Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

access list support

anybody can help to allow one PC from my network access the internet thru L2 interface FastEthernet2

Drawing1.jpg

7 REPLIES
New Member

access list support

ok i can ping the default gateway for my FTTh router but the problem i am still can not get browse on my host 192.168.1.222

the configuration are :

ip dhcp pool Wippro

   import all

   network 192.168.1.0 255.255.255.0

   default-router 192.168.1.254

   dns-server 192.168.1.1 86.51.34.17

   domain-name me.com

   lease 0 2

!

interface FastEthernet2

description Going to Mobily Fiber

switchport access vlan 2

!

interface FastEthernet3

description Dentech

nterface Vlan1

description Dentech

ip address 192.168.1.254 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Vlan2

description Internet

ip address 192.168.0.11 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 Vlan2 192.168.0.10

!

ip nat inside source list 4 interface Vlan2 overload

!

access-list 4 permit 192.168.1.222

R#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.10 to network 0.0.0.0

C    192.168.0.0/24 is directly connected, Vlan2

C    192.168.1.0/24 is directly connected, Vlan1

S*   0.0.0.0/0 [1/0] via 192.168.0.10, Vlan2

R#ping 192.168.0.10

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.10, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

R#

R#sh ip int br

Interface                  IP-Address      OK? Method Status                Protocol

ATM0                       unassigned      YES NVRAM  up                    up     

ATM0.1                     unassigned      YES unset  up                    up     

Dialer0                    unassigned      YES IPCP   administratively down down   

FastEthernet0              unassigned      YES unset  administratively down down   

FastEthernet1              unassigned      YES unset  up                    up     

FastEthernet2              unassigned      YES unset  down                  down   

FastEthernet3              unassigned      YES unset  up                    up     

NVI0                       unassigned      YES unset  administratively down down   

Virtual-Access1            unassigned      YES unset  down                  down   

Vlan1                      192.168.1.254   YES NVRAM  up                    up     

Vlan2                      192.168.0.11    YES manual up                    up     

R#

access list support

It could be a typo in the post, but I don't see "ip nat outside" configured on vlan 2. You have it listed in your diagram though. If it's not there, add that and see if that resolves your issue.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: access list support

thank you very much

it is working now and i can browsing well

i have two issue still pending

I need support to forward port 80 HTTP to 192.168.1.222 any packet requested from 192.168.0.10

the second issue

I am not got the fully speed on my host 192.168.1.222 I am just get 50Mbit from 100Mbit

when I connected my host diect to the FTTH router I got fully speed 100Mbit

my configuration

!

interface FastEthernet2

switchport access vlan 2

end

interface Vlan2

description Internet

ip address 192.168.0.11 255.255.255.0

ip nat outside

ip virtual-reassembly

ip route 0.0.0.0 0.0.0.0 192.168.0.10

!

ip nat inside source list 4 interface Vlan2 overload

!

access-list 4 permit 192.168.1.103

access-list 4 permit 192.168.1.222

!

Re: access list support

For port forwarding, you can do the following:

ip nat inside source static tcp 192.168.1.122 80 interface vlan2 80 overload

You may want to double check the duplex setting on the interface that connects to your router. Do a "show int fa2 | i duplex". If you see "Half-duplex" as the first line, the router that connects to it is probably hard coded to 100/full. If that's the case, make the following change:

int fa2

speed 100

duplex full

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

Re: access list support

thanks for your quick response

actualy it was

R#  show int fa2 | i dupl 

  Full-duplex, 100Mb/s

I changed to

R#sh run int f2

Building configuration...

Current configuration : 122 bytes

!

interface FastEthernet2

description Going to Mobily FTTH router

switchport access vlan 2

duplex full

speed 100

end

but still the speed not reach more than 50 Mbit

Re: access list support

Take a look at the document in the following link:

https://supportforums.cisco.com/thread/2159312

This may answer some questions...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
New Member

access list support

but why when I tested the speed without NAT fully speed reached thru cisco

if I routed user from cisco to FTTH modem with static route 192.168.1.10

I got 100Mbit

is it related vlan and NAT ?

236
Views
5
Helpful
7
Replies