2600 routing - desperate for help please

Unanswered Question
Jul 20th, 2008
User Badges:

my previous post of the 18th July produced no replies and I've been hammering at this for 3 days and getting nowehere so if anyone can help (this newbie) I'd be grateful.

Here is my setup:

small LAN of PC's all connected by cables to a hub, all set ip on 192.168.1.xx

Cisco 2615XM router also connected to hub on Fastethernet0/1, set as as 192.168.1.70, set as LAN

Cisco 2651XM Fastethernet0/0 port ip set port to 192.168.1.72 connected by cable to Cisco wireless access point (configured as a universal workgroup bridge).

The Cisco access point ip set at 192.168.1.66 is connected wirelessly to a non-cisco adsl router on the internet (default gateway 192.168.1.254).


I'm trying to get the PC's on the LAN to access the default gateway router so they can surf the internet but I'm stuck at the 2615XM router. The PC can see both FastEthernet ports but I can't get the PC to see either the cisco wireless access point on 192.168.1.66 or the adsl router on 192.168.1.254.

In SDM/Interfaces and Connections I did Test Connection but the test fails at Checking Exit Interface, the recommended actions say: 'Select User-Specified option or add host specific/network specific/default route through this interface and retest connection'. I've tried different things but I can't create the route so if anyone can help me put the right settings into SDM that'd be great. I can't connect the wireless access point to the hub because the wap is configured as a universal workgroup bridge and this setting only supports a sinle device connected, thus the single device has to be the 2651XM which should serve as a route for the PC's on the LAN.

I've read the doc at:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a008073e067.shtml but I get stuck at dynamic NAT. If I click RIP and then Edit the edit button just goes grey and the RIP stays disabled.

Thanks for any help.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tonyspcrepairs Mon, 07/21/2008 - 12:28
User Badges:

thanks for your response. I've tried to configure the 2651 based on the instruction here:

http://www.cisco.com/en/US/products/sw/secursw/ps5318/products_configuration_example09186a008073e067.shtml

two things I keep failing on :

1) the instructions for dynamic routing said to click RIP and click Edit, but when I click Edit the button just greys out and nothing happens. I don't know how to solve this.

2) I still get constant failure with 'Test Connection'. When it gets to testing exit interface it always fails to ping DNS server addresses. I don't know how to solve this.

and here is the config I saved after my efforts with the sdm interface:



!This is the running config of the router: 172.16.1.30

!----------------------------------------------------------------------------

!version 12.4

service config

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname vpn

!

boot-start-marker

boot-end-marker

!

no logging buffered

no logging console

enable secret 5 yyyyyyyyyyyy

enable password zzzzzzzzzzz

!

!

resource policy

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip subnet-zero

no ip routing

!

!

no ip dhcp use vrf connected

!

!

no ip cef

ip name-server 192.168.1.254

ip name-server 192.168.1.255

no ip ips deny-action ips-interface

ip ddns update method sdm_ddns1

DDNS both

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 172.16.1.30 255.255.0.0

ip helper-address 192.168.1.254

ip nat inside

ip virtual-reassembly

no ip route-cache

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

description $ETH-WAN$

ip ddns update hostname vpn.vpn

ip ddns update sdm_ddns1

ip address 192.168.1.70 255.255.255.0

ip nat outside

ip virtual-reassembly

no ip route-cache

speed auto

half-duplex

no cdp enable

no mop enabled

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 10.1.1.0 255.255.255.0 192.168.1.2

!

!

ip http server

no ip http secure-server

ip nat pool pool1 192.168.1.60 192.168.1.80 netmask 255.255.255.0

ip nat inside source static tcp 172.16.1.1 8080 192.168.1.3 80 extendable

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 172.16.0.0 0.0.255.255

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 172.16.0.0 0.0.255.255

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password xxxxxx

login

!

no process cpu extended

no process cpu autoprofile hog

!

end

a.alekseev Mon, 07/21/2008 - 12:43
User Badges:
  • Gold, 750 points or more

ip cef

ip routing

no ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 0.0.0.0 0.0.0.0 192.168.1.254

no ip nat pool pool1 192.168.1.60 192.168.1.80 netmask 255.255.255.0

ip nat inside source static tcp 172.16.1.1 8080 192.168.1.3 80 extendable

ip access-list ext NAT

deny ip host 172.16.1.30 any

permit ip 172.16.0.0 0.0.255.255 any

ip nat inside source list NAT int f0/1 overload

remove:-


ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 - this is not required, you want all traffic that the router does not have a connected interface to or static route point to. Also remove the static route ip route 10.1.1.0 255.255.255.0 192.168.1.2 - as if this subnet is connected to an interface - with the below config RIP will distribute it.


If you want rip, the paste the below on 2651 routers:-


router rip

version 2

network 172.16.1.0

network 192.168.1.0

no auto-summary


for the 2615 paste the below:-


router rip

version 2

network 10.1.1.0

network 192.168.1.0

no auto-summary


For any nertworks not directly connected to the ADSL router - you need to distibute a default route into rip - you could either run RIP on the ADSL box and distribute the default route from there - or redistribute from the 2651 - your choice.


HTH.


tonyspcrepairs Tue, 07/22/2008 - 02:02
User Badges:

thanks for your response. Following your guidelines I've had partial success, the PC could see the wap and the default gateway but couldn't surf the net (yet). At 1am in the morning I saved the config from SDM both to PC and to the router startup-config and then went to bed. But this morning on reboot of the router I've got nothing and CLI says ''loadprog: bad file magic number: 0x0, boot: cannot load "flash:" Oh dear, it seems something got corrupted so I will have to start right from the beginning. But when I've got it running again I'll be much closer to getting it working. Thanks again for your help.

tonyspcrepairs Wed, 07/23/2008 - 01:39
User Badges:

I'm back up and running (it took me 6 attempts to renew IOS and get out of rommon mode but hey, I'm good at that now ha ha).

I tried your config (earlier post) that went:

ip cef

ip routing

no ip route 0.0.0.0 0.0.0.0 FastEthernet0/1...

but I couldn't ping the wap or the dg with this. I concede that might be because my nic wasn't configured correctly and I'm a bit embarrassed to say I'm not sure how my nic settings should be properly config'd - I don't know what I should enter into the nic settings for DG and DNS 1 and 2. I've managed to bluff my way through these settings in the past but now I'm on 172.16.1.xxx with this 2651xm I'm unsure.


Also, I know my original config was messy but I did a bit more fumbling with it in SDM and I was then able to ping the wap and the gateway from the pc but I couldn't surf the internet.

Thanks for the tip regarding enabling RIP, that worked.

If you have any more ideas about tweaking the config you gave me earlier I look forward to your advice. I'm losing faith in sdm so if I could write a neat config that would enable the PC to see the wap and dg that would be a good step towards resolution.

Thanks and await yours.

tonyspcrepairs Wed, 07/23/2008 - 13:09
User Badges:

I've done it. I've finally got my PC's on the internet.

To answer your two questions, I have a small LAN of PC's (on 172.16.1.xx) that I needed to get on the internet. A cisco wap was also connected by cable to the LAN, configured as a universal wireless bridge, which then connected wirelessly to a non-cisco wireless adsl router (192.168.1.254). The router was connected to the internet.

My problem was that the wap would only connect to the router when set in universal wireless bridge mode because normal wireless bridge does not support connection to non-cisco devices. But univ wb mode only supports the connection of one PC, you can't connect multiple clients.

Therefore I had to make the 2651XM behave as if it was the one PC and route the lan through it. the LAN connected to F0/0 and the wap connected to F0/1.

Thanks very much for all your help with this andrew.


Here is the config that worked: (exported from SDM).

--------------------------



!This is the running config of the router: 172.16.1.30

!----------------------------------------------------------------------------

!version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname vpn

!

boot-start-marker

boot-end-marker

!

no logging buffered

no logging console

enable secret xxx

enable password harrycat

!

!

resource policy

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip subnet-zero

!

!

no ip dhcp use vrf connected

!

!

ip cef

ip name-server 192.168.1.254

ip name-server 192.168.1.255

no ip ips deny-action ips-interface

ip ddns update method sdm_ddns1

DDNS both

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0/0

ip address 172.16.1.30 255.255.0.0

ip nat inside

ip virtual-reassembly

speed auto

half-duplex

no mop enabled

!

interface FastEthernet0/1

description $ETH-WAN$

ip dhcp client update dns server none

ip ddns update hostname vpn.vpn

ip ddns update sdm_ddns1

ip address dhcp client-id FastEthernet0/1

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

router rip

version 2

network 172.16.0.0

network 192.168.1.0

no auto-summary

!

ip classless

!

!

ip http server

no ip http secure-server

ip nat inside source list 3 interface FastEthernet0/1 overload

!

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 172.16.0.0 0.0.255.255

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 192.168.1.0 0.0.0.255

access-list 3 remark SDM_ACL Category=2

access-list 3 permit 172.16.0.0 0.0.255.255

!

!

!

control-plane

!

!

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

password 2651

login

!

!

end

Actions

This Discussion