Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Help with Cisco 871-K9

Hi everyone! I'm having trouble with my 871 router.

My problem is the next one.

It's starts like this:

My ISP give me an address by DHCP, it is connected to a 1841 (Fe 0/1), on Fe0/0 I assign 10.22.1.1 and by DHCP on my 871, I gather the IP the router gives me.

Now, in the 871, as you can see on the attach everything's configured, I can make pings to everything unless to my computer, with the IP 10.22.2.3 and Gateway 10.22.2.1 (Vlan1). Therefore, I ping from my computer to the vlan1 (inside) and the Fe4 port (outside) -works- but I dont have access to the web. Neither I can ping 10.22.1.2 that is 1841 router.

Any ideas of what I'm doing wrong?

1841 is working perfect and it's natting the public ip into private.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Cisco Employee

Re: Help with Cisco 871-K9

I see the problem on your 1841, you need to add the following to your NAT ACL. The 10.22.2.0/29 network is not catching by that ACL for NAT to the internet.

access-list 10 permit 10.22.2.0 0.0.0.7

So, the end result of access-list 10 should look like this on the 1841

access-list 10 permit 10.22.1.0 0.0.0.255

access-list 10 permit 10.22.2.0 0.0.0.7

HTH,

jerry

Cisco Employee

Re: Help with Cisco 871-K9

Glad that fix the problem.

Do you want to connect the C2960 to the 871 or 1841? If you are connecting that to the 871's VLAN 1, you only have 5 addresses (- the default GW on the 871) for the C2960. You can try to put one of the port on the 871 to VLAN X and put a different subnet for VLAN X, but remember to add a route on the 1841 to point back to the 871 and change ACL 10 to include that with NAT.

Here is an example

interface f3

switchport access vlan 2

interface vlan X

no shut

ip address 10.22.100.1 255.255.255.0

Regards,

jerry

32 REPLIES
Cisco Employee

Re: Help with Cisco 871-K9

Are you saying the 1841 assigns an IP address to the 871 via DHCP? And can you confirm your topology is the follow:

Internet <->(F0/1) 1841 (F0/0)<->(F4) 871 (VL1)<-> PC

If this is what you have, the default route on the 871 is incorrect, it should look like the follow:

ip route 0.0.0.0 0.0.0.0 10.22.1.1

or

ip route 0.0.0.0 0.0.0.0 f4

HTH,

jerry

New Member

Re: Help with Cisco 871-K9

Jerry, The topology is correct, now I'm correcting the IP route, and I'll let you know.

New Member

Re: Help with Cisco 871-K9

Jerry, I'm still having the same problem, I cant access to the internet and, from the router (871) when I ping the computer 10.22.2.3 I have no answer but the computer can ping F4 and Vl1, but cant ping 10.22.1.2 that is the 1841

Cisco Employee

Re: Help with Cisco 871-K9

Okay, does the 1841 has a return route back to the 871's network (10.22.2.0/29)? BTW, why are you doing DHCP on the 871's F4 interface? There might be a small issue on configuring static route on the 1841.

If you configure static IP address on the 871, you can configure something like this in the 1841

ip route 10.22.2.0 255.255.255.248 10.22.1.x

where 10.22.1.x is the IP address of the 871's F4 interface.

HTH,

jerry

New Member

Re: Help with Cisco 871-K9

I've changed the config into static, every ping works unless, the one to the computer, I'm in the same situation. I cant ping the computer from the router and I cant access the internet.

Cisco Employee

Re: Help with Cisco 871-K9

Okay, if the PC cannot ping the 871, can you post the output of ipconfig /all on CMD and the show run of the 871? If you don't mind, the show run of the 1841 will be great also.

I also want to know if you have the Windows FW turned on. Turning that off would help troubleshooting.

Regards,

jerry

New Member

Re: Help with Cisco 871-K9

No, the 871 cant ping the pc, now with the ip route you gave me, the pc pings all, the cablemodem, the 1841, the 871.

871 is still not pinging the pc and I'm still without internet access.

I dont have the firewall on.

Thanks in advance for you patience.

Cisco Employee

Re: Help with Cisco 871-K9

Okay, can you post the output of ping x.x.x.x source vlan 1, where x.x.x.x is the IP of the PC. And I would like to see the output of show ip arp also.

Regards,

jerry

New Member

Re: Help with Cisco 871-K9

Here it is

New Member

Re: Help with Cisco 871-K9

Here is the ipconfig and pings.

Next, the 1841 runn

Cisco Employee

Re: Help with Cisco 871-K9

I see the problem on your 1841, you need to add the following to your NAT ACL. The 10.22.2.0/29 network is not catching by that ACL for NAT to the internet.

access-list 10 permit 10.22.2.0 0.0.0.7

So, the end result of access-list 10 should look like this on the 1841

access-list 10 permit 10.22.1.0 0.0.0.255

access-list 10 permit 10.22.2.0 0.0.0.7

HTH,

jerry

New Member

Re: Help with Cisco 871-K9

Jerry !!! YES AWESOME it works, thank you very much for your help and patience, and I need to review my ccna books again! hehe

A final question, sorry to bother, I have a 2960 switch already configured, so I would connect it to the 871, how I have to do? because I cant make Subints on L2, I'd need to do them on the 1841?

Cisco Employee

Re: Help with Cisco 871-K9

Glad that fix the problem.

Do you want to connect the C2960 to the 871 or 1841? If you are connecting that to the 871's VLAN 1, you only have 5 addresses (- the default GW on the 871) for the C2960. You can try to put one of the port on the 871 to VLAN X and put a different subnet for VLAN X, but remember to add a route on the 1841 to point back to the 871 and change ACL 10 to include that with NAT.

Here is an example

interface f3

switchport access vlan 2

interface vlan X

no shut

ip address 10.22.100.1 255.255.255.0

Regards,

jerry

New Member

Re: Help with Cisco 871-K9

I want to connect it to the 871, as you said, I will put one port (F3) on a new vlan (vlan2) and I'll put a new subnet.

One more thing, do I need to put in port F3 Trunk mode?

Cisco Employee

Re: Help with Cisco 871-K9

No, it can be on access port if you just want to support a single subnet. I don't think the 871 will support more than 2 VLAN's.

Regards,

jerry

New Member

Re: Help with Cisco 871-K9

Jerry, everythings working but I'm having a very slow connection with the 871, am I missing any command?

I'm connected directly with another computer to the 1841, and it's working normally.

Cisco Employee

Re: Help with Cisco 871-K9

Can you check your CPU on the 871 which process is using lots of CPU cycle?

show proc cpu

Also, how many PC is behind the 871?

Also can you remove this command on interface F4

ip flow ingress

This is for netflow, and I don't see you have any netflow collector configured.

Please keep in mind that 871 is a low end router, and the performance is much lower than the 1800 series.

HTH,

jerry

New Member

Re: Help with Cisco 871-K9

Jerry, I attach you the results, I've just removed the ip flow ingress command.

And I'm only using one computer at this time, I know 871 has a lower performance, but the web pages take too long to open, and I can't even open messenger.

New Member

Re: Help with Cisco 871-K9

For your consideration, now I'm downloading a Excel file, and the transfer rate is about of 1.2KB/sec, meanwhile, here in my laptop is about 412KB/sec

Cisco Employee

Re: Help with Cisco 871-K9

Your CPU process looks fine. Could you please do the following commands

no service tcp-keepalives-in

no service tcp-keepalives-out

no ip reflexive-list timeout 120

no ip ssh source-interface FastEthernet0

no logging source-interface FastEthernet0

Troubleshooting latency is pretty complicated. There might be lots of TCP re-transmission happening in the network. You can check this with a sniffer to see what is happening on the network.

HTH,

jerry

New Member

Re: Help with Cisco 871-K9

Jerry, those commands helped a bit. So if theres lots of TCP re-transmission, what would I have to do? I'm watching with Wireshark and seems that there is a lot of re-transmissioning.

I would have to use: ip tcp adjust-mss xxx?

Regards!

Cisco Employee

Re: Help with Cisco 871-K9

I would find out the what cause the re-transmission first. Adjusting TCP MTU will fix fragmentation problem. I would like to see the interface status along the path first. I am trying to look for errors along the path to rule out any physical problems.

The output I am interested is from show interface fx/x command

R1#sh int f0/0

FastEthernet0/0 is up, line protocol is up

... SNIP ...

Full-duplex, 100Mb/s, 100BaseTX/FX

... SNIP ...

210469 packets input, 20392024 bytes

Received 210311 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

302463 packets output, 25408663 bytes, 0 underruns

0 output errors, 0 collisions, 0 interface resets

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

R1#

Regards,

jerry

New Member

Re: Help with Cisco 871-K9

Jerry, the show int of the 871 is the next one:

Kepler#sh int fast 4

FastEthernet4 is up, line protocol is up

Hardware is PQUICC_FEC, address is 001c.f68c.d6af (bia 001c.f68c.d6af)

Description: (outside) InterNet uplink

Internet address is 10.22.1.25/24

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:19, output 00:00:09, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

12780 packets input, 12752825 bytes

Received 768 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

7481 packets output, 1323110 bytes, 0 underruns

0 output errors, 0 collisions, 1 interface resets

0 unknown protocol drops

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

Kepler#sh int vlan1

Vlan1 is up, line protocol is up

Hardware is EtherSVI, address is 001c.f68c.d6a5 (bia 001c.f68c.d6a5)

Internet address is 10.22.2.1/29

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:04, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

9016 packets input, 1718675 bytes, 0 no buffer

Received 12 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

12164 packets output, 12687233 bytes, 0 underruns

0 output errors, 1 interface resets

0 unknown protocol drops

0 unknown protocol drops

Cisco Employee

Re: Help with Cisco 871-K9

This one looks pretty clean. Can you do the show interface on the port your PC is connected to?

If you can do that on the 1841, that would be great.

Regards,

jerry

New Member

Re: Help with Cisco 871-K9

Show int, from my pc is connected to.

Kepler#sh int f1

FastEthernet1 is up, line protocol is up

Hardware is Fast Ethernet, address is 001c.f68c.d6a6 (bia 001c.f68c.d6a6)

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s

ARP type: ARPA, ARP Timeout 04:00:00

Last input never, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

9250 packets input, 1794276 bytes, 0 no buffer

Received 39 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 input packets with dribble condition detected

17022 packets output, 13084979 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 unknown protocol drops

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

New Member

Re: Help with Cisco 871-K9

The show int of the 1841 is the following:

FastEthernet0/0 is up, line protocol is up

Hardware is Gt96k FE, address is 001b.53f9.063e (bia 001b.53f9.063e)

Description: (outside) InterNet uplink

Internet address is 186.136.51.14/24

MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 6/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:02, output 00:00:00, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 2383000 bits/sec, 216 packets/sec

5 minute output rate 75000 bits/sec, 131 packets/sec

2448100 packets input, 3040226785 bytes

Received 48030 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

1588140 packets output, 171645278 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 unknown protocol drops

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

Cisco Employee

Re: Help with Cisco 871-K9

Okay, all your interfaces are clean.

How does the network behave during none peak hour?

Regards,

jerry

New Member

Re: Help with Cisco 871-K9

Yep, I dunno what is happening, during peak hour it slows down, but in that pc I cannot enter to messenger, and web pages load very slow.

Now, in my laptop I'm downloading at 300KB/sec and in the computer connected to the 871 the speed is 3KB/sec. WEIRD

Regards!

Thanks you very much for your help!

Cisco Employee

Re: Help with Cisco 871-K9

It looks like your link is very congested during peak hour.

Regards,

jerry

235
Views
5
Helpful
32
Replies
CreatePlease login to create content