09-01-2012 08:20 PM - edited 03-07-2019 08:39 AM
First of all, I'm kinda new to the router game and I'm learning as I go. I have a Cisco 2811 Router with a NM-16ESW card installed. I've connected this to my DSL connecting and I'm trying to build myself a learning lab. From the router I can ping to the internet and back to a test computer I have connected to one of the card's ethernet ports. From the test computer, I can ping the router's WAN interface, but no further. Here's my config...if anyone can help, I'd appreciate it and hope to return the favor one day!
Current configuration : 1931 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.15
!
ip dhcp pool LABTEST
import all
network 192.168.0.0 255.255.255.0
default-router 192.168.2.1
!
!
no ip ips deny-action ips-interface
ip domain name LABTEST
ip name-server 8.8.8.8
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
interface FastEthernet1/0
!
interface FastEthernet1/1
!interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
switchport access vlan 192
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface Vlan1
no ip address
!
interface Vlan19
ip address 192.168.2.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
ip http server
no ip http secure-server
ip nat inside source list 10 interface FastEthernet0/0 overload
!
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 101 permit icmp 192.168.0.0 0.0.0.255 any echo-reply
access-list 101 permit ip any any
no cdp run
!
!
control-plane
!
!
!
line con 0
password xxxxxxxxx
login
line aux 0
line vty 0 4
password xxxxxxxx
login
!
Solved! Go to Solution.
09-04-2012 11:40 AM
Hi,
your interface vlan 192 must have ip nat inside configured as it is this interface which will be used by your host to route packets to distant subnets.
So do this and let us know:
int vlan 192
ip nat inside
Regards.
Alain
Don't forget to rate helpful posts.
09-01-2012 08:38 PM
Does the PC have the correct default gateway (192.168.2.1)?
Is the PC connected to interface FastEthernet1/6?
if yes, this port is added to vlan 192 while the interface vlan is configured for vlan 19
interface Vlan19
ip address 192.168.2.1 255.255.255.0
Can you change
interface FastEthernet1/6
switchport access vlan 192
to
interface FastEthernet1/6
switchport access vlan 19
and
test again?
HTH
09-01-2012 08:44 PM
Thanks for the reply! The trailing 2 must've been cut off when I posted the config. I checked again and it's definitely VLAN192 in both places. The computer's gateway is set to 192.168.2.1. Thanks again!
09-01-2012 08:49 PM
Ok, thanks for clarifying
Can you change this
access-list 10 permit 192.168.0.0 0.0.0.255
to
access-list 10 permit 192.168.2.0 0.0.0.255
and test again?
HTH
09-01-2012 09:02 PM
Changed it. Same problem. The lab computer still can't get past the Fa0/0 interface.
09-01-2012 09:13 PM
couple more changes:
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
Delete
ip route 0.0.0.0 0.0.0.0 192.168.1.254
also:
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 101 permit icmp 192.168.0.0 0.0.0.255 any echo-reply
access-list 101 permit ip any any
delete the second line
and try again
09-01-2012 09:26 PM
deleted
ip route 0.0.0.0 0.0.0.0 192.168.1.254
Router will not ping to the internet now.
I replaced the line above and removed the access-list 101 line. Still the same issue. 192.168.1.254 is the dsl modem address, BTW...if that makes a difference.
09-02-2012 12:59 AM
Change the DHCP IP range to be in the same network as the default gateway:
ip dhcp pool LABTEST
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
access-list 10 permit 192.168.2.0 0.0.0.255
09-04-2012 11:15 AM
Tried changing the DHCP pool to no avail. It's weird...I can get back to F0/0, but I can't get any further.
09-04-2012 11:40 AM
Hi,
your interface vlan 192 must have ip nat inside configured as it is this interface which will be used by your host to route packets to distant subnets.
So do this and let us know:
int vlan 192
ip nat inside
Regards.
Alain
Don't forget to rate helpful posts.
09-04-2012 08:12 PM
That was it!!! Thanks, Cadet!!! I feel like a dummy now, but that got me going...just tried it out! Thanks again!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide