Cisco 871W.

Commands from the IOS command line to reach the outside world fail. Be
it PING, Traceroute telnet etc. Hosts that connect to the internet via
this router are able to perform those functions.

Commands to talk to the LAN work fine. The LAN machines I talk to are on
VLAN10.

The architecture:

FA0/4 is the port to the ADSL modem (dial pool 1)

Dialer 1
interface Dialer1
 description PPPoE to Modem
 ip address negotiated
 ip access-group ACLinbound in
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 ip tcp adjust-mss 1452
 dialer pool 1
 dialer idle-timeout 0
 dialer enable-timeout 10
 dialer persistent
 no cdp enable
 ppp authentication pap callin
 ppp pap sent-username donald.d... at (no spam) disney.org password 0 mickey.mouse
end

BVI 10 has:

bridge irb
bridge 10 protocol ieee
bridge 10 route ip
!
interface BVI 10
ip address 10.0.0.2 255.255.0.0
ip nat inside
ip virtual-reassembly
no shutdown

From the console (the serial port or a telnet session into the router),
I can telnet to a local host and confirm that the console uses the
10.0.0.2 IP address of the router (and obviously is in the VLAN 10 as it
can reach the LAN machines in that vlan).

If I remove the "IP NAT INSIDE" from the BVI 10 interface, then the
commands (traceroute etc) work fine from IOS CLI, but not from computers
attached to that router.

The console lines are defined as:
line con 0
 exec-timeout 0 0
 no modem enable
 terminal-type VT300
 exec-character-bits 8
 databits 8
 stopbits 1
 length 0
 international
 flowcontrol software
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 terminal-type vt300
 exec-character-bits 8
 length 0
 international
 transport input telnet ssh

Do I need to add something to the con and vty definitions to cause them
to get properly natted when doing commands that reach out to the internet ?

Cisco 871W.

Commands from the IOS command line to reach the outside world fail. Be
it PING, Traceroute telnet etc. Hosts that connect to the internet via
this router are able to perform those functions.



From the console (the serial port or a telnet session into the router),
I can telnet to a local host and confirm that the console uses the
10.0.0.2 IP address of the router (and obviously is in the VLAN 10 as it
can reach the LAN machines in that vlan).

If I remove the "IP NAT INSIDE" from the BVI 10 interface, then the
commands (traceroute etc) work fine from IOS CLI, but not from computers
attached to that router.

JF Mezei wrote:
Cisco 871W.

Commands from the IOS command line to reach the outside world fail. Be
it PING, Traceroute telnet etc. Hosts that connect to the internet via
this router are able to perform those functions.

From the console (the serial port or a telnet session into the router),
I can telnet to a local host and confirm that the console uses the
10.0.0.2 IP address of the router (and obviously is in the VLAN 10 as it
can reach the LAN machines in that vlan).

 Local traffic, like a ping, launched from the console uses as source IP the
address on the egress interface by default, so if you ping something on the
lan you will see 10.0.0.2. Traffic going through the dialer interface will
use whatever address it has received from your ISP.



If I remove the "IP NAT INSIDE" from the BVI 10 interface, then the
commands (traceroute etc) work fine from IOS CLI, but not from computers
attached to that router.

 This is turning off NAT so no suprise your 10.0.0.x hosts can't get
anywhere.

 Check your NAT configuration, particularly the access list. If it
says "permit any" that's bad and will cause upsets to telnet like you are
seeing though generally not to ping and traceroute.

--
Rgds,
Martin