01-30-2013 10:43 AM - edited 03-04-2019 06:53 PM
Hi
I have a 871W router that works fine.I have 5 static ip addres's and use 2 in a nat pool.
One i have mapped staticlly here is the configuration and it works fine:
! No configuration change since last restart
version 15.1
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging userinfo
logging buffered 51200
logging console critical
enable secret 4 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
enable password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
clock timezone PDT -8 0
clock summer-time PDT recurring
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-143207878
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-143207878
revocation-check none
rsakeypair TP-self-signed-143207878
!
!
dot11 syslog
!
dot11 ssid router-wireless
vlan 2
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxxxxxx
!
no ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.0.1 192.168.0.100
!
ip dhcp pool ippool871
network 192.168.0.0 255.255.255.0
dns-server 8.8.4.4 8.8.8.8
default-router 192.168.0.1
!
ip dhcp pool ippool871W
network 192.168.1.0 255.255.255.0
dns-server 8.8.4.4 8.8.8.8
default-router 192.168.1.1
!
!
!
ip cef
no ip bootp server
ip domain name pozo.com
ip host linksys.pozo.com 192.168.0.2
ip host TimeCapsule.pozo.com 192.168.0.3
ip host t61p.pozo.com 192.168.0.4
ip host pozo.com 192.168.0.5 50.197.129.137
ip host ns.pozo.com 192.168.0.5 50.197.129.137
ip host quad.pozo.com 192.168.0.6
ip host backup.pozo.com 192.168.0.7
ip host netra.pozo.com 192.168.0.8
ip host termrouter.pozo.com 192.168.0.9
ip host apc.pozo.com 192.168.0.10
ip host switch.pozo.com 192.168.0.11
ip host ihub.pozo.com 192.168.0.12
ip host ultra1.pozo.com 192.168.0.13
ip host termrouter1.pozo.com 192.168.0.14
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip name-server 8.8.4.4
ip name-server 64.81.79.2
ip name-server 68.94.157.1
login block-for 30 attempts 5 within 1
login delay 5
login on-failure log
login on-success log
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
username manfred privilege 15 secret 4 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username mantar privilege 15 password 7 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
ip tcp synwait-time 10
ip ssh time-out 10
ip ssh authentication-retries 2
ip ssh port 2995 rotary 1
ip ssh version 2
!
!
!
!
!
!
!
interface Loopback1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Null0
no ip unreachables
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
description $FW_OUTSIDE$
ip address 50.197.129.141 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip verify unicast reverse-path
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
no ip route-cache cef
!
encryption vlan 2 mode ciphers tkip
!
ssid router-wireless
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel least-congested 2412 2442 2462
station-role root
no cdp enable
!
interface Dot11Radio0.1
description WLAN vlan2$FW_INSIDE$
encapsulation dot1Q 2
ip address 192.168.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
no cdp enable
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
hold-queue 100 out
!
interface Vlan2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
!
router eigrp 64
network 192.168.0.0
auto-summary
no eigrp log-neighbor-changes
!
ip default-gateway 50.197.129.142
ip forward-protocol nd
ip http server
ip http access-class 1
ip http secure-server
!
!
ip nat pool comcast 50.197.129.139 50.197.129.140 netmask 255.255.255.248
ip nat inside source list 10 pool comcast overload
ip nat inside source static 192.168.0.5 50.197.129.137
ip route 0.0.0.0 0.0.0.0 50.197.129.142 permanent
!
!
logging trap debugging
access-list 1 remark HTTP Access-class list
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 deny any
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 152 remark Telnet_Ssh_default_port
access-list 152 deny tcp any any eq 22
access-list 152 deny tcp any any eq telnet
access-list 152 permit tcp any gt 1024 any gt 1024
no cdp log mismatch duplex
no cdp run
!
!
!
!
!
!
!
control-plane
!
banner login Welcome to Router
banner motd Welcome to router.pozo.com
!
line con 0
session-timeout 60
no modem enable
transport output telnet
stopbits 1
line aux 0
transport output telnet
line vty 0 4
session-timeout 60
access-class 152 in
exec-timeout 65 0
rotary 1
transport input ssh
transport output all
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
ntp server 198.123.30.132
ntp server 72.18.205.157
ntp server 132.163.4.101
!
webvpn context Default_context
ssl authenticate verify all
!
no inservice
!
end
When i use this confiuration on the 891 the static ip does not work.
No inbound or outbound on 192.168.0.5
It's basiclly the same config as above, the wireless is different as it's in the sevice module.
I'll deal with that later,But i need to get the one static ip working as it is my mailserver and dns server
Here is what i tried on the 891:
version 15.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname router
!
boot-start-marker
boot system flash c890-universalk9-mz.152-2.T1.bin
boot config usbflash0:CVO-BOOT.CFG
boot-end-marker
!
!
security authentication failure rate 3 log
security passwords min-length 6
logging userinfo
logging buffered 51200
logging console critical
enable password 7 xxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
clock timezone PDT -8 0
clock summer-time PDT recurring
service-module wlan-ap 0 bootimage autonomous
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-143207878
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-143207878
revocation-check none
rsakeypair TP-self-signed-143207878
!
!
crypto pki certificate chain TP-self-signed-143207878
no ip source-route
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.1.1 192.168.1.2
!
ip dhcp pool ippool891
network 192.168.0.0 255.255.255.0
dns-server 8.8.4.4 8.8.8.8
default-router 192.168.0.1
!
ip dhcp pool ippool891W
network 192.168.1.0 255.255.255.0
dns-server 8.8.4.4 8.8.8.8
default-router 192.168.1.1
!
!
no ip bootp server
ip domain name pozo.com
ip host linksys.pozo.com 192.168.0.2
ip host TimeCapsule.pozo.com 192.168.0.3
ip host t61p.pozo.com 192.168.0.4
ip host quad.pozo.com 192.168.0.6
ip host backup.pozo.com 192.168.0.7
ip host netra.pozo.com 192.168.0.8
ip host termrouter.pozo.com 192.168.0.9
ip host apc.pozo.com 192.168.0.10
ip host switch.pozo.com 192.168.0.11
ip host ihub.pozo.com 192.168.0.12
ip host ultra1.pozo.com 192.168.0.13
ip host termrouter1.pozo.com 192.168.0.14
ip host pozo.com 192.168.0.5 50.197.129.137
ip host ns.pozo.com 192.168.0.5 50.197.129.137
ip name-server 75.75.75.75
ip name-server 75.75.76.76
ip name-server 8.8.4.4
ip name-server 192.168.0.5
ip cef
login block-for 30 attempts 5 within 1
login delay 5
login on-failure log
login on-success log
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
license udi pid CISCO891W-AGN-A-K9 sn FTX14428081
!
!
archive
log config
hidekeys
username mantar privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
!
!
!
ip tcp synwait-time 10
ip ssh time-out 10
ip ssh authentication-retries 2
ip ssh port 2995 rotary 1
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Loopback1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
!
interface Null0
no ip unreachables
!
interface FastEthernet0
no ip address
spanning-tree portfast
!
interface FastEthernet1
no ip address
spanning-tree portfast
!
interface FastEthernet2
no ip address
spanning-tree portfast
!
interface FastEthernet3
no ip address
spanning-tree portfast
!
interface FastEthernet4
no ip address
spanning-tree portfast
!
interface FastEthernet5
no ip address
spanning-tree portfast
!
interface FastEthernet6
no ip address
spanning-tree portfast
!
interface FastEthernet7
no ip address
spanning-tree portfast
!
interface FastEthernet8
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0
description $FW_OUTSIDE$
ip address 50.197.129.141 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in
ip verify unicast reverse-path
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan2
ip virtual-reassembly in
arp timeout 0
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 2
switchport mode trunk
no ip address
!
interface Vlan1
description $FW_INSIDE$
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
hold-queue 100 out
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
!
interface Async1
no ip address
encapsulation slip
!
!
router eigrp 64
network 192.168.0.0
auto-summary
no eigrp log-neighbor-changes
!
ip default-gateway 50.197.129.142
ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip forward-protocol nd
!
!
ip nat pool comcast 50.197.129.139 50.197.129.140 netmask 255.255.255.248
ip nat inside source list 10 pool comcast overload
ip nat inside source static 192.168.0.5 50.197.129.137
ip route 0.0.0.0 0.0.0.0 50.197.129.142 permanent
!
!
logging trap debugging
access-list 1 remark HTTP Access-class list
access-list 1 remark CCP_ACL Category=1
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 deny any
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 152 remark Telnet_Ssh_default_port
access-list 152 deny tcp any any eq 22
access-list 152 deny tcp any any eq telnet
access-list 152 permit tcp any gt 1024 any gt 1024
no cdp log mismatch duplex
no cdp run
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
banner login Welcome to Router
banner motd Welcome to router.pozo.com
!
line con 0
session-timeout 60
transport output telnet
stopbits 1
line 1
modem InOut
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
transport output telnet
line vty 0 4
session-timeout 60
access-class 152 in
exec-timeout 65 0
privilege level 15
rotary 1
transport input ssh
transport output all
line vty 5 15
session-timeout 60
access-class 152 in
exec-timeout 65 0
privilege level 15
rotary 1
transport input ssh
transport output all
!
scheduler interval 500
ntp server 198.123.30.132
ntp server 72.18.205.157
ntp server 132.163.4.101
!
!
webvpn context Default_context
!
ssl authenticate verify all
no inservice
!
end
It seems like the 891 uses Stricter rules and i haven't figured out the key
I tried using route-map:
ip nat inside source static 192.168.0.5 50.197.129.137 route-map to50-nat-rmap reversible no-alias
route-map to50-nat-rmap permit 10
match ip address to50-nat-acl
ip access-list extended to50-nat-acl
permit ip host 192.168.0.5 50.197.129.137 0.0.0.255
That allows outbound from 192.168.0.5 but from the internet i can't get in
Any help would be GREATLY appreciated
Thanks
02-10-2013 03:07 PM
I got it working the problem was i needed to reboot the comcast modem.
Now I just have to figure out how to configure the wireless !!!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide