1841 configuration issue

tneelyiii · ‎12-13-2013

Hey guys, long time listener, first time caller.

I've been looking at this for too long and I think I want to take a step back and ask you guys for some help. I have an 1841 behind my ISP's (Verizon FIOS) router. I have a single client connected to f0/1 of the 1841, and f0/0 is connected to an ethernet port on my FIOS router. Goes like this;

[ISP Router]->[1841]->[Client]

The network between the ISP Router and the 1841 is a /24 the also includes my "home" network. The default gateway for this network is 192.168.1.1 and is where my default route for the 1841 is pointed. I'm not positive the FIOS router is configured correctly, but if I can reliably pass traffic through the 1841, I'll move onto it. Additionally, the NAT to the public network (ISP's network/Internet) is thus handled by the ISP's router and not necessary in my configuration as far as I can tell.

The problem that I'm having is I cannot seem to get the 1841 to pass traffic from f0/1 to f0/0. NOTHING that I can find in the configuration points me towards an issue.

Current configuration : 1104 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname pub-rtr-01

!

boot-start-marker

boot-end-marker

!

enable secret 0 blahblahblahblah

!

aaa new-model

!

aaa session-id common

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

boot-start-marker

boot-end-marker

!

enable secret 0 blahblahblahblah

!

aaa new-model

!

aaa session-id common

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

no ip dhcp use vrf connected

!

no ip domain lookup

ip domain name pub-rtr-01.et2tech.com

no ftp-server write-enable

!

username blahblah password 0 blahblahblah

!

no ftp-server write-enable

!

username blahblah password 0 blahblahblah

!

interface FastEthernet0/0

ip address 192.168.1.254 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 172.17.4.1 255.255.255.0

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

!

interface Serial0/1/0

no ip address

shutdown

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.1.1 permanent

!

ip http server

no ip http secure-server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

transport input ssh

!

end

Yes, I know I'm running an old IOS version, however I don't have the capability to upgrade at the time (I'll get there as soon as I fix this issue).

From a client on the "home" network (with the ISP router configured as a gateway [192.168.1.1]) I can ping f0/0, but not f0/1.

From a client on the "home" network (with the 1841 configured as a gateway [192.168.1.254]) I can ping f0/0, but not f0/1.

From a client attached to f0/1, I can ping to the ISP router (192.168.1.1), but cannot ping anything on the internet {8.8.8.8).

Is there anything obvious that I'm missing?

Thanks in advance,

Tom

cadet alain · ‎12-14-2013

Hi,

The default gateway for your clients must be on the same subnet as they are(172.17.4.0/24)

Regards

Alain

Don't forget to rate helpful posts.

tneelyiii · ‎12-14-2013

The default gateway for the clients on their respective gateways are correct.

What I'm finding strange is that when I configure the 1841 as the default gateway for a client on the "home" network, I can't even get to the 172.17.4.0/24 network which is directly connected to the 1841 (eth f0/1).

Thanks in advance,

Tom

acampbell · ‎12-14-2013

Tom,

The FIOS router will need a route to
172.17.4.0/24 next hop 192.168.1.254
(your 1841).

The FIOS router will need NAT for your 172.17.4.0
subnet too.

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

cadet alain · ‎12-14-2013

Hi,

ok I read more carefully and I understand your topology better now.

From a client on the "home" network (with the ISP router configured as a gateway [192.168.1.1]) I can ping f0/0, but not f0/1.

Your client has the ISP as the default gateway so when it is ping ping f0/1(172.17.4.1) as it is a different subnet it is sending the frame to the ISP router which doesn't know about 172.17.4.0/24.

You can add a static route on your home client for this subnet pointing out the 1841(192.168.1.254)

route add 172.17.4.0 mask 255.255.255.0 192.168.1.254 -p in Windows command line


From a client on the "home" network (with the 1841 configured as a gateway [192.168.1.254]) I can ping f0/0, but not f0/1.

Windows clients can't use 2 default gateways, if you delete first default gateway before installing this one with

route delete * in command line then you'll be able to ping f0/0 and f0/1 from home client and if icmp redirect is enabled on f0/0 of 1841 it should redirect your home client towards ISP router when you ping 8.8.8.8


From a client attached to f0/1, I can ping to the ISP router (192.168.1.1), but cannot ping anything on the internet {8.8.8.8).

Your ISP router needs a route back to the subnet of the client on f0/1 and it must be configured to nat this subnet

You can nat on your 1841 for this subnet like this:

int f0/0

ip nat out

int f0/1

ip nat in

access-list 100 deny 172.17.4.0 0.0.0.255 192.168.1.0 0.0.0.255

access-list 100 permit 172.17.4.0 0.0.0.255 any

ip nat inside source list 1 interface f0/0

Regards

Alain

Don't forget to rate helpful posts.