Unpingable

[chapman1507]

Hello together,

I need some help. I'm start to configure my router. I want to configure nat and d-nat. Now I have the problem. I can't ping some internal devices. I go crazy.
Her at first my config:

!Current Configuration:
!
! NVRAM config last updated at 22:14:20 UTC Thu Mar 10 2011 by superadmin
! Statlog Configuration
!
logging on
logging buffered priority 7
logging buffered size 128
logging console 3
logging system 5
service timestamps log
logging rate-limit 1 10 tag SWE subtag DOS
logging rate-limit 1 10 tag PVSTD subtag PKT
logging rate-limit 1 10 tag SWE subtag SESSION
ip domain-name fritz.boxX
!
!
!
!VRF Configuration
!
! MULTICAST Configuration
!NOE port reservation
ip name-server 192.168.178.1
! PVST Global configuration
!
http enable
https enable
ssh enable
telnet enable
!
!
! Clock Timezone
!
!
! Clock synchronization
!
clock synchronize using ntp server 192.168.178.1 every 720 minutes
!
! CWMP Configuration
!
!
! CWMP Configuration (End)
!
!
! CWMP interface configuration
!
!
! CWMP interface configuration (End)
!
!
! SNMP Configurations
!
!
aaa services
!
username recovery password 5 947fc777de30eacc2db9649298218998
username superadmin password 5 b36eb6a54154f7301f004e1e61c87ce8
enable password switch
!
!
!
!
!
interface FastEthernet0
description extern
ip address 192.168.178.25/24
no shutdown
top
!
interface Vlan1
ip address 192.168.0.1/24
no shutdown
top
!
interface switchport0
no shutdown
top
!
interface switchport1
no shutdown
top
!
interface switchport2
no shutdown
top
!
interface switchport3
no shutdown
top
!
interface atm0
shutdown
top
!
!
match-list intnet
1 ip prefix 192.168.0.0/24 any
!
!
! Filter Policy configuration
!
!
!
! NAT Policy configuration
!
ip nat nat_list1
10 match any intnet source-nat
top
!
interface FastEthernet0
ip nat out nat_list1
top
!
!
!
! Dos attack configuration
!
!
!
! System doesn't have IDS License
! IDS configuration may not be effective
!
!Snort configuration
firewall
intrusion snort
top
!
!
! Firewall configuration
!
!
! Warning: Valid IPSEC license not found!
! IPSEC configurations may not be effective!
!

! No Algorithm Defined
! IPSEC Policy configuration
!


! No client object Defined
! No client profile Defined!

!
!QoS Configuration
!
!
!
!DDNS configurations
!
!
!

top

top
!
!Customized-Services
!
!
!
!
!
!
!
top
!
!
!
!
! DHCP Server Configuration
!
service dhcp enable
!
!ip dhcp global options
ip dhcp option routers 192.168.0.1
ip dhcp option dns-server 192.168.178.1 primary
!
ip dhcp pool p1
network 192.168.0.0 255.255.255.0
range 192.168.0.30 192.168.0.40
!
top
!
!
!
! DHCP CLIENT Configuration
!
!
ip dhcp client external
top
!
interface FastEthernet0
dhcp client external
top
!
!
!

top

top
!

!
!OAM Configuration
!
oam
top
!
!
!
!NHRP configurations
!
top
!
!
! DHCP Relay configuration
!
!
end

So I connect my laptop and a webcam on the vlan1 (switchpotz 0 and 1). My laptop ping the router and the webcam. Both works. So I test it on the router. From here I can ping my laptop, but not my webcam. (Laptop: 192.168.0.229; Webcam:192.168.0.253) So I change the webcam. In my desk I find an accesspoint. I connect it to the router with the ip address 192.168.0.50. And I have the same problem. My laptop can ping this device. But not my router. I did not know why.
Please help me.

Thanks

Christian

P.S.: I know. My english is not really go.

[murraya]

hi, I think the issue may be that the vlan 1 is not configured on the switchports. see an example below for a starting point

interface Vlan1
description LAN
ip address 192.168.0.1/24
no shutdown
top
!
!!!!!!!!!!!!!!!!!!!!!!!!!set the vlan on a switch port (0 in this case)
interface switchport0
switchport access vlan 1
no shutdown
top

[chapman1507]

Okay. I check this. Thanks.

But is vlan1 not the default vlan on the switch interfaces?

Christian

[murraya]

not sure about that but I have never configured the ports as default vlan. I have always set up a seperate VLAN in my testing. I always assumed that I needed to assign the switchports to a VLAN. Now we all know what happens when we asume dont we so I may be wrong about it.

Let us know how you get on.

[chapman1507]

It does not work.

ALU(config-if switchport0)#switchport access vlan
** SWITCHPORT COMMANDS **
<2-4094> Set VLAN ID

[murraya]

sorry, just tested it and you are correct. vlan 1 is default vlan for switch ports. good to know as I have never set any of the ports on mine to vlan 1. I'll look closer and see if I can see another reason.

[murraya]

okay, stupid question but for the webcam and AP you do have the default gateway set as 192.168.0.1 I guess. if so try without any polices attached to the inerfaces. are you pinging from the console or web interface of the 5510?

[chapman1507]

Yes I have set the default gateway. I tested the ping from console and web interface.
So I test it also without the nat policy, but nothing change.

Ping from the PC:
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64
Antwort von 192.168.0.50: Bytes=32 Zeit<1ms TTL=64

Ping from the router:
ALU(config-firewall)# ping 192.168.0.50
Press ^C to Stop..
Sending 5,56-byte ICMP Echos to 192.168.0.50,timeout is 2 seconds
.....
Destination Unreachable
Success rate is 0 percent (0/5)


The PC and the access point are at vlan 1 (Switchport 1 an d 2).

[murraya]

weird, I'll try to get a chance to set up your config in mr 5510 and see what I get tomorrow.

[chapman1507]

I don't know why, but I fixed it. I changed from vlan 1 to vlan 2 and now I can ping every device.
I used the firewall wizard. Now I want to configure dyndns for my router. Must I add some rules for resolve dns? In the past on my cisco router I must add lines like this for the incoming traffic on the outside interface:

access-list 108 remark /---Dyndns-------------------------------/
access-list 108 permit tcp 63.208.196.0 0.0.0.255 eq www any
access-list 108 permit udp any eq domain any