Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

issue with config

Hey guys i am back again for a little assistance.

keeping this brief

currently we have a dsl modem connecting to a linksys (p.o.s. router) then connecting to a dhcp server, which then hands out ip address's.

The linksys router is slowly dieing, and i purchased a cisco 1800 router.

The dsl modem has a built in router hands the linksys router 192.168.0.2. Our server 2008 hands out 172.16.1.0 ip's to the users.

my issues is figuring out how to configure the router with the default gateway. I want to keep all devices in place and use them as intended. not using the router for dhcp.

here is my config so far.

Current configuration : 1507 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname qwest-net-rtr

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$.cce$PE0lB1rdESIZxgFuB8ODl0

enable password password1

!

no aaa new-model

clock timezone MTN -7

clock summer-time MDT recurring

!

!

!

!

ip cef

multilink bundle-name authenticated

!

!

archive

log config

hidekeys

!

!

!

!

!

interface FastEthernet0/1/0

no cdp enable

!

interface FastEthernet0/1/1

no cdp enable

!

interface FastEthernet0/1/2

no cdp enable

!

interface FastEthernet0/1/3

no cdp enable

!

interface Cable-Modem0/0/0

no ip address

shutdown

no cdp enable

!

interface FastEthernet0/0

ip address 172.16.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

ip address 192.168.0.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface Vlan1

no ip address

shutdown

no mop enabled

!

!

ip forward-protocol nd

!

!

ip http server

ip nat pool overload 192.168.0.10 192.168.0.10 prefix-length 24

ip nat inside source list 7 pool overload overload

!

access-list 7 permit 172.16.1.0 0.0.0.255

snmp-server community public RO

!

!

control-plane

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password passwordv

login

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

44 REPLIES
Cisco Employee

Re: issue with config

You can put the following configuration in, assuming your NAT is done correctly

ip routing

ip classless

ip route 0.0.0.0 0.0.0.0 f0/1

HTH,

jerry

New Member

Re: issue with config

tried that did not work. I am able to ping the web from the router, but not from my pc. from my pc i can ping the dsl modems default gateway, but can not get out past that.

any ideas?

Cisco Employee

Re: issue with config

Hi Jared,

Your NAT configuration needs to be changed along with the static routes I gave you before

no ip nat pool overload 192.168.0.10 192.168.0.10 prefix-length 24

no ip nat inside source list 7 pool overload overload

ip nat inside source list 7 interface FastEthernet0/1 overload

HTH,

jerry

New Member

Re: issue with config

Hey Jerry,

Here is the current config now.

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname qwest-net-rtr

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$.cce$PE0lB1rdESIZxgFuB8ODl0

enable password password1

!

no aaa new-model

clock timezone MTN -7

clock summer-time MDT recurring

!

!

!

!

ip cef

multilink bundle-name authenticated

!

!

archive

log config

hidekeys

!

!

!

!

!

interface FastEthernet0/1/0

no cdp enable

!

interface FastEthernet0/1/1

no cdp enable

!

interface FastEthernet0/1/2

no cdp enable

!

interface FastEthernet0/1/3

no cdp enable

!

interface Cable-Modem0/0/0

no ip address

shutdown

no cdp enable

!

interface FastEthernet0/0

no ip address

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

ip address 192.168.1.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface Vlan1

ip address 172.16.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no mop enabled

!

ip forward-protocol nd

!

!

ip http server

ip nat inside source list 7 interface FastEthernet0/1 overload

!

access-list 7 permit 172.16.2.0 0.0.0.255 log

snmp-server community public RO

!

!

control-plane

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password passwordv

login

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

Yes i did change the IP's just so i can test this during the day with out putting a hault on employees. Currently it goes:

192.168.1.1 is my qwest dsl modem

192.168.1.2 is going to the wan port of cisco router

172.16.2.1 is the cisco router

172.16.2.45 is the lan ip from the cisco

we do have a DHCP Server that will be in production in time..

hopefully this helps you see what im trying to accomplish a little bit better.

At the moment, i can no longer access the dsl modem, i use to be able to get to the web gui, and ping 192.168.1.1. After using the command you gave me i can no longer do so. I also can not ping out to any web address's

any thoughts on this?

Thanks

Jared

Cisco Employee

Re: issue with config

Hi Jared,

You have to put the default route in the config

ip routing

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

After you did that and can you test it and post the the following commands if it is still not working

show ip route

show ip nat translations

HTH,

jerry

New Member

Re: issue with config

Jerry,

Here are the results from what you have asked for

qwest-net-rtr(config)#do sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.2.0 is directly connected, Vlan1

C 192.168.1.0/24 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 is directly connected, FastEthernet0/1

qwest-net-rtr#sh ip nat trans

Pro Inside global Inside local Outside local Outside global

icmp 192.168.1.2:1 172.16.2.45:1 172.16.1.128:1 172.16.1.128:1

icmp 192.168.1.2:1 172.16.2.45:1 192.168.1.1:1 192.168.1.1:1

Thank you

Cisco Employee

Re: issue with config

Hi Jared,

Are you able to ping the DSL router? Or access the Internet. The output looks okay so far.

Regards,

jerry

New Member

Re: issue with config

From my pc i can not ping 192.168.1.1 (DSL router), also I can not access the internet either. However i can ping the wan port of the cisco router 192.168.1.2

From the Cisco router i can ping 192.168.1.1, and i can ping the WAN ip address of the dsl router. But i can not ping anything further than the WAN IP, i.e. www.google.com.

Cisco Employee

Re: issue with config

Hi Jared,

Sounds like your DSL router doesn't have a return path back to your router. I am assuming you are ping www.google.com's IP address (64.233.169.104), not the DNS name.

Regards,

jerry

New Member

Re: issue with config

yes, I am pinging it based off ip, nothing comes back.

Cisco Employee

Re: issue with config

Hi Jared,

Let's change the default route configuration and test this again.

no ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

ip route 0.0.0.0 0.0.0.0 192.168.1.1

Regards,

jerry

New Member

Re: issue with config

Jerry,

Now from the router i can ping web address's, but i can not ping from my pc. So im thinking im missing a route now. Any suggestions?

here is the config

no aaa new-model

clock timezone MTN -7

clock summer-time MDT recurring

!

!

!

!

ip cef

no ip domain lookup

multilink bundle-name authenticated

!

!

archive

log config

hidekeys

!

!

!

!

!

interface FastEthernet0/1/0

no cdp enable

!

interface FastEthernet0/1/1

no cdp enable

!

interface FastEthernet0/1/2

no cdp enable

!

interface FastEthernet0/1/3

no cdp enable

!

interface Cable-Modem0/0/0

no ip address

shutdown

no cdp enable

!

interface FastEthernet0/0

no ip address

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

ip address 192.168.1.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface Vlan1

ip address 172.16.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no mop enabled

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

!

ip http server

ip nat inside source list 7 interface FastEthernet0/1 overload

!

access-list 7 permit 172.16.2.0 0.0.0.255 log

snmp-server community public RO

!

!

control-plane

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password passwordv

login

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

Cisco Employee

Re: issue with config

Can you do the following on the router

clear ip nat translation *

show ip route

show ip nat translation

And can you post me the ipconfig /all from your pc?

Regards,

jerry

New Member

Re: issue with config

Here is that information

qwest-net-rtr#clear ip nat translation *

qwest-net-rtr#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.2.0 is directly connected, Vlan1

C 192.168.1.0/24 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [1/0] via 192.168.1.1

qwest-net-rtr#show ip nat translation

qwest-net-rtr#

also,

IPv4 Address.... 172.16.2.45

subnet...........255.255.255.0

mask.............172.16.2.1

dns servers..... 172.16.2.1

.................172.16.1.1

Cisco Employee

Re: issue with config

Okay, Can you ping the DSL router and GOOGLE via IP again and post the output of show ip nat translation.

Regards,

jerry

New Member

Re: issue with config

pinging from my computer, i can not ping the dsl router, only 192.168.1.2. nothing past that. So trying i get nothing when i run sh ip nat translation....

Cisco Employee

Re: issue with config

I just noticed something, can you do the following for me and test it again:

interface FastEthernet0/0

no ip nat outside

shutdown

interface FastEthernet0/1

no ip nat outside

interface Vlan1

no ip nat inside

interface FastEthernet0/1

ip nat outside

interface Vlan1

ip nat inside

Regards,

jerry

New Member

Re: issue with config

identical results, from the router i can ping out to the web, but it stops at the router, i can not get my PC to get out.

Now just to go a little deeper...

Right now i am running this in a test environment. I have a actiontec router acting as a dsl modem, which ties into my outside network (so that there is no down time during the day) The DHCP server is still on the outside network, the one i want to move this to.

so currently it goes actionte router 192.168.1.1 to my cisco router 172.16.2.1

there is no dhcp server at the moment, i have my computer set staticly with 172.16.2.45. With this kind of setup one would think this shouldn't change the results, or am i incorrect?

to clear it up, think of a network inside a network, just for test.

hopefully that clears this up a little so you see how i have it.

Cisco Employee

Re: issue with config

Hi Jared,

It is fine that you give your PC's static IP address, and your default gateway is fine. From what I see so far, if you cannot ping the Internet from your router, where it is not going through the NAT process, you should check if there is return route back to your 192.168.1.x network since you are testing this.

Do you have a quick diagram of your network so far? Some thing like this will help me

Internet <-> R1 <-> R2 ...

Regards,

jerry

New Member

Re: issue with config

in the end, i want this

http://forums.coloradoracing.net/uploads//post-34-1250517696.jpg

currently thats how its setup, but the router is the linksys.

so i have another router behind all of that, (actiontec router) then i have the cisco router plugged into that. this is just for test, until i can get the cisco router working correctly

Cisco Employee

Re: issue with config

Hi Jared,

This is what my understanding of your network is at this point, of course, for testing

Internet <-> DSL_MODEM <-> R1 <-> R2 <-> CISCO_ROUTER <-> PC

I am assuming you are doing NAT at R1 and R2, can you verify it? The reason I am asking is if R2 is not doing NAT, then your R1 need to point a route of 192.168.1.0/24 to R2, and R2 need to point a default route to R1. I am assuming you don't have routing protocol running.

Regards,

jerry

New Member

Re: issue with config

Jerry,

What i think might be my issue, and im not 100% sure but im thinking something with routeing with in the cisco router.

If i plug my laptop into the R2 and get an ip address from the dhcp, i can access the internet with no problems.

once i plug back into the cisco router i lose internet connectivity. Either i do not have the ip addressing setup correctly on the cisco, or something to do with routing from vlan1 to f0/1.

any ideas?

here is the current config as it stands

clock timezone MTN -7

clock summer-time MDT recurring

!

!

!

!

ip cef

no ip domain lookup

multilink bundle-name authenticated

!

!

archive

log config

hidekeys

!

!

!

!

!

interface FastEthernet0/1/0

no cdp enable

!

interface FastEthernet0/1/1

no cdp enable

!

interface FastEthernet0/1/2

no cdp enable

!

interface FastEthernet0/1/3

no cdp enable

!

interface Cable-Modem0/0/0

no ip address

shutdown

no cdp enable

!

interface FastEthernet0/0

no ip address

ip virtual-reassembly

shutdown

duplex auto

speed auto

no cdp enable

!

interface FastEthernet0/1

ip address 192.168.1.2 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

!

interface Vlan1

ip address 172.16.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

no mop enabled

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.1.1

!

!

ip http server

ip nat inside source list 7 interface FastEthernet0/1 overload

!

access-list 7 permit 172.16.2.0 0.0.0.255 log

snmp-server community public RO

!

!

control-plane

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password passwordv

login

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

Cisco Employee

Re: issue with config

Hi Jared,

Can you plug-in your PC into R2 and post the output of ipconfig /all

Regards,

jerry

Cisco Employee

Re: issue with config

Jerry,

I've seen you have suggested configuring the default route as

ip route 0.0.0.0 0.0.0.0 f0/1

I would personally avoid configuring routes using only the next-hop interface, if the interface is a multiaccess-type of network like Ethernet here. Configuring the default route like this makes it essentially behave as directly connected network on Fa0/1, resulting in huge ARP traffic for each and every destination IP address of an outgoing packet and large ARP cache. Most importantly, for this route to work, the next router must be running Proxy ARP. If it does not then no ARP replies will be sent, resulting in dropped packets with "encapsulation failed" error in debugs.

This is my personal opinion but please feel free to discuss it!

Best regards,

Peter

Cisco Employee

Re: issue with config

Hi Peter,

I am totally agree with your on the default to the next-hop IP instead of interface. I first thought that it is DHCP (read the post in a fly), where the only way to configure a default route is point it to the outgoing interface. Like my home Cable Modem configuration =).

Regards,

jerry

New Member

Re: issue with config

Jerry,

here is the information you requested.

When i plug into R2, here is the information returned by ipconfig /all

ip 192.168.1.3

mask 255.255.255.0

default gateway 192.168.1.1

dhcp server 192.168.1.1

dns servers 192.168.1.1

New Member

Re: issue with config

people who i have shown the config say it should be working, so i guess im just stuck geting my pc to talk outside the cisco router.

I turned on dhcp on it to see if that might have been the problem, and it was not.

i know im missing something, just cant seem to see it...

Cisco Employee

Re: issue with config

Hello Jared, Jerry,

I am thinking of one more possibility: maybe the Cisco router needs to obtain its IP address from DHCP, otherwise by whatever security measures, it will be denied access to network (something similar to IP Source Guard).

Jared, can you try to modify your configuration so that your Cisco router tries to obtain its IP configuration via DHCP instead of having it configured statically? You may directly paste the following commands to your configuration.

no ip route 0.0.0.0 0.0.0.0 192.168.1.1

interface Fa0/1

no ip address

ip address dhcp

Please note that I have also suggested removing the default route. The default route will be provided by the DHCP alone - no extra command is necessary for that.

If possible, give it a try and let us know if it worked. Also, if it did not, please include the output of the following commands:

show ip route

show ip int brief

show run int fa0/1

show ip nat translation

show access-list

Thanks!

Best regards,

Peter

New Member

Re: issue with config

Peter,

It pulled an ip address of 192.168.1.4

but i am still unable to get outside on my laptop, it dies at 192.168.1.1 i can not ping it.

here is my findings

qwest-net-rtr#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.2.0 is directly connected, Vlan1

C 192.168.1.0/24 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [254/0] via 192.168.1.1

qwest-net-rtr#sh ip int b

Interface IP-Address OK? Method Status Protocol

FastEthernet0/1/0 unassigned YES unset up down

FastEthernet0/1/1 unassigned YES unset up up

FastEthernet0/1/2 unassigned YES unset down down

FastEthernet0/1/3 unassigned YES unset up down

Cable-Modem0/0/0 unassigned YES NVRAM administratively down down

FastEthernet0/0 unassigned YES manual administratively down down

FastEthernet0/1 192.168.1.4 YES DHCP up up

Vlan1 172.16.2.1 YES manual up up

NVI0 unassigned NO unset up up

qwest-net-rtr#sh run int fa0/1

Building configuration...

Current configuration : 129 bytes

!

interface FastEthernet0/1

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

no cdp enable

end

nothing shows for sh ip nat trans

west-net-rtr#show access-list

Standard IP access list 7

10 permit 172.16.2.0, wildcard bits 0.0.0.255 log (77 matches)

also here sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

172.16.0.0/24 is subnetted, 1 subnets

C 172.16.2.0 is directly connected, Vlan1

C 192.168.1.0/24 is directly connected, FastEthernet0/1

S* 0.0.0.0/0 [254/0] via 192.168.1.1

352
Views
10
Helpful
44
Replies
CreatePlease to create content