NAT 1941 Router Help

We have three vlans, all class C’s, on a switch which is trunked to a router on port fa 0/1.
All vlans route nicely.
I have one device, and no others, in each 192.168.x.x network that I want to reach (Network Address Translation) via the 10.199.110.0 network. No other communications is required to or from the 10.199.110.0 network:
192.168.20.30 (personal computer) <--NAT--> 10.199.110.91
192.168.40.30 (personal computer) <--NAT--> 10.199.110.92
192.168.60.30 (personal computer) <--NAT--> 10.199.110.93
Router config:
interface FastEthernet0/0
ip address 10.199.110.90 255.255.255.0
ip nat outside
duplex full
speed auto
no mop enabled
interface FastEthernet0/1
no ip address
duplex auto
speed auto
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
interface FastEthernet0/1.40
encapsulation dot1Q 40
ip address 192.168.40.254 255.255.255.0
ip nat inside
interface FastEthernet0/1.60
encapsulation dot1Q 60
ip address 192.168.60.254 255.255.255.0
ip nat inside
Any questions or ideas?

Hi Jon,
We got the problem fixed:
interface FastEthernet0/0
ip address 10.199.110.90 255.255.255.0
ip access-group 101 in
ip access-group 102 out
ip nat outside
duplex full
speed auto
no mop enabled
interface FastEthernet0/1
no ip address
duplex auto
speed auto
no mop enabled
interface FastEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip nat inside
interface FastEthernet0/1.40
encapsulation dot1Q 40
ip address 192.168.40.254 255.255.255.0
ip nat inside
interface FastEthernet0/1.60
encapsulation dot1Q 60
ip address 192.168.60.254 255.255.255.0
ip nat inside
ip classless
ip http server
no ip http secure-server
ip nat inside source static 192.168.20.30 10.199.110.91
ip nat inside source static 192.168.40.30 10.199.110.92
ip nat inside source static 192.168.60.30 10.199.110.93
ip nat outside source static 10.199.110.91 10.199.110.91
ip nat outside source static 10.199.110.92 10.199.110.92
ip nat outside source static 10.199.110.93 10.199.110.93
access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.91
access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.92
access-list 101 permit ip 10.0.0.0 0.255.255.255 host 10.199.110.93
access-list 102 permit ip host 10.199.110.93 10.0.0.0 0.255.255.255
access-list 102 permit ip host 10.199.110.91 10.0.0.0 0.255.255.255
access-list 102 permit ip host 10.199.110.92 10.0.0.0 0.255.255.255
dialer-list 1 protocol ip permit
Thanks again
Tom

Similar Messages

Cisco 1941 Router-on-a-Stick w/ 11VLANs trunked to a Cisco 2960: Can Ping a device in another VLAN, that device cannot ping back

Cisco 1941 Router-on-a-Stick w/ 11VLANs trunked to a Cisco 2960: From the Switch I can Ping a device in another VLAN, that device cannot ping back. Some devices can ping devices in other VLANs and the device in the other VLAN can successfully return the Ping. Have a look at the attached diagram.
Router Config:
show run
Building configuration...
Current configuration : 7224 bytes
! Last configuration change at 09:05:48 EDT Wed Aug 6 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname ROUTER
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone EDT -8 0
ip cef
ip name-server 8.8.8.8
no ipv6 cef
multilink bundle-name authenticated
license udi pid CISCO1941/K9
object-group network Net_Obj_Group1
description This network group allows all 10.0.0.0 and Email Forwarder server through to the Plt PCs
205.191.0.0 255.255.0.0
10.0.0.0 255.0.0.0
object-group network Net_Obj_Group2
description This Network Group includes the Host IPs allowed through the Plant Router
host 10.194.28.23
host 10.194.28.25
host 10.194.28.26
host 10.194.28.27
host 10.194.28.28
host 10.194.28.29
host 10.194.28.37
host 10.194.28.39
host 10.194.28.40
host 10.194.28.70
host 10.194.28.130
host 10.194.28.131
host 10.194.28.132
host 10.194.28.133
host 10.194.28.134
host 10.194.28.135
host 10.194.28.136
host 10.194.28.137
host 10.194.28.138
host 10.194.28.139
host 10.194.28.140
host 10.194.28.141
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description Port Ge0/0 to IT Enterprise network Switch GE1/0/38
ip address 10.194.28.111 255.255.255.0
ip access-group 105 in
ip access-group 106 out
ip nat outside
ip virtual-reassembly in
shutdown
duplex full
speed auto
no mop enabled
interface GigabitEthernet0/1
description Port to Plant PCN-K/L24 Sw1 Port 0/24
no ip address
duplex auto
speed auto
no mop enabled
interface GigabitEthernet0/1.102
description Port to VLAN 102
encapsulation dot1Q 102
ip address 192.168.102.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.104
description Port to VLAN 104
encapsulation dot1Q 104
ip address 192.168.104.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.105
description Port to VLAN 105
encapsulation dot1Q 105
ip address 192.168.105.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.106
description Port to VLAN 106
encapsulation dot1Q 106
ip address 192.168.106.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.107
description Port to VLAN 107
encapsulation dot1Q 107
ip address 192.168.107.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.111
description Port to VLAN 111
encapsulation dot1Q 111
ip address 192.168.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.117
description Port to VLAN 117
encapsulation dot1Q 117
ip address 192.168.117.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.121
description Port to VLAN 121
encapsulation dot1Q 121
ip address 192.168.121.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.125
description Port to VLAN 125
encapsulation dot1Q 125
ip address 192.168.125.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.150
description Port to to VLAN 150
encapsulation dot1Q 150
ip address 192.168.150.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1.999
description Port to VLAN 999
encapsulation dot1Q 999
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip forward-protocol nd
ip http server
no ip http secure-server
ip nat inside source static 192.168.102.201 10.194.28.23
ip nat inside source static 192.168.121.201 10.194.28.25
ip nat inside source static 192.168.106.251 10.194.28.26
ip nat inside source static 192.168.107.245 10.194.28.27
ip nat inside source static 192.168.102.251 10.194.28.28
ip nat inside source static 192.168.150.201 10.194.28.29
ip nat inside source static 192.168.107.179 10.194.28.37
ip nat inside source static 192.168.111.201 10.194.28.39
ip nat inside source static 192.168.105.201 10.194.28.40
ip nat inside source static 192.168.106.21 10.194.28.70
ip nat inside source static 192.168.107.146 10.194.28.130
ip nat inside source static 192.168.107.156 10.194.28.131
ip nat inside source static 192.168.107.161 10.194.28.132
ip nat inside source static 192.168.107.181 10.194.28.133
ip nat inside source static 192.168.107.191 10.194.28.134
ip nat inside source static 192.168.106.202 10.194.28.135
ip nat inside source static 192.168.106.212 10.194.28.136
ip nat inside source static 192.168.117.190 10.194.28.137
ip nat inside source static 192.168.117.100 10.194.28.138
ip nat inside source static 192.168.106.242 10.194.28.139
ip nat inside source static 192.168.125.100 10.194.28.140
ip nat inside source static 192.168.125.99 10.194.28.141
ip nat outside source static 10.194.28.23 10.194.28.23
ip nat outside source static 10.194.28.25 10.194.28.25
ip nat outside source static 10.194.28.26 10.194.28.26
ip nat outside source static 10.194.28.27 10.194.28.27
ip nat outside source static 10.194.28.28 10.194.28.28
ip nat outside source static 10.194.28.29 10.194.28.29
ip nat outside source static 10.194.28.37 10.194.28.37
ip nat outside source static 10.194.28.39 10.194.28.39
ip nat outside source static 10.194.28.40 10.194.28.40
ip nat outside source static 10.194.28.70 10.194.28.70
ip nat outside source static 10.194.28.130 10.194.28.130
ip nat outside source static 10.194.28.131 10.194.28.131
ip nat outside source static 10.194.28.132 10.194.28.132
ip nat outside source static 10.194.28.133 10.194.28.133
ip nat outside source static 10.194.28.134 10.194.28.134
ip nat outside source static 10.194.28.135 10.194.28.135
ip nat outside source static 10.194.28.136 10.194.28.136
ip nat outside source static 10.194.28.137 10.194.28.137
ip nat outside source static 10.194.28.138 10.194.28.138
ip nat outside source static 10.194.28.139 10.194.28.139
ip nat outside source static 10.194.28.140 10.194.28.140
ip nat outside source static 10.194.28.141 10.194.28.141
ip route 0.0.0.0 0.0.0.0 10.194.28.1
access-list 105 permit ip object-group Net_Obj_Group1 object-group Net_Obj_Group2
access-list 106 permit ip object-group Net_Obj_Group2 object-group Net_Obj_Group1
dialer-list 1 protocol ip permit
control-plane
banner login ^CC
Login banner for Plant Router #01^C
banner motd ^CC
MOTD Banner for Plant Router^C
line con 0
password XXXXXXXXX
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password XXXXXXXXX
logging synchronous
login
transport input all
scheduler allocate 20000 1000
ntp server 10.199.100.92
end
Switch Config:
sh ru
Building configuration...
Current configuration : 6513 bytes
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname K24Sw01
boot-start-marker
boot-end-marker
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
udld aggressive
crypto pki trustpoint TP-self-signed-593746944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-593746944
revocation-check none
rsakeypair TP-self-signed-593746944
4B58BCE9 44
quit
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0
no ip address
interface GigabitEthernet0/1
description Trunk port for vlans 105, 111, 125 and 999 from K24Sw01 port Ge0/1 to P22Sw01 port Ge0/24
switchport trunk allowed vlan 105,111,125,999
switchport mode trunk
interface GigabitEthernet0/2
description Trunk port for vlans 150 and 999 from K24Sw01 port Ge0/2 to N25Sw01 port Ge0/26
switchport trunk allowed vlan 150,999
switchport mode trunk
interface GigabitEthernet0/3
description Trunk port for vlans 102, 104, 106, 107, 117 and 999 from K24Sw01 port Ge0/3 to K28Sw01 port Ge0/26
switchport trunk allowed vlan 102,104,106,107,117,999
switchport mode trunk
interface GigabitEthernet0/4
description Trunk port for vlans 102, 106, 107 and 999 from K24Sw01 port Ge0/4 to H23Sw01 port Ge0/26
switchport trunk allowed vlan 102,106,107,999
switchport mode trunk
interface GigabitEthernet0/5
description Trunk port for vlans 121, 125 and 999 from K24Sw01 port Ge0/5 to M21Sw01 port Ge0/24
switchport trunk allowed vlan 121,125,999
switchport mode trunk
interface GigabitEthernet0/6
description OPEN
spanning-tree portfast
interface GigabitEthernet0/7
description OPEN
spanning-tree portfast
interface GigabitEthernet0/8
description OPEN
spanning-tree portfast
interface GigabitEthernet0/9
description OPEN
spanning-tree portfast
interface GigabitEthernet0/10
description VLan 102 access port
switchport access vlan 102
spanning-tree portfast
interface GigabitEthernet0/11
description - VLan 104 access port
switchport access vlan 104
spanning-tree portfast
interface GigabitEthernet0/12
description - VLan 105 access port
switchport access vlan 105
spanning-tree portfast
interface GigabitEthernet0/13
description - VLan 106 access port
switchport access vlan 106
spanning-tree portfast
interface GigabitEthernet0/14
description - VLan 107 access port
switchport access vlan 107
spanning-tree portfast
interface GigabitEthernet0/15
description - VLan 111 access port
switchport access vlan 111
spanning-tree portfast
interface GigabitEthernet0/16
description - VLan 117 access port
switchport access vlan 117
spanning-tree portfast
interface GigabitEthernet0/17
description - VLan 121 access port
switchport access vlan 121
spanning-tree portfast
interface GigabitEthernet0/18
description - VLan 125 access port
switchport access vlan 125
spanning-tree portfast
interface GigabitEthernet0/19
description - VLan 150 access port
switchport access vlan 150
spanning-tree portfast
interface GigabitEthernet0/20
description - VLan 999 access port
switchport access vlan 999
spanning-tree portfast
interface GigabitEthernet0/21
description OPEN
spanning-tree portfast
interface GigabitEthernet0/22
description OPEN
spanning-tree portfast
interface GigabitEthernet0/23
description OPEN
spanning-tree portfast
interface GigabitEthernet0/24
description From ROUTER Gw ge0/1
switchport trunk allowed vlan 102,104-107,111,117,121,125,150,999
switchport mode trunk
interface GigabitEthernet0/25
interface GigabitEthernet0/26
interface Vlan1
no ip address
no ip route-cache
shutdown
interface Vlan102
ip address 192.168.102.253 255.255.255.0
interface Vlan104
no ip address
no ip route-cache
interface Vlan105
no ip address
no ip route-cache
interface Vlan106
no ip address
no ip route-cache
interface Vlan107
no ip address
no ip route-cache
interface Vlan111
no ip address
no ip route-cache
interface Vlan117
no ip address
no ip route-cache
interface Vlan121
no ip address
no ip route-cache
interface Vlan125
no ip address
no ip route-cache
interface Vlan150
no ip address
no ip route-cache
interface Vlan999
no ip address
no ip route-cache
ip default-gateway 192.168.102.1
ip http server
ip http secure-server
snmp-server engineID local 00000009020000019634C2C0
snmp-server community public RO
snmp-server location
snmp-server contact
banner motd ^CCC ADMIN USE ONLY! ^C
line con 0
session-timeout 10
password xxxxxx
logging synchronous
login
stopbits 1
line vty 0 4
session-timeout 10
password xxxxxxx
login
line vty 5 15
session-timeout 10
password xxxxxxxx
login
ntp server 10.199.100.92
end
K24Sw01#

HI Mark,
Here is the my config:
Create sub-interfaces, set 802.1Q trunking protocol and ip address on each sub-interface
Router(config)#interface f0/0
Router(config-if)#no shutdown
(Note: The main interface f0/0 doesn’t need an IP address but it must be turned on)
Router(config)#interface f0/0.10
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.1 255.255.255.0
Router(config-subif)#interface f0/0.20
Router(config-subif)#encapsulation dot11 20
Router(config-subif)#ip address 192.168.20.1 255.255.255.0
(Note: In the “encapsulation dot1q 10″ command, 10 is the VLAN ID this interface operates in)
Configure VLAN
Switch(config)#vlan 10
Switch(config-vlan)#name SALES
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name TECH
Set ports to access mode & assign ports to VLAN
Switch(config)#interface range fa0/1
Switch(config-if)#no shutdown
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan 15
Switch(config-if)#interface range fa0/3
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode access
Switch(config-if)# switchport access vlan 20
Switch(config-if)#interface range fa0/5
Switch(config-if)#no shutdown
Switch(config-if)#switchport mode trunk
1. Please check all your port are up.
2. Check the config once again.
3. Make sure the swicth and router connection port configured as trunk and it should be up.
This config is working for me,
Regards
Dont forget to rate helpful posts.

Setup 1941 router with cable modem and 2 vlan?

hello everyone,
i need a little help setting up my new 1941 router with cable modem using 2 vlns.
this is what i have:
1- 1941 router configured as g0/0 wan port facing isp configured as (dhcp). g0/1 is lan facing the switch (192.168.1.1)
dhcp pool (192.168.1.x)
2- sg300-28pp switch.
3- wap371 AP/ 11pcs..
now everything is working perfect except sometimes we have more than 250 to 300 people trying to connect to the wifi, the router will have no enough ip addresses.
i heard that i can setup 2 vlans to solve this problem? and is there any setup that i have to do on switch and Access points?
please i will appreciate any little help
Regards

hello Andre Neethling i added network 192.168.0.0 255.255.254.0 to dhcp pool config and it seems that it is working but i am concern that i am going to have problem in the future so please take a look at the running config and let me know if i have everything done right. also we want to order static ip address from the provider for our security camera system and we will not longer receive dhcp ip from them and my router setup is to receive it as dhcp on g0/0 so what i should do about changing the settings on g0/0?
i appreciate your help
Building configuration...
Current configuration : 1163 bytes
! Last configuration change at 00:46:35 UTC Wed Apr 15 2015
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Abdullah
boot-start-marker
boot-end-marker
no aaa new-model
no ipv6 cef
ip source-route
ip cef
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp pool Local
import all
network 192.168.0.0 255.255.254.0
default-router 192.168.1.1
multilink bundle-name authenticated
license udi pid CISCO1941/K9 sn FTX1523022E
redundancy
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
interface GigabitEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
control-plane
line con 0
line aux 0
line vty 0 4
login
scheduler allocate 20000 1000
end

Need some help with a fundamental concept of nat'ing/routing

I have the following code on an ASA5500 pair with very down-level code. 7.1.2.
Here is a snippet of the ruleset:
interface GigabitEthernet0/1.40
description Production Servers Network
vlan 40
nameif Production
security-level 40
ip address 172.20.0.1 255.255.0.0 standby 172.20.0.2
access-list no-nat extended permit ip 192.168.3.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list no-nat extended permit ip 172.20.0.0 255.255.0.0 192.168.20.0 255.255.255.0
nat (Production) 0 access-list no-nat
Am I correct in believing all traffic sourced from the 192.168.3.0 and 172.20.0.0 networks coming in via the Production interface will NOT be Nat'ed.
My next question is will that traffic be routed through that interface Production using the original IP addresses, or will that traffic NOT be routed anywhere?
I don't want that traffic to be routed, but am concerned since these access list commands permit IP traffic between the networks, this traffic will be routed.

Thanks for responses, but they confuse me more.
It is not your answers causing my confusion, but the firewall rules I am trying to apply to this.
From what you are saying, traffic WILL flow from the 192.168.3.0 network to the 192.168.20.0 network, flowing through the Production interface. It won't be Nat'ed, but it will route because the access list explicitly allows IP traffic sourced from the 192.168.3.0 network to reach the 192.168.20.0 network.
However, this is not what is currently happening in the networks, as far as I have been told.
Let me add more lines of code to the problem, and give my interpretation, and you can tell me where I am going wrong.
1. There is no access list explictly associated with the Production interface, as can be seen through the definition in my first post.
2. More complete code:
object-group network network_vpn
description VPN IP's
network-object 192.168.2.0 255.255.255.0
network-object 192.168.3.0 255.255.255.0
access-list no-nat extended permit ip 192.168.20.0 255.255.255.0 172.20.0.0 255.255.0.0
access-list no-nat extended permit ip object-group network_vpn 172.20.0.0 255.255.0.0
access-list no-nat extended permit ip object-group network_vpn 192.168.20.0 255.255.255.0
access-list no-nat extended permit ip 172.20.0.0 255.255.0.0 192.168.20.0 255.255.255.0
access-list no-nat extended permit ip 192.168.2.0 255.255.255.0 172.20.0.0 255.255.0.0
access-list no-nat extended permit ip 192.168.0.0 255.255.0.0 172.20.0.0 255.255.0.0
access-list no-nat extended permit ip 172.20.0.0 255.255.0.0 192.168.0.0 255.255.0.0
access-list no-nat extended permit ip 192.168.20.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list no-nat extended permit ip 172.20.0.0 255.255.0.0 192.168.2.0 255.255.255.0
access-list no-nat extended permit ip 192.168.3.0 255.255.255.0 172.20.0.0 255.255.0.0
access-list no-nat extended permit ip 192.168.3.0 255.255.255.0 192.168.20.0 255.255.255.0
access-list no-nat extended permit ip 192.168.2.0 255.255.255.0 192.168.20.0 255.255.255.0
nat (Production) 0 access-list no-nat
nat (Production) 0 access-list Production_nat0_inbound outside
nat (Production) 1 172.20.0.0 255.255.0.0
Use the 3rd last line in the access-list no-nat commands as an example.
As I envision this, if I have a network sourced as 192.168.3.0, coming in through the Production interface, IP traffic can reach the 172.20.0.0 network, albeit through not NAT'ed, but with the original IP addreses, assuming routing is configured between these networks? I guess my related question would be is routing not implictly turned on between these networks?
3. Also, I think several lines of this access rule are redundant, given the network object covers the 192.168.2.0 and 192.168.3.0 networks.

NAT and Routed Network with Two ISP's on one router

I'm sure this has been done covered many times, but I am not finding it.
I have two ISP connections.
With ISP-A I have a /30 between us and 200.100.100.0/24 is routed to me via the /30 for thsi example we will say the /30 is 1.1.1.1 on isp end and 1.1.1.2 on my end
With ISP-B I have a 100.0.0.0/29 subnet. and the ISP gateway is on that subnet at 100.0.0.1
On the inside of my network I have devices using both 200.100.100.x addresses and devices on 192.168.100.x that need to use NAT.
I would like all of the devices on 200.100.100.x addresses to continue using ISP-A as their gateway.
Everything on 192.168.100.x should use NAT and go out ISP-B
I have tried
ip nat inside source route-map ISP-A interface GigabitEthernet0/1 overload
route-map ISP-B permit 10
match ip address 101
match interface GigabitEthernet0/1
set ip next-hop 100.0.0.1
route-map ISP-A permit 10
match ip address 111
match interface Multilink1
set ip next-hop 1.1.1.1
The problem comes when I have default routes to ISP-A in the router than none of the ISP-B traffic works, and vice versa.

I think for this to work correctly and be able to split traffic between the 2 ISPs, you would need to use BGP, because default is going to use one ISP or the other.
If you can use BGP, this link will help you in load shearing between multiple ISPs when you have one router.
http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/13762-40.html#conf4
HTH

2 router help.. computer guy needs help

Hey everyone.. trying to isolate wireless on my network.
router one netgear setup as dhcp and ppoe to my dsl modem. would like to keep the wired network first on the netgear.
router 2 linksys wireless is plugged from netgear port into linksys wan .. would like to use this isolated from the 0.1 sub that netgear is putting out. so i have connected using 1.1 sub and it gets its ip and can ping from the routers internal ping test although the pcs cannont. it works if in gateway mode although i dont want the users to be able to ping my netgear network so i put in router mode to isolate . problem is that the pc cant get out.. tried some static routing with no avail and i think possible the double nat is causing troubles. i need to have dhcp on the wireless so i can get this icafe working and keep users of the network. i dont want to use the ap isolation in the adavanced tab because i think i shouldnt have to and should be able to get these beeachess (that bitches for u wonder) working like i have the plugged.. if you test u'll notice that the if in gateway mode the two networks can see each other (tell me why and i will kiss u- although must be some double nat or gatewaycrap ) ok thats the speel... which one of ya thinks that he can help.
i am leaving them in gateway over the weekend but if someone stumbles this they might get on the local network and figure how much i a charging them to get this to work
thanks
tony
bugeyed computer guy

Yes, you are on the right track. As stated in the included instruction manual, you will need to charge your iPod for four hours or until the display changes so that it shows a power plug (meaning that it is fully charged).
Also note that while your iPod is charging, you can also add songs and videos to it.

VRF-lite, NAT and route-leaking

Hello, community. I'm trying to reproduce setup with two customers (R1 and R2), PE router (R3) and common services (R4).
Here is configuration:
R1:
interface Loopback0
ip address 10.10.1.1 255.255.255.255
interface FastEthernet1/0
ip address 192.168.15.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.15.5
R2:
interface Loopback0
ip address 10.10.2.2 255.255.255.255
interface FastEthernet1/0
ip address 192.168.16.1 255.255.255.192
ip route 0.0.0.0 0.0.0.0 192.168.16.5
R3:
ip vrf VRF1
rd 1:1
route-target export 1:1
route-target import 1:1
ip vrf VRF2
rd 2:2
route-target export 2:2
route-target import 2:2
interface FastEthernet0/0
description R1
ip vrf forwarding VRF1
ip address 192.168.15.5 255.255.255.192
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1
description R2
ip vrf forwarding VRF2
ip address 192.168.16.5 255.255.255.192
ip nat inside
ip virtual-reassembly
interface FastEthernet1/0
description R4
ip address 1.1.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly
ip route 0.0.0.0 0.0.0.0 1.1.1.2
ip route vrf VRF1 0.0.0.0 0.0.0.0 FastEthernet1/0 1.1.1.2 global
ip route vrf VRF1 10.10.0.0 255.255.0.0 192.168.15.1
ip route vrf VRF2 0.0.0.0 0.0.0.0 FastEthernet1/0 1.1.1.2 global
ip route vrf VRF2 10.10.0.0 255.255.0.0 192.168.16.1
ip nat inside source list 15 interface FastEthernet1/0 vrf VRF1 overload
ip nat inside source list 16 interface FastEthernet1/0 vrf VRF2 overload
access-list 15 permit 192.0.0.0 0.255.255.255
access-list 15 permit 10.10.0.0 0.0.255.255
access-list 16 permit 192.0.0.0 0.255.255.255
access-list 16 permit 10.10.0.0 0.0.255.255
R4:
interface Loopback0
ip address 10.10.10.10 255.255.255.255
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
ip route 0.0.0.0 0.0.0.0 1.1.1.1
The configuration is not operational.
r1#ping 192.168.15.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.15.5, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/89/116 ms
r1#ping 192.168.15.5 source l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.15.5, timeout is 2 seconds:
Packet sent with a source address of 10.10.1.1
Success rate is 100 percent (5/5), round-trip min/avg/max = 68/86/92 ms
r1#ping 1.1.1.1 source l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.1.1
Success rate is 80 percent (4/5), round-trip min/avg/max = 292/357/400 ms
r1#ping 1.1.1.2 source l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 10.10.1.1
Success rate is 80 percent (4/5), round-trip min/avg/max = 160/187/216 ms
r1#ping 10.10.10.10 source l0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Packet sent with a source address of 10.10.1.1
Success rate is 0 percent (0/5)
I can't ping R4's loopback address ("shared resource" or also known as "common service")
The same is with R2 ( second customer).
But I can still ping R4's loopback from R3:
R3#ping 10.10.10.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/88/116 ms
This is routing table on R3:
R3#sh ip route | begin Gateway
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
     1.0.0.0/24 is subnetted, 1 subnets
C       1.1.1.0 is directly connected, FastEthernet1/0
S*   0.0.0.0/0 [1/0] via 1.1.1.2
R3#sh ip route vrf VRF1 | begin Gateway
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
     192.168.15.0/26 is subnetted, 1 subnets
C       192.168.15.0 is directly connected, FastEthernet0/0
     10.0.0.0/16 is subnetted, 1 subnets
S       10.10.0.0 [1/0] via 192.168.15.1
S*   0.0.0.0/0 [1/0] via 1.1.1.2, FastEthernet1/0
R3#sh ip route vrf VRF2 | begin Gateway
Gateway of last resort is 1.1.1.2 to network 0.0.0.0
     10.0.0.0/16 is subnetted, 1 subnets
S       10.10.0.0 [1/0] via 192.168.16.1
     192.168.16.0/26 is subnetted, 1 subnets
C       192.168.16.0 is directly connected, FastEthernet0/1
S*   0.0.0.0/0 [1/0] via 1.1.1.2, FastEthernet1/0
So the question is what is the problem cause? How to troubleshoot? What is the troubleshooting steps?

Hi Eugene Khabarov
The problem here is that at the PE we have the static route for the Major Subnet 10.10.0.0/16 pointing back to the CEs of which the destination ping IP 10.10.10.10 is part of.
We need to remove the Major X /16 route from PE and configure explicit X /32 route for the CE Loopback to make this work
no ip route vrf VRF1 10.10.0.0 255.255.0.0 192.168.15.1
ip route vrf VRF1 10.10.1.1 255.255.0.0 192.168.15.1
no ip route vrf VRF2 10.10.0.0 255.255.0.0 192.168.16.1
ip route vrf VRF2 10.10.2.2 255.255.0.0 192.168.16.1
Hope this helps to answer your query.
Regards
Varma

CCTV On 1941 Router

Hi all
got a tricky for me here
i have some public ip's from BT one for my router and another for my DVR for the cameras at works. our old shitty BT home hub used a DMZ for the cameras so we could access them from our phones etc. now i upgraded us to a 1941 adsl joby. and everything is fine except i cant get the cameras to work.
is this some thing in the access list i'm missing??
as you will see from the config i'm still only learning so its quite messy im sure, but please have a look and let me know your views.
Ethnet-HQ(config-if)#do sh run
Building configuration...
Current configuration : 2353 bytes
! Last configuration change at 18:43:00 gmt Wed Nov 20 2013
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Ethnet-HQ
boot-start-marker
boot-end-marker
enable secret 5 $1$..OH$obVwN..K3Jf8blsgWTHps0
no aaa new-model
clock timezone gmt 0
dot11 syslog
ip source-route
ip dhcp excluded-address 192.168.0.1 192.168.0.100
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp pool Ethnet-LAN
   network 192.168.0.0 255.255.255.0
   default-router 192.168.0.1
   dns-server 194.72.0.114 62.6.40.178
ip dhcp pool LAN-NO-VPN
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1 255.255.255.0
   dns-server 8.8.8.8
   lease infinite
ip cef
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
vpdn enable
vpdn-group pppoe
license udi pid CISCO1841 sn FCZ122372H9
interface FastEthernet0/0
description Ethnet LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
duplex auto
speed auto
interface FastEthernet0/1
description Ethnet LAN no VPN
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
interface ATM0/0/0
no ip address
no atm ilmi-keepalive
pvc 0/38
pppoe-client dial-pool-number 1
interface ATM0/1/0
no ip address
shutdown
no atm ilmi-keepalive
interface Dialer1
mtu 1458
ip address 217.#.96.137 255.255.255.248
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp chap hostname ##########
ppp chap password 0 #########
ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat pool BT-Statics 217.#.96.137 217.#.96.141 netmask 255.255.255.248
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
access-list 1 permit 192.168.0.1
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 217.#.96.136 0.0.0.7
control-plane
banner motd ^C###########
line con 0
password 7 020E055759565F2E5C43
logging synchronous
login
line aux 0
password 7 1101180945425B031427
login
line vty 0 4
exec-timeout 0 0
password 7 060E0E2D1E1E5916151A
login
transport input all
scheduler allocate 20000 1000
end
thanks for taking the time to look and i currently dont use fa0/1 and the VPN config doesnt work (altho would be nice if it did )

Bump
Sent from Cisco Technical Support iPad App

NAT on 2621 HELP!!!

I have spent a few hours trying to NAT out a few intenal 192.168.x.x hosts through both my ethernet1/0 interface and also tryed using another IP from the range. Any help GREATLY appreciated. Thanks! (Config below)
Building configuration...
Current configuration : 1021 bytes
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname 2621
boot-start-marker
boot-end-marker
enable secret xxxx
enable password xxxx
no aaa new-model
ip subnet-zero
ip name-server xx.xx.xx.xx
ip name-server xx.xx.xx.xx
ip audit po max-events 100
interface FastEthernet0/0
ip address 65.126.x.x.x.255.252
duplex auto
speed auto
interface FastEthernet0/1
ip address 192.168.1.1 255.255.255.0
ip nat inside
speed auto
half-duplex
interface Ethernet1/0
ip address 65.126.x.x.x.255.240
ip nat outside
half-duplex
ip nat inside source list 7 interface Ethernet1/0 overload
no ip http server
no ip http secure-server
ip classless
no ip route static inter-vrf
ip route 0.0.0.0 0.0.x.x.x.121.117
line con 0
line aux 0
line vty 0 4
password xxx
login
end

7 years old post but i have the CCNA Composite exam in 36 hours so i'll ignore that and answer.
I'm assuming a basic setup (like the one in the question) with PAT and many-to-one source translation.
The steps to properly configure NAT are:
1) list all your interfaces and track which ones are your *internal* interfaces and which one is your *external* one. In the configuration given by OP, the "inside" interface is Fastethernet 0/1. The "outside" interface is Ethernet 1/0.
2) Declare the interfaces one by one, this is done in the interface configuration dialog with the statement "ip nat inside" and "ip nat outside" for the respective interfaces.
3) Gather your traffic, with an ACL. This step is necessary to teach the router which traffic he should consider for Network Address Translation. It is achieved by an acl that permits traffic coming from the subnets configured on our "inside" interfaces. In this case, 192.168.1.0/24.
segillett wrote:thanks joe, since I posted i caught that and have this in thereaccess-list 7 permit 192.168.1.0 0.0.0.250it still does not. I am really at a loss here sitting in the datacenter at 9;30pm. Do I need to route the 192.x.x.x somewhere (tried all options), thanks for any more advice.
The reason OP can't get NAT to work is because his ACL was at first absent, and subsequently mistyped.
It should be
ip access-list standard 7
permit 192.168.1.0 0.0.0.255
deny any
The deny statement is implied but explicitly adding it simplifies troubleshooting as every packet matching it will show up in
# show access-lists
ACLs use a "wildcard" mask notation for defining groups of addresses. For all intents and purposes at this level, they are just another format for the subnet masks but they can be used in other ways.
You obtain your wildcard mask by subtracting the subnet mask bits (in decimal) from 255.255.255.255. In this case: 255.255.255.255 - 255.255.255.0 (the subnet mask for a /24 network) = 0.0.0.255. Therefore, the mistake lies in the ACL statement.
4) Activate NAT with the general configuration dialog statement "ip nat inside source list LISTNAME interface INTERFACEID overload
5) Troubleshoot if needed by using show access-lists, show ip nat translations, debug ip nat . It only works when you see relevant data in the output of those commands.
You do *not* have to route anything, as that would defy the entire purpose of NAT.
If i made any mistake in my post please point it out. I think i got my head around NAT pretty ok but you never know.
Any feedback is welcome.
G.

Urgent NAT-T DMVPN help?

can some one please provide me with the configuration of the DMVPN hub-server when the hub-server is configured with nat???
i`ll be thankfull.............

Hi Mohammed,
I think you may want to check these links:
NAT-Transparency Aware DMVPN
"Also added in Cisco IOS Releases 12.3(9a) and 12.3(11)T is the capability to have the hub DMVPN router behind static NAT. This was a change in the ISAKMP NAT-T support. For this functionality to be used, all the DMVPN spoke routers and hub routers must be upgraded, and IPsec must use transport mode.
For these NAT-Transparency Aware enhancements to work, you must use IPsec transport mode on the transform set. Also, even though NAT-Transparency (IKE and IPsec) can support two peers (IKE and IPsec) being translated to the same IP address (using the UDP ports to differentiate them), this functionality is not supported for DMVPN. All DMVPN spokes must have a unique IP address after they have been NAT translated. They can have the same IP address before they are NAT translated."
Static NAT & DMVPN Hub ---> Another similar post.
Hope it helps.
Thanks.
Portu
Message was edited by: Javier Portuguez

E1000 + PS3 =NAT Type 3 Help

I know this has been asked before but nothing seems to work for me. My story is:
I had a WRT150N with a modem in bridge mode and got NAT Type 2 while playing the PS3. The router crashed and I got an E1000 in its place it came with the basic setup CD so I ran that. Then I was getting NAT Type 3. So I called Linksys, and AT&T and neither could help me we opened the ports that Playstation gave me and made sure the UPnP was enabled and all the things they could think of to open my NAT type. But nothing has worked, so if anyone knows anything I could do please let me know. Its just hard to believe that its my playstaion when I had an NAT Type 2 before my old router crashed. I'll supply screen shots whatever you need, I just cant stand to have this NAT type cause it messes with my online gaming.
Thanks for the Help,
Grant
Solved!
Go to Solution.

Did you set up PPPoE for the new router and put your modem into bridge mode?
I don't work for Cisco. I'm just here to help.

Firewall Access Rules do not work on One to One NAT (RV042G Router)

I have two unique IP addresses, two servers, and one RV042G router.
What I would like to do is have each IP address go to it's own respective server. To do that, I've set the settings on One-to-One NAT to make this happen. Now IP address 1 points to server A and IP address 2 points to server B.
However, I only want port 80 to be open to each server. I've tried setting the Firewall access rules to accommodate this but it doesn't appear to block anything. All ports on the servers are exposed despite the firewall rules.
Here's what I have in the router configuration:
Under One-to-One NAT:
{internal IP address 1} => {external IP address 1}
{internal IP address 2} => {external IP address 2}
Under Firewall Access Rules:
Action | Service | Source Interface | Source | Destination | Time
Allow | HTTP Secondary 80 | WAN1 | Any | {internal IP address 1} | Always
Deny | All Traffic | WAN1 | Any | Any | Always
Is there a proper way to accomplish what I want?

Thanks for replying.
Turns out I had to add new access rules to specifically deny all traffic to the internal addresses, in addition to the rule allowing the specified ports through.
So, with the IP addresses still defined the same way in the One-to-One NAT section, I now have the following rules defined in the firewall section:
Under Firewall Access Rules:
Priority | Action | Service | Source Interface | Source | Destination | Time
[1] | Allow | HTTP Secondary 80 | ANY | Any | {internal IP address 1} | Always
[2] Deny | All Traffic | WAN1 | Any | { internal IP address 1 } | Always <== the new one I ended up adding
(default) | Deny | All Traffic | WAN1 | Any | Any | Always <== built in default rule in router
I originally did not add the second rule because I had assumed that the default deny rule would block all traffic to all internal IP addresses anyway. Perhaps someone can correct me if I'm wrong but I am now assuming that the default deny rule applies to the router only and not to any other defined One-to-One NAT entries. In which case, I had to add another rule that duplicates the default deny rule but for each 1:1 NAT entry.
If this was already in the manual, I probably missed it so that would be my own mistake. Still, I wish this was more apparent in the web GUI as it didn't really specify that I had to do this.
In any case, I hope my solution helps anyone else in the future having this similar issue.

Seeking static route help

After having inserted my own router as the internet gateway router and relegated the Verizon one to be a secondary one that just communicates with the STBs I would like to know if any could explain to me how to set up static routes to be able to access it via a wired connection as I would like to turn of the wireless side of it.
Now have a double NAT'd setup as follows
ONT -> WAN Netgear subnet 192.168.0
Netgear Lan port 1 -> Wan VZ Westell subnet 192.168.1
Moca connections to STBs
Ethernet connections to exposed (Port forwarded) machines
Netgear Lan Port 2 -> Wan Dlink subnet 192.168.3
Dlink Lan port -> 1GB NIC desktop machine 192.168.3.99
From the desktop machine at 192.168.3.99 I want to be able to get to the admin pages of the VZ router at 192.168.1.1 and also to some exposed machines on the 192.168.1 subnet
I'm guessing I need static routes defined at the dlink router at 192.168.3.1 and the netgear router at 192.168.0.1
On paper this looks very simple but I cannot work out what the static routes are meant to say
Any have any hints that would help me out?

Fixed it. once I looked at the Westell logs
Finally realized that the static routes I built were fine and the problem is that I was being blocked at the firewall.
Can't put the router in the DMZ and can't port forward to the the router's lan ip address (192.168.1.1). Allowed remote admin on the router and it works fine - would be nice if the router allowed you to choose some obscure port but I guess it's not really much of a sexurity risk as the router's wan port is inside the private network anyway.

WRT54G2 Router HELP!

Hello all! I've been having a serious issue with my WRT54G2 Router as of late and have had many reccomendations on how to fix it but nothing has worked. I'm going to post just about every interaction I've had on there boards to date. Any more help would be much appreciated. I'm getting desperate.
Littlelungs33
Researcher
Posts: 5
Registered: 05-03-2009
I'm using a WRT54G2 Router. It's wired to a Motorola Surfboard modem. I can't access the manual config 192.168.1.1 and two other computers that are wireless in the house rely on my access point to be able to use the internet. Problem is I'm getting that good o'l "You are connected to the access point, but the internet cannot be found." I've tried assigning static IP's, power cycling, release/renew in IPCONFIG, I've whispered sweet nothings into my PC's ear...etc...etc...etc... I CAN access the manual config through the one laptop when it's wired to the modem though. Please for the love of everything someone help me!!!!!
Here's what IPCONFIG /ALL says about my computer.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
Windows IP Configuration
        Host Name . . . . . . . . . . . . :
        Primary Dns Suffix . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
        Connection-specific DNS Suffix . :
        Description . . . . . . . . . . . : Motorola SURFboard SB5120 USB Cable
Modem
        Physical Address. . . . . . . . . : 00-15-2F-5E-21-BE
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 69.125.151.5
        Subnet Mask . . . . . . . . . . . : 255.255.240.0
        Default Gateway . . . . . . . . . : 69.125.144.1
        DHCP Server . . . . . . . . . . . : 10.62.160.1
        DNS Servers . . . . . . . . . . . : 167.206.245.130
                                            167.206.245.129
Reply to previous message:
toomanydonuts
Network Administrator
Posts: 5566
Registered: 09-16-2006
Are you trying to access 192.168.1.1 wirelessly?   If so, stop doing this. Wireless access to 192.168.1.1 often fails. Use a computer that is wired to the router when you want to change router settings.
1) I assume that the "IPCONFIG /ALL" info that you posted was obtained when your computer was wired directly to your modem -- is that correct?
2) When you did the "IPCONFIG /ALL", was your computer wired to the modem with ethernet cable, or USB cable?
3) Your network should be setup like this:
Motorola Surfboard -- WRT54G2 )))     ((( wireless computer(s)
                                    |--- wired computer
Motorola Surfboard ethernet port wired to WRT54G2 Internet port, using ethernet cable.
Wired computer connected to a LAN port on the WRT54G2, using ethernet cable.
Nothing connected to USB port of Motorola Surfboard.
Wireless computers connect directly (and wirelessly) to WRT54G2, not to your wired computer.
Is above the way your system is setup? If not, how is your system setup?
4) Please clarify the problem that you are having. Are you saying that your computer simply cannot access 192.168.1.1 , or that it cannot access the Internet, or that you cannot get any of your computers to access the Internet through the WRT54G2?    Are you trying to connect this computer by wire or wirelessly to the WRT54G2?
5) Can any computer access the Internet through the WRT54G2?
Reply to previous message:
Littlelungs33
Researcher
Posts: 5
Registered: 05-03-2009
No, I'm trying to acess it through a wired computer. The computer I'm on right now is wired to the access point which is wired to the motorola modem. I can access the login page(as well as the internet) through the computer wired to the router(which, as stated just a few sentences ago, I'm currently using), but when i type in admin for the password it literally kicks me right back into the login screen with both username and password feilds blank. My entire system is setup the way you described that it should be ethernet cable and all. Trust me that was the first thing I checked. The IPCONFIG /ALL is the status of the computer wired to the router. The other two computers in the house (one is a laptop with wireless card and the other is a PC that I bought a wireless card for) cannot access the internet. They used to be able to until recently and I've made no changes to any of the settings.
I also tryed power cycling the system. It granted wireless access to the wireless computers as well as my playstation 3, BUT, I lost internet access on the wired computer. Imagine my frustration. I power cycled again then I was back to square one. No wireless access but access with the wired pc. It's not set to a static IP address either.
Reply to previous message:
toomanydonuts
Network Administrator
Posts: 5566
Registered: 09-16-2006
D) Have you upgraded the router's firmware?
E) After the firmware upgrade, did you reset the router to factory defaults, then setup the router again from scratch?
F) You said that the "IPCONFIG /ALL" was obtained when you were connected to the WRT54G2 router. But this looks like IPCONFIG data from connection to the Motorola Surfboard modem. Are you sure this IPCONFIG /ALL is from connection to the WRT54G2?
G) Have you been running unsecured wireless?   Or are you using encryption? If you are using unsecured wireless, perhaps your neighbor logged into your router (by accident or intentionally) and changed your login password.
I would suggest that you reset your router to factory defaults, then setup the router again from scratch. If you saved a router configuration file, DO NOT use it.
Please use the following procedure to reset your router:
1) Power down all computers, the router, and the modem, and unplug them from the wall.
2) Disconnect all wires from the router.
3) Power up the router and allow it to fully boot (1-2 minutes).
4) Press and hold the reset button for 30 seconds, then release it, then let the router reset and reboot (2-3 minutes).
5) Power down the router.
6) Connect one computer by wire to port 1 on the router (NOT to the internet port).
7) Power up the router and allow it to fully boot (1-2 minutes).
8) Power up the computer (if the computer has a wireless card, make sure it is off).
9) Try to ping the router. To do this, click the "Start" button > All Programs > Accessories > Command Prompt. A black DOS box will appear. Enter the following: "ping 192.168.1.1" (no quotes), and hit the Enter key. You will see 3 or 4 lines that start either with "Reply from ... " or "Request timed out." If you see "Reply from ...", your computer has found your router.
10) Open your browser and point it to 192.168.1.1. This will take you to your router's login page. Leave the user name blank, and in the password field, enter "admin" (with no quotes). This will take you to your router setup page. Note the version number of your firmware (usually listed near upper right corner of screen). Exit your browser.
If you get this far without problems, try the setup disk (or setup the router manually, if you prefer), and see if you can get your router setup and working.
If you cannot get "Reply from ..." in step 9 above, your router is likely dead. Report back with this problem.
If you get a reply in step 9, but cannot complete step 10, then either your router is dead or the firmware is corrupt.   Report back with this problem.
If you need additional help, please state the results of steps 9 and 10. Also, if you get any error messages, copy them exactly and report back.
Please let me know how things turn out for you.
Reply to previous message:
Littlelungs33
Researcher
Posts: 5
Registered: 05-03-2009
My apologies for the delay in response, things have been hectic lately. Alrighty, I did all that you said and here are some interesting results, I'll break down the results by each machine that a fiddled with:
Wired Desktop PC:
-I got no response when trying to ping the router
-Could not access the 192.168.1.1 configuration screen, not even the prompt for username and password
-When using the installation disk AND the installation program i downloaded off the Linksys website it would not detect the router.
Wireless Laptop(this is where i think it gets interesting):
-I was able to fully install and automatically configure the router by using the installation disk
-I could ping and get full response from the router both wirelessly and while it was directly wired to the router
-I could also access the configuration menu 192.168.1.1 in my web browser
-I also had a backup copy of the latest firmware for the router on my flash drive, so I updated the firmware through the laptop.
-The laptop was using the router as it's access point, however the internet could not be found.
If I wasn't at a total loss before I tried all this, I certainly am now. Could it be a problem with the network settings on the PC that is wired? Perhaps a faulty ethernet port? Your thoughts?
Well, that's where it left off, I got no responses back from anyone after the last post. Help!!!

As you are able to access your router's web interface you should now try to re-configure it...
If your Internet Service Providor is Cable follow this link
If your Internet Service Providor is DSL follow this link

Can't connect to printer through Router - Help!

Brand new to Mac & getting frustrated. I have a SMC router with a Pixma ip6600D connected to the usb port on the router. I can connect to the internet without a problem and the printer works fine if I plug it directly into the MacBook. However I cannot get the Mac to find it via wireless. I downloaded the Gimp drivers (there is no ip6600D on the list). Apple has no clue, Canon was no help, and neither was SMC. I have spent over 12 hours on the phone with various Tech support folks with no answers. Nobody can suggest a work around or even whether or not a new router will solve the issue. By the way, my laptop PC and desktop PC's work fine interfacing with the router and printer. So much for the "I'm a Mac and I'm as PC" commercials being accurate! Help, anybody!!! Thanks.

If the printer setup utility in OS X can't find it automatically, do a manual setup by clicking the + symbol in the printer preferences window, then click the IP option at the top of the panel. You can then enter the printer's network IP address and other information manually.

NAT 1941 Router Help

Similar Messages

Maybe you are looking for