×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Can't Connect Cisco 1841 router to Internet ( ISP )

Answered Question
Jan 7th, 2012
User Badges:

I have the following devices for our IT Test LAB


1. Cisco 1841 with 2 Fast Ethernet interfaces fa0/0 & fa0/1

2. Cisco 2960-S

3. Speedstream 6200 DSL Modem  ( PPOE Connection  with Static IP address)


I want to connect to the internet using the current DSL connection we currently have  .



LAPTOP  -->  SWITCH 2960 --> ROUTER 1841 ---> DSL Modem  ---> ISP



Troubleshooting 1:


Currently from the LAPTOP i am able to ping


1. Switch 2960  Vlan interfaces

2. Router 1841  fa0/0  & fa0/1


BUT can not Ping the DSL Modem  LAN interface IP 192.168.2.1 and can not get out to the INTERNET



Troubleshooting 2:


currently from the Switch 2960  i can ping


1. All the Vlan interfaces on the Switch 2960

2. Router  1841  fa0/0 & fa0/1 interfaces

3. Laptop A & B


But can NOT ping the DSL modem LAN interface IP 192.168.2.1 and can not get out to the internet


Troubleshooting 3:


Currently from the Cisco 1841 router  i can ping


1. All the Vlan interfaces on the Switch 2960

2. Router 1841 fa0/0 & fa0/1

3. Laptop A & Laptop B

4. Can Get out to the internet. I am able to ping any  internet destinations without any problem



I really need help. Can someone please help me identify what i am missing as per the configurations and diagram attached. Please make any suggestion that can help


Thank you very much

Correct Answer by Jernej Vodopivec about 5 years 7 months ago

Where is interface GigabitEthernet1/0/2 connected to?


Can you confirm that the modem is acting as a router also? The PPPoE session terminates on modem?

Or you just haven't send that part of configuration - so your 1841 terminates PPPoE on dialer interface?


You should set all interfaces connected to laptops to access port instead of trunk port (switchport mode access). Configure the vlan membership for each port by running "switchport access vlan 100" and "switchport access vlan 200".


You should set interface GigabitEthernet1/0/1 (in case this is the only interface connected to router) to have native vlan something else than 100 and 200)


In case modem is acting as a router you should change

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

to

ip route 0.0.0.0 0.0.0.0 192.168.2.1


You must add "ip nat inside" to

interface FastEthernet0/0.100 and to

interface FastEthernet0/0.200


You must add "ip nat outside" to

interface FastEthernet0/1


You must create two access lists for NAT:

ip access-list extended VENUS

permit ip 10.10.10.0 0.0.0.255 any

ip access-list extended JUPITER

permit ip 172.21.200 0.0.0.255 any


You must create two NAT rules

ip nat inside source list VENUS interface FastEthernet 0/1 overload


ip nat inside source list JUPITER interface FastEthernet 0/1 overload


Let me know if that helped you.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jernej Vodopivec Sun, 01/08/2012 - 00:05
User Badges:
  • Bronze, 100 points or more

Where is interface GigabitEthernet1/0/2 connected to?


Can you confirm that the modem is acting as a router also? The PPPoE session terminates on modem?

Or you just haven't send that part of configuration - so your 1841 terminates PPPoE on dialer interface?


You should set all interfaces connected to laptops to access port instead of trunk port (switchport mode access). Configure the vlan membership for each port by running "switchport access vlan 100" and "switchport access vlan 200".


You should set interface GigabitEthernet1/0/1 (in case this is the only interface connected to router) to have native vlan something else than 100 and 200)


In case modem is acting as a router you should change

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

to

ip route 0.0.0.0 0.0.0.0 192.168.2.1


You must add "ip nat inside" to

interface FastEthernet0/0.100 and to

interface FastEthernet0/0.200


You must add "ip nat outside" to

interface FastEthernet0/1


You must create two access lists for NAT:

ip access-list extended VENUS

permit ip 10.10.10.0 0.0.0.255 any

ip access-list extended JUPITER

permit ip 172.21.200 0.0.0.255 any


You must create two NAT rules

ip nat inside source list VENUS interface FastEthernet 0/1 overload


ip nat inside source list JUPITER interface FastEthernet 0/1 overload


Let me know if that helped you.

USL4054 Sun, 01/08/2012 - 10:53
User Badges:

Hi Jernej & cadel alain


PPPOE is being terminated at the Speedstream Modem  NOT on the cisco 1841


Cisco 2960 does only inter-VLAN routing and forwards all traffic to Cisco 1841 through a TRUNK .

Gi1/0/1 on Switch 2960 is the TRUNK connecting to cisco 1841 fa0/0 and the Fa0/1 connects to Speedstream modem  ( which has PPOE Terminated on it )


I have modified the configuration as per the suggestion above but i am still getting the same results > No success

=======================================================================


ip subnet-zero
no ip source-route
ip cef
!
ip name-server 192.168.2.1
!

interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0.100
description JUPITER-VLAN
encapsulation dot1Q 100
ip address 172.21.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
!
interface FastEthernet0/0.200
description VENUS-VLAN
encapsulation dot1Q 20
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!

!
interface FastEthernet0/1
ip address 192.168.2.20 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
ip nat inside source list JUPITER interface FastEthernet0/1 overload
!
ip nat inside source list VENUS interface FastEthernet0/1 overload
!
ip access-list extended JUPITER
permit ip 172.21.202.0 0.0.0.255 any
!
!
ip access-list extended VENUS
permit ip 10.10.10.0 0.0.0.255 any
!
!
===================================Catalyst 2960-S===================

!
ip routing
!
interface GigabitEthernet1/0/1
switchport trunk native vlan 920
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
!
the rest is truncated
!
interface Vlan100
description JUPITER-VLAN
ip address 172.21.200.2 255.255.255.0
!
interface Vlan200
description VENUS-VLAN
ip address 10.10.10.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 172.21.200.1
!
!
the rest is truncated


------------------------------------------------------------

johnlloyd_13 Sun, 01/08/2012 - 15:40
User Badges:
  • Blue, 1500 points or more

Hi,


As per initial post by Jernej, you should put the "ip nat outside" command on F0/1.


int f0/1

ip nat out


Also, I would consider Alain's advice if the Speedstream has a route towards the 1841 (192.168.2.20). In Cisco, it would look like as below:


ip route 0.0.0.0 0.0.0.0 192.168.2.20


Sent from Cisco Technical Support iPhone App

nebiyuawassa Wed, 11/11/2015 - 05:53
User Badges:

How did you solve the problem in case you have got the solution as I have almost identical problem occured in my company?

Cheers !!

imamadou17 Mon, 01/30/2012 - 14:00
User Badges:

Well this configuration works so fine !!!


Thanks for your posting!!!


Ismael

cadet alain Sun, 01/08/2012 - 02:30
User Badges:
  • Purple, 4500 points or more

Hi,


You need a route back to both VLANs on the modem because IP communication is bidirectional and that would solve the

communication between machines and the modem

For communication between machines and internet you should either also do nat on the 1841 like proposed or just have the route back to the VLANs if the modem supports natting from other subnet than directly connected one.

And as already stated you should change the static route pointing to interface for one pointing to next-hop for performance issues.


Regards.


Alain

USL4054 Sun, 01/08/2012 - 11:17
User Badges:

The DSL modem is a speedstream 4200 series and does not have any routing features apart from  the connection settings


Modem LAN IP : 192.168.2.1

Modem LAN Network :  192.168.2.0

Subnet Mask:  255.255.255.0



Connection Type is PPPOE  and is terminated on the Modem itself  NOT on cisco 1841


WAN IP :  70.30.65.80

Jernej Vodopivec Sun, 01/08/2012 - 15:34
User Badges:
  • Bronze, 100 points or more

hi!


interface fastethernet 0/1 must have "ip nat outside" instead of "ip nat INSIDE"


please double check ip addresses and vlan numbers across switch, router and laptops. it looks like there are some typo errors.

one of the laptops is connected to gigabit 1/0/2 switch interface - am I right? what aout the other one?


Sent from Cisco Technical Support iPad App

viswamin Tue, 01/31/2012 - 00:17
User Badges:
  • Cisco Employee,

Just trying to understand.


who is performing the NAT Translations.


I see that both the inside and the outside interfaces on whih NAT is configured have the private addressing scheme....


-Vijay

imamadou17 Tue, 01/31/2012 - 08:25
User Badges:

Hum, I think you are correct! Usually, the router's f 0/1( on drawing )should have the ip address that the isp has assigned, then the router will perform nat right there. This could be accomplished if we bridge the modem( so that dsl will become transparent ) and assign the public address to router's interface f 0/1 then nat will be applied by the router.


The way I can interpret the drawing is that  if the user can change the configuration of the modem, the modem lan interface ip address could be changed also to talk to the lan router then traffic going from router to the modem will be also nat when going outside.


Thanks


Ismael

ebarticel Tue, 01/31/2012 - 01:40
User Badges:
  • Bronze, 100 points or more

What settings you have on laptops? Does it have the router's subinterface IP as the default for respective Vlans?


Also you have the wrong statement for subinterface 200

"encapsulation do1q 20"  should be "encapsulation dot1q 200"


Reconfigure the trunk ports to belong to Vlan 1 as native vlan and do a "no shutdown" on vlan 1 interface.


Hope this helps

Eugen

Actions

This Discussion

Related Content