Skip to main content

Cisco 1721 With Wic-4esw

More
13 years 11 months ago #35843 by center
Hi guys,

This is the first time i post question here. Before, i just read your forum. Ok,i just got myself a used 1721 router with WIC-4ESW and connect to my ADSL modem using Dialer. I have configured Vlan 1 to FE/0 , FE/1 and FE/2. My ADSL modem connected to FE/0 while my PC connected to FE/1. FE/0 IP address 192.168.3.1 and FE/1, FE/2 are 10.1.201.x(DHCP) mode with VLAN 1 ip address 10.1.201.1 .
The problem here is, i can't figure out why i can't get Internet. From the router,i was able to ping to www.google.com and from PC, i was able to ping 192.169.3.1 but not google.com. I can ping the clients PC connected to WIC-4ESW.


Below is my running-config file


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Center
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.3.1
!
ip dhcp pool ExpNET
network 10.1.201.0 255.255.255.0
default-router 192.168.3.1
dns-server 202.188.0.133 192.168.3.1 10.1.201.1
!
!
ip cef
!
username cisco privilege 15 password 0 cisco
!
!
!
interface FastEthernet0
description WANPORT
ip address 192.168.3.1 255.255.255.0
ip access-group ForVLAN out
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
speed auto
vlan-id dot1q 1
exit-vlan-config
!
pppoe enable
pppoe-client dial-pool-number 1
hold-queue 100 out
!
interface FastEthernet1
vlan-id dot1q 1
exit-vlan-config
!
!
interface FastEthernet2
vlan-id dot1q 1
exit-vlan-config
!
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Vlan1
ip address 10.1.201.1 255.255.255.0
!
interface Dialer0
description WANDIALER
ip address negotiated
ip access-group 100 in
ip access-group 101 out
ip mtu 1452
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication pap callin
ppp pap sent-username MYUSERID@MYISP password 0 MYPASSWORD
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp address required
!
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
ip http server
ip http authentication local
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 1 interface Dialer0 overload
!
!
!
ip access-list extended ForVLAN
permit ip any any
permit udp any any
permit icmp any any
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit any
access-list 101 permit ip any any
access-list 101 permit udp any any
access-list 101 permit icmp any any
access-list 101 permit tcp any any
!
!
control-plane
!
!
line con 0
transport output all
line aux 0
transport output all
line vty 0 4
privilege level 15
login local
transport input telnet
transport output all
!
end

Please help,

thanks
More
13 years 11 months ago #35870 by center
Replied by center on topic latest config
Hi guys,

the latest config,

ip dns

ip access-list standard 1
permit any

and i remove all the rest of access-list and add,
ip access-group 1 in at dialer 0 interface.
It work for a while, but no not working after i reboot the router.
Can you assist what happen on the router? Why it work before reboot ?
More
13 years 10 months ago #35986 by center
Replied by center on topic Re: Cisco 1721 With Wic-4esw
hi guys,

finally, i managed to make it work. below is the configuration if someone intrested. it far for perfect. need to work out on ACL.
still confuse with outbound and inbound ...

this conf work with ADSL ,which ADSL modem setup as bridge.
hope someone find it useful.




Building configuration...

Current configuration : 3389 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname Center
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
!
no aaa new-model
clock timezone PCTime 8
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.1.202.5
!
ip dhcp pool ExpNET
network 10.1.201.0 255.255.255.0
default-router 10.1.201.5
dns-server 208.67.222.222 208.67.220.220
!
ip dhcp pool VLAN2
network 10.1.202.0 255.255.255.0
dns-server 10.1.202.5
domain-name expVLAN2
default-router 10.1.201.5
!
!
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip inspect tcp finwait-time 30
ip inspect tcp max-incomplete host 100 block-time 10
ip inspect name MYOWN dns
ip inspect name CENTERFW udp
ip inspect name CENTERFW icmp
ip inspect name CENTERFW telnet
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
username XXXXX privilege 15 password 0 XXXXXX
!
!
!
!
!
!
!
interface FastEthernet0
ip address 192.168.3.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
hold-queue 100 out
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport trunk native vlan 2
switchport mode trunk
!
interface FastEthernet4
switchport access vlan 2
!
interface Vlan1
description $FW_INSIDE$
ip address 10.1.201.5 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Vlan2
ip address 10.1.202.5 255.255.255.0
ip nat inside
ip virtual-reassembly
vlan-id dot1q 2
exit-vlan-config
!
!
interface Vlan11
no ip address
!
interface Dialer0
description $FW_OUTSIDE$
ip address negotiated
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip inspect CENTERFW out
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
compress stac
random-detect
no cdp enable
ppp authentication pap callin
ppp pap sent-username XXXXXX@XXXXXX password 0 XXXXXXX ppp ipcp mask request
ppp ipcp address required
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
!
ip dns server
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 3 interface Dialer0 overload
!
ip access-list extended blockInWWW
deny tcp any any eq www
ip access-list extended sdm_vlan1_in
remark SDM_ACL Category=1
remark ICMP
deny icmp any any
remark SDM_ACL Category=1
remark ICMP
!
logging trap emergencies
logging 10.1.201.1
access-list 2 permit any
access-list 3 permit any
access-list 101 deny tcp any any eq telnet
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
transport output all
line aux 0
line vty 0 4
privilege level 15
login local
transport input none
transport output all
!
ntp clock-period 17180008
ntp server 10.1.201.1
end
More
13 years 10 months ago #36061 by Chris
Replied by Chris on topic Re: Cisco 1721 With Wic-4esw
center,

thanks for the update - I'm sure someone's going to make use of it as well!

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
Time to create page: 0.123 seconds