Question:
Writing my first router WS-C3560X-24T-L config from scratch
for an 1801. I have wireless devices
able to connect & authenticate with WPA.
Wired devices can talk with wireless devices & on both interfaces
devices obtain a DHCP lease. I can ping
web based resources from the FA0 interface; the problem is, LAN devices can't
ping has FA0. I'm pretty sure (well a
hunch) that this is going to be down to NAT
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router0
!
boot-start-marker
boot-end-marker
!
enable secret xxxxxxxxx
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid TEST_NETWORK
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii xxxxxxxxx
!
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
192.168.1.99
ip dhcp excluded-address 192.168.1.126
192.168.1.254
!
ip dhcp pool Client-Pool
import all
network 192.168.1.0 255.255.255.0
domain-name domain.com
dns-server 192.168.1.1 8.8.8 .8
default-router 192.168.1.1
!
!
ip domain name domain.com
ip name-server 192.168.1.1
ip name-server 8.8.8 .8
ip name-server 4.2.2 .2
ip name-server 208.67.220.220
ip name-server 208.67.222.222
!
multilink bundle-name authenticated
!
!
username xxxxxxxxx privilege 15 password xxxxxxxxx
!
!
archive
log
config
hidekeys
!
!
bridge irb
!
!
!
interface FastEthernet0
ip
address dhcp
ip
nat outside
ip
virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface BRI0
no
ip address
encapsulation hdlc
shutdown
!
interface FastEthernet1
description test
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface Dot11Radio0
no
ip address
!
encryption mode ciphers tkip
!
ssid
TEST_NETWORK
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0
basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group
1 spanning-disabled
bridge-group 1 block-unknown-source
no
bridge-group 1 source-learning
no
bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no
ip address
!
encryption mode ciphers tkip
!
ssid
TEST_NETWORK
!
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0
36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no
bridge-group 1 source-learning
no
bridge-group 1 unicast-flooding
!
interface ATM0
no
ip address
shutdown
no
atm ilmi-keepalive
dsl
operating-mode auto
!
interface Vlan1
no
ip address
ip
nat inside
ip
virtual-reassembly
bridge-group 1
!
interface BVI1
description $ES_LAN$
ip
address 192.168.1.1 255.255.255.0
!
ip forward-protocol nd
!
!
ip http server
ip http port 2002
no ip http secure-server
ip nat pool NAT_POOL 192.168.1.0
192.168.2.0 netmask 0.0.0 .255
ip nat inside source list 1 interface
FastEthernet0 overload
!
access-list 1 permit 192.168.1.0 0.0.0 .255
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
line aux 0
line vty 0 4
!
Answer:
yes indeed if it is cable modem then no
need for DSL module
int vlan 1
no ip nat inside
int bvi1
ip nat WS-C3560X-24T-S inside
没有评论:
发表评论