nat on 2621 adsl

[ossington]

have a 2621 with fa0/0 and fa0/1 only and fa0/0 is used as a dialer1 int while fa 0/1 is a point to point. Currently i can ping outside from the 2621 however cannot ping the internet from the switch behind it which I want to be my LAN. I have ospf routing between them working fine. Any advice on how to make this happen would be helpful and below are the int configurations on the 2621.

2621
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
end
interface FastEthernet0/1 (connects to switch)
ip address 192.168.252.1 255.255.255.252
ip pim sparse-dense-mode
ip nat inside
ip ospf network point-to-point
duplex auto
speed auto
no cdp enable
end
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication pap callin

i also have the nat overload pointed to the dialer1

 

[brianinms]

This some crazy lab experiment?

 

[ossington]

yes, only for lab. If you have another way to make this work im all ears.

 

[burtsbees]

Well, can the nodes attached to the switch ping the dialer interface? Can the router itself get out to the internet? If the router cannot get out to the internet, do a
debug ppp neg
debug ppp authe
If it CAN get out to the internet, but the nodes on the switch CANNOT, then post a sh run, so we can see the NAT list, acl's, dhcp scope, etc.

Burt

 

[brianinms]

My suggestion is to take the ospf out of the equation. If it is a local lan there is only one place it can go, thus it doesn't make sense to use a dynamic routing protocol. In addition unless you have a 3550, a 3560, or a 3750 as a switch you can't run ospf anyways.

 

[ossington]

I was trying to show colleagues ospf so if you think it can work let me know. As it stands the router can ping the internet, the switch can ping the point to point ip and a loopback (192.168.0.x)i gave it. I'm not sure how to ping the dialer interface.

here is the config of the router

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname playground
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$FiEX$jdP9Z2np.YwpOoxAzZWIx1
!
no aaa new-model
!
resource policy
!
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
vpdn enable
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.0.249 255.255.255.255
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
ip address 192.168.252.1 255.255.255.252
ip pim sparse-dense-mode
ip nat inside
ip ospf network point-to-point
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1.1
no cdp enable
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username (removed) password 0 (removed)
!
router ospf 10
log-adjacency-changes
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip http server
ip http secure-server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
no cdp run
!
!
control-plane
!
!
!
!
!
!
!
!
call-manager-fallback
max-conferences 4 gain -6
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
!
end

 

[plshlpme]

your nat needs to be on the dialer.. not the fa0/0

no ip nat inside source list 1 interface FastEthernet0/0 overload

ip nat inside source list 1 interface dialer0 overload


and you access-list 1 is missing.. which needs to include all of the lan subnets that you want to allow to be natted.

 

[plshlpme]

sorry
ip nat inside source list 1 interface dialer0 overload

should be
ip nat inside source list 1 interface dialer1 overload

 

[burtsbees]

sh int di1
that will give you the IP address for the dialer interface...this is what you ping. If it not bound to a Virtual-Access, then your ppp negotiation parameters are off...you can
debug ppp authe
and
debug ppp neg
unplug the fa0/0 and plug it back in.

Also, post sh int di1 and sh ip route.

Burt

 

[ossington]

Im now able to ping the dialers outside address (70.50.227.12) from the switch however i still cant ping other external sites like google and yahoo.. ip routes below


I add the dialer back to the nat statement and created the following acls.



access-list 1 permit 192.168.0.0 0.0.0.255
dialer-list 1 protocol ip permit

The dialer int is fine:

Dialer1 is up, line protocol is up (spoofing)
Hardware is Unknown
Internet address is 70.50.227.12/32
MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, loopback not set
Keepalive set (10 sec)
DTR is pulsed for 1 seconds on reset
Interface is bound to Vi1
Last input never, output never, output hang never
Last clearing of "show interface" counters 3d07h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/0/16 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 42 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
34230 packets input, 1515126 bytes
34784 packets output, 1953184 bytes
Bound to:
Virtual-Access1 is up, line protocol is up
Hardware is Virtual Access interface
MTU 1500 bytes, BW 56 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation PPP, LCP Open
Open: IPCP
PPPoE vaccess, cloned from Dialer1
Vaccess status 0x44, loopback not set
Keepalive set (10 sec)
Interface is bound to Di1 (Encapsulation PPP)
Last input 00:01:01, output never, output hang never
Last clearing of "show interface" counters 00:16:36
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
166 packets input, 4571 bytes, 0 no buffer
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
177 packets output, 6092 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out








ip route from router

70.0.0.0/32 is subnetted, 1 subnets
C 70.50.227.12 is directly connected, Dialer1
64.0.0.0/32 is subnetted, 1 subnets
C 64.230.199.2 is directly connected, Dialer1
192.168.0.0/32 is subnetted, 1 subnets
C 192.168.0.249 is directly connected, Loopback0
192.168.252.0/30 is subnetted, 1 subnets
C 192.168.252.0 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 is directly connected, Dialer1




ip route from switch


Gateway of last resort is 192.168.252.1 to network 0.0.0.0

192.168.0.0/32 is subnetted, 1 subnets
C 192.168.0.248 is directly connected, Loopback0
192.168.252.0/30 is subnetted, 1 subnets
C 192.168.252.0 is directly connected, GigabitEthernet1/0/2
S* 0.0.0.0/0 [1/0] via 192.168.252.1
sandbox#

 

[brianinms]

To show your coworkers ospf you would have to have multiple routers and/or layer 3 switches that support ospf.

 

[burtsbees]

Please post the output of this from the switch...
switch#ping

http://www.google.com

Burt

 

[ossington]

I have a layer 3 switch (3750)

Ping to the ip to google (not using dns yet) = no peply

ospf is working fine as its routing between the 2 devices

 

[burtsbees]

post sh ip route

Burt

 

[ossington]

i have already posted sh ip route above for the switch and router

 

[eliotB]

Ping via IP address instead of the DNS name.

Make sure the authentication is PAP and not CHAP.

I'm not sure what's up w/your OSPF config. You have no OSPF routes in your routing table. You have no router ospf area configs on your router.

can the router ping an ip address on the outside of a website?

 

[plshlpme]

sorry dude.. there are no ospf routes in those routing tables...
just statics and connected..
ospf is doing nothing.

 

[brianinms]

Do you have another subnet configured on your switch? You are using 192.168.252.1 255.255.255.252 on your router which means that you have to have 192.168.252.2 on your switch.

 

[ossington]

To answer the first question, yes the router can ping any ip on the web

Im not great with ospf so if anyone has any idea how to remedy this that would rock. I appreciate everyone’s help

I was not able to ping the loobacks of each device until i tourned on ospf so its doing something but i agree with all of you re no ospf routes

My goal was to use ospf but If I cant a local lan will suffice for now, how would you recommend the config of the connection from fa0/1 to the switchport to be?

 

[ossington]

yes its "192.168.252.1 255.255.255.252 on your router which means that you have to have 192.168.252.2 on your switch"

i can ping the point to point from each device, ping the 192.168.0.248 and 249 loobacks, get to the web from the router and also ping the dialers int public ip from the swith. The only issue i have is pinging any ip on the web besides the dialer ip from the switch