Announcement

Collapse
No announcement yet.

Cisco 1841 IOS Cross interface routing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cisco 1841 IOS Cross interface routing

    Hi,

    we have an 1841 router with an additional 4port switch interface card. (vlan1)

    Currently users cannot access the internet but the router itself can!

    Any ideas?


    Thanks in advance,

    Alex.



    1841#sh run full
    Building configuration...
    Current configuration : 4194 bytes
    !
    version 12.4
    no service pad
    service tcp-keepalives-in
    service tcp-keepalives-out
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    service sequence-numbers
    !
    hostname 1841
    !
    boot-start-marker
    boot-end-marker
    !
    security authentication failure rate 3 log
    security passwords min-length 6
    logging buffered 51200 debugging
    logging console critical
    enable secret 5 ********
    !
    no aaa new-model
    !
    resource policy
    !
    clock timezone PCTime 0
    clock summer-time PCTime date Mar 30 2003 1:00 Oct 26 2003 2:00
    mmi polling-interval 60
    no mmi auto-configure
    no mmi pvc
    mmi snmp-timeout 180
    ip subnet-zero
    no ip source-route
    ip cef
    !
    !
    ip tcp synwait-time 10
    no ip dhcp use vrf connected
    !
    !
    no ip bootp server
    ip domain name latchways.com
    ip name-server 158.121.1.58
    ip name-server 158.121.1.43
    !
    username admin privilege 15 secret 5 ***********
    !
    !
    !
    interface FastEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$
    ip address 192.168.16.2 255.255.248.0
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat inside
    ip route-cache flow
    duplex auto
    speed auto
    no mop enabled
    !
    interface FastEthernet0/1
    description $ES_WAN$$FW_OUTSIDE$
    ip address 212.xxx.xxx.253 255.255.255.128
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip nat outside
    ip route-cache flow
    duplex auto
    speed auto
    no mop enabled
    !
    interface FastEthernet0/0/0
    !
    interface FastEthernet0/0/1
    !
    interface FastEthernet0/0/2
    !
    interface FastEthernet0/0/3
    !
    interface Vlan1
    ip address 81.xxx.xxx.196 255.255.255.248
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache flow
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 81.xxx.xxx.198
    ip route 10.0.1.0 255.255.255.0 192.168.20.251
    ip route 10.250.7.0 255.255.255.0 192.168.20.251
    ip route 10.250.9.0 255.255.255.0 192.168.20.251
    ip route 172.16.0.0 255.255.255.0 192.168.20.254
    ip route 172.16.1.0 255.255.255.0 192.168.16.1
    ip route 192.168.1.0 255.255.255.0 192.168.20.251
    ip route 192.168.2.0 255.255.255.0 192.168.20.251
    ip route 192.168.3.0 255.255.255.0 192.168.20.251
    ip route 192.168.4.0 255.255.255.0 192.168.20.251
    ip route 192.168.5.0 255.255.255.0 192.168.20.251
    ip route 192.168.7.0 255.255.255.0 192.168.20.251
    ip route 192.168.9.0 255.255.255.0 192.168.20.251
    ip route 192.168.10.0 255.255.255.0 192.168.20.251
    ip route 192.168.13.0 255.255.255.0 192.168.20.254
    ip route 192.168.15.0 255.255.255.0 192.168.20.251
    ip route 192.168.17.128 255.255.255.128 192.168.16.1
    !
    ip http server
    ip http authentication local
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip nat inside source list 1 interface FastEthernet0/1 overload
    !
    logging trap debugging
    access-list 1 remark INSIDE_IF=FastEthernet0/0
    access-list 1 remark SDM_ACL Category=2
    access-list 1 permit 192.168.16.0 0.0.7.255
    no cdp run
    !
    control-plane
    !
    banner exec ^C
    % Password expiration warning.
    -----------------------------------------------------------------------
    Cisco Router and Security Device Manager (SDM) is installed on this device and
    it provides the default username "cisco" for one-time use. If you have already
    used the username "cisco" to login to the router and your IOS image supports the
    "one-time" user option, then this username has already expired. You will not be
    able to login to the router with this username after you exit this session.
    It is strongly suggested that you create a new username with a privilege level
    of 15 using the following command.
    username <myuser> privilege 15 secret 0 <mypassword>
    Replace <myuser> and <mypassword> with the username and password you want to
    use.
    -----------------------------------------------------------------------
    ^C
    banner login ^CAuthorized access only!
    Disconnect IMMEDIATELY if you are not an authorized user!^C
    !
    line con 0
    login local
    transport output telnet
    line aux 0
    login local
    transport output telnet
    line vty 0 4
    privilege level 15
    login local
    transport input telnet
    line vty 5 15
    privilege level 15
    login local
    transport input telnet
    !
    scheduler allocate 4000 1000
    end
    1841#

  • #2
    Re: Cisco 1841 IOS Cross interface routing

    Your configuration is somewhat confusing. Maybe a network topology diagram would help clarify. Especially how you connect 1841 to internet along with how the secondary public netblock is routed to the 1841.

    Without further clarification, the only thing I see is the default gateway is pointing to an ip address on VLAN1, but yet you do not have an "ip nat outside" on vlan 1. So a packet of data sent to the internet from a PC connected to F0/0 would not be NAT'd and sent as-is with a source address of 192.168.16.x. Bzztt!!!

    So I would think you need to remove "ip nat outside" from f0/1 and add it to vlan1.

    This would also explain why you can ping internet directly from router. The router would send a packet with a source address assigned to vlan1, not an RFC1918 address like f0/0

    Comment

    Working...
    X