Hi
I am trying to test a Cisco 1941on my home network (to prepare for a site connection to a BTNet NTE) ...
I have routing working fine for the internal VLANs but and can ping everything (including the Internet) from the router console, but cannot ping from any client connected to any VLAN to the Internet.
The setup is basically >
Int gi0/0 connected to the Homehub
Int gi0/0/0 connected to the PC (the pc has an IP of 10.23.4.40). Interestingly when I try and ping to say www.google.co.uk it resolves the ip via DNS ok, but no replies. No internet either via IE.
Here is my fairly basic running-config >
_____________________________________________________________________
CORE-RT1# sh run
Building configuration...
*Sep 21 20:14:08.403: %SYS-5-CONFIG_I: Configured from console by admin on console
Current configuration : 4169 bytes
!
! Last configuration change at 20:14:08 UTC Sun Sep 21 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE-RT1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 3cAj.f2PkssJmkRu4YUQUCCy3vPEtMp3aQDdde3hiFU
!
no aaa new-model
!
no ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.23.3.1 10.23.3.39
ip dhcp excluded-address 10.23.4.1 10.23.4.39
ip dhcp excluded-address 10.23.1.1 10.23.1.150
ip dhcp excluded-address 10.23.2.1 10.23.2.39
!
ip dhcp pool USERS
import all
network 10.23.3.0 255.255.255.0
default-router 10.23.3.1
!
ip dhcp pool DATA
import all
network 10.23.4.0 255.255.255.0
default-router 10.23.4.1
dns-server 192.168.1.254
!
ip dhcp pool MGMT
import all
network 10.23.1.0 255.255.255.0
default-router 10.23.1.1
!
ip dhcp pool CCTV
import all
network 10.23.2.0 255.255.255.0
default-router 10.23.2.1
!
!
!
ip domain name XXXXXXX
ip name-server 192.168.1.254
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1284061912
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1284061912
revocation-check none
rsakeypair TP-self-signed-1284061912
!
!
crypto pki certificate chain TP-self-signed-1284061912
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323834 30363139 3132301E 170D3134 30393231 31363330
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32383430
36313931 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81008ADD 2D46064A 356B70C8 C8EFA1D7 B22C11A8 950680CF 68DF335A 7A19B982
7080913D C5C0776E 93B9579A B1776B26 864DF529 83C88225 08B92EFA B29ED9C7
48026077 5C25C5EE 6B924F6B 366E0478 B74A694D 6885EE66 8CF01774 0869B393
0E618221 1CB081DB AE0A5ADB 6536A95D E64E4D07 E63324D0 C2CF3CA9 5F28D3BC
A7490203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1437E42E B1BD86C7 94D9B99C 5D7C5498 D585D5B5 8D301D06
03551D0E 04160414 37E42EB1 BD86C794 D9B99C5D 7C5498D5 85D5B58D 300D0609
2A864886 F70D0101 05050003 8181002A D6DF1CB9 FEB18E09 93B57980 5A36FEE8
D9F84CF6 EE331D77 46C92D8C 36D014CB 00A23CB8 33E1932E 55D5E518 D40B1694
F0D7B511 CFD1A40B BBCD42BC 09EA183F EBABF39C 4FD3257B 6092C79A 1C2E3DE3
583BFAB1 87B18EFF 80317E8D 7BA8E766 C0A46751 6ECCB6EA 94082138 7A614F43
3681C2EC 8257257C E0E95335 2A1833
quit
license udi pid CISCO1941/K9 sn FCZ1812C2MY
!
!
username XXXXXX password 0 XXXXXXX
!
!
ip ssh version 2
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.138 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
switchport access vlan 40
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
description Management
ip address 10.23.1.1 255.255.255.0
!
interface Vlan20
description CCTV
ip address 10.23.2.1 255.255.255.0
!
interface Vlan30
description Phones
ip address 10.23.3.1 255.255.255.0
!
interface Vlan40
description Data and users
ip address 10.23.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
router rip
redistribute connected
network 10.0.0.0
network 192.168.1.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat pool out 192.168.1.138 192.168.1.138 prefix-length 24
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
__________________________________________________________
Also here is the output from show ip route >
CORE-RT1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.254
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.23.4.0/24 is directly connected, Vlan40
L 10.23.4.1/32 is directly connected, Vlan40
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.138/32 is directly connected, GigabitEthernet0/0
many thanks in advance
Rob
