cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
564
Views
0
Helpful
3
Replies

NAT Issue on 1711

niall-wilkins
Level 1
Level 1

Hello,

I am trying to get out to the internet on a PC connected to my 1711. PPPoE has been configured properly as I receive an IP from my ISP for the Dialer 1 interface. I can also ping websites fromt he router. However I can not ping websites from my PC. I can ping the IP that my ISP is giving the dialer 1 interface. I am pretty sure it is an issue with my NAT statement because when I do a show ip NAT translation I dont see anything showing up.I have included a copy of my running config. Thanks to all who apply

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

!

!

!

ip cef

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

!

!

!

archive

log config

hidekeys

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

shutdown

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 10.1.10.1 255.255.255.0

!

interface Vlan20

ip address 10.1.20.1 255.255.255.0

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

ppp authentication chap callin

ppp pap sent-username xxxxx password 0 xxxxx

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

no ip http secure-server

!

ip nat inside source list NAT_ADDRESSES interface Dialer1 overload

!

!

!

ip access-list extended NAT_ADDRESSES

permit ip any any

!

!

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

!

end

2 Accepted Solutions

Accepted Solutions

Mark Yeates
Level 7
Level 7

Try adding the "ip nat inside" command to whichever VLAN interface (10 or 20) you wish to use. Then configure your switch ports with the "switchport access vlan (vlan number).

Hope this Helps,

Mark

View solution in original post

Niall

I think that Mark has clearly identified the first 2 important issues:

- you need a ip nat inside statement on at least one VLAN interface.

- currently there are 2 VLAN interfaces defined with IP addresses but they have no ports assigned to their VLAN. And the default VLAN where all the ports are currently assigned has no IP address.

In addition I believe that there may be a problem in the access list controlling the address translation. In my experience it is problematic to have address translation controlled by an extended access list with permit ip any. I would suggest that you configure a standard access list with permit statements for 1 or both of the subnets on your VLAN interfaces and then have address translation use that address.

HTH

Rick

HTH

Rick

View solution in original post

3 Replies 3

Mark Yeates
Level 7
Level 7

Try adding the "ip nat inside" command to whichever VLAN interface (10 or 20) you wish to use. Then configure your switch ports with the "switchport access vlan (vlan number).

Hope this Helps,

Mark

Niall

I think that Mark has clearly identified the first 2 important issues:

- you need a ip nat inside statement on at least one VLAN interface.

- currently there are 2 VLAN interfaces defined with IP addresses but they have no ports assigned to their VLAN. And the default VLAN where all the ports are currently assigned has no IP address.

In addition I believe that there may be a problem in the access list controlling the address translation. In my experience it is problematic to have address translation controlled by an extended access list with permit ip any. I would suggest that you configure a standard access list with permit statements for 1 or both of the subnets on your VLAN interfaces and then have address translation use that address.

HTH

Rick

HTH

Rick

Thanks for the help it works now

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: