Dear Experts,
My name is Martin Botsov and I am a complete novice as far as Cisco WAN/LAN switching and routing
is concerned as well as Cisco IOS. I've always wanted to have a Cisco router and recently an
opportunity to replace my old Netgear FVX538 with a Cisco 2801 opened up. Initially, I decided to go
on my own and try to cofigure the router. Unfortunatelly, it turned out that it isn't as simple as I thought.
Here's what the toplogy looks like: ISP -> 2801 -> LAN.
My ISP provides all network settings via DHCP. Also, there is an access control mechanism to their
infrastructure via MAC filtering. So far I have provided the MAC address of the the HWIC and I've
also managed to configure it to accept network settings from the DHCP server. I've also configured
the LAN interface. And finally, I've tried to configure NAT (without success obviously).
The following is the listing right before the Press RETURN to get started! message which shows
that interface FastEthernet0/1/0 (WAN) receives an IP addrress from the DHCP server.
Press RETURN to get started!
*Sep 21 16:35:01.223: %ESWMRVL_FLTMG-5-NOTICE: Notice: FPGA Rev 0x27
*Sep 21 16:35:25.027: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Initialized
*Sep 21 16:35:25.031: %VPN_HW-6-INFO_LOC: Crypto engine: onboard 0 State changed to: Enabled
*Sep 21 16:35:26.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface VoIP-Null0, changed state to up
*Sep 21 16:35:27.735: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
*Sep 21 16:35:27.939: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1/0, changed state to up
*Sep 21 16:35:28.339: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
*Sep 21 16:35:29.915: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
*Sep 21 16:35:31.563: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
*Sep 21 16:35:42.195: %SYS-5-CONFIG_I: Configured from memory by console
*Sep 21 16:35:43.907: %LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
*Sep 21 16:35:46.527: %SYS-5-RESTART: System restarted --
2801 Software (C2801-ADVIPSERVICESK9-M), Version 12.4(24)T3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Compiled Tue 23-Mar-10 08:27 by prod_rel_team
*Sep 21 16:35:46.535: %SNMP-5-COLDSTART: SNMP agent on host Router is undergoing a cold start
*Sep 21 16:35:46.787: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Sep 21 16:35:46.787: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Sep 21 16:35:46.787: %CRYPTO-6-ISAKMP_ON_OFF: ISAKMP is OFF
*Sep 21 16:35:46.787: %CRYPTO-6-GDOI_ON_OFF: GDOI is OFF
*Sep 21 16:35:47.987: %DSPRM-5-UPDOWN: DSP 1 in slot 0, changed state to up
*Sep 21 16:35:52.555: %DHCP-6-ADDRESS_ASSIGN: Interface FastEthernet0/1/0 assigned DHCP address 46.35.190.178, mask 255.255.255.128, hostname Router
Another confirmation of the above written is the fact that when I issue a ping command from the
router to random web site it gets a respond with a resolved domain name and a successive result.
Thus, this makes me think that the WAN interface is configured properly.
The following is the listing of the show configure command.
Router#show configuration
Using 1165 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
no ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description LAN
ip address 192.168.0.1 255.255.255.224
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet0/1/0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat pool OptiSprint 46.35.190.178 46.35.190.178 netmask 255.255.255.128
ip nat inside source list 30 pool OptiSprint overload
!
access-list 30 permit 192.168.0.0 0.0.0.31
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end
Router#
The following is the listing of the show ip route command.
Router#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 46.35.190.129 to network 0.0.0.0
10.0.0.0/32 is subnetted, 1 subnets
S 10.31.11.2 [254/0] via 46.35.190.129, FastEthernet0/1/0
192.168.0.0/27 is subnetted, 1 subnets
C 192.168.0.0 is directly connected, FastEthernet0/0
46.0.0.0/25 is subnetted, 1 subnets
C 46.35.190.128 is directly connected, FastEthernet0/1/0
S* 0.0.0.0/0 [254/0] via 46.35.190.129
Router#
The result from the above written is that when I plug in my laptop into the LAN port of the router I am
able to get ping replies from the IP address of any domain name. For example, if I write
ping 206.190.36.45 I get a successful reply from Yahoo. But if I try to ping the domain name from
behind the router, then the request can't be resolved.
I suppose I've done something wrong with the NAT concept. However, I am afraid I don't understand
what exactly is the problem.
I would appreciate if you gyus could help me out and guide me how to properly configure my router.
Martin
