Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
466
Views
0
Helpful
8
Replies

Hosts de vlan1 accedan a internet

JCarlos
Level 1
Level 1

‎02-14-2019 09:36 PM - edited ‎03-08-2019 05:20 PM

Saludos, soy nuevo con cisco y no consigo que los hosts conectados a mi vlan1 direccion 192.168.2.1 255.255.255.0 tengan acceso a internet via puerto wan f4 192.168.1.2 255.255.255.0 que esta conectado al router que me proveyó el isp 192.168.1.1 255.255.255.0 puedo en un pequeño laboratorio que monte, hacer ping desde mi host conectado al puerto 0 parte de la vlan1 al puerto f4 wan de mi router cisco 891 pero no a ningún otro host mas allá de esa interface. Agradeceré mucho toda ayuda.

Labels:
0 Helpful
8 Replies 8

balaji.bandi
Hall of Fame
Hall of Fame

‎02-14-2019 10:30 PM

Can you post the full configuration here.

 

show run

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

JCarlos
Level 1
Level 1
In response to balaji.bandi

‎02-15-2019 06:47 AM

Sorry for delay to response, please hold on, i only can work on this by night so in a few hours i post for you the sh run and i hope you still read my. Essages and help me to solve this, thanks

0 Helpful

Georg Pauwen
VIP
VIP
In response to JCarlos

‎02-15-2019 07:07 AM

Hola,

 

normalmente, la interfaz FastEthernet8 o la interfaz GigabitEthernet0 son las interfaces WAN. Aquí hay una configuración de ejemplo para FastEthernet8 y GigabiEthernet0 (las partes importantes están marcadas en negrita).

 

version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 891
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool VLAN1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
lease 0 2
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn FTX153085WL
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0
no ip address  
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet8
!
access-list 1 permit 192.168.1.0
no cdp run
!
control-plane

 

----------

 

version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 891
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool VLAN1
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
lease 0 2
!
ip cef
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn FTX153085WL
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8

!

interface GigabitEthernet0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0
!
access-list 1 permit 192.168.1.0
no cdp run
!
control-plane

0 Helpful

JCarlos
Level 1
Level 1
In response to Georg Pauwen

‎02-15-2019 09:00 PM

gracias voy a probar y publico como me fue
0 Helpful

JCarlos
Level 1
Level 1
In response to Georg Pauwen

‎02-15-2019 10:25 PM

listo quedo asi, pero no hace lo que necesito, desde la wan se puede ver mis hosts (ping exitoso desde un pc conectado al puerto wan con ip 192.168.1.11) pero mis host no pueden ver nada mas alla de la ip de la wan (ping hasta 192.168.1.2 exitoso) pero ping al host conectado en la wan (192.168.1.11) no responde..

 

router01#sh run
Building configuration...

Current configuration : 5484 bytes
!
! Last configuration change at 04:56:27 UTC Sat Feb 16 2019 by JCarlos
! NVRAM config last updated at 04:56:31 UTC Sat Feb 16 2019 by JCarlos
! NVRAM config last updated at 04:56:31 UTC Sat Feb 16 2019 by JCarlos
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 FQOIbemZ5IMwJf2yWikSNiEIn7uk4bTMz29mDBtCM3A
enable password xxxxxxx
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3998734045
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3998734045
revocation-check none
rsakeypair TP-self-signed-3998734045
!
!
crypto pki certificate chain TP-self-signed-3998734045
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393938 37333430 3435301E 170D3139 30323134 32313039
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39393837
33343034 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BD67 45588AF9 DA17FFA3 BDD91CFF AACCC0B1 B47C2B8E B1ED8B92 437351FA
3C8348E6 08DFF8E5 D2D6817A 2295F28C C42F9ABA 89B5EF6E 0F23BA5D 4932CED4
158C792E 369D9BAD EACB31F8 03A2AD71 9C4A68B9 C810B24B A9CC3D8B 641209CC
2A6728AA 155C1898 4E492333 19CAE7BE D7E2D10C 73BFCCB7 A281B7BC 63AD8088
D6F30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14574E78 D07C6672 41DA873A B614DD69 78D49BB6 BF301D06
03551D0E 04160414 574E78D0 7C667241 DA873AB6 14DD6978 D49BB6BF 300D0609
2A864886 F70D0101 05050003 818100AE 511DC3CF 83C13C09 D431C4E7 BE672DF3
EADC9FCE 1D64774A BDB5CE8E 8452E6DB 81613408 597D491E FDF2CC40 93A72B6E
95078539 8DC64F91 0E1445BC 87ACB8AB 74F15A9B 50FF87E9 002915BF 96BBDA9C
555F8658 F3CF45C3 50825542 C265E549 34101530 A451CD60 BBF68D4E 7EB42CBE
5C4583F0 D31262DC F01E986E 72580B
quit
ip source-route
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.20
!
ip dhcp pool lafinquita-pool
import all
network 192.168.2.0 255.255.255.0
dns-server 200.107.10.105 200.107.10.104
default-router 192.168.2.1
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
ip name-server 200.107.10.105
ip name-server 200.107.10.104
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX163783ML
!
!
vtp mode transparent
username JC488a privilege 15 secret 4 2kZuG1X/cnpzcC5NffFvTH/PLBC8z12rSfEdt9CAC2Y
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 24 permit 192.168.0.0
no cdp run
!
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 24 in
privilege level 15
login local
transport input telnet ssh
!
end

router01#

0 Helpful

Georg Pauwen
VIP
VIP
In response to JCarlos

‎02-16-2019 12:04 AM

Hola,

 

tienes que añadir:

 

access-list 1 permit 192.168.2.0

0 Helpful

JCarlos
Level 1
Level 1
In response to Georg Pauwen

‎02-15-2019 10:26 PM

listo quedo asi, pero no hace lo que necesito, desde la wan se puede ver mis hosts (ping exitoso desde un pc conectado al puerto wan con ip 192.168.1.11) pero mis host no pueden ver nada mas alla de la ip de la wan (ping hasta 192.168.1.2 exitoso) pero ping al host conectado en la wan (192.168.1.11) no responde..

 

router01#sh run
Building configuration...

Current configuration : 5484 bytes
!
! Last configuration change at 04:56:27 UTC Sat Feb 16 2019 by JCarlos
! NVRAM config last updated at 04:56:31 UTC Sat Feb 16 2019 by JCarlos
! NVRAM config last updated at 04:56:31 UTC Sat Feb 16 2019 by JCarlos
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 FQOIbemZ5IMwJf2yWikSNiEIn7uk4bTMz29mDBtCM3A
enable password xxxxxxx
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3998734045
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3998734045
revocation-check none
rsakeypair TP-self-signed-3998734045
!
!
crypto pki certificate chain TP-self-signed-3998734045
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393938 37333430 3435301E 170D3139 30323134 32313039
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39393837
33343034 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BD67 45588AF9 DA17FFA3 BDD91CFF AACCC0B1 B47C2B8E B1ED8B92 437351FA
3C8348E6 08DFF8E5 D2D6817A 2295F28C C42F9ABA 89B5EF6E 0F23BA5D 4932CED4
158C792E 369D9BAD EACB31F8 03A2AD71 9C4A68B9 C810B24B A9CC3D8B 641209CC
2A6728AA 155C1898 4E492333 19CAE7BE D7E2D10C 73BFCCB7 A281B7BC 63AD8088
D6F30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14574E78 D07C6672 41DA873A B614DD69 78D49BB6 BF301D06
03551D0E 04160414 574E78D0 7C667241 DA873AB6 14DD6978 D49BB6BF 300D0609
2A864886 F70D0101 05050003 818100AE 511DC3CF 83C13C09 D431C4E7 BE672DF3
EADC9FCE 1D64774A BDB5CE8E 8452E6DB 81613408 597D491E FDF2CC40 93A72B6E
95078539 8DC64F91 0E1445BC 87ACB8AB 74F15A9B 50FF87E9 002915BF 96BBDA9C
555F8658 F3CF45C3 50825542 C265E549 34101530 A451CD60 BBF68D4E 7EB42CBE
5C4583F0 D31262DC F01E986E 72580B
quit
ip source-route
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.20
!
ip dhcp pool lafinquita-pool
import all
network 192.168.2.0 255.255.255.0
dns-server 200.107.10.105 200.107.10.104
default-router 192.168.2.1
lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
ip name-server 200.107.10.105
ip name-server 200.107.10.104
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX163783ML
!
!
vtp mode transparent
username JC488a privilege 15 secret 4 2kZuG1X/cnpzcC5NffFvTH/PLBC8z12rSfEdt9CAC2Y
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 24 permit 192.168.0.0
no cdp run
!
!
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you
want to use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 24 in
privilege level 15
login local
transport input telnet ssh
!
end

router01#

0 Helpful

JCarlos
Level 1
Level 1
In response to JCarlos

‎02-15-2019 08:58 PM

abajo mi intento de configuracion, debo aclarar que mi conexion wan no va directamente al internet si no al router-modem de mi isp a traves de una pareja de radios ubiquiti en modo bridge asi

isp router-modem 192.168.1.1

ubiquiti radio 192.168.1.25

ubiquiti radio 192.168.1.26

mi cisco 891 con ip 192.168.1.2 interfase wan f4

mi vlan1 192.168.2.1

dhcp server configurado en mi router

hosts con ip 192.168.2.0 excepto claro de la 1 a la 20

ahora si mi sh run

 

router01#sh run
Building configuration...

Current configuration : 5170 bytes
!
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 FQOIbwmZ5IMwJf2yWikSNiEIn7uk4bTMz29mDBtCM3A
enable password 
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3998734045
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3998734045
revocation-check none
rsakeypair TP-self-signed-3998734045
!
!
crypto pki certificate chain TP-self-signed-3998734045
certificate self-signed 01
bla bla
quit
ip source-route
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.20
!
ip dhcp pool lafinquita-pool
import all
network 192.168.2.0 255.255.255.0
dns-server 200.107.10.105 200.107.10.104
default-router 192.168.2.1
!
!
ip cef
ip domain name yourdomain.com
ip name-server 200.107.10.105
ip name-server 200.107.10.104
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX163783ML
!
!
vtp mode transparent
username JCarlos privilege 15 secret 4 2kZuG1X/cnpzcC5NffFvTH/PLBC8z12rSfEdt9CAC2Y
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 192.168.2.1 255.255.255.0
ip tcp adjust-mss 1452
!
ip default-gateway 192.168.2.1
ip forward-protocol nd
ip http server
ip http access-class 24
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 24 permit 192.168.0.0
no cdp run
!
!
!
!
banner exec ^C
% Password expiration warning.
Cisco Configuration Professional (Cisco CP) is installed on this device

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE
PUBLICLY-KNOWN CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL
NOT BE ABLE TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
login local
line aux 0
line vty 0 4
access-class 24 in
privilege level 15
login local
transport input telnet ssh
!
end

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card