RE: 871 router NAT troubleshooting from David Prall on 2013-02-20 (Ccielab archives 02/2013)

From: David Prall <dcp_at_dcptech.com>
Date: Tue, 19 Feb 2013 22:27:30 -0500
It is getting the default, but I always like using "ip route 0.0.0.0 0.0.0.0
fa4 dhcp"
As well you can place "import all" under the dhcp zone so that the
dns-server is imported for the clients use. On BVI2 you have "ip nat
enable", never used that. If you use inside/outside instead of enable then
you need to use inside on your nat statement. I would just remove the "ip
nat inside/outside" commands on FA4/BVI2 and put "ip nat enable" on FA4 and
see if that corrects it.
David
--
http://dcp.dcptech.com
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
> Behalf Of Sam Wadhwa
> Sent: Tuesday, February 19, 2013 10:07 PM
> To: cisco; Cisco certification; Cisco certification
> Subject: Fwd: 871 router NAT troubleshooting
> 
> Hey guys - can someone help with this? It's a L3 problem and really
suspect
> NAT not working here
> 
> I've been struggling with some configs on this router I'm setting up for a
> friend and just can't get Internet to work
> 
> - Wifi association works fine
> - The router can ping the internet fine and tried with 4.2.2.2
> - Client is getting IP address and gateway info fine
> - Client can ping default gw but not an internet address like 4.2.2.2
> - This router's gateway is 10.5.5.168 and that part of the network is fine
> and tested out
> 
> 
> jaybuddy#wr t
> Building configuration...
> 
> Current configuration : 3157 bytes
> !
> ! Last configuration change at 04:22:07 UTC Fri Mar 1 2002
> version 15.1
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname jaybuddy
> !
> boot-start-marker
> boot-end-marker
> !
> !
> enable secret 4 U3m4oAxPL6U2QZg5dXhsBS7y6IpWl4NjAhg1.bHP0Vo
> !
> aaa new-model
> !
> !
> !
> !
> !
> !
> !
> aaa session-id common
> !
> crypto pki token default removal timeout 0
> !
> !
> dot11 syslog
> !
> dot11 ssid GUESTRITS
>  vlan 2
>  authentication open
>  authentication key-management wpa
>  guest-mode
>  wpa-psk ascii 0 test2231
> !
> dot11 ssid jaybuddy
>  vlan 1
>  authentication open
>  authentication key-management wpa
>  wpa-psk ascii 0 test2231
> !
> ip source-route
> !
> !
> ip dhcp excluded-address 192.168.1.1
> ip dhcp excluded-address 192.168.1.254
> !
> ip dhcp pool GUESTRITS
>  network 192.168.1.0 255.255.255.0
>  default-router 192.168.1.1
> !
> !
> !
> ip cef
> no ip domain lookup
> no ipv6 cef
> !
> multilink bundle-name authenticated
> !
> !
> !
> !
> !
> !
> !
> !
> !
> bridge irb
> !
> !
> !
> interface FastEthernet0
>  switchport trunk allowed vlan 1,2,1002-1005
>  switchport mode trunk
>  no ip address
> !
> interface FastEthernet1
>  no ip address
> !
> interface FastEthernet2
>  no ip address
> !
> interface FastEthernet3
>  no ip address
> !
> interface FastEthernet4
>  ip address dhcp
>  ip nat outside
>  ip virtual-reassembly in
>  duplex auto
>  speed auto
> !
> interface Dot11Radio0
>  no ip address
>  !
>  encryption vlan 1 mode ciphers tkip
>  !
>  encryption vlan 2 mode ciphers tkip
>  !
>  ssid GUESTRITS
>  !
>  speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
36.0
> 48.0 54.0
>  station-role root
> !
> interface Dot11Radio0.1
>  encapsulation dot1Q 1 native
>  bridge-group 1
>  bridge-group 1 subscriber-loop-control
>  bridge-group 1 spanning-disabled
>  bridge-group 1 block-unknown-source
>  no bridge-group 1 source-learning
>  no bridge-group 1 unicast-flooding
> !
> interface Dot11Radio0.2
>  encapsulation dot1Q 2
>  bridge-group 2
>  bridge-group 2 subscriber-loop-control
>  bridge-group 2 spanning-disabled
>  bridge-group 2 block-unknown-source
>  no bridge-group 2 source-learning
>  no bridge-group 2 unicast-flooding
> !
> interface Vlan1
>  no ip address
>  bridge-group 1
> !
> interface Vlan2
>  no ip address
>  bridge-group 2
> !
> interface BVI1
>  ip address 10.0.0.2 255.255.255.0
> !
> interface BVI2
>  ip address 192.168.1.1 255.255.255.0
>  ip nat inside
>  ip nat enable
>  ip virtual-reassembly in
> !
> ip forward-protocol nd
> no ip http server
> no ip http secure-server
> !
> !
> ip nat source list 100 interface FastEthernet4 overload
> !
> access-list 100 permit ip 192.168.1.0 0.0.0.255 any
> !
> !
> !
> !
> !
> !
> !
> control-plane
> !
> bridge 1 protocol ieee
> bridge 1 route ip
> bridge 2 protocol ieee
> bridge 2 route ip
> alias exec si show ip int brief
> alias exec sir show ip route
> alias exec fi show running-config | include
> alias exec fb show running-config | begin
> alias exec sri show run interface
> alias exec sal show access-list
> alias exec sib show ip bgp
> alias exec sio show ip ospf
> alias exec sie show ip eigrp top
> alias exec srm show route-map
> privilege exec all level 5 configure
> privilege exec level 5 reload
> !
> line con 0
>  no modem enable
> line aux 0
> line vty 0 4
>  transport input all
> !
> scheduler max-task-time 5000
> end
> 
> jaybuddy#show ip interface brief
> Interface                  IP-Address      OK? Method Status
>  Protocol
> BVI1                       10.0.0.2        YES manual up
>  up
> BVI2                       192.168.1.1     YES manual up
>  up
> Dot11Radio0                unassigned      YES unset  up
>  up
> Dot11Radio0.1              unassigned      YES unset  up
>  up
> Dot11Radio0.2              unassigned      YES unset  up
>  up
> FastEthernet0              unassigned      YES unset  up
>  down
> FastEthernet1              unassigned      YES unset  up
>  down
> FastEthernet2              unassigned      YES unset  up
>  down
> FastEthernet3              unassigned      YES unset  up
>  up
> FastEthernet4              10.5.5.106      YES DHCP   up
>  up
> NVI0                       192.168.1.1     YES unset  up
>  up
> Vlan1                      unassigned      YES unset  up
>  up
> Vlan2                      unassigned      YES unset  up
>  down
> 
> 
> jaybuddy# show ip route
> Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
>        D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>        N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>        E1 - OSPF external type 1, E2 - OSPF external type 2
>        i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
>        ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>        o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
>        + - replicated route, % - next hop override
> 
> Gateway of last resort is 10.5.5.168 to network 0.0.0.0
> 
> S*    0.0.0.0/0 [254/0] via 10.5.5.168
>       10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
> C        10.0.0.0/24 is directly connected, BVI1
> L        10.0.0.2/32 is directly connected, BVI1
> C        10.5.5.0/24 is directly connected, FastEthernet4
> L        10.5.5.106/32 is directly connected, FastEthernet4
>       192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
> C        192.168.1.0/24 is directly connected, BVI2
> L        192.168.1.1/32 is directly connected, BVI2
> 
> 
> If anybody can help out, I'll appreciate it
> 
> Thanks!
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> ___________________________________________________________________
> ____
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Tue Feb 19 2013 - 22:27:30 ART
This archive was generated by hypermail 2.2.0 : Fri Mar 01 2013 - 07:57:58 ART