10-03-2008 02:57 PM - edited 03-06-2019 01:45 AM
I'm currently running a Cisco 2811 router.
I managed to configure my FastEthernet0/0 able to access and ping to DNS servers and full access to the internet.
But when comes to my LAN network which is on FastEthernet0/1, when I use the test connection on SDM, it always says the DNS gateway not configured something like that.
But the fact is that I have configured the DNS and it worked for FastEthernet0/0. The same thing goes for my Catalyst 2960G switch. I'm unable to access internet from both FastEthernet0/1 and the switch.
Below is my configurations for both devices.
-----Cisco 2811 Router-----
version 12.4
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service sequence-numbers
!
hostname PCSBRouter
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret xxx
enable password xxx
!
no aaa new-model
clock timezone PCTime 8
!
!
ip cef
!
!
ip name-server 202.x.0.133
ip name-server 202.x.1.5
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
ip tcp synwait-time 10
!
!
!
!
!
interface FastEthernet0/0
description $ETH-WAN$
ip address 219.x.x.202 255.255.255.252
duplex auto
speed auto
!
interface FastEthernet0/1
description $ES_LAN$$ETH-LAN$
ip address 192.x.x.1 255.255.0.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly
duplex full
speed auto
!
interface BRI0/0/0
no ip address
encapsulation hdlc
shutdown
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 219.94.97.201
!
!
ip http server
no ip http secure-server
ip nat pool PCSB 192.9.200.1 192.9.255.255 netmask 255.255.0.0
!
logging trap debugging
!
!
!
!
control-plane
!
!
!
voice-port 0/1/0
!
voice-port 0/1/1
!
voice-port 0/2/0
!
voice-port 0/2/1
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password xxx
login
!
scheduler allocate 20000 1000
!
end
I need help for configuration of this router. I have no idea how I configured my previous Cisco 1841 and I maybe got it work by luck. I know I'm missing some settings. Now I can't up my company's network. Please help me out.
10-03-2008 03:02 PM
Below is the configuration for my Cisco Catalyst 2960G switch.
----Cisco Catalyst 2960G Switch----
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname PCSBSwitch
!
enable secret xxx
enable password xxx
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
ip domain-lookup source-interface GigabitEthernet0/1
ip name-server 202.188.0.133
ip name-server 202.188.1.5
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
!
interface GigabitEthernet0/40
!
interface GigabitEthernet0/41
!
interface GigabitEthernet0/42
!
interface GigabitEthernet0/43
!
interface GigabitEthernet0/44
!
interface GigabitEthernet0/45
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
!
interface Vlan1
ip address 192.9.200.2 255.255.0.0
no ip route-cache
!
ip default-gateway 192.9.200.1
ip http server
!
control-plane
!
!
line con 0
line vty 0 4
password peoplespg
login
line vty 5 15
password peoplespg
login
!
end
Posting both device configuration to let you guys see a clearer picture of my problem.
10-06-2008 05:39 PM
ip nat pool PCSB 192.9.200.1 192.9.255.255 netmask 255.255.0.0
what is the above line doing in your config ?
Are you Natting your source IP addresses ie. on your router add
int fa0/0
ip nat outside
ip nat inside source list 101 interface fa0/0 overload
access-list 101 permit ip any any
Jon
10-07-2008 03:17 AM
I agree with Jon that the major problem is about translating the inside addresses. But there seem to be more complex design issues than just enabling address translation. Even though there is some attempt to hide parts of the address (ip address 192.x.x.1 255.255.0.0) it is pretty clear that the network is set up as 192.9.0.0/16 and is set up as 1 flat network. Where did these addresses come from?
Since 192.9.x.x is in public address space one might think that address translation is not necessary. But in fact 192.9.0.0/16 is a hugh supernet (class B) in the class C address space. So those addresses are almost certainly not registered to this company. While the configuration of the default routing will send traffic out to the Internet, the Internet routing table would not route any response back.
So my suggestion is that address translation is required and that the address pool that Jon mentions is not valid. I would suggest, like Jon, that PAT (translate with overload on the outside address) would be a more realistic solution than NAT with an address pool. So configure the PAT and remove the configuration of this pool of addresses (which just duplicates the range of inside addresses and is therefore useless).
HTH
Rick
10-07-2008 04:50 AM
Yes, those are the settings I missed out.
Thanks anyway. I found that I missed out the IP address pool for the NAT translation.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: