Re: 871 router NAT troubleshooting from Tony Singh on 2013-02-20 (Ccielab archives 02/2013)

From: Tony Singh <mothafungla_at_gmail.com>
Date: Wed, 20 Feb 2013 06:34:41 +0000
On BVI 2 you have ip nat enable not required if you already have ip nat inside defined (ip nat enable replaces inside/outside logic)
You can or cannot ping 4.2.2.2 contradiction below
What does f0/4 connect to
show ip nat trans & post
--
BR
Tony
Sent from my iPhone on 3
On 20 Feb 2013, at 03:06, Sam Wadhwa <mladka7_at_gmail.com> wrote:
> Hey guys - can someone help with this? It's a L3 problem and really suspect
> NAT not working here
> 
> I've been struggling with some configs on this router I'm setting up for a
> friend and just can't get Internet to work
> 
> - Wifi association works fine
> - The router can ping the internet fine and tried with 4.2.2.2
> - Client is getting IP address and gateway info fine
> - Client can ping default gw but not an internet address like 4.2.2.2
> - This router's gateway is 10.5.5.168 and that part of the network is fine
> and tested out
> 
> 
> jaybuddy#wr t
> Building configuration...
> 
> Current configuration : 3157 bytes
> !
> ! Last configuration change at 04:22:07 UTC Fri Mar 1 2002
> version 15.1
> no service pad
> service timestamps debug datetime msec
> service timestamps log datetime msec
> no service password-encryption
> !
> hostname jaybuddy
> !
> boot-start-marker
> boot-end-marker
> !
> !
> enable secret 4 U3m4oAxPL6U2QZg5dXhsBS7y6IpWl4NjAhg1.bHP0Vo
> !
> aaa new-model
> !
> !
> !
> !
> !
> !
> !
> aaa session-id common
> !
> crypto pki token default removal timeout 0
> !
> !
> dot11 syslog
> !
> dot11 ssid GUESTRITS
> vlan 2
> authentication open
> authentication key-management wpa
> guest-mode
> wpa-psk ascii 0 test2231
> !
> dot11 ssid jaybuddy
> vlan 1
> authentication open
> authentication key-management wpa
> wpa-psk ascii 0 test2231
> !
> ip source-route
> !
> !
> ip dhcp excluded-address 192.168.1.1
> ip dhcp excluded-address 192.168.1.254
> !
> ip dhcp pool GUESTRITS
> network 192.168.1.0 255.255.255.0
> default-router 192.168.1.1
> !
> !
> !
> ip cef
> no ip domain lookup
> no ipv6 cef
> !
> multilink bundle-name authenticated
> !
> !
> !
> !
> !
> !
> !
> !
> !
> bridge irb
> !
> !
> !
> interface FastEthernet0
> switchport trunk allowed vlan 1,2,1002-1005
> switchport mode trunk
> no ip address
> !
> interface FastEthernet1
> no ip address
> !
> interface FastEthernet2
> no ip address
> !
> interface FastEthernet3
> no ip address
> !
> interface FastEthernet4
> ip address dhcp
> ip nat outside
> ip virtual-reassembly in
> duplex auto
> speed auto
> !
> interface Dot11Radio0
> no ip address
> !
> encryption vlan 1 mode ciphers tkip
> !
> encryption vlan 2 mode ciphers tkip
> !
> ssid GUESTRITS
> !
> speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0
> 48.0 54.0
> station-role root
> !
> interface Dot11Radio0.1
> encapsulation dot1Q 1 native
> bridge-group 1
> bridge-group 1 subscriber-loop-control
> bridge-group 1 spanning-disabled
> bridge-group 1 block-unknown-source
> no bridge-group 1 source-learning
> no bridge-group 1 unicast-flooding
> !
> interface Dot11Radio0.2
> encapsulation dot1Q 2
> bridge-group 2
> bridge-group 2 subscriber-loop-control
> bridge-group 2 spanning-disabled
> bridge-group 2 block-unknown-source
> no bridge-group 2 source-learning
> no bridge-group 2 unicast-flooding
> !
> interface Vlan1
> no ip address
> bridge-group 1
> !
> interface Vlan2
> no ip address
> bridge-group 2
> !
> interface BVI1
> ip address 10.0.0.2 255.255.255.0
> !
> interface BVI2
> ip address 192.168.1.1 255.255.255.0
> ip nat inside
> ip nat enable
> ip virtual-reassembly in
> !
> ip forward-protocol nd
> no ip http server
> no ip http secure-server
> !
> !
> ip nat source list 100 interface FastEthernet4 overload
> !
> access-list 100 permit ip 192.168.1.0 0.0.0.255 any
> !
> !
> !
> !
> !
> !
> !
> control-plane
> !
> bridge 1 protocol ieee
> bridge 1 route ip
> bridge 2 protocol ieee
> bridge 2 route ip
> alias exec si show ip int brief
> alias exec sir show ip route
> alias exec fi show running-config | include
> alias exec fb show running-config | begin
> alias exec sri show run interface
> alias exec sal show access-list
> alias exec sib show ip bgp
> alias exec sio show ip ospf
> alias exec sie show ip eigrp top
> alias exec srm show route-map
> privilege exec all level 5 configure
> privilege exec level 5 reload
> !
> line con 0
> no modem enable
> line aux 0
> line vty 0 4
> transport input all
> !
> scheduler max-task-time 5000
> end
> 
> jaybuddy#show ip interface brief
> Interface                  IP-Address      OK? Method Status
> Protocol
> BVI1                       10.0.0.2        YES manual up
> up
> BVI2                       192.168.1.1     YES manual up
> up
> Dot11Radio0                unassigned      YES unset  up
> up
> Dot11Radio0.1              unassigned      YES unset  up
> up
> Dot11Radio0.2              unassigned      YES unset  up
> up
> FastEthernet0              unassigned      YES unset  up
> down
> FastEthernet1              unassigned      YES unset  up
> down
> FastEthernet2              unassigned      YES unset  up
> down
> FastEthernet3              unassigned      YES unset  up
> up
> FastEthernet4              10.5.5.106      YES DHCP   up
> up
> NVI0                       192.168.1.1     YES unset  up
> up
> Vlan1                      unassigned      YES unset  up
> up
> Vlan2                      unassigned      YES unset  up
> down
> 
> 
> jaybuddy# show ip route
> Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
>       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
>       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
>       E1 - OSPF external type 1, E2 - OSPF external type 2
>       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
>       ia - IS-IS inter area, * - candidate default, U - per-user static
> route
>       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
>       + - replicated route, % - next hop override
> 
> Gateway of last resort is 10.5.5.168 to network 0.0.0.0
> 
> S*    0.0.0.0/0 [254/0] via 10.5.5.168
>      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
> C        10.0.0.0/24 is directly connected, BVI1
> L        10.0.0.2/32 is directly connected, BVI1
> C        10.5.5.0/24 is directly connected, FastEthernet4
> L        10.5.5.106/32 is directly connected, FastEthernet4
>      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
> C        192.168.1.0/24 is directly connected, BVI2
> L        192.168.1.1/32 is directly connected, BVI2
> 
> 
> If anybody can help out, I'll appreciate it
> 
> Thanks!
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> _______________________________________________________________________
> Subscription information may be found at: 
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 20 2013 - 06:34:41 ART
This archive was generated by hypermail 2.2.0 : Fri Mar 01 2013 - 07:57:58 ART