思科路由器1800系列不路由互联网

Question

工作与1800系列思科路由器的问题。路由器的互联网刚刚好，可以平谷歌，微软等。路由器连接到交换机，交换机连接两个运行Windows 10的工作站。路由器分发DHCP很好，但不路由Internet。我可以打开工作站上的路由器。附件是我的运行配置。

    Router#show run
    Building configuration...

    Current configuration : 1848 bytes
    !
    ! Last configuration change at 00:45:46 UTC Thu Aug 9 2018
    version 15.1
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    !
    enable secret 5 hash.
    enable password password
    !
    no aaa new-model
    !
    dot11 syslog
    ip source-route
    no ip routing
    !
    !
    ip dhcp excluded-address 192.168.1.0 192.168.1.99
    !
    ip dhcp pool MY_LAN
     network 192.168.1.0 255.255.255.0
     default-router 192.168.1.1
     dns-server 8.8.4.4 8.8.8.8
    !
    !
    !
    no ip cef
    no ipv6 cef
    !
    multilink bundle-name authenticated
    !
    crypto pki token default removal timeout 0
    !
    !
    !
    !
    license udi pid CISCO1841 sn FHK12182B87
    !
    redundancy
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
     description ## INTERNET ##
     ip address dhcp
     ip access-group MY_WAN in
     ip nat outside
     ip virtual-reassembly in
     no ip route-cache
     speed auto
     half-duplex
     no mop enabled
    !
    interface FastEthernet0/1
     description ## MY LAN ##
     ip address 192.168.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
     no ip route-cache
     duplex auto
     speed auto
    !
    interface Serial0/0/0
     no ip address
     no ip route-cache
     shutdown
    !
    ip forward-protocol nd
    no ip http server
    no ip http secure-server
    !
    !
    ip nat inside source list 1 pool MY_LAN overload
    ip nat inside source list MY_LAN interface FastEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 192.168.1.101
    ip route 0.0.0.0 0.0.0.0 192.168.1.102
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
    !
    ip access-list standard MY_LAN
     permit 192.168.1.0 0.0.0.255
    !
    ip access-list extended MY_WAN
     permit tcp any any established
     permit ip any any
    !
    access-list 1 permit 192.168.1.0 0.0.0.255
    !
    !
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
     password ********
     login
     transport input all
    !
    scheduler allocate 20000 1000
    end

    Router#ping google.com
    Translating "google.com"...domain server (74.40.74.40) [OK]

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.217.0.14, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 8/11/12 ms
    Router#

如果我能澄清什么，请告诉我。

Answer 1

无ip路由

您显式地关闭了路由。我看了这么多次，这是我第一次寻找任何配置。

你应该关闭源路由，而不是路由。

另外，您已经关闭了cef，这迫使系统处理每个数据包的切换。你很幸运能达到两位数的速度。

Answer 2

你的路线搞砸了。您不需要或不希望默认路由指向您的局域网。你在路由上太费劲了，NAT：

no ip nat inside source list 1 pool MY_LAN overload
no ip nat inside source list MY_LAN interface FastEthernet0/0 overload
no ip route 0.0.0.0 0.0.0.0 192.168.1.101
no ip route 0.0.0.0 0.0.0.0 192.168.1.102
ip nat inside source list 1 interface FastEthernet0/0 overload
!

而且，WAN实际上没有做任何事情，因为它允许基于第二行的任何内容：

ip access-list extended MY_WAN
 permit tcp any any established
 permit ip any any !!! This line allows everything and it is before the implicit deny at the end !!!
!

您应该从WAN接口中删除ACL，使NAT和路由工作，然后尝试设置ACL。