ccfcfc
asked on
Cisco 1801 router - how to configure next hop to allow interfaces to access "outside"
Using a Cisco 1801 router - see config below concerning interfaces and access-list.
I have the PPP (Dialer1, outside) up and working, happily ping external IP's on the Web.
Using FastEthernet0 as my "inside" IP 192.168.34.254 and have configured VLAN100 IP address 192.168.35.230 and added FastEthernet1-8 to this VLAN100 . My clients connected in FastEthernet1-8 have Def Gateway set to 192.168.35.230.
I have added ip route 0.0.0.0 0.0.0.0 Dialer1 thinking this should provide my next hop. I dont seem to get any traffic from the VLAN100 going out. I have posted the config in relation to interfaces and access-lists below.
interface FastEthernet0
ip address 192.168.34.254 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
vlan-id dot1q 10
exit-vlan-config
!
vlan-id dot1q 1
exit-vlan-config
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
switchport access vlan 100
duplex full
speed 100
vlan-id dot1q 1
exit-vlan-config
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Virtual-PPP1
no ip address
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO- FE 1$
no ip address
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan100
ip address 192.168.35.230 255.255.255.0
!
interface Dialer1
description internet dialer
ip address xxx.xxx.xxx.xxx 255.255.255.240
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname xxxxx7@hg39.btclick.com
ppp chap password 0 xxxxx01
ppp pap sent-username xxxxxxx7@hg39.btclick.com password 0 xxxxxx01
ppp ipcp dns request
ppp ipcp wins request
crypto map intamap
!
interface Dialer2
no ip address
shutdown
no cdp enable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit 192.168.34.0 0.0.0.255
access-list 1 permit 192.168.35.0 0.0.0.255
dialer-list 1 protocol ip permit
I have the PPP (Dialer1, outside) up and working, happily ping external IP's on the Web.
Using FastEthernet0 as my "inside" IP 192.168.34.254 and have configured VLAN100 IP address 192.168.35.230 and added FastEthernet1-8 to this VLAN100 . My clients connected in FastEthernet1-8 have Def Gateway set to 192.168.35.230.
I have added ip route 0.0.0.0 0.0.0.0 Dialer1 thinking this should provide my next hop. I dont seem to get any traffic from the VLAN100 going out. I have posted the config in relation to interfaces and access-lists below.
interface FastEthernet0
ip address 192.168.34.254 255.255.255.0
ip nat inside
ip virtual-reassembly
speed 100
full-duplex
vlan-id dot1q 10
exit-vlan-config
!
vlan-id dot1q 1
exit-vlan-config
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
switchport access vlan 100
duplex full
speed 100
vlan-id dot1q 1
exit-vlan-config
interface ATM0
no ip address
no atm ilmi-keepalive
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
dsl operating-mode auto
!
interface Virtual-PPP1
no ip address
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-
no ip address
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Vlan100
ip address 192.168.35.230 255.255.255.0
!
interface Dialer1
description internet dialer
ip address xxx.xxx.xxx.xxx 255.255.255.240
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap chap callin
ppp chap hostname xxxxx7@hg39.btclick.com
ppp chap password 0 xxxxx01
ppp pap sent-username xxxxxxx7@hg39.btclick.com password 0 xxxxxx01
ppp ipcp dns request
ppp ipcp wins request
crypto map intamap
!
interface Dialer2
no ip address
shutdown
no cdp enable
ip route 0.0.0.0 0.0.0.0 Dialer1
ip nat inside source list 1 interface Dialer1 overload
access-list 1 permit 192.168.34.0 0.0.0.255
access-list 1 permit 192.168.35.0 0.0.0.255
dialer-list 1 protocol ip permit
Can you post a show ip route please?
ASKER
See output below :-
ntamac-dev-backup#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
217.41.207.0/32 is subnetted, 1 subnets
C 217.41.207.73 is directly connected, Dialer1
217.41.116.0/28 is subnetted, 1 subnets
C 217.41.116.224 is directly connected, Dialer1
C 192.168.35.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 is directly connected, Dialer1
intamac-dev-backup#
ntamac-dev-backup#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
217.41.207.0/32 is subnetted, 1 subnets
C 217.41.207.73 is directly connected, Dialer1
217.41.116.0/28 is subnetted, 1 subnets
C 217.41.116.224 is directly connected, Dialer1
C 192.168.35.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 is directly connected, Dialer1
intamac-dev-backup#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Excellent, but although i have enabled DNS and when on the router it used DNS, do I need toset the servers to what IP/interface to utilsie DNS on the PPP link ?
Yes, if the servers are static IP addressed, you need to use your ISP's DNS servers for DNS resolution assuming you don't have internal DNS servers of your own.