Cisco 2811 Configurations & Catalyst 2960

Unanswered Question

I'm currently running a Cisco 2811 router.

I managed to configure my FastEthernet0/0 able to access and ping to DNS servers and full access to the internet.

But when comes to my LAN network which is on FastEthernet0/1, when I use the test connection on SDM, it always says the DNS gateway not configured something like that.

But the fact is that I have configured the DNS and it worked for FastEthernet0/0. The same thing goes for my Catalyst 2960G switch. I'm unable to access internet from both FastEthernet0/1 and the switch.

Below is my configurations for both devices.

-----Cisco 2811 Router-----

version 12.4

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

no service password-encryption

service sequence-numbers

!

hostname PCSBRouter

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

enable secret xxx

enable password xxx

!

no aaa new-model

clock timezone PCTime 8

!

!

ip cef

!

!

ip name-server 202.x.0.133

ip name-server 202.x.1.5

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

!

voice-card 0

no dspfarm

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

ip tcp synwait-time 10

!

!

!

!

!

interface FastEthernet0/0

description $ETH-WAN$

ip address 219.x.x.202 255.255.255.252

duplex auto

speed auto

!

interface FastEthernet0/1

description $ES_LAN$$ETH-LAN$

ip address 192.x.x.1 255.255.0.0

no ip proxy-arp

ip nat inside

ip virtual-reassembly

duplex full

speed auto

!

interface BRI0/0/0

no ip address

encapsulation hdlc

shutdown

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 219.94.97.201

!

!

ip http server

no ip http secure-server

ip nat pool PCSB 192.9.200.1 192.9.255.255 netmask 255.255.0.0

!

logging trap debugging

!

!

!

!

control-plane

!

!

!

voice-port 0/1/0

!

voice-port 0/1/1

!

voice-port 0/2/0

!

voice-port 0/2/1

!

!

!

!

!

!

!

!

line con 0

line aux 0

line vty 0 4

password xxx

login

!

scheduler allocate 20000 1000

!

end

I need help for configuration of this router. I have no idea how I configured my previous Cisco 1841 and I maybe got it work by luck. I know I'm missing some settings. Now I can't up my company's network. Please help me out.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Below is the configuration for my Cisco Catalyst 2960G switch.

----Cisco Catalyst 2960G Switch----

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname PCSBSwitch

!

enable secret xxx

enable password xxx

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

!

ip domain-lookup source-interface GigabitEthernet0/1

ip name-server 202.188.0.133

ip name-server 202.188.1.5

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface GigabitEthernet0/5

!

interface GigabitEthernet0/6

!

interface GigabitEthernet0/7

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

!

interface GigabitEthernet0/25

!

interface GigabitEthernet0/26

!

interface GigabitEthernet0/27

!

interface GigabitEthernet0/28

!

interface GigabitEthernet0/29

!

interface GigabitEthernet0/30

!

interface GigabitEthernet0/31

!

interface GigabitEthernet0/32

!

interface GigabitEthernet0/33

!

interface GigabitEthernet0/34

!

interface GigabitEthernet0/35

!

interface GigabitEthernet0/36

!

interface GigabitEthernet0/37

!

interface GigabitEthernet0/38

!

interface GigabitEthernet0/39

!

interface GigabitEthernet0/40

!

interface GigabitEthernet0/41

!

interface GigabitEthernet0/42

!

interface GigabitEthernet0/43

!

interface GigabitEthernet0/44

!

interface GigabitEthernet0/45

!

interface GigabitEthernet0/46

!

interface GigabitEthernet0/47

!

interface GigabitEthernet0/48

!

interface Vlan1

ip address 192.9.200.2 255.255.0.0

no ip route-cache

!

ip default-gateway 192.9.200.1

ip http server

!

control-plane

!

!

line con 0

line vty 0 4

password peoplespg

login

line vty 5 15

password peoplespg

login

!

end

Posting both device configuration to let you guys see a clearer picture of my problem.

Jon Marshall Mon, 10/06/2008 - 17:39

ip nat pool PCSB 192.9.200.1 192.9.255.255 netmask 255.255.0.0

what is the above line doing in your config ?

Are you Natting your source IP addresses ie. on your router add

int fa0/0

ip nat outside

ip nat inside source list 101 interface fa0/0 overload

access-list 101 permit ip any any

Jon

Richard Burts Tue, 10/07/2008 - 03:17

I agree with Jon that the major problem is about translating the inside addresses. But there seem to be more complex design issues than just enabling address translation. Even though there is some attempt to hide parts of the address (ip address 192.x.x.1 255.255.0.0) it is pretty clear that the network is set up as 192.9.0.0/16 and is set up as 1 flat network. Where did these addresses come from?

Since 192.9.x.x is in public address space one might think that address translation is not necessary. But in fact 192.9.0.0/16 is a hugh supernet (class B) in the class C address space. So those addresses are almost certainly not registered to this company. While the configuration of the default routing will send traffic out to the Internet, the Internet routing table would not route any response back.

So my suggestion is that address translation is required and that the address pool that Jon mentions is not valid. I would suggest, like Jon, that PAT (translate with overload on the outside address) would be a more realistic solution than NAT with an address pool. So configure the PAT and remove the configuration of this pool of addresses (which just duplicates the range of inside addresses and is therefore useless).

HTH

Rick

Actions

This Discussion