02-01-2010 01:48 PM - edited 03-04-2019 07:22 AM
Last week was my first time configuring a Cisco router and I've run into an issue that I can't seem to get past. My situation is that I am configuring this to act as a DHCP server on FastEthernet0/1 and have a static address on FastEthernet0/0. DHCP requests are being served fine and from a DHCP client I can ping both interfaces on the router, however I cannot get past the router to anything on the other side of it. (e.g www.cisco.com) From the router itself I can ping anything on the web, but behind the router I can't. I'm not sure if this is an issue with an acl or with a router I either am missing or have setup incorrectly. Any help would be greatly appreciated and my configuration is below:
Thanks!
Dave
Current configuration : 1514 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 12.127.16.83 12.127.17.83
lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip route 192.168.200.0 255.255.255.0 12.100.112.129
ip http server
!
!
snmp-server community public RO
snmp-server enable traps tty
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password acdefg
login
!
end
Solved! Go to Solution.
02-01-2010 02:43 PM
Jon,
After making these changes I'm still not able to ping or connect to anything from behind the router and I'm wondering if I overlooked something or if I still am missing something simple. I have pasted my newest config below. Thanks for all of your help and assiatence!
Regards,
DaveCurrent configuration : 1281 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 12.127.16.83 12.127.17.83
domain-name metalsales.us.com
lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
ip nat outside
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
!
snmp-server community public RO
snmp-server enable traps tty
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password abcdefg
login
!
end
Dave
Sorry missed this one -
can you change -
ip default-gateway 12.100.112.129
to
ip route 0.0.0.0 0.0.0.0 12.100.112.129
Jon
02-01-2010 08:25 PM
Dave,
I think you've missed the access-list in your second configuration.
Regards.
02-01-2010 01:55 PM
Last week was my first time configuring a Cisco router and I've run into an issue that I can't seem to get past. My situation is that I am configuring this to act as a DHCP server on FastEthernet0/1 and have a static address on FastEthernet0/0. DHCP requests are being served fine and from a DHCP client I can ping both interfaces on the router, however I cannot get past the router to anything on the other side of it. (e.g www.cisco.com) From the router itself I can ping anything on the web, but behind the router I can't. I'm not sure if this is an issue with an acl or with a router I either am missing or have setup incorrectly. Any help would be greatly appreciated and my configuration is below:
Thanks!
Dave
Current configuration : 1514 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 12.127.16.83 12.127.17.83
lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip route 192.168.200.0 255.255.255.0 12.100.112.129
ip http server
!!
snmp-server community public RO
snmp-server enable traps tty
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password acdefg
login
!
end
Dave
You need to setup NAT because 192.168.200.x addresses are not routable on the internet. Add this to your config
int fa0/1
ip nat inside
int fa0/0
ip nat outside
access-list 101 permit ip 192.168.200.0 0.0.0.255 any
ip nat inside source list 101 interface fa0/0 overload
Jon
02-01-2010 02:37 PM
Jon,
After making these changes I'm still not able to ping or connect to anything from behind the router and I'm wondering if I overlooked something or if I still am missing something simple. I have pasted my newest config below. Thanks for all of your help and assiatence!
Regards,
Dave
Current configuration : 1281 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 12.127.16.83 12.127.17.83
domain-name metalsales.us.com
lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
ip nat outside
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
!
snmp-server community public RO
snmp-server enable traps tty
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password abcdefg
login
!
end
02-01-2010 02:43 PM
Jon,
After making these changes I'm still not able to ping or connect to anything from behind the router and I'm wondering if I overlooked something or if I still am missing something simple. I have pasted my newest config below. Thanks for all of your help and assiatence!
Regards,
DaveCurrent configuration : 1281 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MSM-Wireless
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$a3iE$/Dxe0bN7SheysVcB6WHKY/
enable password abcdefg
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.200.1
!
ip dhcp pool MSMWireless
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 12.127.16.83 12.127.17.83
domain-name metalsales.us.com
lease 7
!
!
ip name-server 12.127.16.83
ip name-server 12.127.17.83
no ftp-server write-enable
!
!
!
!
interface FastEthernet0/0
ip address 12.100.112.163 255.255.255.192
ip nat outside
speed auto
half-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 192.168.200.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clockrate 2000000
!
ip default-gateway 12.100.112.129
ip classless
ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
!
snmp-server community public RO
snmp-server enable traps tty
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password abcdefg
login
!
end
Dave
Sorry missed this one -
can you change -
ip default-gateway 12.100.112.129
to
ip route 0.0.0.0 0.0.0.0 12.100.112.129
Jon
02-01-2010 02:55 PM
Jon,
I will do this first thing when I get into work in the morning. I will keep you posted...
Thanks,
Dave
02-01-2010 08:25 PM
Dave,
I think you've missed the access-list in your second configuration.
Regards.
02-02-2010 05:28 AM
I made the suggested changed of removing:
ip default-gateway 12.100.112.129
and replaced that with
ip route 0.0.0.0 0.0.0.0 12.100.112.129
but unfortunately that still didn't get me up and running. I did see that vinayachandran pointed out I was missing the ACL Jon had mentioned adding and once I added that everything started working!!
Jon and vinayachandran, thank you so much for helping. I'm sure you will be hearing much more from me in the future...
Thanks,
Dave
02-02-2010 05:43 AM
One quick thing if you don't mind...
Could someone give me a brief description of the difference between standard and extended ACLs and explain why the ACL I had:
access-list 10 permit any
wasn't working, but once I added
access-list 101 permit ip 192.168.200.0 0.0.0.255 any
it resolved my problem?
Thanks again,
Dave
02-02-2010 05:56 AM
One quick thing if you don't mind...
Could someone give me a brief description of the difference between standard and extended ACLs and explain why the ACL I had:
access-list 10 permit any
wasn't working, but once I added
access-list 101 permit ip 192.168.200.0 0.0.0.255 any
it resolved my problem?
Thanks again,
Dave
Dave
It should work with a standard acl it's just that i always use extended by habit.
If your nat statement says this though -
ip nat inside source list 101 interface fa0/0 overload
then if you wanted to use acl 10 then you would need to modify it to
ip nat inside source list 10 interface fa0/0 overload
Jon
02-02-2010 06:17 AM
Ah yes, I'm sure that's what it was. I forgot all about applying the ACL once it was added.
Thanks again for everything!
Dave
02-02-2010 06:19 AM
Ah yes, I'm sure that's what it was. I forgot all about applying the ACL once it was added.
Thanks again for everything!
Dave
Dave
No problem, glad you got it all working.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: