07-23-2008 05:35 PM - edited 03-06-2019 12:25 AM
Hello,
I am trying to get out to the internet on a PC connected to my 1711. PPPoE has been configured properly as I receive an IP from my ISP for the Dialer 1 interface. I can also ping websites fromt he router. However I can not ping websites from my PC. I can ping the IP that my ISP is giving the dialer 1 interface. I am pretty sure it is an issue with my NAT statement because when I do a show ip NAT translation I dont see anything showing up.I have included a copy of my running config. Thanks to all who apply
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
multilink bundle-name authenticated
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
!
interface Vlan20
ip address 10.1.20.1 255.255.255.0
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp pap sent-username xxxxx password 0 xxxxx
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
!
!
ip access-list extended NAT_ADDRESSES
permit ip any any
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
end
Solved! Go to Solution.
07-23-2008 05:42 PM
Try adding the "ip nat inside" command to whichever VLAN interface (10 or 20) you wish to use. Then configure your switch ports with the "switchport access vlan (vlan number).
Hope this Helps,
Mark
07-23-2008 06:02 PM
Niall
I think that Mark has clearly identified the first 2 important issues:
- you need a ip nat inside statement on at least one VLAN interface.
- currently there are 2 VLAN interfaces defined with IP addresses but they have no ports assigned to their VLAN. And the default VLAN where all the ports are currently assigned has no IP address.
In addition I believe that there may be a problem in the access list controlling the address translation. In my experience it is problematic to have address translation controlled by an extended access list with permit ip any. I would suggest that you configure a standard access list with permit statements for 1 or both of the subnets on your VLAN interfaces and then have address translation use that address.
HTH
Rick
07-23-2008 05:42 PM
Try adding the "ip nat inside" command to whichever VLAN interface (10 or 20) you wish to use. Then configure your switch ports with the "switchport access vlan (vlan number).
Hope this Helps,
Mark
07-23-2008 06:02 PM
Niall
I think that Mark has clearly identified the first 2 important issues:
- you need a ip nat inside statement on at least one VLAN interface.
- currently there are 2 VLAN interfaces defined with IP addresses but they have no ports assigned to their VLAN. And the default VLAN where all the ports are currently assigned has no IP address.
In addition I believe that there may be a problem in the access list controlling the address translation. In my experience it is problematic to have address translation controlled by an extended access list with permit ip any. I would suggest that you configure a standard access list with permit statements for 1 or both of the subnets on your VLAN interfaces and then have address translation use that address.
HTH
Rick
07-24-2008 03:09 AM
Thanks for the help it works now
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: