WAN not working on a 1841

Unanswered Question
May 26th, 2009

Hello.

Having configured both fe0/0 (acting as lan, using dhcp) and fe0/1 (acting as wan) I cannot get the wan/internet to actually work.

Test setup:

RJ-45 between my VDSL modem and FE0/1.

RJ-45 (crossed) between my laptop and FE0/0.

The DHCP on FE0/0 is working fine.

Here's a snippet from my running-config:

!

ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 14.18.16.1 14.18.16.19

ip dhcp excluded-address 14.18.16.121 14.18.16.254

!

ip dhcp pool x

import all

network 14.18.16.0 255.255.255.0

dns-server x.x.x.x x.x.x.x

!

interface FastEthernet0/0

ip address 14.18.16.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address x.x.x.x 255.255.255.248

ip nat outside

duplex auto

speed auto

!

ip route 0.0.0.0 0.0.0.0 x.x.x.x

!

ip http server

ip nat inside source list 101 interface FastEthernet0/1 overload

!

access-list 101 permit ip 14.18.16.0 0.0.0.255 any

!

I have verified that my WAN ip, gateway and dns servers are correct.

Any help is appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
Loading.
Richard Burts Tue, 05/26/2009 - 03:57

Craig

You have told us that the WAN does not work. Some additional specifics would be very helpful:

- can the router ping its gateway address? (saying that you have verified that it is correct is not necessarily the same as can you ping it)

- is the next hop specified in the default route the gateway address and can the router ping that address?

- can the router ping resources in the Internet (can it ping by specifying the destination IP address and can it ping by name)?

- if you do an extended ping from the router to your PC and in the extended ping specify the source address as fa0/1 does the ping succeed?

I would suggest that you rewrite the NAT to use a standard access list, since you are not checking for any protocol ports and not checking for any destination address. It might look like this:

ip nat inside source list 10 interface FastEthernet0/1 overload

access-list 10 permit 14.18.16.0 0.0.0.255

HTH

Rick

cdavies74 Tue, 05/26/2009 - 04:06

Thanks for the quick reply Rick. Please do note that I'm a novice and your suggestions while very helpful, are a bit overwhelming. I am currently accessing the router through the Console port, using HyperTerminal. Should I use SSH instead?

- can the router ping its gateway address? (saying that you have verified that it is correct is not necessarily the same as can you ping it)

-- I'm unsure of how to do this. Can I ping from HyperTerminal doing "ping x.x.x.x"?

- is the next hop specified in the default route the gateway address and can the router ping that address?

-- You'll have to elaborate and explain this a bit further to me, sorry.

- can the router ping resources in the Internet (can it ping by specifying the destination IP address and can it ping by name)?

-- See my first reply.

- if you do an extended ping from the router to your PC and in the extended ping specify the source address as fa0/1 does the ping succeed?

-- You'll have to elaborate and explain this a bit further to me, sorry.

Regarding "I would suggest that you rewrite the NAT to use a standard access list, since you are not checking for any protocol ports and not checking for any destination address. It might look like this:

ip nat inside source list 10 interface FastEthernet0/1 overload

access-list 10 permit 14.18.16.0 0.0.0.255", unless I'm mistaken this is already specified in my running-config?

Thanks again.

Richard Burts Tue, 05/26/2009 - 07:08

Craig

For what you are doing so far connecting via the console is as least as good as connecting via SSH (and in some respects perhaps better). So I see no reason why you should try SSH at this point.

Yes if you are using Hyperterm to connect to the console then you can enter the ping command and the ping will be executed by the router.

Your attempt to be "secure" by hiding the IP addresses and using x.x.x.x prevent me from giving any more specific advice than ping the gateway or do extended ping. If you want more specific advice then please provide more specific information.

What your config specifies for NAT is an extended access list. What I suggested is to convert it to a standard access list. This is significantly different from what is specified in your config.

HTH

Rick

cdavies74 Tue, 05/26/2009 - 22:25

Thank you Rick for taking the time, I'll read up on access lists and take it from there.

Paolo Bevilacqua Tue, 05/26/2009 - 09:45

From your replies, it is evident that you have no networking knowledge, I recommend you hire a professional to complete the job and avoid frustration.

cdavies74 Tue, 05/26/2009 - 22:34

If it's you I'm causing frustration, then my apologies.

Everyone wants to learn, right? I thought support forums were for people like me to seek help and suggestions from people like yourself.

While I have limited network knowledge, I'm willing to put in the hours and actually learn how it works. This goes especially for all the commands on Cisco routers.

Paolo Bevilacqua Wed, 05/27/2009 - 00:22

I acknowledge your rightful desire to learn.

My recommendation is that when when someone suggest something to you like "extended ping", you research the subject and try something before asking for further explanation, because at the end of the day, this a professional forum, not a training venue.

dareopeyemi Wed, 05/27/2009 - 06:50

---- RJ-45 (crossed) between my laptop and FE0/0.

Hi, also note to use RJ-45 Straight-through cable to connect your laptop and FE0/0 on the router.

cdavies74 Wed, 05/27/2009 - 22:58

Hi dareopeyemi,

I did try that but the LEDs next to FE0/0 would not light up with a Straight-through, they would however when using a Crossover RJ-45.

Actions

This Discussion