Solved: Re: Problem at the Project - Page 2

benr3933 · ‎01-08-2021

Packet tracer project.

Hey guys im new here so go ez with me lol, Im about to do my Project but i got stuck on ssh (ez right? well i guess i did something wrong).

im able to ssh my routers (with no password some how, and i configured one, not sure why) but not the switch's (not any of them), oh one more thing, only vlan 10 able to enter by ssh\telnet so i mad acl there.

thats whats run at my switch's (i cant even ping from pc to switch vlan 1)

S0(config)#do show run

Building configuration...

Current configuration : 1600 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

service password-encryption

!

hostname S0

!

enable password 7 08701E1D5D

!

no ip domain-lookup

ip domain-name SnowN.com

!

username Sysadmin privilege 1 password 7 0878151B5C4854

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

switchport mode trunk

!

interface GigabitEthernet0/2

!

interface Vlan1

ip address 192.168.10.222 255.255.255.0

!

access-list 10 permit 192.168.10.0 0.0.0.255

line con 0

password 7 08204E4D0D

login

!

line vty 0

access-class 10 in

password 7 08204E4D0D

login

transport input ssh

line vty 1 4

password 7 08204E4D0D

login

transport input ssh

line vty 5 15

login

!

end

Georg Pauwen · ‎01-11-2021

Hello,

the to-be-natted inside networks do not need to be directly connected to R1. Here is the config for R1 (file attached as well):

R1#sh run
Building configuration...

Current configuration : 1137 bytes
!
version 15.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname R1
!
ip cef
no ipv6 cef
!
username SysAdmin password 0 995511
!
ip domain-name SnowN.com
!
spanning-tree mode pvst
!
interface GigabitEthernet0/0/0
ip address 172.31.0.253 255.255.0.0
ip ospf 10 area 0
--> ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0/1
ip address 209.165.200.253 255.255.255.0
ip ospf 10 area 0
--> ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
shutdown
!
router ospf 10
log-adjacency-changes
!
--> ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
ip classless
!
ip flow-export version 9
!
access-list 10 permit 192.168.10.0 0.0.0.255
--> access-list 1 permit 192.168.10.0 0.0.0.255
--> access-list 1 permit 192.168.20.0 0.0.0.255
!
no cdp run
!
line con 0
!
line aux 0
!
line vty 0
access-class 10 in
login
transport input ssh
line vty 1 4
login
transport input ssh
!
end

benr3933 · ‎01-11-2021

can i choose 80.0.0.1 as a outside ip? if ye how? (i know its supposed to be pool :D)

Georg Pauwen · ‎01-11-2021

Hello,

yes indeed, you need a pool. Everything will be translated to 80.0.0.1:

--> ip nat pool NAT_OUT 80.0.0.1 80.0.0.1 netmask 255.255.255.0
--> no ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
--> ip nat inside source list 1 pool NAT_OUT add-route

benr3933 · ‎01-11-2021

Georg something went wrong, im loseing it xD

i did at router 1 what u said but now i have no communicate with outside... no ping no nothing

can u check it? tell me what i did wrong? (vlans cant go out farther then R1)

its diff folder coz i made more things inside :S

Georg Pauwen · ‎01-11-2021

Hello,

you need to add a static route on R2 for the new network 80.0.0.0/24:

R2(config)#ip route 80.0.0.0 255.255.255.0 GigabitEthernet 0/0/0

benr3933 · ‎01-11-2021

oooofff its working but i cant see at show ip nat translations the ip changing from 192.168.10.1 for example to 80.0.0.1 (i tried to ping the web, tried to http it, still no translation there)

any idea?

Georg Pauwen · ‎01-11-2021

Hello,

I am pinging from 192.168.1.10 to 172.19.0.100, here is the (partial) output on R2:

R2#sh ip nat translations

icmp 80.0.0.1:26 192.168.10.1:26 172.19.0.100:26 172.19.0.100:26
icmp 80.0.0.1:27 192.168.10.1:27 172.19.0.100:27 172.19.0.100:27
icmp 80.0.0.1:28 192.168.10.1:28 172.19.0.100:28 172.19.0.100:28
icmp 80.0.0.1:29 192.168.10.1:29 172.19.0.100:29 172.19.0.100:29
icmp 80.0.0.1:30 192.168.10.1:30 172.19.0.100:30 172.19.0.100:30

Georg Pauwen · ‎01-11-2021

Make sure you have the correct file (attached) opened.

benr3933 · ‎01-11-2021

here download the new zip, i did the same as u ( i think) at router one i set the commands at R1

--> access-list 1 permit 192.168.0.0 0.0.255.255

--> ip nat pool NAT_OUT 80.0.0.1 80.0.0.1 netmask 255.255.255.0
--> ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
--> ip nat inside source list 1 pool NAT_OUT add-route

and i have nothing inside the ip nat translations

did i missed something again T-T?

benr3933 · ‎01-11-2021

and how do i know that i wont get the same ip as the router at outside? should i make a pool for that?

benr3933 · ‎01-09-2021

hehe well u doing great.

thanks

benr3933 · ‎01-09-2021

btw one more question, as u can see there is a switch the most left side plug in to dns.

if i want to ssh him what do i do? i mean the same vlan 10? what ip address? what default gateway? (coz he is at diff network)