cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1003
Views
7
Helpful
8
Replies

Cisco 831 behind 2wire DSL router

holocrono
Level 1
Level 1

Hello all, first time using Cisco and I'm faily noobish so please bear with me.

I have a 2wire DSL multifunction unit and a Cisco 831 behind the 2wire. I'm having a problem getting the network running properly.

As currently configured, from the Cisco IOS I can ping any device local or internet, but from a host behind the Cisco I can only ping to the 2wire (192.168.1.254) but not past it. Traceroute from the host behind the Cisco also fails to return any hops past the 2wire.

I'm using static routes on both the 2wire and the Cisco, and static IP's on all devices (to keep it simple for now).

I attached a diagram of my network (it's very simple). Also attached is a copy of the 2wire's routing table. The only line I added in was the last one:

10.0.0.1 255.255.0.0 192.168.1.1 bridge0

The Cisco config.

---------------------------

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname X

!

boot-start-marker

boot-end-marker

!

enable secret 5 X

!

no aaa new-model

!

!

ip cef

ip name-server X

!

!

!

!

!

!

!

!

interface Ethernet0

ip address 10.0.0.1 255.255.0.0

!

interface Ethernet1

ip address 192.168.1.1 255.255.255.0

duplex auto

!

interface Ethernet2

no ip address

shutdown

!

interface FastEthernet1

duplex auto

speed auto

!

interface FastEthernet2

duplex auto

speed auto

!

interface FastEthernet3

duplex auto

speed auto

!

interface FastEthernet4

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 192.168.1.254

ip http server

no ip http secure-server

!

!

!

control-plane

!

!

line con 0

no modem enable

line aux 0

line vty 0 4

login

!

scheduler max-task-time 5000

end

------------------------------

Thanks in advance!!

-Vance

1 Accepted Solution

Accepted Solutions

noran01
Level 3
Level 3

The first question i have is, what is the Router-PT (2-Wire) doing? Does it NAT traffic outbound? If so, it might not have an entry for your 10.0.0.0/16 network; thats why you cannot get out.

View solution in original post

8 Replies 8

noran01
Level 3
Level 3

The first question i have is, what is the Router-PT (2-Wire) doing? Does it NAT traffic outbound? If so, it might not have an entry for your 10.0.0.0/16 network; thats why you cannot get out.

Thanks for the response.

I typo'd my original post.

There is a static route on the 2wire for the 10.0.0.0/16 network pointing at 192.168.1.1.

It is NATing outbound traffic.

I understand the route you have on the 2-wire (which makes sense and IS needed), but does this device allow the a source network of 10.0.0.0/16 to be NAT'd outbound? Usually, NAT ACL's only allow your local internal subnets. If you are adding this network you will have to adjust the configuration.

This could very well be the problem. I saw no configuration option on the 2wire for setting ACLs (not a Cisco issue I know).

Hypothetically, if this configuration isn't possible, could I have the 831 NAT the 10. network?

Am I even on the right track here?

You _could_ in theory NAT the 10.0.0.0/16 network to 192.168.1.x (you could use PAT on the 8310 192.168.1.1 interface), but this would be NAT'ing traffic 2x, which wold cause more work down the line in the event you needed to grant access to your internal network (you would have to setup rules 2x as well on each device).

I would recommend getting onto the Router-PT (2-Wire) to have them add you 10.0.0.0/16 subnet for NAT.

I'll look into that 2wire config to see if this is even possible.

Thanks for the suggestion, I'll be back on here to update this post with my results.

holocrono
Level 1
Level 1

According to ATT's excellent support dept, attaching a Cisco 831 behind a 2wire will damage either or both devices.... right.

So, long story short, I was told I could not configure the NAPT options on the 2wire apart from specifying which private range I want to use on the LAN.

eg.

192.168.0.0/255.255.0.0

172.16.0.0/255.255.0.0

10.0.0.0/255.255.0.0

A 4th option does let me specify the address and mask specifically but I assume it still has to be in the private blocks.

I wonder, could I use a VLSN on the internal LAN? Please correct me if I'm wrong, but wouldn't that allow me to subnet the 2wire-Cisco network? Then I could put one of the sub-subnets behind the Cisco?

holocrono
Level 1
Level 1

Solution Found.

Basically, CIDR/VLSM got me where I need to be.

I set the 2wire LAN port to 192.168.1.254/16. The outside of the Cisco got 192.168.1.1/16 and the inside got 192.168.200/17.

Added a static 0.0.0.0 0.0.0.0 192.168.1.254 to the Cisco and I'm in business.

Thanks for the suggestions!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco