我使用的是 2851,在 GE0/1 上我有一个 BT OpenReach VDSL 调制解调器,GE0/0 连接到交换机和网络的其余部分。所需的配置非常简单,而且大部分都能正常工作,我希望路由器处理调制解调器的 PPPoE,运行典型的 NAT 配置(带有一些端口转发)和 DNS/DHCP。很简单吧?
我遇到的问题是,虽然我的网络上的客户端可以毫无问题地访问互联网,但在尝试访问互联网时来自路由器本身它似乎没有将数据包放在正确的方向……
事实(注意,路由器的 IP 是 192.168.1.254):
- 路由器正在毫无问题地发放 DHCP 租约
- 从我网络上的一台电脑上,我可以 ping '192.168.1.254'
- 从我网络上的一台 PC,我可以 ping “8.8.8.8”。
- 从我网络上的一台 PC 上,如果我将 DNS 服务器设置为“8.8.8.8”,我就可以解析“google.com”。
- 从我网络上的 PC 上,如果我将 DNS 服务器设置为“192.168.1.254”,我可以不是解析“google.com”。
- 从路由器上,我可以 ping 本地网络上的客户端
- 从路由器,我可以不是使用以下命令 ping ‘8.8.8.8’:ping 8.8.8.8
- 从路由器上,我能使用以下命令 ping ‘8.8.8.8’:ping 8.8.8.8 源 192.168.1.254
- 从路由器上,如果我删除 NAT 配置,我可以 ping '8.8.8.8',我也可以解析'google.com'
因此,看起来虽然路由器完全能够连接到互联网,并且可以很好地为我本地网络上的客户端服务,但我的配置有些不对劲,它阻止路由器在“默认状态下”连接到互联网(缺乏更好的术语)。
对我来说有趣的事情之一是,尽管运行不同版本和功能集的 IOS,但这种(几乎相同的)配置在我拥有的旧 2611XM 上运行良好。
配置如下:
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2800-router
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication enable default none
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
!
!
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.49
ip dhcp excluded-address 192.168.1.200 192.168.1.254
!
ip dhcp pool default
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 8.8.8.8 8.8.4.4
!
!
!
ip domain name local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn ...
username ... privilege 15 secret 5 ...
!
redundancy
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 192.168.1.254 255.255.255.0
no ip unreachables
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dialer0
ip address negotiated
ip access-group 100 in
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp chap hostname ...
ppp chap password 7 ...
no cdp enable
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source static udp 192.168.1.1 6636 interface Dialer0 6636
ip nat inside source static tcp 192.168.1.1 6636 interface Dialer0 6636
ip nat inside source static udp 192.168.1.2 28015 interface Dialer0 28015
ip nat inside source static tcp 192.168.1.1 30033 interface Dialer0 30033
ip nat inside source static tcp 192.168.1.1 10011 interface Dialer0 10011
ip nat inside source static udp 192.168.1.1 9987 interface Dialer0 9987
ip nat inside source static tcp 192.168.1.1 80 interface Dialer0 80
ip nat inside source list 101 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
logging esm config
access-list 100 permit ip any any
access-list 101 permit ip any any
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
transport input ssh
!
scheduler allocate 20000 1000
end
以下是‘sh ip ro’的输出:
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, Dialer0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.254/32 is directly connected, GigabitEthernet0/0
195.166.xxx.xxx/32 is subnetted, 1 subnets
C 195.166.xxx.xxx is directly connected, Dialer0
212.159.xxx.xxx/32 is subnetted, 1 subnets
C 212.159.xxx.xxx is directly connected, Dialer0
‘sh ver’的输出:
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 15.1(3)T4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Thu 24-May-12 01:38 by prod_rel_team
ROM: System Bootstrap, Version 12.4(13r)T, RELEASE SOFTWARE (fc1)
2800-router uptime is 3 hours, 44 minutes
System returned to ROM by power-on
System image file is "flash:c2800nm-advipservicesk9-mz.151-3.T4.bin"
Last reload type: Normal Reload
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco 2851 (revision 53.51) with 774144K/12288K bytes of memory.
Processor board ID xxx
2 Gigabit Ethernet interfaces
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity enabled.
239K bytes of non-volatile configuration memory.
126000K bytes of ATA CompactFlash (Read/Write)
License Info:
License UDI:
-------------------------------------------------
Device# PID SN
-------------------------------------------------
*0 CISCO2851 xxx
Configuration register is 0x2102