08-17-2009 12:14 PM - edited 03-06-2019 07:17 AM
Hey guys i am back again for a little assistance.
keeping this brief
currently we have a dsl modem connecting to a linksys (p.o.s. router) then connecting to a dhcp server, which then hands out ip address's.
The linksys router is slowly dieing, and i purchased a cisco 1800 router.
The dsl modem has a built in router hands the linksys router 192.168.0.2. Our server 2008 hands out 172.16.1.0 ip's to the users.
my issues is figuring out how to configure the router with the default gateway. I want to keep all devices in place and use them as intended. not using the router for dhcp.
here is my config so far.
Current configuration : 1507 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname qwest-net-rtr
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.cce$PE0lB1rdESIZxgFuB8ODl0
enable password password1
!
no aaa new-model
clock timezone MTN -7
clock summer-time MDT recurring
!
!
!
!
ip cef
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/1/0
no cdp enable
!
interface FastEthernet0/1/1
no cdp enable
!
interface FastEthernet0/1/2
no cdp enable
!
interface FastEthernet0/1/3
no cdp enable
!
interface Cable-Modem0/0/0
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/0
ip address 172.16.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Vlan1
no ip address
shutdown
no mop enabled
!
!
ip forward-protocol nd
!
!
ip http server
ip nat pool overload 192.168.0.10 192.168.0.10 prefix-length 24
ip nat inside source list 7 pool overload overload
!
access-list 7 permit 172.16.1.0 0.0.0.255
snmp-server community public RO
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password passwordv
login
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end
08-18-2009 10:16 AM
Okay, Can you ping the DSL router and GOOGLE via IP again and post the output of show ip nat translation.
Regards,
jerry
08-18-2009 10:20 AM
pinging from my computer, i can not ping the dsl router, only 192.168.1.2. nothing past that. So trying i get nothing when i run sh ip nat translation....
08-18-2009 10:38 AM
I just noticed something, can you do the following for me and test it again:
interface FastEthernet0/0
no ip nat outside
shutdown
interface FastEthernet0/1
no ip nat outside
interface Vlan1
no ip nat inside
interface FastEthernet0/1
ip nat outside
interface Vlan1
ip nat inside
Regards,
jerry
08-18-2009 10:48 AM
identical results, from the router i can ping out to the web, but it stops at the router, i can not get my PC to get out.
Now just to go a little deeper...
Right now i am running this in a test environment. I have a actiontec router acting as a dsl modem, which ties into my outside network (so that there is no down time during the day) The DHCP server is still on the outside network, the one i want to move this to.
so currently it goes actionte router 192.168.1.1 to my cisco router 172.16.2.1
there is no dhcp server at the moment, i have my computer set staticly with 172.16.2.45. With this kind of setup one would think this shouldn't change the results, or am i incorrect?
to clear it up, think of a network inside a network, just for test.
hopefully that clears this up a little so you see how i have it.
08-18-2009 10:58 AM
Hi Jared,
It is fine that you give your PC's static IP address, and your default gateway is fine. From what I see so far, if you cannot ping the Internet from your router, where it is not going through the NAT process, you should check if there is return route back to your 192.168.1.x network since you are testing this.
Do you have a quick diagram of your network so far? Some thing like this will help me
Internet <-> R1 <-> R2 ...
Regards,
jerry
08-18-2009 11:03 AM
in the end, i want this
http://forums.coloradoracing.net/uploads//post-34-1250517696.jpg
currently thats how its setup, but the router is the linksys.
so i have another router behind all of that, (actiontec router) then i have the cisco router plugged into that. this is just for test, until i can get the cisco router working correctly
08-18-2009 11:33 AM
Hi Jared,
This is what my understanding of your network is at this point, of course, for testing
Internet <-> DSL_MODEM <-> R1 <-> R2 <-> CISCO_ROUTER <-> PC
I am assuming you are doing NAT at R1 and R2, can you verify it? The reason I am asking is if R2 is not doing NAT, then your R1 need to point a route of 192.168.1.0/24 to R2, and R2 need to point a default route to R1. I am assuming you don't have routing protocol running.
Regards,
jerry
08-18-2009 11:39 AM
Jerry,
What i think might be my issue, and im not 100% sure but im thinking something with routeing with in the cisco router.
If i plug my laptop into the R2 and get an ip address from the dhcp, i can access the internet with no problems.
once i plug back into the cisco router i lose internet connectivity. Either i do not have the ip addressing setup correctly on the cisco, or something to do with routing from vlan1 to f0/1.
any ideas?
here is the current config as it stands
clock timezone MTN -7
clock summer-time MDT recurring
!
!
!
!
ip cef
no ip domain lookup
multilink bundle-name authenticated
!
!
archive
log config
hidekeys
!
!
!
!
!
interface FastEthernet0/1/0
no cdp enable
!
interface FastEthernet0/1/1
no cdp enable
!
interface FastEthernet0/1/2
no cdp enable
!
interface FastEthernet0/1/3
no cdp enable
!
interface Cable-Modem0/0/0
no ip address
shutdown
no cdp enable
!
interface FastEthernet0/0
no ip address
ip virtual-reassembly
shutdown
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0/1
ip address 192.168.1.2 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Vlan1
ip address 172.16.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no mop enabled
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
ip http server
ip nat inside source list 7 interface FastEthernet0/1 overload
!
access-list 7 permit 172.16.2.0 0.0.0.255 log
snmp-server community public RO
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password passwordv
login
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end
08-18-2009 12:00 PM
Hi Jared,
Can you plug-in your PC into R2 and post the output of ipconfig /all
Regards,
jerry
08-18-2009 11:24 AM
Jerry,
I've seen you have suggested configuring the default route as
ip route 0.0.0.0 0.0.0.0 f0/1
I would personally avoid configuring routes using only the next-hop interface, if the interface is a multiaccess-type of network like Ethernet here. Configuring the default route like this makes it essentially behave as directly connected network on Fa0/1, resulting in huge ARP traffic for each and every destination IP address of an outgoing packet and large ARP cache. Most importantly, for this route to work, the next router must be running Proxy ARP. If it does not then no ARP replies will be sent, resulting in dropped packets with "encapsulation failed" error in debugs.
This is my personal opinion but please feel free to discuss it!
Best regards,
Peter
08-18-2009 11:38 AM
Hi Peter,
I am totally agree with your on the default to the next-hop IP instead of interface. I first thought that it is DHCP (read the post in a fly), where the only way to configure a default route is point it to the outgoing interface. Like my home Cable Modem configuration =).
Regards,
jerry
08-18-2009 12:11 PM
Jerry,
here is the information you requested.
When i plug into R2, here is the information returned by ipconfig /all
ip 192.168.1.3
mask 255.255.255.0
default gateway 192.168.1.1
dhcp server 192.168.1.1
dns servers 192.168.1.1
08-18-2009 12:57 PM
people who i have shown the config say it should be working, so i guess im just stuck geting my pc to talk outside the cisco router.
I turned on dhcp on it to see if that might have been the problem, and it was not.
i know im missing something, just cant seem to see it...
08-18-2009 01:18 PM
Hello Jared, Jerry,
I am thinking of one more possibility: maybe the Cisco router needs to obtain its IP address from DHCP, otherwise by whatever security measures, it will be denied access to network (something similar to IP Source Guard).
Jared, can you try to modify your configuration so that your Cisco router tries to obtain its IP configuration via DHCP instead of having it configured statically? You may directly paste the following commands to your configuration.
no ip route 0.0.0.0 0.0.0.0 192.168.1.1
interface Fa0/1
no ip address
ip address dhcp
Please note that I have also suggested removing the default route. The default route will be provided by the DHCP alone - no extra command is necessary for that.
If possible, give it a try and let us know if it worked. Also, if it did not, please include the output of the following commands:
show ip route
show ip int brief
show run int fa0/1
show ip nat translation
show access-list
Thanks!
Best regards,
Peter
08-18-2009 01:30 PM
Peter,
It pulled an ip address of 192.168.1.4
but i am still unable to get outside on my laptop, it dies at 192.168.1.1 i can not ping it.
here is my findings
qwest-net-rtr#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.2.0 is directly connected, Vlan1
C 192.168.1.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [254/0] via 192.168.1.1
qwest-net-rtr#sh ip int b
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1/0 unassigned YES unset up down
FastEthernet0/1/1 unassigned YES unset up up
FastEthernet0/1/2 unassigned YES unset down down
FastEthernet0/1/3 unassigned YES unset up down
Cable-Modem0/0/0 unassigned YES NVRAM administratively down down
FastEthernet0/0 unassigned YES manual administratively down down
FastEthernet0/1 192.168.1.4 YES DHCP up up
Vlan1 172.16.2.1 YES manual up up
NVI0 unassigned NO unset up up
qwest-net-rtr#sh run int fa0/1
Building configuration...
Current configuration : 129 bytes
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
end
nothing shows for sh ip nat trans
west-net-rtr#show access-list
Standard IP access list 7
10 permit 172.16.2.0, wildcard bits 0.0.0.255 log (77 matches)
also here sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.2.0 is directly connected, Vlan1
C 192.168.1.0/24 is directly connected, FastEthernet0/1
S* 0.0.0.0/0 [254/0] via 192.168.1.1
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: