Need Help Configuring Cisco 1841 Router

patricknelson26 · ‎09-08-2016

I recently purchased a Cisco 1841 router to add to my home lab, in preparation for the CCNA. My problem is, I can't get out to the internet. After running the config's (will post below) I plug my laptop into fa0/1, on the router, and try to reach the internet, but it's no dice. I can ping 4.2.2.2 and 8.8.8.8, and 75.75.75.75 (Comcast DNS) from the router, with 80% pass through. I guess that the best way to get some help would to start by providing my specs.

Router(s): Cisco 1841 running IOS 15.1 (Has been restored to factory default)

Modem: Arris

Switches: 2- Cisco 3550 (currently not configured but fa/01 from the router will run to fa0/2 on SW001)

ISP: Comcast

Interfaces on Router: fa0/0 and fa0/1

Architecture:

Arris modem->fa0/0 on Cisco 1841->fa0/2 on Sw001 (Cisco 3550)

All other interfaces on the switch will be open

CONFIG CMD's:

interface fa0/0

ip address dhcp

no shut

exit

(Did pick up an external IP)

interface fa0/1

ip address 192.168.1.x 255.255.255.x

no shutdown

exit

config t

ip dhcp excluded 192.168.1.1(interface of fa0/0)

ip dhcp pool TheDeadPool

network 192.168.0.0 255.255.255.0

default router 192.168.1.x (fa0/0 address)

import all

ip dhcp pool TheDeadPool

dns-server 4.2.2.2

exit

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/0 overload

interface fa0/0 ip nat outside

interface fa0/1

ip nat inside

exit

ip route 0.0.0.0 0.0.0.0 fa0/0

copy run start

RUNNING CONFIG:

LABROUTER1#show running-config
Building configuration...

Current configuration : 1339 bytes
!
! Last configuration change at 02:40:58 UTC Fri Sep 9 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LABROUTER1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$iHUP$kdgL1oCfE7BhL.Zawxcxde

!
no aaa new-model
!
crypto pki token default removal timeout 0
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.3
!
ip dhcp pool DEADPOOL
import all
network 192.168.1.0 255.255.255.0
dns-server 75.75.75.75
default-router 192.168.1.2
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1841 sn FTX1013Y1VA
!
redundancy
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.X 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Can anyone offer some insight as to what I am doing wrong?

Thank you in advance!

Pawan Raut · ‎09-08-2016

If check if you are able to ping default gateway of router that is F0/1 IP address from PC.

Then try to ping F0/0 IP address. Then ping any public internet IP address and check if address translation (NAT) is happening or not.

johnlloyd_13 · ‎09-08-2016

hi,

try this:

no access-list 101 permit ip 192.168.1.0 0.0.0.255 any
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

access-list 10 permit 192.168.1.0 0.0.0.255
ip nat inside source list 10 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 dhcp

Richard Burts · ‎09-09-2016

I agree with John's suggestions. There is nothing in the configuration that needs an extended access list for NAT and replacing the extended list with a standard list avoids some potential problems. The configured static default route just pointed to the Ethernet interface is problematic in several ways, the most important of which is that it requires Proxy ARP to be enabled on the ISP router and we can not be sure if that is the case. So the default route picking up the dhcp route is much better.

I find the description of the problem a bit puzzling. It says " try to reach the internet, but it's no dice. I can ping 4.2.2.2 and 8.8.8.8, and 75.75.75.75 (Comcast DNS) from the router". I am not clear whether the original poster is saying that things work by IP address but not by name or is he saying that ping works from router but not from PC. Perhaps we can get some clarification?

HTH

Rick

HTH

Rick

patricknelson26 · ‎09-09-2016

Richard, I wasn't able to get a LAN connection by connecting my laptop into fa0/1. Meaning, there was no internet and I could not browse out. But for some reason, I was able to ping the IP's that I mentioned.

Richard Burts · ‎09-10-2016

You have consistently posted this

ip dhcp pool TheDeadPool
network 192.168.0.0 255.255.255.0

note the zero in the third octet. If the router interface is 192.168.1.x then perhaps this is the source of your problem. Can you post the output of ipconfig from your PC?

HTH

Rick

HTH

Rick

patricknelson26 · ‎09-10-2016

My apologies Richard, on the network address.. That was actually a typo on my part. I ried to edit this post last night, but was marked as SPAM for some reason.

The actual output is "network 192.168.1.0 255.255.255.0". When I ran ipconifg, I got a valid IP address (192.168.1.4) and subnet (255.255.255.0). I did make a few changes to the running config as well, which I will post below.

RUNNING CONFIG:

LABROUTER1#show running-config
Building configuration...

Current configuration : 1207 bytes
!
! Last configuration change at 02:52:25 UTC Sat Sep 10 2016
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LABROUTER1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$AY8U$XMFtjJJSTxm0vMl1c0.y7/
!
no aaa new-model
!
crypto pki token default removal timeout 0
!
!
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.2
!
ip dhcp pool DEADPOOL
import all
network 192.168.1.0 255.255.255.0
dns-server 4.2.2.2
default-router 192.168.1.2
!
!
!
ip cef

Richard Burts · ‎09-10-2016

According to the post when you started a new discussion on this issue the router interface is 192.168.1.1. In that case you have an error in your DHCP pool when you say

default-router 192.168.1.2

HTH

Rick

HTH

Rick

patricknelson26 · ‎09-09-2016

So would you recommend that I run the following cmd's:

interface fa0/0
ip address dhcp
no shut
exit

interface fa0/1
ip address 192.168.1.x 255.255.255.x
no shutdown
exit

show ip interface brief

config t
ip dhcp excluded 192.168.1.(interface of fa0/0)Any other addresses
ip dhcp pool TheDeadPool
network 192.168.0.0 255.255.255.0
default router 192.168.1.x (fa0/0 address)
import all
ip dhcp pool TheDeadPool
dns-server 4.2.2.2
exit

no access-list 101 permit ip 192.168.1.0 0.0.0.255 any
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

access-list 10 permit 192.168.1.0 0.0.0.255
ip nat inside source list 10 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 dhcp

copy run start