Cisco 1800 Intial Configuration

Answered Question

Last week was my first time configuring a Cisco router and I've run into an issue that I can't seem to get past. My situation is that I am configuring this to act as a DHCP server on FastEthernet0/1 and have a static address on FastEthernet0/0. DHCP requests are being served fine and from a DHCP client I can ping both interfaces on the router, however I cannot get past the router to anything on the other side of it. (e.g www.cisco.com) From the router itself I can ping anything on the web, but behind the router I can't. I'm not sure if this is an issue with an acl or with a router I either am missing or have setup incorrectly. Any help would be greatly appreciated and my configuration is below:

Thanks!

Dave

Current configuration : 1514 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
   dns-server 12.127.16.83 12.127.17.83
   lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip route 192.168.200.0 255.255.255.0 12.100.112.129
ip http server
!

!

snmp-server community public RO

snmp-server enable traps tty
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password acdefg
login
!
end

I have this problem too.
0 votes
Correct Answer by vinayachandran about 6 years 10 months ago

Dave,

I think you've missed the access-list in your second configuration.

Regards.

Correct Answer by Jon Marshall about 6 years 10 months ago

[email protected]

Jon,

After making these changes I'm still not able to ping or connect to anything from behind the router and I'm wondering if I overlooked something or if I still am missing something simple. I have pasted my newest config below. Thanks for all of your help and assiatence!

Regards,
Dave

Current configuration : 1281 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
   dns-server 12.127.16.83 12.127.17.83
   domain-name metalsales.us.com
   lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
ip nat outside
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
!
snmp-server community public RO
snmp-server enable traps tty
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password abcdefg
login
!
end

Dave

Sorry missed this one -

can you change -

ip default-gateway 12.100.112.129

to

ip route 0.0.0.0 0.0.0.0 12.100.112.129

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Mon, 02/01/2010 - 13:55

[email protected]

Last week was my first time configuring a Cisco router and I've run into an issue that I can't seem to get past. My situation is that I am configuring this to act as a DHCP server on FastEthernet0/1 and have a static address on FastEthernet0/0. DHCP requests are being served fine and from a DHCP client I can ping both interfaces on the router, however I cannot get past the router to anything on the other side of it. (e.g www.cisco.com) From the router itself I can ping anything on the web, but behind the router I can't. I'm not sure if this is an issue with an acl or with a router I either am missing or have setup incorrectly. Any help would be greatly appreciated and my configuration is below:

Thanks!

Dave

Current configuration : 1514 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
   dns-server 12.127.16.83 12.127.17.83
   lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip route 192.168.200.0 255.255.255.0 12.100.112.129
ip http server
!

!

snmp-server community public RO

snmp-server enable traps tty
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password acdefg
login
!
end

Dave

You need to setup NAT because 192.168.200.x addresses are not routable on the internet. Add this to your config

int fa0/1

ip nat inside

int fa0/0

ip nat outside

access-list 101 permit ip 192.168.200.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/0 overload

Jon

Jon,

After making these changes I'm still not able to ping or connect to anything from behind the router and I'm wondering if I overlooked something or if I still am missing something simple. I have pasted my newest config below. Thanks for all of your help and assiatence!

Regards,
Dave

Current configuration : 1281 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
   dns-server 12.127.16.83 12.127.17.83
   domain-name metalsales.us.com
   lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
ip nat outside
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
!
snmp-server community public RO
snmp-server enable traps tty
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password abcdefg
login
!
end

Correct Answer
Jon Marshall Mon, 02/01/2010 - 14:43

[email protected]

Jon,

After making these changes I'm still not able to ping or connect to anything from behind the router and I'm wondering if I overlooked something or if I still am missing something simple. I have pasted my newest config below. Thanks for all of your help and assiatence!

Regards,
Dave

Current configuration : 1281 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.1
   dns-server 12.127.16.83 12.127.17.83
   domain-name metalsales.us.com
   lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
ip nat outside
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
!
snmp-server community public RO
snmp-server enable traps tty
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password abcdefg
login
!
end

Dave

Sorry missed this one -

can you change -

ip default-gateway 12.100.112.129

to

ip route 0.0.0.0 0.0.0.0 12.100.112.129

Jon

Correct Answer
vinayachandran Mon, 02/01/2010 - 20:25

Dave,

I think you've missed the access-list in your second configuration.

Regards.

I made the suggested changed of removing:

ip default-gateway 12.100.112.129

and replaced that with

ip route 0.0.0.0 0.0.0.0 12.100.112.129

but unfortunately that still didn't get me up and running. I did see that vinayachandran pointed out I was missing the ACL Jon had mentioned adding and once I added that everything started working!!

Jon and vinayachandran, thank you so much for helping. I'm sure you will be hearing much more from me in the future...

Thanks,
Dave

Jon Marshall Tue, 02/02/2010 - 05:56

[email protected]

One quick thing if you don't mind...

Could someone give me a brief description of the difference between standard and extended ACLs and explain why the ACL I had:

access-list 10 permit any

wasn't working, but once I added

access-list 101 permit ip 192.168.200.0 0.0.0.255 any

it resolved my problem?

Thanks again,
Dave

Dave

It should work with a standard acl it's just that i always use extended by habit.

If your nat statement says this though -

ip nat inside source list 101 interface fa0/0 overload

then if you wanted to use acl 10 then you would need to modify it to

ip nat inside source list 10 interface fa0/0 overload

Jon

Actions

This Discussion