov 23 18:06:04.833: NAT: expiring 109.169.185.230 (109.169.185.230) tcp 8080 (8080)
*Nov 23 18:06:08.418: NAT: expiring 109.169.185.230 (109.169.185.230) tcp 48709 (48709)
*Nov 23 18:06:14.051: NAT: expiring 109.169.185.230 (109.169.185.230) tcp 23231 (23231)
*Nov 23 18:06:23.801: NAT: expiring 109.169.185.230 (109.169.185.230) tcp 3 (23)
*Nov 23 18:06:36.092: NAT: expiring 109.169.185.230 (109.169.185.230) tcp 4 (23)
*Nov 23 18:07:17.741: NAT: TCP s=23->5, d=53982
*Nov 23 18:07:33.721: NAT: TCP s=23->6, d=55704

0 Helpful

paul driver
VIP
VIP
In response to ssemenenko

‎01-02-2017 11:04 AM

Hello

no ip route 0.0.0.0 0.0.0.0 dhcp
no ip nat inside source list 1 interface FastEthernet4 overload

ip route 0.0.0.0 0.0.0.0 dialer0
ip nat inside source list 1 interface dialer0 overload

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents