Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3055
Views
0
Helpful
15
Replies

Cisco 1841 Config Help

Go to solution
xr5054yz85
Level 1
Level 1

‎09-13-2010 08:24 PM - edited ‎03-06-2019 12:57 PM

This is my first time configiring a Cisco 1800 series router. As of now, computers cannot access the 192.168.1.0 network. I think the reason why it is not working correctly is nat and access lists. What I am trying to accomplish is the router is going to be a gate way between the 192.168.1.0 and 10.10.0.0. 192.168.1.0 is the internet and 10.10.0.0 is going to be the computers that are trying to access the resources on the other network. Your help is greatly appreciated.


Here is my config...

Building configuration...

Current configuration : 1144 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1800
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$12zB$rKowCFLgjHFfx1i44X.Fn1
enable password xxxxxxx
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip routing
no ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool DHCP
   network 10.10.0.0 255.255.255.0
   dns-server 8.8.8.8 4.2.2.2
   default-router 10.10.0.1
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
no ip route-cache
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 10.10.0.1 255.0.0.0
no ip route-cache
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
!
interface Serial0/1/0
no ip address
no ip route-cache
shutdown
!
ip classless
ip route 10.10.0.0 255.255.255.0 192.168.1.0
ip route 192.168.1.0 255.255.255.0 10.10.0.0
!
ip http server
!        
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password xxx
login
!
end

Thanks again. I really appreciate the help.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to xr5054yz85

‎09-17-2010 06:33 PM

Hello,

The reason you are not able to communicate between 10.x.x.x and 192.168.1.x is because probably 192.168.1.x devices do not know how to reach 10.x.x.x. I am assuming that 192.168.1.x devices have their default gateway set to a different device. Please try the following:

interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat outside
!        
interface FastEthernet0/1
ip address 10.10.0.1 255.255.255.0
ip nat inside

access-list 1 permit 10.10.0.0 0.0.0.255

ip nat inside source list 1 interface FastEthernet0/0 overload

This should enable 10.x.x.x devices to initiate communication and get response back from 192.168.1.x devices.

Hope this helps.

Regards,

NT

View solution in original post

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to xr5054yz85

‎09-18-2010 05:58 PM

Hello,

If you want to replace your current SOHO router with 1800 router, you can configure following parameters:

interface FastEthernet 0/0

ip address dhcp

ip nat outside

no shut

exit

interface FastEthernet 0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

no shut

exit

ip route 10.10.0.0 255.255.255.0 192.168.1.254

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface FastEthernet 0/0 overload

If the DHCP Server (ISP) does not set the default gateway, then you need to get that specific information from them and enter that to the router.

ip route 0.0.0.0 0.0.0.0

Once the above are done on the new 1800 router, you can remove the NAT configuration on the inside router.

interface FasthEthernet 0/0

no ip nat outside

exit

interface FastEthernet 0/1

no ip nat inside

exit

no ip nat inside source list 1 interface FastEthernet0/0 overload

no access-list 1 permit 10.10.0.0 0.0.0.255

Hope this helps.

Regards,

NT

View solution in original post

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to xr5054yz85

‎09-20-2010 06:16 PM

Hello,

Can you please check to see if you have any firewall (Windows firewall, Antivirus) configured on the 10.10.0.2 machine? That could be the reason you are not able to ping that host.

Regards,

NT

View solution in original post

0 Helpful
15 Replies 15

Go to solution
ian_banderaz
Level 1
Level 1

‎09-13-2010 10:05 PM

first of all, your dhcp netmask doesn't match with your interface address netmask. try to reconfigure it .

then try to change the ip route.  you didn't need to configure any ip route for directly connected network.

0 Helpful

Go to solution
xr5054yz85
Level 1
Level 1
In response to ian_banderaz

‎09-14-2010 07:19 PM

Thank you for your help, but unforunately that did not work. Also to add something that I did not say before, fastethernet0/0 is one network that is 192.168.1.0 and then fastethernet0/1 is the other network with dhcp that is 10.10.0.0. Maybe that was obvious, but just wanted to be clear.

Here is my new config.

Using 1058 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1800
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$12zB$rKowCFLgjHFfx1i44X.Fn1
enable password xxxxx
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip routing
no ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool DHCP
   network 10.10.0.0 255.255.255.0
   dns-server 8.8.8.8 4.2.2.2
   default-router 10.10.0.1
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
no ip route-cache
speed auto
full-duplex
no mop enabled
!        
interface FastEthernet0/1
ip address 10.10.0.1 255.255.255.0
no ip route-cache
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
!
interface Serial0/1/0
no ip address
no ip route-cache
shutdown
!
ip classless
!
ip http server
!
!
control-plane
!        
!
line con 0
line aux 0
line vty 0 4
password xxxx
login
!
end

Thanks again for your help. I really appreciate it. DHCP is working correctly.

0 Helpful

Go to solution
xr5054yz85
Level 1
Level 1
In response to xr5054yz85

‎09-17-2010 05:55 PM

Anyone able to help?

Your help is greatly appreciated.

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to xr5054yz85

‎09-17-2010 06:33 PM

Hello,

The reason you are not able to communicate between 10.x.x.x and 192.168.1.x is because probably 192.168.1.x devices do not know how to reach 10.x.x.x. I am assuming that 192.168.1.x devices have their default gateway set to a different device. Please try the following:

interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat outside
!        
interface FastEthernet0/1
ip address 10.10.0.1 255.255.255.0
ip nat inside

access-list 1 permit 10.10.0.0 0.0.0.255

ip nat inside source list 1 interface FastEthernet0/0 overload

This should enable 10.x.x.x devices to initiate communication and get response back from 192.168.1.x devices.

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to Nagaraja Thanthry

‎09-17-2010 06:35 PM

Hello,

Also, I did not see a default route set on the Router. You might want to set that if you are planning to go to internet from 10.x.x.x subnet.

Regards,

NT

0 Helpful

Go to solution
xr5054yz85
Level 1
Level 1
In response to Nagaraja Thanthry

‎09-17-2010 11:55 PM

Ok, here is my config now, still will no luck. The router on the other end is a soho wrt600n (192.168.1.1)


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 1800
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$12zB$rKowCFLgjHFfx1i44X.Fn1
enable password xxx
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip routing
no ip cef
!
!
no ip dhcp use vrf connected
!
ip dhcp pool DHCP
   network 10.10.0.0 255.255.255.0
   dns-server 8.8.8.8 4.2.2.2
   default-router 10.10.0.1
!

!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.254 255.255.255.0
ip nat outside
no ip route-cache
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1
ip address 10.10.0.1 255.255.255.0
ip nat inside
no ip route-cache
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
!
interface Serial0/1/0
no ip address
no ip route-cache
shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.10.0.0 0.0.0.255
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password xxxx
login
!
end

Thanks for your help in getting this solved. I really appreciate it, and if you have any other suggestions those would also be greatly appreciated. One thing that is a little weird is I can ping from he router to 192.168.1.1 but not from the router to 10.10.0.2 which is an xp computer on fastethernet0/1, but that computer has my tftp server and that works. I can ping from the xp computer to the router though. But still no internet or network resources from that xp computer. Also tried to ping from the xp machine to 192.168.1.1 with no responses.

Again thanks for your time.

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to xr5054yz85

‎09-18-2010 12:34 AM

Hello,

Please execute the following command:

ip routing

This should enable routing and allow 10.x.x.x hosts to have outside access. If still did not work, please follow the steps below:

Once executed, then can you try to ping 4.2.2.2 from the Router and see if that works? If that does not, then the problem could be that the SOHO is blocking the access. In that case, please change the router's outside interface configuration so that the router gets IP through DHCP.

interface FastEthernet 0/0

ip address dhcp

exit


Hope this helps.

Regards,

NT

0 Helpful

Go to solution
polofalltrades
Level 1
Level 1

‎09-18-2010 12:11 AM

I can't clearly visualize the topology. I assume that this looks like a point to point topology, am I correct? If yes, then please make sure that router A has routes for it to take clients to the other side. Same thing with router B. You should have a route that takes its internal clients to router A. Hope this helps. Maybe you could also post here the route that you defined for router B, so we can try to check it.

0 Helpful

Go to solution
xr5054yz85
Level 1
Level 1

‎09-18-2010 12:29 AM

So the internet comes into the wan port of a WRT600n(192.168.1.1). Then one of the ports from the wrt600n switch goes to the 1841(192.168.1.254). Then I want to have a network that is 10.10.0.0 that can access the internet and network resources on the 192.168.1.0 subnet.

So I want the 1841 to act as a gateway between 10.10.0.0 and 192.168.1.0 I guess is what I am getting at.

Thanks for the help.

0 Helpful

Go to solution
xr5054yz85
Level 1
Level 1

‎09-18-2010 01:14 PM

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 1800

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$12zB$rKowCFLgjHFfx1i44X.Fn1

enable password xxx

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

ip dhcp pool DHCP

   network 10.10.0.0 255.255.255.0

   dns-server 8.8.8.8 4.2.2.2

   default-router 10.10.0.1

!

!

ip ftp username Dan

ip ftp password xxxxx

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.254 255.255.255.0

ip nat outside

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

ip address 10.10.0.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

!

interface Serial0/1/0

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

ip http server

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 10.10.0.0 0.0.0.255

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password xxx

login

!

end

The ip routing command fixed my issue. Here is my final config, maybe it will help someone else if they are having this issue.\

Now if you dont mind, I would like to add a variotion in just incase I need this. If I were to remove the wrt600n and put this another 1800 series router in its place I would need to change the interface ip's, the dhcp pool, the access list, but what would I need to change the ip route to? What would I need to add in to this router for the 192.168.1.0 network to also be able to access the resources on the 10.10.0.0 network?

Thanks for your help this far. I greatly appreciate it.

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to xr5054yz85

‎09-18-2010 05:58 PM

Hello,

If you want to replace your current SOHO router with 1800 router, you can configure following parameters:

interface FastEthernet 0/0

ip address dhcp

ip nat outside

no shut

exit

interface FastEthernet 0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

no shut

exit

ip route 10.10.0.0 255.255.255.0 192.168.1.254

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface FastEthernet 0/0 overload

If the DHCP Server (ISP) does not set the default gateway, then you need to get that specific information from them and enter that to the router.

ip route 0.0.0.0 0.0.0.0

Once the above are done on the new 1800 router, you can remove the NAT configuration on the inside router.

interface FasthEthernet 0/0

no ip nat outside

exit

interface FastEthernet 0/1

no ip nat inside

exit

no ip nat inside source list 1 interface FastEthernet0/0 overload

no access-list 1 permit 10.10.0.0 0.0.0.255

Hope this helps.

Regards,

NT

0 Helpful

Go to solution
xr5054yz85
Level 1
Level 1

‎09-19-2010 07:49 PM

Thanks for your help. I got the router configured as the default gateway. I am still going to try using the two routers together. I cannot take down the network right now, so I will report back later.

Again thanks for your help, talk to you soon!

0 Helpful

Go to solution
xr5054yz85
Level 1
Level 1
In response to xr5054yz85

‎09-20-2010 06:03 PM

Thanks for all the help.

So I am almost there. The one thing that I cannot do is ping from 192.168.1.0 to 10.10.0.2(xp computer). I can however ping 10.10.0.1 from 192.168.1.0  which is the XP computer. All the computers can reach the internet. I had to use a 1721 for the 10.10.0.0 beacuse that was all I had not in use. My apologies.

Here is the config for the 1841 that is acting as the default gaeway.

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 1800

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$12zB$rKowCFLgjHFfx1i44X.Fn1

enable password xx

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

ip dhcp pool DHCP

network 192.168.1.0 255.255.255.0

dns-server 8.8.8.8 4.2.2.2

default-router 192.168.1.1

!

!

ip ftp username Dan

ip ftp password xxxxx

!

!

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

speed auto

full-duplex

no mop enabled

!

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat inside

speed auto

half-duplex

!

interface Serial0/0/0

no ip address

shutdown

!

interface Serial0/1/0

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 10.10.0.0 255.255.255.0 192.168.1.254

!

ip http server

ip nat inside source list 10 interface FastEthernet0/0 overload

!

access-list 10 permit 10.10.0.0 0.0.0.255

access-list 10 permit 192.168.1.0 0.0.0.255

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password xxx

login

!

end

Here is the config for the 10.10.0.0 network (1721)

!

version 12.2

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 1700

!

enable secret 5 $1$KcV7$wwTKv7hIN7.WHpmQc936m.

enable password xxxx

!

memory-size iomem 20

ip subnet-zero

!

ip dhcp pool DHCP

network 10.10.0.0 255.255.255.0

dns-server 8.8.8.8 4.2.2.2

default-router 10.10.0.1

!

!

!

!

interface Ethernet0

ip address 192.168.1.254 255.255.255.0

ip nat outside

half-duplex

!

interface FastEthernet0

ip address 10.10.0.1 255.255.255.0

ip nat inside

speed auto

full-duplex

!

ip nat inside source list 1 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Ethernet0

ip route 0.0.0.0 0.0.0.0 192.168.1.1

no ip http server

!

!

access-list 1 permit 192.168.1.0 0.0.0.255

!

line con 0

line aux 0

line vty 0 4

password xxx

login

!

no scheduler allocate

end

Thanks again for your contiuned support.

0 Helpful

Go to solution
Nagaraja Thanthry
Cisco Employee
Cisco Employee
In response to xr5054yz85

‎09-20-2010 06:16 PM

Hello,

Can you please check to see if you have any firewall (Windows firewall, Antivirus) configured on the 10.10.0.2 machine? That could be the reason you are not able to ping that host.

Regards,

NT

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card