Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Catalyst 2911 Basic Configuration

Hello people,

Im installing a new router in the company (a 2911) and Im having some trouble making it work.

Basically, Im having trouble with the internet conections.

Im conecting one provider to G0/0, another one to G0/1, and then the network to G0/2.

Im not trying to make load balance work (not yet, first I want at least one conection working), so I have unplugged the cable in G0/1. G0/0 is up and running, and I can make pings from the router to internet with no problem.

The problem is that the network can not reach internet at all.

I leave you the running-config, to see if you can give me a much apreciated hand.

router1#show running-conf

Building configuration...

Current configuration : 5806 bytes

!

! Last configuration change at 20:46:29 UTC Sun Jan 26 2014 by alan

! NVRAM config last updated at 17:07:05 UTC Fri Jan 24 2014 by alan

! NVRAM config last updated at 17:07:05 UTC Fri Jan 24 2014 by alan

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname router1

!

boot-start-marker

boot-end-marker

!

!

logging buffered 51200 warnings

!

no aaa new-model

!

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

ip dhcp pool LAN_DHCP_POOL

network 192.168.0.0 255.255.0.0

default-router 192.168.2.2

domain-name g_test

dns-server 8.8.8.8 208.67.222.222

lease 0 8

!

!

no ip domain lookup

ip host router1 192.168.2.2

ip name-server 8.8.8.8

ip name-server 208.67.222.222

ip name-server 8.8.4.4

ip name-server 208.67.220.220

!

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-2101532551

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2101532551

revocation-check none

rsakeypair TP-self-signed-2101532551

!

!

crypto pki certificate chain TP-self-signed-2101532551

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 32313031 35333235 3531301E 170D3131 31323239 32313137

  31335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31303135

  33323535 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100DEA3 06574FDF B2B2113F 84A1EF39 04131994 9969F4D9 A3FCC466 D0328CCF

  B219F1AE A3DCC204 CD993BB2 F59C9A7F C251024E F1A575A5 5C382162 D9277CEB

  0356C896 A7A1BB48 8EA4CFF6 DA77B72C 9904A73B 6731A6E0 3004E5EA B44C1F7F

  5667496C 1E8E603D BE9B1AA1 1065E449 F6110C17 1A5FE3B9 3593BF87 96E14DEC

  87FF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 14E5F8C8 C30593C3 CEAB1874 F94F070B 9674F152 AD301D06

  03551D0E 04160414 E5F8C8C3 0593C3CE AB1874F9 4F070B96 74F152AD 300D0609

  2A864886 F70D0101 05050003 81810092 51314A50 EA812CDA AC97A8D1 2CA06BCC

  6FD5B4A6 DA888322 E2166AB4 0CF340BB E0407C95 584A1BDF 5DC3A6EE 2862E9CF

  7BF0C831 54F06ABF 011664D3 75269FF3 02D434BD 0FD15F32 EB34730C 47FE29D9

  7C2BBF9D 5BDB1D4F EEBFBED5 9B07450E 83DA57B2 1F296D0A 52D39A8F 6A679244

  05C0924C F3FA9A05 BDB28409 53198E

        quit

license udi pid CISCO2911/K9 sn FTX1553AJQU

!

!

username alan privilege 15 secret 5 $1$b6Jk$8iz3K3cTUgSZ.VePkKl5a/

!

redundancy

!

!

!

!

!

class-map match-any PROHIBIDAS

match protocol http host "www.facebook.com"

match protocol http host "www.youtube.com"

match protocol http host "www.pornotube.com"

match protocol http host "www.xvideos.com"

match protocol http host "www.mega.co.nz"

match protocol http host "www.radios-on-line.com.ar"

match protocol http host "www.enlaradio.com.ar"

match protocol http host "www.cienradios.com.ar"

match protocol http host "www.radios-argentina.com.ar"

match protocol http host "www.fmyam.com.ar"

match protocol http host "www.piratebay.org"

class-map match-any P2P

match protocol winmx

match protocol gnutella

match protocol bittorrent

match protocol kazaa2

!

!

policy-map DROP_PROHIBIDAS

class PROHIBIDAS

  drop

policy-map DROP_PROHIBIDOS

class P2P

  drop

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description Fibertel

ip address dhcp

ip access-group acl101 in

ip access-group acl101 out

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

service-policy output DROP_PROHIBIDAS

service-policy output DROP_PROHIBIDOS

!

interface GigabitEthernet0/1

description arnet

ip address dhcp

ip access-group acl101 in

ip access-group acl101 out

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

service-policy output DROP_PROHIBIDOS

service-policy output DROP_PROHIBIDAS

!

interface GigabitEthernet0/2

ip address 192.168.2.2 255.255.0.0

ip access-group acl101 in

ip access-group acl101 out

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

no cdp enable

!

router rip

version 2

network 192.168.0.0

!

ip forward-protocol nd

!

ip http server

ip http port 8180

ip http access-class 20

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 200.122.102.1

!

access-list 101 permit ip any any

!

!

!

!

!

!

control-plane

!

!

banner exec ^C^C

banner login ^C^C

banner motd ^C^C

!

line con 0

login local

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

access-class 23 in

privilege level 15

login local

transport input telnet ssh

line vty 5 15

access-class 23 in

privilege level 15

login local

transport input telnet ssh

!

scheduler allocate 20000 1000

end

Thanks in advance!

Everyone's tags (5)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Cisco Catalyst 2911 Basic Configuration

Hi Alan

You have done the relevant IP Nat statements on your inside and outside interfaces but you have not told the router which LAN subnets it needs to NAT.

Try this:

#access-list 100 permit ip 192.168.0.0 0.0.255.255 any

#ip nat inside source list 100 interface Gi0/0 overload

Thanks

Cisco Catalyst 2911 Basic Configuration

Glad it worked.

You were halfway there in that you had told the router which interfaces were Inside (LAN) and Outside (WAN) but the router also needs to be told which subnets it needs to NAT.

When the packets hit the router from the LAN, they have a source address of 192.168.*.* and the router needs to translate this address to the Public IP address so it can be routed onto the internet.

Just an FYI, you are using a fairly wide /16 subnet mask for your LAN (255.255.0.0) but this may be intentional, thought I would mention it.

6 REPLIES
New Member

Cisco Catalyst 2911 Basic Configuration

Hello Alan,

What are your plans on using nat?

I see you use a private ip address on GE0/2, While GE0/0 and 0/1 are using DHCP.

I usume the isp's provide these interfaces with public ip's?

In that case you will have to configure NAT\PAT

New Member

Cisco Catalyst 2911 Basic Configuration

Hello Wender Putters,

You are correct, Im connecting G0/2 to my network and G0/0 and G0/1 to different ISP's with different public IP's.

Haven't I already configured NAT/PAT?

interface GigabitEthernet0/0

description Fibertel

ip address dhcp

ip access-group acl101 in

ip access-group acl101 out

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

service-policy output DROP_PROHIBIDAS

service-policy output DROP_PROHIBIDOS

!

interface GigabitEthernet0/1

description arnet

ip address dhcp

ip access-group acl101 in

ip access-group acl101 out

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

service-policy output DROP_PROHIBIDOS

service-policy output DROP_PROHIBIDAS

!

interface GigabitEthernet0/2

ip address 192.168.2.2 255.255.0.0

ip access-group acl101 in

ip access-group acl101 out

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

duplex auto

speed auto

no cdp enable

Cisco Catalyst 2911 Basic Configuration

Hi Alan

You have done the relevant IP Nat statements on your inside and outside interfaces but you have not told the router which LAN subnets it needs to NAT.

Try this:

#access-list 100 permit ip 192.168.0.0 0.0.255.255 any

#ip nat inside source list 100 interface Gi0/0 overload

Thanks

New Member

Cisco Catalyst 2911 Basic Configuration

It worked!!! MANY MANY THANKS!!!!

Cisco Catalyst 2911 Basic Configuration

Glad it worked.

You were halfway there in that you had told the router which interfaces were Inside (LAN) and Outside (WAN) but the router also needs to be told which subnets it needs to NAT.

When the packets hit the router from the LAN, they have a source address of 192.168.*.* and the router needs to translate this address to the Public IP address so it can be routed onto the internet.

Just an FYI, you are using a fairly wide /16 subnet mask for your LAN (255.255.0.0) but this may be intentional, thought I would mention it.

New Member

Cisco Catalyst 2911 Basic Configuration

Yes, I know its preeeety wide, but for testing porpuses I wanted that, I will tune it up later.

Thanks!

I will start playing with the load balance... to see if I can make it work

1028
Views
0
Helpful
6
Replies
CreatePlease login to create content