4

After starting fresh after a write erase and a reload on a cisco 871w. I cannot ping outside of the wan (fa4).

I gave vlan1 (default) an ip because apparently the built in "4 port switch" is a layer 2 device so you cannot directly add IPs to the ports like on the 2800 series.

Fa4 (wan port) is actually a layer3 port so I add the settings(ip, mask, speed, duplex) to fa4.

there are no ACLs set up.

I can ping another device connected to one of the ports and also the vlan from a connected computer. I can ping anything from inside the router other than the vlan. I cannot ping fa4 from a connected computer nor can I ping anything outside the fa4.

I would prefer to console in and use the command line interface if possible but i can also use the http interface.

   ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
archive
 log config
  hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 ip address 65.191.147.200 255.255.254.0
 ip nat outside
 ip virtual-reassembly
 no ip route-cache cef
 duplex auto
 speed auto
 no cdp enable
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 bridge-group 1
!
interface BVI1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
ip http server
no ip http secure-server
Falcon Momot
  • 25,244
  • 15
  • 63
  • 92
jhicks4
  • 45
  • 3
  • Could you paste your config (show running-config)? (without passwords) – Falk Stern Feb 07 '12 at 14:52
  • @jhicks4 Please post your the relevant parts of you running-config for a better analysis. Thanks. – onxx Feb 07 '12 at 17:22
  • It's not clear exactly what's not working. Are you saying that you cannot Internet sites? If so, it's because you have no default route. Are you saying you can't ping devices on the LAN? Also, why do you have two interfaces with the same IP address? – David Schwartz Sep 30 '15 at 09:57

2 Answers2

2

In short: 

no ip route 192.168.1.0 255.255.255.0 61.190.146.1
no ip route 192.168.1.0 255.255.255.0 61.190.147.0

interface vlan 1 
  no ip address 192.168.1.1 255.255.255.0
  bridge-group 1

interface bvi1
  ip address 192.168.1.1 255.255.255.0
  ip nat inside 
  exit 

bridge 1 route ip
ip route 0.0.0.0 0.0.0.0 <your default gateway> 
! (if you don't get a default route via RIP) 
ip nat inside source list 1 interface FastEthernet4 overload
ip access-list 1 permit 192.168.1.0 0.0.0.255

Are you sure that you want to enable RIP and NAT?

Falk Stern
  • 141
  • 5
  • I honestly wasnt sure how to implement nat. Im only familiar with RIP. I would however like to use the most secure method which im guessing is nat since it doesnt blast IPs everywhere? – jhicks4 Feb 09 '12 at 01:07
  • Im guessing `ip route "IP" "mask" ` is the gateway for the dmz side and not the network side? – jhicks4 Feb 09 '12 at 01:43
  • I couldnt figure out how to get the ip route on bridge one. using the knowledge base and my ccna stuff? When I try to it gives me an incomplete error. Ive tried it from the config menu as well as the enable menu. – jhicks4 Feb 09 '12 at 03:22
  • All that stuff should be typed from "configure" mode. RIP isn't nessecary, if you don't have another router to talk to. The `ip route` stuff is your default gateway. – Falk Stern Feb 09 '12 at 11:46
0

Did you try adding the ip routing command in configuration mode? Also do you have a default route?

resmon6
  • 1,352
  • 6
  • 8