Solved: cable modem with router on a stick

john smith · ‎02-05-2014

HI friends,

i have a setup for my small network like:

ADSL ---------- Router (2901) --------- catalyst Switch (2960) -------- LAN User (Data+VOIP+WLAN)

Router Config:

ip dhcp pool Data

network 172.16-.1.0 255.255.255.0

default-router 172.16.1.1

dns-server 192.168.1.1 4.2.2.2

ip dhcp pool Voice

network 172.16.2.0 255.255.255.0

default-router 172.16.2.1

dns-server 192.168.1.1 4.2.2.2

ip dhcp pool WLAN

network 172.16.3.0 255.255.255.0

default-router 172.16.3.1

dns-server 192.168.1.1 4.2.2.2

interface gigEthernet0/1

description Facing the ISP (the ADSL Modem)

ip address dhcp

ip nat outside

i did (show dhcp server) and got an ip address from the ADSL modem for this port ------192.168.1.2

!

interface gigEthernet0/0

description ****Facing LAN*****

no ip address

ip nat inside

interface gigEthernet0/0.1

description ****Facing LAN-Data*****

ip address 172.16.1.1 255.255.255.0

encapsulation dot1q 1 native

interface gigEthernet0/0.2

description ****Facing LAN-Voice*****

ip address 172.16.2.1 255.255.255.0

encapsulation dot1q 2

interface gigEthernet0/0.3

description ****Facing LAN-WLAN*****

ip address 172.16.3.1 255.255.255.0

encapsulation dot1q 3

access-list 1 permit 172.16.0.0 0.0.0.255

ip nat inside source list 1 interface gigethernet0/1 overload

ip router 0.0.0.0 0.0.0.0.0 gigethernet 0/1

Switch Config:

int vlan 1

Description***Data**

ip address 172.16.1.2 255.255.255.0

!

int vlan 2

Description***Voice**

ip address 172.16.2.2 255.255.255.0

!

int vlan 3

Description***WLAN**

ip address 172.16.3.2 255.255.255.0

ip default-gateway 172.16.1.1

int gig 1/0

description *****Connected to Router*****

switchport mode trunk

int fa 1/0

switchport mode access

switchport access vlan1

switchport voice vlan 2

Above is the config that i configure on router and switch but unfortunatelt internet does not work from any pc connected to the switch

i checked from router (sh ip nat translation) but output showing nothing.

same router is being used as CME also ang having the voice over ip configuration on it.... is that is the problem ?

atteched file is show version of the router if needed to check plzi am getting ip address on pc but not able to browse.

while i can browse when connect to the modem direct with cable to my pc

any suggestion and idea will be very appreciated! and i need urgent help plz

thanks

Istvan kelemen · ‎02-06-2014

Hi,

You shall issue "ip nat inside" command under the subinterfaces not on the main interface.

And one more thing permit 172.16.0.0 0.0.0.255 will only allow to translate 172.16.0.x adresses

interface gigEthernet0/0

description ****Facing LAN*****

no ip address

interface gigEthernet0/0.1

description ****Facing LAN-Data*****

ip address 172.16.1.1 255.255.255.0

encapsulation dot1q 1 native

ip nat inside

interface gigEthernet0/0.2

description ****Facing LAN-Voice*****

ip address 172.16.2.1 255.255.255.0

encapsulation dot1q 2

ip nat inside

interface gigEthernet0/0.3

description ****Facing LAN-WLAN*****

ip address 172.16.3.1 255.255.255.0

encapsulation dot1q 3

ip nat inside

access-list 1 permit 172.16.0.0 0.0.255.255

ip nat inside source list 1 interface gigethernet0/1 overload

ip router 0.0.0.0 0.0.0.0.0 gigethernet 0/1

View solution in original post

cadet alain · ‎02-06-2014

Hi,

1° get rid of this static default route, you don't need it(because dhcp installed it already) and furthermore using a static route with a multipoint outgoing interface either poses problems or doesn't work if the next-hop has got proxy-arp disabled.

--->

no ip router 0.0.0.0 0.0.0.0.0 gigethernet 0/1

2° specify your subinterfaces as nat inside interfaces

3° change your NAT ACL

--->

no access-list 1 permit 172.16.0.0 0.0.0.255

access-list 1 permit 172.16.0.0 0.0.255.255

Regards

Alain

Don't forget to rate helpful posts.

View solution in original post

Jon Marshall · ‎02-06-2014

Can you post the actual config you have on your router ?

Can you change your default route to -

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Jon

View solution in original post

chrebert · ‎02-05-2014

Hello Waseem,

One thing that jumps out at me is that you are getting a private address (192.168.1.2) on your WAN port (gi0/1).

It looks like your ADSL modem is also functioning as a router/gateway, and you are experiencing a double NAT situatiuon. Since the ADSL router does not know that your 172 networks reside behind the 2901 the traffic never returns.

You could possibly add a static route for each network to the ADSL router, but the better option would be to get the ADSL modem fully bridged, so that your 2901 gets the public IP address itself.

I was also wondering what default gateway you are using for each VLAN. It looks like you have a trunk configured with sub-interfaces on the 2901, so those IPs (the .1s) should be your default gateways.

Let me know if that works,

Christopher Ebert

john smith · ‎02-06-2014

thanks for your reply Christopher.

this make sense that you said, and i guess this is the problem, because ADSL modem has NAT enabled on it and i am also enabling NAT(PAT) on my router.

since router got private ip address from Modem that's why it is not being translated my private IP(s) with modem,

because translation would only be happened with public IP.

so you suggest to configure static routes in ADSL Modem itself ?

i ll try that.....

is there any other possible solution for this to let local LAN work with modem ??

thanks

Istvan kelemen · ‎02-06-2014

Hi,

You shall issue "ip nat inside" command under the subinterfaces not on the main interface.

And one more thing permit 172.16.0.0 0.0.0.255 will only allow to translate 172.16.0.x adresses

interface gigEthernet0/0

description ****Facing LAN*****

no ip address

interface gigEthernet0/0.1

description ****Facing LAN-Data*****

ip address 172.16.1.1 255.255.255.0

encapsulation dot1q 1 native

ip nat inside

interface gigEthernet0/0.2

description ****Facing LAN-Voice*****

ip address 172.16.2.1 255.255.255.0

encapsulation dot1q 2

ip nat inside

interface gigEthernet0/0.3

description ****Facing LAN-WLAN*****

ip address 172.16.3.1 255.255.255.0

encapsulation dot1q 3

ip nat inside

access-list 1 permit 172.16.0.0 0.0.255.255

ip nat inside source list 1 interface gigethernet0/1 overload

ip router 0.0.0.0 0.0.0.0.0 gigethernet 0/1

Jan Rolny · ‎02-06-2014

Hi,

I would start basic troubleshoot from insisde hosts side. So start ping you default gateways of particular subnets 172.17.1.1, 2.1 and 3.1 if you ping succesfully then ping inside address of you ADSL modem(192.168.1.1). Also I would recommend you to not use DHCP between your ADSL and 2901 router. It does not make sense. You can use static addressing or switch your ADSl modem to the bridge mode.

Another thing is that you do NAT on your Cisco router so you don't need add static route on ADSL becasue all your insisde subnets are translated to outside interface Ip address(assigned from DHCP) and ADSL modem know where to direct return traffic.

Also ip nat insisde is missing on insisde interfaces

Next please chceck DSN resolution if it works.

Thanks,

Jan

cadet alain · ‎02-06-2014

Hi,

1° get rid of this static default route, you don't need it(because dhcp installed it already) and furthermore using a static route with a multipoint outgoing interface either poses problems or doesn't work if the next-hop has got proxy-arp disabled.

--->

no ip router 0.0.0.0 0.0.0.0.0 gigethernet 0/1

2° specify your subinterfaces as nat inside interfaces

3° change your NAT ACL

--->

no access-list 1 permit 172.16.0.0 0.0.0.255

access-list 1 permit 172.16.0.0 0.0.255.255

Regards

Alain

Don't forget to rate helpful posts.

john smith · ‎02-06-2014

Hi

i did all the steps mentioned above and here they are

change acl to 0.0.255.255

add ip nat inside in subinterfaces

configure a static ip address on modem connected interface on the router

now i can ping that interface(router outside int) ip address from my LAN witch (connect to router)

but still not able to browse.

any idea please

Istvan kelemen · ‎02-06-2014

Please try to ping 8.8.8.8 from the router with source 172.16.1.1 and please do the same from the pc.

I think you have problem with DNS resolution.

john smith · ‎02-06-2014

HI,

i tried but no luck

Router#ping 8.8.8.8 source 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.1

.....

Success rate is 0 percent (0/5)

Jon Marshall · ‎02-06-2014

Router#ping 8.8.8.8 source 172.16.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 10.1.1.1

where is the 10.1.1.1 address coming from ?

Do you have anything configured with that address on the router ?

Jon

john smith · ‎02-06-2014

HI,

yeah actually 10.1.1.1 is reall address but i am saying 172.16.1.1 in the forum.

my mistake ,,,,, did not edit it well

Jon Marshall · ‎02-06-2014

Okay but 10.x.x.x addressing is also private addressing so could you post the actual config you are using as you may be making typos when you modify it for the forum.

Can you do the following -

1) from a client on the switch ping the clients default gateway (which should be the subinterface IP on the router not the IP address on the switch)

2) from same client ping the WAN interface on the router

3) from the same client ping the cable modem and check the NAT table with "sh ip nat translations"

see what works and also can you say what the client IP is.

Jon

john smith · ‎02-06-2014

HI,

C:\Users\2013>ping 10.1.1.1 (G.W)

Pinging 10.1.1.1 with 32 bytes of data:

Reply from 10.1.1.1: bytes=32 time<1ms TTL=255

Ping statistics for 10.1.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\2013>ping 192.168.1.2 (WAN INT)

Pinging 192.168.1.2 with 32 bytes of data:

Reply from 192.168.1.2: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\2013>ping 192.168.1.1 (ADSL IP)

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time<1ms TTL=63

Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

Ethernet adapter Local Area Connection: (IP Client got)

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connecti

on

Physical Address. . . . . . . . . : 00-29-BE-BB-37-PE

DHCP Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

Link-local IPv6 Address . . . . . : fe80::992:e551:c2e5:1061%11(Preferred)

IPv4 Address. . . . . . . . . . . : 10.1.1.11(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Lease Obtained. . . . . . . . . . : Thursday, February 06, 2014 1:34:35 PM

Lease Expires . . . . . . . . . . : Thursday, February 13, 2014 2:11:19 PM

Default Gateway . . . . . . . . . : 10.1.1.1

DHCP Server . . . . . . . . . . . : 10.1.1.1

DHCPv6 IAID . . . . . . . . . . . : 234889676

DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-2E-3C-58-00-29-BE-BB-37-PE

DNS Servers . . . . . . . . . . . : 192.168.1.1

4.2.2.1

NetBIOS over Tcpip. . . . . . . . : Enabled

Jon Marshall · ‎02-06-2014

So you can ping the modem from a client.

What about trying an internet address from the client ?

Jon

john smith · ‎02-06-2014

HI

i even can not ping with the source of outside interface...

Router#ping 8.8.8.8 source gi 0/1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 192.168.1.2

.....

Success rate is 0 percent (0/5)

any idea please?

thanks