Connectivity between 1941 gigabit ports

Unanswered Question
Jul 31st, 2010

The problem I have run into is that I am not getting any connectivity between my two gigabit ports on the 1941. I have  ge0/0 setup as my internal network and is running dhcp, ge0/1 is the connection to the modem. I can't figure out how to configure the connections so my internal traffic on ge0/0 routes out through ge0/1.

Here is my config:

Using 4312 out of 262136 bytes

!

! Last configuration change at 21:31:59 UTC Sat Jul 31 2010 by admin

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname YO

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 $1$eTet$B1UCsAaHVeu7iX.Q3zj5g/

enable password HEADLEEVARGO2

!

no aaa new-model

!

no ipv6 cef

ip source-route

no ip routing

no ip cef

!

!

ip dhcp excluded-address 128.0.0.1 128.0.0.50

ip dhcp excluded-address 128.0.0.241 128.0.0.255

!

ip dhcp pool 128.0.0.1/18

   network 128.0.0.0 255.255.192.0

   default-router 128.0.0.1

   dns-server 128.0.0.1 4.2.2.2

!

ip dhcp pool yo1

   import all

   network 192.168.1.0 255.255.255.0

   dns-server 64.65.128.6

   lease 2

!

ip dhcp pool yo2

   import all

   network 192.168.2.0 255.255.255.0

   default-router 192.168.2.1

   dns-server 64.65.128.6

   lease 2

!

!

ip domain name yourdomain.com

multilink bundle-name authenticated

!

!

crypto pki trustpoint TP-self-signed-4092837250

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4092837250

revocation-check none

rsakeypair TP-self-signed-4092837250

!

!

crypto pki certificate chain TP-self-signed-4092837250

certificate self-signed 01 nvram:IOS-Self-Sig#1.cer

license udi pid CISCO1941/K9 sn FCZ1408C0JR

!

!

username admin privilege 15 password 0 ManillaBoxlight21

username user privilege 7 password 0 cisco

!

!

!

!

!

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 128.0.0.1 255.255.192.0

no ip route-cache

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

ip address dhcp

no ip route-cache

duplex auto

speed auto

!

ip forward-protocol nd

!

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 Null0

ip route 128.0.0.0 255.255.255.248 10.0.0.1

!

ip access-list standard OUTBOUND_ROUTES

permit 0.0.0.0 255.255.255.248

!

ip access-list extended gigabitethernet

permit ip any any log

!

access-list 23 permit 10.10.10.0 0.0.0.7

!

!

snmp-server community CISCOISR1941 RO

!

control-plane

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.3 (4 ratings)
Loading.
Nagaraja Thanthry Sat, 07/31/2010 - 15:44

Hello,

In your configuration I see a static route pointing to Null0 interface:

ip route 0.0.0.0 0.0.0.0 Null0

Can you please remove that? (no ip route 0.0.0.0 0.0.0.0 Null0)

Also, if you are connecting the Gi 0/1 to your ISP, then you might need to

configure NAT rules.

interface gi 0/0

ip nat inside

exit

int gi 0/1

ip nat outside

exit

access-list 1 permit 128.0.0.0 0.0.191.255

nat inside source list 1 interface Gi 0/1 overload

The above configurations will use the Gi 0/1 interface IP (got from the ISP)

for all internal hosts when they go out.

Hope this helps.

Regards,

NT

jean.moncada Sat, 07/31/2010 - 22:10

yes once you clear that 0.0.0.0 0.0.0.0 NULL0 rule

make sure you do a sh ip route dhcp

to make sure you are getting a route from your isp dhcp server.

marilubyrne Sun, 08/01/2010 - 13:55

Ok, I followed you guys' instructions, removing the null interface reference.  None of the DHCP clients of the 1941 can ping out past it.

attached is what I have in the way of IP routes,

Thanks for your help

Nagaraja Thanthry Sun, 08/01/2010 - 15:00

Hello,

Can you also post the output of "show ip int brief" and "show run | i ip

route" commands here?

Regards,

NT

Nagaraja Thanthry Sun, 08/01/2010 - 15:48

Hello,

From your "show ip route" output, I see that you are getting 10.0.0.x

address on your GigabitEthernet 0/1 interface. I am not certain if there is

another router (may be ISP modem which is acting as a router) that is doing

NAT. It could be that the outside router does not have a route to 128.0.0.0

subnet. Could you please configure NAT on the router and see if that fixes

the issue?

greatlakesskipper Sun, 08/01/2010 - 14:12

Good afternoon all;

I just purchased a 1941W with a very similar confg and I am experiencing the exact issue that Malibu is experiencing. I will be watching your comments closely for a solution on my network as well.

Thanks for all your input! You are greatly appreciated!

Daniel

Here is my update later on 8/1. . . . .

To all:

My employer recently asked me to upgrade our Linksys office network so I naturally chose the Cisco 1941W. Since I am not a CLI warrior, I was having a struggle getting the LAN online. However, with your suggestions from Malibu's post above, I was able to get the LAN connected to the internet.

Although my internal IPs are different and the fact I have the wireless bonded to the 1941 router, my original config was 95% the same as Malibu's.

Following your MOST VALUABLE suggestions, I was able to get the connection secured! In fact, this reply is coming straigth through the router I have been trying to connect. Thanks for everything!!!

Malibu, thanks for making the original post. I looked at your config above and, although I am only a novice at the CLI, it appears your access list masks do not match the interface masks. Those might need review. I also see an IP address for 10.0.0.1 but it is not clear to me where that is. Not sure if that makes a difference. Also, you posted your 1941 serial number and your router passwords here. Might want to edit the post to remove them and perhaps change your passwords when you deploy the router.

Thanks again to all!

Attached is my SUCCESSFUL data and config.

Daniel

Message was edited by: greatlakesskipper

cvanley Sat, 11/13/2010 - 14:45

I had the same issue...could ping from the outside interface out and ping inside, just couldn't ping from inside to outside...very frustrating...

Here's some additional things you need to add...

interface GigabitEthernet0/0
ip address dhcp
ip nat outside          *****add this to your outside interface-so packets will route
ip virtual-reassembly
duplex auto
speed auto

interface GigabitEthernet0/1
ip address 10.168.1.1 255.255.255.0
ip nat inside                                        ******add this ip nat inside to your inside interface so packets will route
ip virtual-reassembly
duplex auto
speed auto

you need to also look at your ip route statement...looks funny need something like this.

I created a NAT access-list that is my internal network and then this statement for my routes...

ip nat inside source list NAT interface GigabitEthernet0/0 overload        ****this is my default for nat inside
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0                                          ****this is my default route period

JohnHeller_2 Wed, 04/13/2011 - 23:49

I can see a few strange this here.

The default route command point to NULL is the first problem. That will block all traffic.

Your commannd

ip route 128.0.0.0 255.255.255.248 10.0.0.1

does not match up with the definition of the port gigethernet 0/0. They should both have the same subnet mask.

The ethernet port is defined as:-

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

ip address 128.0.0.1 255.255.192.0

no ip route-cache

duplex auto

speed auto

no mop enabled

So the command should be IP Route 128.0.0.0 255.255.192.0 10.0.0.1.

What is 10.10.10.1 btw? Something to do with the wireless? There is no definition on your config for it.

You will need a default route command to get out to the internet

something like

ip route 0.0.0.0 0.0.0.0 gigabit ethernet 0/1.

I assume this command will work. I normally am using a Dialer0 type word at the end, but as you have to fixed IP address server by your modem to the gigethernet port 0/1, you probably have no other alternative.

Also probably an "IP nat inside source list 1 interface gigabit ethernet 0/1 overload" or similar will be needed.

I often do the inital configs of routers with SDM or CCP, but they usally require some tweaking to get them to work properly at the command prompt.

The two commands they seem to leave out are the default route and the NAT setup commands.

Actions

This Discussion