PC可以PING到边缘路由器出口公网IP地址 PING不到ISP网关

wongchan · 发表于 2014-3-28 14:46:23

请教大家个问题，先说下拓扑：
ISP -------------  2600 ----------------3750 -------------------- TEST PC
很简单的一个拓扑，2600使用单臂路由技术，应用的SVI还有DHCP在3750上面起，现在用TEST PC可以PING到2600公网出口的公网IP地址，但是始终PING不同ISP的网关，当然PING 8.8.8.8 还有其他的网站肯定也不行。我从2600上面PING TEST PC也是成功的，高手帮忙看看我的问题出在哪？谢谢了

2600 show run:
TEST-ROUTER#sh run
TEST-ROUTER#sh running-config
Building configuration...

Current configuration : 974 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname TEST-ROUTER
!
enable secret 5 $1$q7YB$VbIRQD2/IjWkmkB1a//rT/
!
ip subnet-zero
!
!
!
ip audit notify log
ip audit po max-events 100
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 202.1.1.2 255.255.255.252
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1.902
encapsulation dot1Q 902
ip address 192.168.1.1 255.255.255.252
!
ip nat inside source list donat interface FastEthernet0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 202.1.1.1
ip route 192.168.0.0 255.255.0.0 192.168.1.2
ip http server
!
!
ip access-list extended donat
permit ip 192.168.0.0 0.0.255.255 any
!
dial-peer cor custom
!
!
!
!
!
line con 0
password 7 0013100E5C035F5758
login
line aux 0
line vty 0 4
password 7 0013100E5C035F575861
login
!
end

TEST-ROUTER#
TEST-ROUTER#
TEST-ROUTER#
TEST-ROUTER#sh ip int bri
TEST-ROUTER#sh ip int brief
Interface                IP-Address    OK? Method Status             Protocol
FastEthernet0/0          202.1.1.2    YES NVRAM  up                   up
FastEthernet0/1          unassigned    YES NVRAM  up                   up
FastEthernet0/1.902       192.168.1.1    YES NVRAM  up                   up
TEST-ROUTER#
TEST-ROUTER#
TEST-ROUTER#

3750 show run:

TEST-ROUTER#

User Access Verification

Password:
Password:
Password:
% Bad passwords

TEST-SW-01#sh running-config
Building configuration...

Current configuration : 3622 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname TEST-SW-01
!
enable secret 5 $1$hqqT$aiL4DTejV0uI0N.qtk8R1/
!
no aaa new-model
switch 1 provision ws-c3750g-24t
ip subnet-zero
ip routing
!
ip dhcp pool Wired
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 202.99.96.68 8.8.8.8
!
ip dhcp pool Wireless
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
dns-server 202.99.96.68 8.8.8.8
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport access vlan 100
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/13
switchport access vlan 301
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/14
switchport access vlan 301
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/15
switchport access vlan 301
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/16
switchport access vlan 301
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/17
switchport access vlan 230
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 230
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 230
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 230
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 999
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 999
switchport mode access
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
ip address 192.168.10.254 255.255.255.0
!
interface Vlan111
ip address 192.168.20.254 255.255.255.0
!
interface Vlan301
ip address 192.168.40.254 255.255.255.0
!
interface Vlan902
ip address 192.168.1.2 255.255.255.252
!
interface Vlan999
ip address 192.168.50.254 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip http server
!
!
control-plane
!
!
line con 0
password 7 120E061F4A5358557D
login
line vty 0 4
password 7 1312141A5354507B7C
login
line vty 5 15
no login
!
!
end

TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#sh vlan

VLAN Name                            Status Ports
---- -------------------------------- --------- -------------------------------
1 default                         active Gi1/0/23
99 VLAN0099                      active
100  Wired                         active Gi1/0/1, Gi1/0/2, Gi1/0/3
                                             Gi1/0/4, Gi1/0/5, Gi1/0/6
                                             Gi1/0/7, Gi1/0/8, Gi1/0/9
                                             Gi1/0/10, Gi1/0/11, Gi1/0/12
111  Wireless                      active
230  Printer                         active Gi1/0/17, Gi1/0/18, Gi1/0/19
                                             Gi1/0/20
301  Server                         active Gi1/0/13, Gi1/0/14, Gi1/0/15
                                             Gi1/0/16
902  Connect_To_ASA                active
999  AP_mgmt                         active Gi1/0/21, Gi1/0/22
1002 fddi-default                   act/unsup
1003 token-ring-default             act/unsup
1004 fddinet-default                act/unsup
1005 trnet-default                   act/unsup

VLAN Type  SAID    MTU Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet  100001    1500  -    -    -       - -       0    0

VLAN Type  SAID    MTU Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
99 enet  100099    1500  -    -    -       - -       0    0
100  enet  100100    1500  -    -    -       - -       0    0
111  enet  100111    1500  -    -    -       - -       0    0
230  enet  100230    1500  -    -    -       - -       0    0
301  enet  100301    1500  -    -    -       - -       0    0
902  enet  100902    1500  -    -    -       - -       0    0
999  enet  100999    1500  -    -    -       - -       0    0
1002 fddi  101002    1500  -    -    -       - -       0    0
1003 tr 101003    1500  -    -    -       - -       0    0
1004 fdnet 101004    1500  -    -    -       ieee -       0    0
1005 trnet 101005    1500  -    -    -       ibm  -       0    0

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type             Ports
------- --------- ----------------- ------------------------------------------

TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#sh ip int bri
TEST-SW-01#sh ip int brief
Interface             IP-Address    OK? Method Status             Protocol
Vlan1                unassigned    YES NVRAM  administratively down down
Vlan100             192.168.10.254  YES NVRAM  up                   up
Vlan111             192.168.20.254  YES NVRAM  up                   up
Vlan301             192.168.40.254  YES NVRAM  up                   up
Vlan902             192.168.1.2    YES NVRAM  up                   up
Vlan999             192.168.50.254  YES NVRAM  up                   up
GigabitEthernet1/0/1 unassigned    YES unset  up                   up
GigabitEthernet1/0/2 unassigned    YES unset  down                down
GigabitEthernet1/0/3 unassigned    YES unset  down                down
GigabitEthernet1/0/4 unassigned    YES unset  down                down
GigabitEthernet1/0/5 unassigned    YES unset  down                down
GigabitEthernet1/0/6 unassigned    YES unset  down                down
GigabitEthernet1/0/7 unassigned    YES unset  down                down
GigabitEthernet1/0/8 unassigned    YES unset  down                down
GigabitEthernet1/0/9 unassigned    YES unset  down                down
GigabitEthernet1/0/10  unassigned    YES unset  down                down
GigabitEthernet1/0/11  unassigned    YES unset  down                down
GigabitEthernet1/0/12  unassigned    YES unset  down                down
GigabitEthernet1/0/13  unassigned    YES unset  down                down
GigabitEthernet1/0/14  unassigned    YES unset  down                down
GigabitEthernet1/0/15  unassigned    YES unset  down                down
GigabitEthernet1/0/16  unassigned    YES unset  down                down
GigabitEthernet1/0/17  unassigned    YES unset  down                down
GigabitEthernet1/0/18  unassigned    YES unset  down                down
GigabitEthernet1/0/19  unassigned    YES unset  down                down
GigabitEthernet1/0/20  unassigned    YES unset  down                down
GigabitEthernet1/0/21  unassigned    YES unset  down                down
GigabitEthernet1/0/22  unassigned    YES unset  down                down
GigabitEthernet1/0/23  unassigned    YES unset  down                down
GigabitEthernet1/0/24  unassigned    YES unset  up                   up
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#sh cdp nei
TEST-SW-01#sh cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
               S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID          Local Intrfce       Holdtme Capability Platform Port ID
TEST-ROUTER       Gig 1/0/24          151          R    2611XM Fas 0/1
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#sh int
TEST-SW-01#sh interfaces trun
TEST-SW-01#sh interfaces trunk

Port       Mode       Encapsulation  Status       Native vlan
Gi1/0/24 on          802.1q       trunking    1

Port    Vlans allowed on trunk
Gi1/0/24 1-4094

Port       Vlans allowed and active in management domain
Gi1/0/24 1,99-100,111,230,301,902,999

Port       Vlans in spanning tree forwarding state and not pruned
Gi1/0/24 1,99-100,111,230,301,902,999
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#
TEST-SW-01#

尛爺じ☆詪壞 · 发表于 2014-3-28 14:46:24

原因就出在2600这个路由器上面，你在配置NAT的时候，要对相应网络具体的子接口进行NAT，而不是对主接口进行NAT
interface FastEthernet0/1.902
ip nat inside

ihorse · 发表于 2014-3-28 21:45:39

图呢

thexue2006 · 发表于 2014-3-31 13:14:48

nat 配置错了，在子接口上启用nat in

wongchan · 发表于 2014-5-2 11:55:46

谢谢大家问题已找到

mhchen2012 · 发表于 2014-5-2 12:09:45

账号		自动登录	找回密码
密码			论坛注册

[求助] PC可以PING到边缘路由器出口公网IP地址 PING不到ISP网关

最佳答案

相关帖子

浏览过的版块

客服中心

投诉建议