Cisco 路由器 1800 系列不路由互联网

网络工程 思科 路由 交换 联网
2021-07-17 11:31:58

处理 1800 系列 Cisco 路由器的问题。路由器可以正常访问互联网,可以 ping 谷歌、微软等。路由器连接到交换机,交换机连接 2 个运行 Windows 10 的工作站。路由器分发 DHCP 很好,但不路由互联网。我可以从工作站 ping 路由器。附件是我的运行配置。

    Router#show run
    Building configuration...

    Current configuration : 1848 bytes
    !
    ! Last configuration change at 00:45:46 UTC Thu Aug 9 2018
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5 hash.
    enable password password
    !
    no aaa new-model
    !
    dot11 syslog
    ip source-route
    no ip routing
    !
    !
    ip dhcp excluded-address 192.168.1.0 192.168.1.99
    !
    ip dhcp pool MY_LAN
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 8.8.4.4 8.8.8.8
    !
    !
    !
    no ip cef
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    crypto pki token default removal timeout 0
    !
    !
    !
    !
    license udi pid CISCO1841 sn FHK12182B87
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
     description ## INTERNET ##
     ip address dhcp
     ip access-group MY_WAN in
     ip nat outside
     ip virtual-reassembly in
     no ip route-cache
     speed auto
     half-duplex
     no mop enabled
    !
    interface FastEthernet0/1
     description ## MY LAN ##
     ip address 192.168.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
     no ip route-cache
     duplex auto
     speed auto
    !
    interface Serial0/0/0
     no ip address
     no ip route-cache
     shutdown
    !
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    !
    !
    ip nat inside source list 1 pool MY_LAN overload
    ip nat inside source list MY_LAN interface FastEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 192.168.1.101
    ip route 0.0.0.0 0.0.0.0 192.168.1.102
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
    !
    ip access-list standard MY_LAN
     permit 192.168.1.0 0.0.0.255
    !
    ip access-list extended MY_WAN
     permit tcp any any established
     permit ip any any
    !
    access-list 1 permit 192.168.1.0 0.0.0.255
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
     password ********
     login
     transport input all
    !
    scheduler allocate 20000 1000
    end

    Router#ping google.com
    Translating "google.com"...domain server (74.40.74.40) [OK]

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.217.0.14, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/12 ms
    Router#

如果我能澄清任何事情,请告诉我。

2个回答

没有ip路由

您明确关闭了 ROUTING我看到很多次了,这是我寻找任何配置的第一件事。

您应该关闭source-route,但不要关闭routing

此外,您已关闭cef,这会强制系统处理每个数据包的开关。你会很幸运能达到这样的两位数速度。

你的路由搞砸了。您不需要或不希望默认路由指向您的 LAN。你在路由和 NAT 上太努力了:

no ip nat inside source list 1 pool MY_LAN overload
no ip nat inside source list MY_LAN interface FastEthernet0/0 overload
no ip route 0.0.0.0 0.0.0.0 192.168.1.101
no ip route 0.0.0.0 0.0.0.0 192.168.1.102
ip nat inside source list 1 interface FastEthernet0/0 overload
!

此外,您的 WAN ACL 确实没有做任何事情,因为它允许基于第二行的任何内容:

ip access-list extended MY_WAN
 permit tcp any any established
 permit ip any any !!! This line allows everything and it is before the implicit deny at the end !!!
!

您应该从 WAN 接口删除 ACL,让 NAT 和路由工作,然后尝试设置 ACL。

其它你可能感兴趣的问题
上一篇为什么不切换MAC地址冲突 下一篇TCP DUP ACK 看似定期发生