2900 router problems

Answered Question
Sep 12th, 2007
User Badges:

howdy. i'm fairly new to cisco stuff. i have an entire collection of cisco books, but i'm not too far in them. currently i'm deployed to iraq and one of my warrant officers here is a cisco instructor. i've learned some stuff from him and learned some stuff on my own. i've presented my situation to him, but it's extremely hard to learn from him in the first place because he's a little off the wall. but besides that, i don't know enough.


i'm a systems adminstrator here in iraq and head of the helpdesk. i've been in IT for over 20 years. i have experience, just not when it comes to this.


so enough of the intro. we have the internet here in our rooms that we pay way too much for. there is one cable for my roommate and myself. we sign into a radius server with a 24 hour lease. the ip addresses are obviously assigned via dhcp. the cable from our room runs to a "dumb" switch. from the switch, a cat5 runs to a line of site radio that shoots to their office down the road. from there they host the internet via satellite obviously.


currently i have a linksys wrt300 acting as my router with the antennas disabled. i need to send this router home to my wife, so my whole grand plan for this expensive router is only to catch the outside ip address given by my isp, and run a dhcp server to host my inside lan. on this switch there are, of course, 2 built-in fastethernet interfaces, a t1/dsu port on the serial interface, and something else that says t1 on the voice interface.


i've tried a few things. i've created an access list, configured nat on the 2 fe interfaces, and semi-setup the dhcp. i have a few problems. obviously, i can't pull up a webpage. i don't receive ping from everything, even from the router console. for instance yahoo.com i cannot receive a ping from. even the default gateway for the isp i can't receive a ping from. but i've randomly pinged a few ips here from behind their radio. another problem is i don't know how to get dhcp to push itself (192.168.1.1) as the gateway down to the computer connected to it. i have to set it manually.


a few other problems that don't really regard the internet side of my problem is somehow i must have fat-fingered my password when i initially set it up, so i had to follow the recovery instructions at cisco.com. since then, the router won't hold a password when it reboots. show config shows the password, but it still doesn't hold. another thing is dir doesn't show anything other than a .bin file. i don't remember which one, but it isn't my ios.


i know this is quite a lot for one post, but i would definately appreciate some help.



thomas

Correct Answer by vaisharm about 9 years 7 months ago

Thomas, I just got done with recreating your issue. The setup is working as desired and I have narrowed down to the problem.


- int fa0/0 on the router is getting IP from the DHCP.

- sub-if fa0/0.1 and sub-if fa0/0.2 are being used for inter-VLAN routing.

- Hosts in VLAN1 on the switch are getting IP address from 172.16.1.0 range (exclusions are taken care of).

- Hosts in VLAN2 on the switch are getting IP address from 172.16.2.0 range (exclusions are taken care of).

- Hosts in VLAN1 and VLAN2 can communicate with each other.

- Hosts in VLAN1 can access internet.

- Hosts in VLAN2 can NOT access internet.


Please make the following changes in your configuration:


no ip nat pool InSayne 172.16.1.1 172.16.1.255 prefix-length 24

no access-list 10 permit 172.16.2.0 0.0.0.255

no access-list 10 permit 172.16.1.0 0.0.0.255


interface FastEthernet0/1.2

no ip access-group 10 in


Here's what the config should look like :


---------

!

!

ip dhcp excluded-address 172.16.1.1

ip dhcp excluded-address 172.16.1.2 172.16.1.99

ip dhcp excluded-address 172.16.2.1

ip dhcp excluded-address 172.16.2.2 172.16.2.99

!

ip dhcp pool InSayne

network 172.16.1.0 255.255.255.0

default-router 172.16.1.1

!

ip dhcp pool InSayneX

network 172.16.2.0 255.255.255.0

default-router 172.16.2.1

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 172.16.1.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1.2

encapsulation dot1Q 2

ip address 172.16.2.1 255.255.255.0

ip access-group VLAN2_NoiNet in

!

ip nat inside source list 50 interface FastEthernet0/0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

!

!

ip access-list extended VLAN2_NoiNet

permit ip any 172.16.1.0 0.0.0.255

permit ip any host 172.16.2.1

permit udp any any eq bootps

access-list 50 permit 172.16.1.0 0.0.0.255

!

!

------------


No other manually configured commands should be there which may affect the working.


BTW, the problem was the access-list on int fa0/0.2 which was blocking DHCP messages from going through.


I have thoroughly tested this configuration multiple times and it works as expected.


Let me know how this goes.


-Vaibhav


Correct Answer by vaisharm about 9 years 8 months ago

Thomas,


Here's the DHCP configuration:



Router(config)# ip dhcp excluded-address 192.168.1.1

ip dhcp pool InSayne

Router(dhcp-config)#network 192.168.1.1 255.255.255.0

default-router 192.168.1.1

dns-server 208.67.222.222 208.67.220.220

exit

Router(config)# no ip dhcp conflict logging


-----------


Configure static IP 192.168.1.1 255.255.255.0 on fa0/1.


Now, the client computers should be able to receive the IP address, default gateway as well as the DNS server IP from the router. You may remove the static DNS 4.2.2.2 assigned on the computer.


Let us know how it goes.


-Vaibhav

Correct Answer by vaisharm about 9 years 8 months ago

Sounds great. For the DNS as a temporary workaround configure 4.2.2.2 as your DNS on the coumpter(s). I'll check how we can push the DNS onto the clients and will get back to you.


Let me know if the workaround works for you.


Please do remember to rate the posts, if these were helpful.


-Vaibhav

Correct Answer by vaisharm about 9 years 8 months ago

This looks good. I forgot to ask if you are able to ping the radius server from the router? Lets try this now:


- Assign static IP on fa0/1

int fa0/1

ip address 10.1.2.1 255.255.255.0

no shut


Connect this interface to the computer and assign 10.1.2.2 255.255.255.0 on the computer. Also, configure 10.1.2.1 as the default gateway on the computer.


Now try pinging the radius server or connecting to the radius server from the computer. If successfull, see if you can get on to the internet.


Looking forward to your response.


Correct Answer by vaisharm about 9 years 8 months ago

RIP or any other dynamic routing protocol is certainly not needed in this setup. Also, if it was, you won't have been able to go online by connecting your computer directly.


Anyways, I would suggest some very basic stuff here. First off, we need to determine if the fa0/0 interface on the router is good. It's weird that we are unable ping anything from the router (with just the IP address and the default route configured), however, the same works when we plug in the computer directly. I don't suspect it could be an access-list as we have already erased the config. So, lets just follow the steps below in the same order and see what we infer.


1. Erase the config on the router. (I know we have done it before but, just don't want to take any chance here and miss on something). Reload the router and do NOT save the changes.


2. Assign static IPs on fa0/0 (10.1.1.1/24) and on fa0/1 (10.1.2.1/24).


3.Connect the router fa0/0 to the computer (use cross-over cable if connecting directly or a straight through if using a switch).


4. Assign static IP (10.1.1.2/24) on the computer and ping the router fa0/0 and vice versa.


Next, unplug the ethernet cable from fa0/0 and plug it in fa0/1. Assign static IP (10.1.2.2/24) on the computer and ping the router fa0/1 and reverse.


If you face any problem pinging the computer check for any firewall software running in the background.


If all the ping tests are successfull, we know the interfaces are good.


5. Connect the computer to the ISP directly (without any router) and configure it to obtain IP from DHCP. Now, ping 4.2.2.2 or any other public IP. Also try your default gateway. If you are able to ping a public IP move to the next step.


6. Unconfigure the IP address on fa0/0 and fa0/1. Set fa0/0 to receive the IP from DHCP.


7. Connect the cable from the ISP to fa0/0. Wait until fa0/0 receives the IP.


8. Configure a default route:

ip route 0.0.0.0 0.0.0.0 fa0/0


9. Check fa0/0 status using - 'show ip int brief'. It should have an IP address assigned from the DHCP and should be up/up.


Check the routing table for the default route - 'show ip route'.


10. If fa0/0 is good and the default route is there, ping the same public IP address which you were able to reach from the computer when it was connected directly.


Ping the IP from the router console.


To summarize, we have made just 2 changes to the default configuration on the router:


- Configured fa0/0 to obtain an IP from the DHCP (which is our ISP).

- Added a default route pointing to fa0/0


Now, this is same as connecting the computer directly to the ISP and logically should work.


Please follow the exact sequence and post the results (not necessarily outputs) for all the steps.


I would be travelling this weekend but may respond if you can post the results today.


-Vaibhav

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (9 ratings)
Loading.
spremkumar Thu, 09/13/2007 - 01:33
User Badges:
  • Red, 2250 points or more

Hi


Regarding password issue do check out the config-register values.i think its still in the same recovery mode because of which its going back in loop.


You can verify the same using show version command and can find whether your register values are 0x2142.


Ideally it should be 0x2102 so that it doesnt go back to recovery mode again and again.


You can change the same using config-register 0x2102 and save the config.


To check out whether you have a valid ios code in your router you can check out using show flash.


Inline to your DHCP issues do post out the show version taken out from your box here so that it can be verified whether it can support the dhcp functionality.


Also Cisco 2900 boxes belongs to the switching products.


http://www.cisco.com/en/US/products/index.html



regds


sirEgGhEaD Thu, 09/13/2007 - 02:05
User Badges:

2900 was a typo. It's a 2600 series router. I have 2 2900 switches in there too, but i'm ok on the switches.

spremkumar Thu, 09/13/2007 - 02:12
User Badges:
  • Red, 2250 points or more

hi


did u try to set the password mechanism rite ?


also are you trying to configure this router as dhcp server as well as to recieved ip address on one interface from the radio link ?


regds




sirEgGhEaD Thu, 09/13/2007 - 02:15
User Badges:

yeah i'm sure i set it correctly. it asks me for a password until the router reboots. and this router doesn't have a radio. but yes, i want to configure a dhcp server for my internal lan off of one interface, and have another interface catch my outside ip. read my first post for full details.

sirEgGhEaD Thu, 09/13/2007 - 02:23
User Badges:

i've already done all that. the problem i stated in the first post wasn't that i was having problems getting the ip, nor was it pushing ips to my machines. it just won't push 192.168.1.1 as the default gateway. all the details are in my original post. there are approximately 3 more problems listed in that post also.

spremkumar Thu, 09/13/2007 - 02:25
User Badges:
  • Red, 2250 points or more

hi


do post show run/show version taken from your router


regds


sirEgGhEaD Thu, 09/13/2007 - 02:26
User Badges:

sure no problem. i'll be home in like an hour and a half and will post it.

sirEgGhEaD Thu, 09/13/2007 - 04:29
User Badges:

Router#show run

Building configuration...


Current configuration : 816 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

no network-clock-participate slot 1

no network-clock-participate wic 0

voice-card 1

!

ip subnet-zero

--More-- ip cef

!

!

no ip dhcp use vrf connected

!

!

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

!

!

!

!

!

controller T1 1/0

framing sf

--More-- linecode ami

!

!

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

no dce-terminal-timing-enable

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip classless

!

--More-- no ip http server

!

!

!

control-plane

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

!

!

end


Router#show config

Using 1677 out of 29688 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable password *********

!

no aaa new-model

!

resource policy

!

no network-clock-participate slot 1

no network-clock-participate wic 0

voice-card 1

!

ip subnet-zero

--More-- ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool InSayne

host 192.168.1.100 255.255.255.0

client-identifier 0100.1a92.835c.22

dns-server 192.168.1.1

client-name insayne

!

!

ip domain name insaynelan.net

frame-relay switching

no ftp-server write-enable

!

!

!

!

!

!

!

--More-- !

!

!

!

!

!

!

controller T1 1/0

framing sf

linecode ami

!

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

shutdown

duplex auto

speed auto

!

interface Serial0/0

ip address 192.168.1.1 255.255.255.0

shutdown

--More-- no dce-terminal-timing-enable

!

interface FastEthernet0/1

ip address 192.168.1.10 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip default-gateway 192.168.1.1

ip classless

!

no ip http server

ip nat pool ovrld 192.168.1.1 192.168.1.200 prefix-length 24

ip nat pool InSayne 192.168.1.96 192.168.1.127 prefix-length 24

ip nat inside source list 15 interface FastEthernet0/1 overload

ip nat outside source list 15 interface FastEthernet0/0

!

access-list 15 permit 192.168.1.96 0.0.0.31

!

!

control-plane

!

!

--More-- !

!

!

!

!

gateway

timer receive-rtp 1200

!

banner motd ^C

Welcome to InSayne LAN!

Obey the rules or pay the price!

Enjoy!

^C

!

line con 0

exec-timeout 0 0

password *********

logging synchronous

login

line aux 0

line vty 0 4

password *********

login

--More-- !

!

end


Router#

Marcus.Tomlinson Sun, 09/16/2007 - 02:30
User Badges:

inside of your dhcp pool you don't have a default gateway designated. maybe you don't need one, but i have always put it in mine.


syntax is; default-gateway 192.168.1.1


what fob are you at?

sirEgGhEaD Mon, 09/17/2007 - 12:11
User Badges:

i've tried that command, but 192.168.1.1 still doesn't get pushed out to my machines as the default gateway.


i am in camp warrior(old chuville) on al asad.

sirEgGhEaD Wed, 09/19/2007 - 05:41
User Badges:

any idea why my config doesn't save when i reboot? i'm showing all my configs in show config, but not show run

Kevin Dorrell Wed, 09/19/2007 - 05:45
User Badges:
  • Green, 3000 points or more

copy run start


But I am guessing you can see your changes in show run but not in show conf


Kevin Dorrell

Luxembourg

vaisharm Wed, 09/19/2007 - 23:04
User Badges:
  • Cisco Employee,

Please check the last line for 'show version' command. If its 0x2142, the router wont hold the config on reboot. It needs to be changed to 0x2102.


router#conf t

router(config)#config-register 0x2102

router(config)#exit


Now if you do show version the last line would say that the configuration-register would be set to 0x2102 on next reload. The next time when you reload, the config would be there.


Here's what the two config register values mean:

0x2142 - Boot from Flash, *Ignore NVRAM*, Ignore break, Boot into ROM if initial boot fails, Console baud rate 9600

0x2102 - Boot from Flash, Ignore break, Boot into ROM if initial boot fails, Console baud rate 9600


The startup-config is saved in NVRAM, if the config resiter is 0x2142, the NVRAM would be ignored on boot-up and the startup-config would not be loaded into the DRAM.


-Vaibhav

sirEgGhEaD Thu, 09/20/2007 - 04:42
User Badges:

awesome. i'd tried copy run config before. still did no good. changing the config register did. i'd just realized that spremkumar had mentioned that in his first post. but that did it. thanks again.


so any ideas on how to get my router to cooperate with the inet around here? i don't want anything fancy, just operation.


thomas

vaisharm Thu, 09/20/2007 - 05:55
User Badges:
  • Cisco Employee,

Thomas,


From the configuration I see that you have 192.168.1.1 assigned on Serial0/0. I thought 192.168.1.1 was your DHCP server on the lan? Are you trying to use this router as a DHCP server?


Please answer the following questions to better understand the problem:


- What would this Cisco 2600 router connect to on the outside (for internet) and using which interface?


- If a static IP is not assigned, is the Cisco 2600 successfully receiving the IP from the DHCP server/remote end? If yes, what's the IP?


- Will the remote source provde a dynamic IP to this Cisco 2600? If not, then what's the static IP on the remote/local end?


- Would you connect to this router directly or via switch?


- Are you able to ping the remote device or your public IP from the router?


There are some conflicting/missing details and the above information should be helpful in moving further.


- Vaibhav

sirEgGhEaD Thu, 09/20/2007 - 06:37
User Badges:

yeah i guess i made a mistake. i've typed that config so many times just messing with it. but yes, i would like fa0/1 my internal lan with an address of 192.168.1.1 and of course my machines on that lan with addresses assigned via a dhcp server.


yeah, my router is receiving the outside ip successfully via dhcp. it's a 10.68.3 address. changes a lot. right now it's .28.


i will be connecting to the router via a 2900 series cisco switch.


no, i'm not able to ping much of anything. i was able to ping a 10.68.3 address once. but never .1(the gateway assigned by the isp).


hopefully this answered your questions pretty well. if you need any more info, i'll be happy to provide it. thanks for all the help.


thomas

sirEgGhEaD Thu, 09/20/2007 - 06:50
User Badges:

i figured i'd post a copy of the log i got 2 nights ago when i was messing around with a fresh config and a few pings. 192.168.1.102 is another machine on my internal net.


show run

Building configuration...


Current configuration : 1243 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname InSayneRouter

!

boot-start-marker

boot-end-marker

!

enable password cisco

!

no aaa new-model

!

resource policy

!

no network-clock-participate slot 1

no network-clock-participate wic 0

voice-card 1

!

--More-- ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.100 192.168.1.199

!

ip dhcp pool 1

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

!

no ip domain lookup

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

--More-- !

!

!

!

!

controller T1 1/0

framing sf

linecode ami

!

!

!

interface FastEthernet0/0

description DaInet

ip address dhcp

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

no dce-terminal-timing-enable

!

interface FastEthernet0/1

--More-- description MyNet

ip address 192.168.1.1 255.255.255.0

duplex auto

speed auto

!

router rip

version 2

network 10.0.0.0

network 192.168.1.0

no auto-summary

!

ip classless

!

no ip http server

!

snmp-server community public RO

!

!

control-plane

!

!

!

!

--More-- !

!

!

banner motd ^CWelcome To InSayne LAN!

Obey the rules or pay the price!

Enjoy!^C

!

line con 0

line aux 0

line vty 0 4

!

!

end


InSayneRouter#ping 192.168.1.102


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.102, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

InSayneRouter#ping 10.3.68.28


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.3.68.28, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

InSayneRouter#ping 10.3.68.28 1


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.3.68.1, timeout is 2 seconds:

UUUU.

Success rate is 0 percent (0/5)

InSayneRouter#ping 10.3.68.1 yahoo.com

Translating "yahoo.com"

% Unrecognized host or address, or protocol not running.


InSayneRouter#ping yahoo.com 80.67.87.23


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 80.67.87.23, timeout is 2 seconds:

UUUUU

Success rate is 0 percent (0/5)

InSayneRouter#

vaisharm Thu, 09/20/2007 - 06:53
User Badges:
  • Cisco Employee,

Okay, so you have a DHCP server in your lan (192.168.1.x). Let's do this first.


- Connect your machine/laptop directly in place of the router and see if you are able to get on to the internet or ping your DG or try 4.2.2.2. If yes, move to the next step. Else, the problem is not with the router.


- Take out all your existing configuration.

router#wr erase

router#reload (do NOT save the changes)


- Once the router is up, configure fa0/0 to receive IP from the DHCP. After the interface successfully receives the IP, try pinging the gateway, 4.2.2.2 or any other public IP.


If this works, we will then work on the local DHCP part.



Please try the above and let us know the results.


-Vaibhav

sirEgGhEaD Thu, 09/20/2007 - 08:56
User Badges:

ok, i unplugged my inet cable from my linksys wrt 300 and plugged it into fa0/0 of my 2600. then i unplugged my computer from the 2900 switch and plugged it into fa0/1. from there i went to my command prompt and tried a few pings with no success. so i consoled to my router and tried a few pings with the same results. (note that all previous pings posted have been from console) next i wr erase and reload without running initial config. from there, i have a log:


Router>en

Router#conf t

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#int fa0/0

Router(config-if)#

%Error opening tftp://10.3.68.1/cisconet.cfg (Timed out)

Router(config-if)#ip address dhcp

Router(config-if)#no shut

Router(config-if)#exit

Router(config)#exit

Router#

*Aug 2 03:47:19.320: %SYS-5-CONFIG_I: Configured from console by console

Router#ping

*Aug 2 03:47:21.828: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 10.3.68.30, mask 255.255.255.0, hostname Router

yahoo.com

Translating "yahoo.com"...domain server (255.255.255.255)

% Unrecognized host or address, or protocol not running.


Router#ping 4.2.2.2


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

UU.UU

Success rate is 0 percent (0/5)

Router#ping 80.67.87.23


Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 80.67.87.23, timeout is 2 seconds:

U

%Error opening tftp://10.3.68.1/router-confg (Timed out).U.U

Success rate is 0 percent (0/5)

Router#


note that pings are still from the console. a couple of other notes. i plugged my machine and the inet cable back into my linksys and logged into the isp's radius server, then quickly switched cables again and retried the pings with the same results, also trying to ping 10.3.68.1. one other thing is i know the isp is running a cisco 2800.


thanks again for the help


thomas

vaisharm Thu, 09/20/2007 - 09:19
User Badges:
  • Cisco Employee,

Are we able to ping the same IP addreses when connected using linksys wrt 300? May be ICMP is being blocked somewhere.

Can you get on to the internet using the linksys box?


Also, it looks like its an ethernet cable (RJ45 port) which plugs into your router from the ISP. If that's the case, I am assuming your router is only being used to NAT or lets say as a firewall to segregate your LAN from the internet and no special configuration (like for ISDN/ADSL/DSL) is needed? In this scenario, we should be able to plug-in the computer directly to the inet cable and get on to the internet? Does that work for you?


Also, what credentials are passed on to the radius for access. I din't see anything for radius in your config. Or is it just some web based authentication? Can you ping the radius through or from any of the routers?


-Vaibhav

vaisharm Thu, 09/20/2007 - 09:33
User Badges:
  • Cisco Employee,

Thomas, the log that you have provided, was it captured after the configuration was erased and router rebooted or before the erase and reboot. The right sequence is :


- erase config

- reload without saving changes

- exit out of initial configuration setup

- enable fa0/0 to receive IP from DHCP.

- after fa0/0 is up/up (show ip int brief), and the IP is assinged, ping the ISP edge and 4.2.2.2


-Vaibhav

sirEgGhEaD Thu, 09/20/2007 - 09:42
User Badges:

yeah, i can get online using my linksys. and also yes, i can plug the inet cable directly to my computer to connect.


the log was taken directly after i erased my config, reloaded my router and exited from the initial config.


the log shows me typing enable, then configing my fa0/0 and trying a ping.


sorry the replies are so slow. my speed drops to below 1k/s during peak hours.


after fa0/0 is up and i get a good ip, i still can't ping anything. also note that i cannot ping 10.68.3.1 even with a good working inet config on my linksys. i can however with my working config ping 80.67.87.23 which is yahoo. but i cannot ping it from my 2600

vaisharm Thu, 09/20/2007 - 10:03
User Badges:
  • Cisco Employee,

You've mentioned 10.68.3.1 is your DG. Is this a typo? Looks like the correct IP should be in the 10.3.68.0 network. I see this in the following log:


*Aug 2 03:47:21.828: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/0 assigned DHCP address 10.3.68.30, mask 255.255.255.0, hostname Router


Please try pinging 10.3.68.1 instead.


If you have access to your linksys router GUI, you can find the exact default gateway/DNS, etc.


If 10.3.68.1 is your default gateway (ie. your next hop for internet), include the following command in the config:


ip route 0.0.0.0 0.0.0.0 10.3.68.1


Once you have this in the configuration try pinging 80.67.87.23 or 4.2.2.2


Please include "show ip route' output, if you are still unable to ping.

sirEgGhEaD Thu, 09/20/2007 - 10:38
User Badges:

for your question earlier, the radius login is web-based.


yeah, that was a typo. i'm sick with the flu right now and am prone to more mistakes. :o(


from my linksys running dd-wrt v24

dg is 10.3.68.1

dns1 is 208.67.222.222

dns2 is 208.67.220.220


tried ip route 0.0.0.0 0.0.0.0 10.3.68.1 on my 2600 and pinging the same set of ips again with no luck.

vaisharm Thu, 09/20/2007 - 10:49
User Badges:
  • Cisco Employee,

This is really strange, we haven't been able to ping anything from this router.

The simplest test would be to ping anything that you are able to ping when you connect your computer directly without any router.


On the 2600, modify the current default route:


router(config)# no ip route 0.0.0.0 0.0.0.0 10.3.68.1

router(config)# ip route 0.0.0.0 0.0.0.0 fa0/0


Can you please forward the following outputs:


show ip route

trace route 10.3.68.1

trace route 80.67.87.23


Use ctrl+shift+6+x to break out of trace if you start seeing * (asterisks).


sirEgGhEaD Thu, 09/20/2007 - 11:07
User Badges:

i'm afraid the traces from my 2600 won't be of much help. but here it is nonetheless. also, once i plugged back into my linksys, i pulled the same traces from my pc and they are posted after the 2600 results.


Router#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route


Gateway of last resort is 10.3.68.1 to network 0.0.0.0


10.0.0.0/24 is subnetted, 1 subnets

C 10.3.68.0 is directly connected, FastEthernet0/0

S* 0.0.0.0/0 [1/0] via 10.3.68.1

Router#traceroute 10.3.68.1


Type escape sequence to abort.

Tracing the route to 10.3.68.1


1 * ? ?

2 ? * ?

3 ? ? ?

4 ? ? *

5 ? ? ?

6 * * *

7 * ? ?

8 * ? *

9 * ? *

10

Router#traceroute 80.67.87.23


Type escape sequence to abort.

Tracing the route to 80.67.87.23


1 10.3.68.1 32 msec 101 msec 104 msec

2 ? ? ?

3 ? ? ?

4 * ? ?

5 ? * ?

6 ? ?

Router#


Tracing route to 10.3.68.1 over a maximum of 30 hops


1 <1 ms <1 ms <1 ms InSayneLAN [192.168.1.1]

2 71 ms * * 10.3.68.1

3 * * * Request timed out.

4 * * * Request timed out.

5 * * * Request timed out.

6 ^C


Tracing route to 80.67.87.23 over a maximum of 30 hops


1 <1 ms <1 ms <1 ms InSayneLAN [192.168.1.1]

2 84 ms * 78 ms 10.3.68.1

3 79 ms 77 ms 82 ms 213.255.230.129

4 * * 599 ms gw-lsv.sky-vision.net [217.194.128.37]

5 628 ms 619 ms 635 ms rs1.afl.sky-vision.net [217.194.129.3]

6 614 ms 592 ms 615 ms 217.194.135.142

7 604 ms 601 ms 637 ms 80.120.208.129

8 * 602 ms 661 ms 195.3.118.113

9 587 ms 594 ms 634 ms 195.3.70.106

10 691 ms * 650 ms vix1.interoute.net [193.203.0.106]

11 * 637 ms 642 ms po9-0.vie-per-access-3.interoute.net [212.23.43.

21]

12 670 ms * * gi3-0.fra-006-core-1.interoute.net [212.23.43.9]


13 630 ms * 668 ms po10-0.lon-wal-core-2.interoute.net [212.23.42.1

58]

14 664 ms 639 ms 677 ms 217.118.119.34

15 638 ms 623 ms 642 ms 84.233.153.126

16 646 ms 634 ms 609 ms 80.67.87.23


Trace complete.


also, i have a packet sniffer here that i was running the other night if that would be of some use. i think i remember seeing some rip v2 in there...

sirEgGhEaD Thu, 09/20/2007 - 11:16
User Badges:

i just sifted through the sniff results from the other night and didn't see the rip reference in there. i guess i was mistaken.

sirEgGhEaD Thu, 09/20/2007 - 13:21
User Badges:

it's 1:30 in the morning over here. i'm off to bed for the night. i'll check back in same time tomorrow after work. thanks a million for all the help. hope you're around tomorrow.


take care,

thomas

Correct Answer
vaisharm Thu, 09/20/2007 - 23:16
User Badges:
  • Cisco Employee,

RIP or any other dynamic routing protocol is certainly not needed in this setup. Also, if it was, you won't have been able to go online by connecting your computer directly.


Anyways, I would suggest some very basic stuff here. First off, we need to determine if the fa0/0 interface on the router is good. It's weird that we are unable ping anything from the router (with just the IP address and the default route configured), however, the same works when we plug in the computer directly. I don't suspect it could be an access-list as we have already erased the config. So, lets just follow the steps below in the same order and see what we infer.


1. Erase the config on the router. (I know we have done it before but, just don't want to take any chance here and miss on something). Reload the router and do NOT save the changes.


2. Assign static IPs on fa0/0 (10.1.1.1/24) and on fa0/1 (10.1.2.1/24).


3.Connect the router fa0/0 to the computer (use cross-over cable if connecting directly or a straight through if using a switch).


4. Assign static IP (10.1.1.2/24) on the computer and ping the router fa0/0 and vice versa.


Next, unplug the ethernet cable from fa0/0 and plug it in fa0/1. Assign static IP (10.1.2.2/24) on the computer and ping the router fa0/1 and reverse.


If you face any problem pinging the computer check for any firewall software running in the background.


If all the ping tests are successfull, we know the interfaces are good.


5. Connect the computer to the ISP directly (without any router) and configure it to obtain IP from DHCP. Now, ping 4.2.2.2 or any other public IP. Also try your default gateway. If you are able to ping a public IP move to the next step.


6. Unconfigure the IP address on fa0/0 and fa0/1. Set fa0/0 to receive the IP from DHCP.


7. Connect the cable from the ISP to fa0/0. Wait until fa0/0 receives the IP.


8. Configure a default route:

ip route 0.0.0.0 0.0.0.0 fa0/0


9. Check fa0/0 status using - 'show ip int brief'. It should have an IP address assigned from the DHCP and should be up/up.


Check the routing table for the default route - 'show ip route'.


10. If fa0/0 is good and the default route is there, ping the same public IP address which you were able to reach from the computer when it was connected directly.


Ping the IP from the router console.


To summarize, we have made just 2 changes to the default configuration on the router:


- Configured fa0/0 to obtain an IP from the DHCP (which is our ISP).

- Added a default route pointing to fa0/0


Now, this is same as connecting the computer directly to the ISP and logically should work.


Please follow the exact sequence and post the results (not necessarily outputs) for all the steps.


I would be travelling this weekend but may respond if you can post the results today.


-Vaibhav

sirEgGhEaD Fri, 09/21/2007 - 05:24
User Badges:

everything worked pretty well until step 10.


first thing i did was wr erase, enter to confirm. then reload, no to save changes. after boot, enter to get started, no to initial config, yes i'm sure.

en

conf t

int fa0/0

ip address 10.1.1.1 255.255.255.0

no shut

exit

int fa0/1

ip address 10.1.2.1 255.255.255.0

no shut

exit

exit


assigned my computer nic 10.1.1.2 255.255.255.0, dg 10.1.1.1


plugged my pc into fa0/0

pinged 10.1.1.1 successfully from pc

pinged 10.1.1.2 successfully from console


unplugged cable from pc

assigned address 10.1.2.2 255.255.255.0, dg 10.1.2.1


plugged pc into fa0/1

pinged 10.1.2.1 successfully from pc

pinged 10.1.2.2 successfully from console


unplugged cable from pc

nic to automatic config


plugged in isp cable

logged into radius server

pinged 4.2.2.2 successfully

pinged 10.3.68.1 with 1 packet returned with 4 retries

(radius server only allows 1 mac on the account, so i log back off here)

i try pinging random 10.3.68 addresses until i get a result from .24

i ping it several times to be sure


then i conf t

int fa0/0

ip address dhcp

exit

ip route 0.0.0.0 0.0.0.0 fa0/0


plug my isp cable into fa0/0

wait for ip

show ip int brief

fa0/0 shows 10.3.68.29 yes dhcp up up

show ip route

shows C on fa0/0 and S on 0.0.0.0 i think

i try pinging 10.3.68.24 with no result

i worked my way up to .55 with no result


note that i cannot ping anything else without logging into radius server and i cannot log ingo radius server and then plug cable into router because of mac.

Correct Answer
vaisharm Fri, 09/21/2007 - 06:32
User Badges:
  • Cisco Employee,

This looks good. I forgot to ask if you are able to ping the radius server from the router? Lets try this now:


- Assign static IP on fa0/1

int fa0/1

ip address 10.1.2.1 255.255.255.0

no shut


Connect this interface to the computer and assign 10.1.2.2 255.255.255.0 on the computer. Also, configure 10.1.2.1 as the default gateway on the computer.


Now try pinging the radius server or connecting to the radius server from the computer. If successfull, see if you can get on to the internet.


Looking forward to your response.


sirEgGhEaD Fri, 09/21/2007 - 08:22
User Badges:

YES!! that worked like a charm! only thing is dns now. only ips are working with that.


by the way, the dg and radius are same ip...

Correct Answer
vaisharm Fri, 09/21/2007 - 08:46
User Badges:
  • Cisco Employee,

Sounds great. For the DNS as a temporary workaround configure 4.2.2.2 as your DNS on the coumpter(s). I'll check how we can push the DNS onto the clients and will get back to you.


Let me know if the workaround works for you.


Please do remember to rate the posts, if these were helpful.


-Vaibhav

sirEgGhEaD Fri, 09/21/2007 - 09:11
User Badges:

working just fine. one odd thing i noticed though. i logged into radius and it said my address is .32 yet my router still shows .29.


and i will most definately rate the posts. they were oustanding. i would just like to wait until a bit later in the night when the speed picks up a bit


thanks for all the help,

thomas

Correct Answer
vaisharm Fri, 09/21/2007 - 10:00
User Badges:
  • Cisco Employee,

Thomas,


Here's the DHCP configuration:



Router(config)# ip dhcp excluded-address 192.168.1.1

ip dhcp pool InSayne

Router(dhcp-config)#network 192.168.1.1 255.255.255.0

default-router 192.168.1.1

dns-server 208.67.222.222 208.67.220.220

exit

Router(config)# no ip dhcp conflict logging


-----------


Configure static IP 192.168.1.1 255.255.255.0 on fa0/1.


Now, the client computers should be able to receive the IP address, default gateway as well as the DNS server IP from the router. You may remove the static DNS 4.2.2.2 assigned on the computer.


Let us know how it goes.


-Vaibhav

sirEgGhEaD Fri, 09/21/2007 - 10:55
User Badges:

thanks. i'll check that out here in a bit. i have a slight problem. my roommate just woke up and i configured his 2 pcs to work on the router with the temp, and when i accessed a webpage, it sent me to the radius login. it works fine until another computer tries to access something. then it send everyone back to the radius login. as long as only one computer is in use on the net, it's fine. when more than one are in use, it shoots to the radius login. not very nice. :o(

sirEgGhEaD Fri, 09/21/2007 - 11:47
User Badges:

i have another problem. ever since i changed the net config to 192.168.1 i can't access anything on fa0/0 anymore. not even by ip address. it's back to doing what it was when i first started.

vaisharm Fri, 09/21/2007 - 16:49
User Badges:
  • Cisco Employee,

Im not sure if I understand you correctly. Do you mean, everything was working fine until fa0/1 was 10.1.2.1 and now with 192.168.1.1 it does not? Have you configured the dhcp commands on the router and is that working fine? Are the clients getting IP, DG and DNS IP? Did you make any other changes as well? Are there any other devices connected to the switch in 192.168.1.x network ?


Also, please try by removing the dhcp commands and see if that helps. What if we remove the dhcp commands but continue to use 192.168.1.x for the local network?


If the problem persists, attach 'show run' here.


-Vaibhav

sirEgGhEaD Fri, 09/21/2007 - 20:33
User Badges:

yeah, everything worked great until i configured it for 192.168.1.1 except for the problem i started having when i had more than one machine active on the net. yeah, the machines are getting all the info from dhcp. the only other change i made was the enable password. i have 3 computers that are running on that switch constantly. all pulling dhcp from my linksys router.


i'll remove the commands this evening when i get off work and post an update.


thanks again,

thomas

sirEgGhEaD Sat, 09/22/2007 - 04:49
User Badges:

i changed my dhcp to the 10.1.2 lan and it's working now. but i still have my other problem - when more than one computer is trying to access the internet, it sends us to the radius login screen. as long as one person doesn't touch the computer, the other can log into radius and surf freely. but once that other machine tries to access the inet, it sends us to the login. it almost sounds like their router is seeing our individual addresses and not the address caught by my router from dhcp.


speaking of that address...how can i release and renew the address caught by fa0/0? because every time i plug in, it catches .29 yet when i plug in with my computer or my other router, it will catch some other address. i just really don't want to cause an ip conflict on their net.


posted below is my current running-config:


InSayneLAN#show run

Building configuration...


Current configuration : 1093 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname InSayneLAN

!

boot-start-marker

boot-end-marker

!

enable password *********

!

no aaa new-model

!

resource policy

!

no network-clock-participate slot 1

no network-clock-participate wic 0

voice-card 1

!

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

no ip dhcp conflict logging

ip dhcp excluded-address 10.1.2.1

!

ip dhcp pool InSayne

network 10.1.2.0 255.255.255.0

default-router 10.1.2.1

dns-server 208.x.x.222 208.67.220.220

!

!

no ftp-server write-enable

!

!

!

!

!

!

!

!

!

!

!

!

!

!

controller T1 1/0

framing sf

linecode ami

!

!

!

interface FastEthernet0/0

ip address dhcp

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

no fair-queue

no dce-terminal-timing-enable

!

interface FastEthernet0/1

ip address 10.1.2.1 255.255.255.0

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

ip http server

!

!

!

control-plane

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

!

!

end


InSayneLAN#



thanks for all the help. hope you have a great weekend.


thomas

sirEgGhEaD Sat, 09/22/2007 - 07:03
User Badges:

i just removed all dhcp from my router and manually configed my pc to 192.168.1 net and set fa0/1 to .1 and i wasn't able to get anywhere. then i set fa0/1 to 172.16.1.1 and put my computer on that net, and i'm back to working. so obviously something is going on with 192.168 addresses. i configured dhcp for 172.16.1 net, logged into radius and hooked up another pc up to the network and tried browsing and got shot to the radius login again. same problem as on the 10.1.2 net.

sirEgGhEaD Sat, 09/22/2007 - 08:07
User Badges:

well i've alleviated my problem of allowing multiple computers on the net. i configured nat to an extent. i'm not too knowledgable on the whole overload concept. but this is what i added to my last posted config:


ip nat pool InSayne 172.16.1.1 172.16.1.255 prefix-length 24

ip nat inside source list 15 interface FastEthernet0/0 overload

!

access-list 15 permit 172.16.1.0 0.0.0.255



and then of course fa0/0 as outside and fa0/1 as inside. let me know if i'm missing something, and i'll keep you posted as to how well this works over the weekend.


thanks again!

thomas

vaisharm Mon, 09/24/2007 - 06:26
User Badges:
  • Cisco Employee,

Hey Thomas, I hope you had a nice weekend! I was traveling so couldn't reply earlier. Using NAT to fix the single host login problem is very logical. Your config looks fine. How has it been so far?


- Vaibhav

vaisharm Mon, 09/24/2007 - 06:27
User Badges:
  • Cisco Employee,


Hey Thomas, I hope you had a nice weekend! I was traveling so couldn't reply earlier. Using NAT to fix the single host login problem is very logical. Your config looks fine. How has it been so far?


- Vaibhav

sirEgGhEaD Mon, 09/24/2007 - 11:19
User Badges:

it's been great so far. i'm glad i finally got it taken care of. i really appreciate all the help though. i don't know why it didn't like the 192.168.1 net. how was your weekend?

vaisharm Mon, 09/24/2007 - 19:46
User Badges:
  • Cisco Employee,

Good to know that all's well. Weekend was good. I think there are some 192.168.1.x devices on any of the sides or some entires cached somewhere. In case you have the time and want to troubleshoot it, the best way would be to isloate the router and then add a device/client at a time.


Have a good one.


-Vaibhav

sirEgGhEaD Tue, 09/25/2007 - 04:13
User Badges:

i think i'll stick with the 172.16 net. would you mind helping me with one more thing before we finish up? i would like for the machines that i have here in my room to be on net 1 and other machines that i have cables running to outside this run to be on net 2. i only want net 1 to access the internet

vaisharm Tue, 09/25/2007 - 09:19
User Badges:
  • Cisco Employee,

By net 1 and 2 do you mean - 172.16.1.0/24 and 172.16.2.0/24 respectively? Well, you have a nat pool for 172.16.1.0/24 and if I am not mistaken even the DHCP is assigning IPs in the 172.16.1.0 network. If that's the case, any host on 172.16.2.0/24 should not be able to get on to the internet. However, if the configuration is different and if the hosts from the .2 network are able to get on to the internet, we can put an access list to block internet access for anything from the .2 network. Also let me know if the 172.16.2.0 network devices need to access the Cisco 2600 router for anything at all?


-Vaibhav

Actions

This Discussion