howdy. i'm fairly new to cisco stuff. i have an entire collection of cisco books, but i'm not too far in them. currently i'm deployed to iraq and one of my warrant officers here is a cisco instructor. i've learned some stuff from him and learned some stuff on my own. i've presented my situation to him, but it's extremely hard to learn from him in the first place because he's a little off the wall. but besides that, i don't know enough.
i'm a systems adminstrator here in iraq and head of the helpdesk. i've been in IT for over 20 years. i have experience, just not when it comes to this.
so enough of the intro. we have the internet here in our rooms that we pay way too much for. there is one cable for my roommate and myself. we sign into a radius server with a 24 hour lease. the ip addresses are obviously assigned via dhcp. the cable from our room runs to a "dumb" switch. from the switch, a cat5 runs to a line of site radio that shoots to their office down the road. from there they host the internet via satellite obviously.
currently i have a linksys wrt300 acting as my router with the antennas disabled. i need to send this router home to my wife, so my whole grand plan for this expensive router is only to catch the outside ip address given by my isp, and run a dhcp server to host my inside lan. on this switch there are, of course, 2 built-in fastethernet interfaces, a t1/dsu port on the serial interface, and something else that says t1 on the voice interface.
i've tried a few things. i've created an access list, configured nat on the 2 fe interfaces, and semi-setup the dhcp. i have a few problems. obviously, i can't pull up a webpage. i don't receive ping from everything, even from the router console. for instance yahoo.com i cannot receive a ping from. even the default gateway for the isp i can't receive a ping from. but i've randomly pinged a few ips here from behind their radio. another problem is i don't know how to get dhcp to push itself (192.168.1.1) as the gateway down to the computer connected to it. i have to set it manually.
a few other problems that don't really regard the internet side of my problem is somehow i must have fat-fingered my password when i initially set it up, so i had to follow the recovery instructions at cisco.com. since then, the router won't hold a password when it reboots. show config shows the password, but it still doesn't hold. another thing is dir doesn't show anything other than a .bin file. i don't remember which one, but it isn't my ios.
i know this is quite a lot for one post, but i would definately appreciate some help.
Thomas, I just got done with recreating your issue. The setup is working as desired and I have narrowed down to the problem.
- int fa0/0 on the router is getting IP from the DHCP.
- sub-if fa0/0.1 and sub-if fa0/0.2 are being used for inter-VLAN routing.
- Hosts in VLAN1 on the switch are getting IP address from 172.16.1.0 range (exclusions are taken care of).
- Hosts in VLAN2 on the switch are getting IP address from 172.16.2.0 range (exclusions are taken care of).
- Hosts in VLAN1 and VLAN2 can communicate with each other.
- Hosts in VLAN1 can access internet.
- Hosts in VLAN2 can NOT access internet.
Please make the following changes in your configuration:
no ip nat pool InSayne 172.16.1.1 172.16.1.255 prefix-length 24
no access-list 10 permit 172.16.2.0 0.0.0.255
no access-list 10 permit 172.16.1.0 0.0.0.255
no ip access-group 10 in
Here's what the config should look like :
ip dhcp excluded-address 172.16.1.1
ip dhcp excluded-address 172.16.1.2 172.16.1.99
ip dhcp excluded-address 172.16.2.1
ip dhcp excluded-address 172.16.2.2 172.16.2.99
ip dhcp pool InSayne
network 172.16.1.0 255.255.255.0
ip dhcp pool InSayneX
network 172.16.2.0 255.255.255.0
ip address dhcp
ip nat outside
no ip address
encapsulation dot1Q 1 native
ip address 172.16.1.1 255.255.255.0
ip nat inside
encapsulation dot1Q 2
ip address 172.16.2.1 255.255.255.0
ip access-group VLAN2_NoiNet in
ip nat inside source list 50 interface FastEthernet0/0 overload
ip http server
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip access-list extended VLAN2_NoiNet
permit ip any 172.16.1.0 0.0.0.255
permit ip any host 172.16.2.1
permit udp any any eq bootps
access-list 50 permit 172.16.1.0 0.0.0.255
No other manually configured commands should be there which may affect the working.
BTW, the problem was the access-list on int fa0/0.2 which was blocking DHCP messages from going through.
I have thoroughly tested this configuration multiple times and it works as expected.
Let me know how this goes.
Here's the DHCP configuration:
Router(config)# ip dhcp excluded-address 192.168.1.1
ip dhcp pool InSayne
Router(dhcp-config)#network 192.168.1.1 255.255.255.0
dns-server 22.214.171.124 126.96.36.199
Router(config)# no ip dhcp conflict logging
Configure static IP 192.168.1.1 255.255.255.0 on fa0/1.
Now, the client computers should be able to receive the IP address, default gateway as well as the DNS server IP from the router. You may remove the static DNS 188.8.131.52 assigned on the computer.
Let us know how it goes.
Sounds great. For the DNS as a temporary workaround configure 184.108.40.206 as your DNS on the coumpter(s). I'll check how we can push the DNS onto the clients and will get back to you.
Let me know if the workaround works for you.
Please do remember to rate the posts, if these were helpful.
This looks good. I forgot to ask if you are able to ping the radius server from the router? Lets try this now:
- Assign static IP on fa0/1
ip address 10.1.2.1 255.255.255.0
Connect this interface to the computer and assign 10.1.2.2 255.255.255.0 on the computer. Also, configure 10.1.2.1 as the default gateway on the computer.
Now try pinging the radius server or connecting to the radius server from the computer. If successfull, see if you can get on to the internet.
Looking forward to your response.
RIP or any other dynamic routing protocol is certainly not needed in this setup. Also, if it was, you won't have been able to go online by connecting your computer directly.
Anyways, I would suggest some very basic stuff here. First off, we need to determine if the fa0/0 interface on the router is good. It's weird that we are unable ping anything from the router (with just the IP address and the default route configured), however, the same works when we plug in the computer directly. I don't suspect it could be an access-list as we have already erased the config. So, lets just follow the steps below in the same order and see what we infer.
1. Erase the config on the router. (I know we have done it before but, just don't want to take any chance here and miss on something). Reload the router and do NOT save the changes.
2. Assign static IPs on fa0/0 (10.1.1.1/24) and on fa0/1 (10.1.2.1/24).
3.Connect the router fa0/0 to the computer (use cross-over cable if connecting directly or a straight through if using a switch).
4. Assign static IP (10.1.1.2/24) on the computer and ping the router fa0/0 and vice versa.
Next, unplug the ethernet cable from fa0/0 and plug it in fa0/1. Assign static IP (10.1.2.2/24) on the computer and ping the router fa0/1 and reverse.
If you face any problem pinging the computer check for any firewall software running in the background.
If all the ping tests are successfull, we know the interfaces are good.
5. Connect the computer to the ISP directly (without any router) and configure it to obtain IP from DHCP. Now, ping 220.127.116.11 or any other public IP. Also try your default gateway. If you are able to ping a public IP move to the next step.
6. Unconfigure the IP address on fa0/0 and fa0/1. Set fa0/0 to receive the IP from DHCP.
7. Connect the cable from the ISP to fa0/0. Wait until fa0/0 receives the IP.
8. Configure a default route:
ip route 0.0.0.0 0.0.0.0 fa0/0
9. Check fa0/0 status using - 'show ip int brief'. It should have an IP address assigned from the DHCP and should be up/up.
Check the routing table for the default route - 'show ip route'.
10. If fa0/0 is good and the default route is there, ping the same public IP address which you were able to reach from the computer when it was connected directly.
Ping the IP from the router console.
To summarize, we have made just 2 changes to the default configuration on the router:
- Configured fa0/0 to obtain an IP from the DHCP (which is our ISP).
- Added a default route pointing to fa0/0
Now, this is same as connecting the computer directly to the ISP and logically should work.
Please follow the exact sequence and post the results (not necessarily outputs) for all the steps.
I would be travelling this weekend but may respond if you can post the results today.