Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
851
Views
0
Helpful
2
Replies

SETUP CABLE ISP WITH INTERNAL LAN-1800 Router Series

kevin chung
Level 1
Level 1

‎04-01-2012 10:49 AM - edited ‎03-07-2019 05:53 AM

Hi my name is kevin

I am trying to setup my cable ISP with a 1800 Series. Here is what i have so far but i cant seem to get my internet up . I am also not sure if i need to use a crossover cable from modem to fastethernet 0/0 on router. here is what i have below

version 12.4

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

!

hostname XXXXXX

!

boot-start-marker

boot-end-marker

!

logging buffered 20000 debugging

no logging console

!

no aaa new-model

!

resource policy

!

clock timezone EST -5

clock summer-time EDT recurring

ip cef

!

!

no ip dhcp use vrf connected

!

ip dhcp pool Artist

   network 10.10.10.0 255.255.255.0

   dns-server 10.10.10.1

   default-router 10.10.10.1

!

!

no ip domain lookup

ip domain name xxxxxx.com

no vlan accounting input

!

!

!

username admin privilege 15 secret 5 $1$4Tmc$Z1LvJ85wUisi3pCyw8dGq0

!

!

!

!

!

interface FastEthernet0/0

ip dhcp client client-id FastEthernet0/0

no ip address

ip access-group INBOUND in

ip nat outside

no ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.10.10.1 255.255.255.0

ip nat inside

no ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0

no ip address

shutdown

!

interface Serial0/1/0

no ip address

shutdown

!

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

no ip http server

no ip http secure-server

ip nat inside source list INBOUND interface FastEthernet0/0 overload

!

ip access-list extended INBOUND

permit icmp any any echo-reply

permit icmp any any unreachable

permit icmp any any time-exceeded

permit tcp any any eq 22

permit ip 10.10.10.0 0.0.0.255 any

!

!

!

control-plane

!

!

line con 0

line aux 0

login local

transport input all

!

scheduler allocate 20000 1000

end

SO WHAT AM I MISSING FROM PASSING TRAFFIC AND GETTING dns . i AM NOT GETTING THE BLUE GLOBE ON NETWORK CONNECTIONS BUT I AM GETTING AN Ip ADDRESS OF 10.10.10.2 SO DHCP IS WORKING, BUT NOT INTERNET.

THANKS IN ADVANCE

Labels:
0 Helpful
2 Replies 2

Peter Paluch
Cisco Employee
Cisco Employee

‎04-01-2012 02:21 PM

Hello Kevin,

Your configuration has a number of mistakes. Let's correct them.

  1. Remove the ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 line from your configuration. While the default route is mandatory for your router to be able to send packets to internet, I see that your Fa0/0 interface is partially configured to obtain its settings via DHCP. The DHCP will assign also the default route to your router automatically. In fact, this line currently interferes with the DHCP-assigned gateway.

    You can use the no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 command to remove the offending line

  2. The Fa0/0 interface currently has no IP address configured. I assume that it should be assigned via DHCP. Therefore, add these commands:

    interface FastEthernet0/0
      ip address dhcp

  3. The access-list INBOUND is used incorrectly. Currently, it is shared between the packet filtering feature and the NAT. It should be used for either of them but it is not appropriate to use it for both. I suggest you retain the INBOUND ACL for packet filtering feature. That means that the last line from this ACL should be removed (it is currently there to please the NAT). Also, the INBOUND ACL does not allow DHCP reponses to be accepted by your router, hence the possible problem with getting an IP address. There are also other traffic types currently dropped by this ACL that are missing from it (allowing TCP responses, DNS responses). You can correct these issues by entering the following commands:

    ip access-list extended INBOUND
      no permit ip 10.10.10.0  0.0.0.255 any
      permit tcp any any established
      permit udp any eq 53 any
      permit udp any eq bootps any eq bootpc

  4. Now we need to correct the NAT configuration because it currently refers to a wrong ACL. We will create a new ACL and replace the NAT command, as follows:

    ip access-list extended NAT
      permit ip 10.10.10.0 0.0.0.255 any

    no ip nat inside source list INBOUND int Fa0/0 overload
    ip nat inside source list NAT int Fa0/0 overload

Can you try entering these commands and see what happens?

Regarding the cable - it's hard to comment on that but if you issue the show ip int brief command and the Fa0/0 interface is reported as "interface up, line protocol up" then the cable is fine.

Best regards,

Peter

0 Helpful

johnlloyd_13
Level 9
Level 9

‎04-01-2012 04:51 PM

Hi Kevin,

Further adding to Peter's excellent post, may I suggest to add the "import all" command under your DHCP pool.

ip dhcp pool Artist

no dns-server 10.10.10.1

import all

Sent from Cisco Technical Support iPhone App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card