02-09-2014 07:18 PM - edited 03-04-2019 10:18 PM
Hello All,
So I have been working on this for weeks and it seems no matter what I do it will not work. Ultimately I am trying to get my 1700 Router to act as a firewall and accept the incoming Comcast Home connection, No Static IP. I have the Cisco WIC4-ESW in the 1700 and that is going into the 2950 Switch. I am trying to get this to work so that all the connections from the switch as you can see will all get internet access. I have a cheap Netgear wireless router that I recently purchased a Cisco 1141 to get rid of the access point part of that Netgear and it is working fine. The issue is when I disconnect it and plug it into the Ethernet0 interface of the router, nothing gets internet anymore. If I connect back to that cheap Netgear it all works again. I have even put a route in my laptop to use the default gateway of the router, but it will still not work. I can ping the public DNS Servers that I used from the switich and the router when the connection is moved to the router, but I cannot access the internet on any of the connected devices. Can those of you more understanding of these configs please tell me where I went wrong on both the switch config and router config please? Any help is apppreciated and if you need any clarification please feel free to ask me. Thank you very much!
Rob
Configs attached as it would not let me paste them in this message...sorry
02-10-2014 11:16 PM
Hi,
1° on the router
no ip default-gateway 192.168.101.101
no ip route 0.0.0.0 0.0.0.0 FastEthernet0 permanent
2° on the switch
interface FastEthernet0/2
no switchport mode trunk <<<< not needed as you only have one vlan(as far as i can see)
switchport mode access
interface FastEthernet0/7
switchport mode access
Regards
Alain
Don't forget to rate helpful posts.
02-11-2014 04:28 AM
Thank you so much Alain for your suggestions. I did make those changes but unfortunately they did not help me getting access to the internet I am still unable to. Any other suggestions? Updated Configs:
Router:
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WRX-STI
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-25d.bin
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$f3Xd$xLmMcvIj2F1OQBmdoMueg/
enable password 7 0215105E0E020E7440
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.101.1 192.168.101.109
ip dhcp excluded-address 192.168.101.151 192.168.101.254
!
ip dhcp pool Home
import all
network 192.168.101.0 255.255.255.0
domain-name missioncriticalco.biz
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.101.101
lease 3
!
!
ip domain name missioncriticalco.biz
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
crypto pki trustpoint TP-self-signed-1035340128
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1035340128
revocation-check none
rsakeypair TP-self-signed-1035340128
!
!
crypto pki certificate chain TP-self-signed-1035340128
certificate self-signed 01
30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303335 33343031 3238301E 170D3032 30333034 30383134
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30333533
34303132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BBED FD08B77C 6805013F 987243B0 026FDE6E 43A9572A DF1879EE 665D0C3D
A4DAE804 97FBB908 BA313F54 B6344469 0A430454 77DF47FD B5FA2922 9AEC4E5C
7A6546A1 A2EDEE83 04E655C4 6FB1D409 B3DAE99F 9AEFC199 43757837 5906C581
9104504B BEE612E5 E7613D3A A5C014F7 635F82D6 C4B86BBB 83997868 330D2F65
32A90203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
551D1104 21301F82 1D575258 2D535449 2E6D6973 73696F6E 63726974 6963616C
636F2E62 697A301F 0603551D 23041830 1680143B FA29BBBA DF1F441F 646EB026
C4891F30 8541E930 1D060355 1D0E0416 04143BFA 29BBBADF 1F441F64 6EB026C4
891F3085 41E9300D 06092A86 4886F70D 01010405 00038181 005F5C80 55C7C6E6
26DAA97C 3D255E90 DB6B6235 A3F22FF1 07D08C93 144964BF 3C86BA7F 071EACA4
4A917180 B3D54B69 CE55FE33 D592ECB5 2F4E01E0 26E54A76 7A597110 3F7524B7
5B2CEA71 EAE8EE2A C2C17130 8F562189 29566774 4B2FC88A EC6D874B 44ABFD8A
EF7D514D EEA6CCCB 3E6D2707 259928AF D5740FE8 FAA77AB9 63
quit
username rwmission
username Rob privilege 15 secret 5 $1$cXmF$1vy22vLT2vG6Z5v7.ufyq/
!
!
!
!
!
!
interface FastEthernet0
description Comcast$ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet0
ip nat outside
no ip virtual-reassembly
ip route-cache flow
speed auto
full-duplex
!
interface FastEthernet1
description To 2950 Swtich
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Serial0
no ip address
shutdown
!
interface Vlan1
description $ES_LAN$
ip address 192.168.101.101 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Vlan2
no ip address
!
interface Dialer0
no ip address
ip mtu 1452
encapsulation ppp
shutdown
dialer pool 1
dialer-group 1
!
ip forward-protocol nd
!
no ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap errors
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.101.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.101.4
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.101.4
access-list 100 remark Auto generated by SDM Management Access feature
access-list 100 remark SDM_ACL Category=1
access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq telnet
access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq 22
access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq www
access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq 443
access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq cmd
access-list 100 deny tcp any host 192.168.101.101 eq telnet
access-list 100 deny tcp any host 192.168.101.101 eq 22
access-list 100 deny tcp any host 192.168.101.101 eq www
access-list 100 deny tcp any host 192.168.101.101 eq 443
access-list 100 deny tcp any host 192.168.101.101 eq cmd
access-list 100 deny udp any host 192.168.101.101 eq snmp
access-list 100 permit ip any any
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip host 192.168.101.4 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip host 192.168.101.4 any
dialer-list 1 protocol ip permit
!
control-plane
!
banner motd ^C
Rob's Cisco 1700 Router
^C
!
line con 0
exec-timeout 0 0
password 7 0215105E0E020E7440
logging synchronous
line aux 0
line vty 0 4
access-class 101 in
privilege level 15
password 7 107D1D1C0013135E00
login local
line vty 5 15
access-class 102 in
privilege level 15
password 7 121A0A15000A
login local
!
end
Switch:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname GT500
!
enable secret 5 $1$PZOf$P1Z0ysQY3/0j7O4ioT7vY/
enable password Steeda
!
username Rob
ip subnet-zero
!
ip domain-name missioncriticalco.biz
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description Netgear
spanning-tree portfast disable
!
interface FastEthernet0/2
description Cisco 1700
switchport mode access
spanning-tree portfast disable
!
interface FastEthernet0/3
description Desktop
!
interface FastEthernet0/4
description Laptop
!
interface FastEthernet0/5
description Printer
!
interface FastEthernet0/6
description Playstation 3
!
interface FastEthernet0/7
description Aironet Access Point
switchport mode access
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
ip address 192.168.101.6 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.101.101
ip http server
banner motd ^C
Rob's Cisco 2950 Switch ^C
!
line con 0
exec-timeout 0 0
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
!
!
end
02-11-2014 04:41 AM
Hi,
post output of following on the 1700:
-show ip interface brief
-show ip route
and following on the switch:
-show interface status | ex notconnect
-show spanning-tree
Also can you ping 8.8.8.8 from the router and from the switch ?
if so can you do this on router:
access-list 199 permit icmp any any
do debug ip nat 199
do debug ip packet 199
then ping 8.8.8.8 from a host and post show log command output
Regards
Alain
Don't forget to rate helpful posts.
02-12-2014 03:46 AM
Good Morning Alain,
I ran all of those commands. I can ping from the router but it was unsuccessful from the switch and the host. Also never run debug commands and cannot figure out where to run them. tried in configure terminal and just enable prompt and they error out. I also did enter the line "access-list 199 permit icmp any any" you just cant see it in this but it was successful.
Router output:
WRX-STI#sh ip interface brief
Interface IP-Address OK? Method Status Protocol
Dialer0 unassigned YES NVRAM administratively down down
FastEthernet0 76.119.167.87 YES DHCP up up
FastEthernet1 unassigned YES unset up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
FastEthernet4 unassigned YES unset up down
NVI0 unassigned NO unset up up
Serial0 unassigned YES NVRAM administratively down down
Vlan1 192.168.101.101 YES NVRAM up up
Vlan2 unassigned YES NVRAM up down
WRX-STI#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 76.119.160.1 to network 0.0.0.0
69.0.0.0/32 is subnetted, 1 subnets
S 69.252.65.132 [254/0] via 76.119.160.1, FastEthernet0
76.0.0.0/21 is subnetted, 1 subnets
C 76.119.160.0 is directly connected, FastEthernet0
C 192.168.101.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [254/0] via 76.119.160.1
WRX-STI#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/56 ms
Switch Output:
GT500#show interface status | ex notconnect
Port Name Status Vlan Duplex Speed Type
Fa0/1 Netgear connected 1 a-full a-100 10/100BaseTX
Fa0/2 Cisco 1700 connected 1 a-full a-100 10/100BaseTX
Fa0/3 Desktop connected 1 a-full a-100 10/100BaseTX
Fa0/4 Laptop connected 1 a-full a-100 10/100BaseTX
Fa0/5 Printer connected 1 a-full a-100 10/100BaseTX
Fa0/7 Aironet Access Poi connected 1 a-full a-100 10/100BaseTX
GT500#show spanning-tree
VLAN0001
Spanning tree enabled protocol rstp
Root ID Priority 32768
Address 000b.5f71.0f82
Cost 19
Port 2 (FastEthernet0/2)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address 000c.ce6d.43c0
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300
Interface Role Sts Cost Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1 Desg FWD 19 128.1 P2p
Fa0/2 Root FWD 19 128.2 P2p Peer(STP)
Fa0/3 Desg FWD 19 128.3 Edge P2p
Fa0/4 Desg FWD 19 128.4 Edge P2p
Fa0/5 Desg FWD 19 128.5 Edge P2p
Fa0/7 Desg FWD 19 128.7 Edge P2p
GT500#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
Thank you in advance for your continued help.
Rob
02-12-2014 04:53 AM
Hi,
conf t
logging buffered 7
logging buffered 100000
logging console 6
logging monitor 6
service timestamp debug uptime
do clear log <<<<< accept
access-list 199 permit icmp any any
do debug ip nat 199
do debug ip packet 199
<
then issue following in conf t: do sh log <<
then post output here
Regards
Alain
Don't forget to rate helpful posts.
02-13-2014 03:48 AM
Good Morning Alain,
Output as you requested:
WRX-STI#config t
Enter configuration commands, one per line. End with CNTL/Z.
WRX-STI(config)#logging buffered 7
WRX-STI(config)#logging buffered 100000
WRX-STI(config)#logging console 6
WRX-STI(config)#logging monitor 6
WRX-STI(config)#service timestamp debug uptime
WRX-STI(config)#do clear log
Clear logging buffer [confirm]
WRX-STI(config)#access-list 199 permit icmp any any
WRX-STI(config)#do debug ip nat 199
debug ip nat 199
^
% Invalid input detected at '^' marker.
WRX-STI(config)#do debug ip packet 199
IP packet debugging is on for access list 199
WRX-STI(config)#do sh log
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level informational, 35 messages logged, xml disabled,
filtering disabled
Monitor logging: level informational, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
No active filter modules.
Trap logging: level errors, 7 message lines logged
Log Buffer (100000 bytes):
WRX-STI(config)#
02-13-2014 04:05 AM
ok so did you do the ping test to see any output ?
Because here the router doesn't see any icmp packet.
Can you post ipconfig of the device that is pinging and the debug output after pinging 8.8.8.8 from the device
Regards
Alain
Don't forget to rate helpful posts.
02-14-2014 06:27 AM
Alain,
From Computer:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Rob Mission>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : RobMission-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : ASIX AX88772A USB2.0 to Fast Ethernet Ada
pter
Physical Address. . . . . . . . . : 00-50-B6-58-9E-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f4cf:87b7:4d79:1702%17(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.23.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 520114358
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-14-DD-09-60-EB-69-4E-21-23
DNS Servers . . . . . . . . . . . : 216.146.35.35
216.146.36.36
192.168.101.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 00-26-C7-70-58-C6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 60-EB-69-4E-21-23
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{6FF4B651-9CC8-43DC-AE99-720EF4F7CDB3}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A8F849FB-11D4-4240-BED8-5E694C4772F4}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{677BB46D-89E1-4727-B12B-0CE94ECFE83E}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Rob Mission>
From Router after ping:
WRX-STI#conf t
Enter configuration commands, one per line. End with CNTL/Z.
WRX-STI(config)#logging buffered 7
WRX-STI(config)#logging buffered 100000
WRX-STI(config)#logging console 6
WRX-STI(config)#logging monitor 6
WRX-STI(config)#service timestamp debug uptime
WRX-STI(config)#do clear log
Clear logging buffer [confirm]
WRX-STI(config)#access-list 199 permit icmp any any
WRX-STI(config)#do debug ip nat 199
debug ip nat 199
^
% Invalid input detected at '^' marker.
WRX-STI(config)#do debug ip packet 199
IP packet debugging is on for access list 199
WRX-STI(config)#do sh log
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level informational, 31 messages logged, xml disabled,
filtering disabled
Monitor logging: level informational, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
No active filter modules.
Trap logging: level errors, 7 message lines logged
Log Buffer (100000 bytes):
WRX-STI(config)#
*Apr 1 19:30:11.353: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down
WRX-STI(config)#
02-14-2014 06:34 AM
Hi,
Your PC ha got an APIPA address because of DHCP operation not working correctly so it is normal it isn't working.
edit ACL 100 like this to not filter DHCP requests:
ip access-list extended 100
10 permit udp any eq bootpc any eq bootps
Regards
Alain
Don't forget to rate helpful posts.
02-14-2014 02:31 PM
Alain,
Multiple issues here. Now my computer will not get the address from the netgear on the NIC so I have to use the wifi for it. I still cannot ping when connected to the router and I feel like I hosed everything. Here all all the outputs and thank you for your continued help.
Router Config:
version 12.4
service timestamps debug uptime
service timestamps log datetime msec
no service password-encryption
!
hostname WRX-STI
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-25d.bin
boot-end-marker
!
logging buffered 100000 debugging
logging console informational
logging monitor informational
enable secret 5 $1$f3Xd$xLmMcvIj2F1OQBmdoMueg/
enable password 7 0215105E0E020E7440
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.101.1 192.168.101.109
ip dhcp excluded-address 192.168.101.151 192.168.101.254
!
ip dhcp pool Home
import all
network 192.168.101.0 255.255.255.0
domain-name missioncriticalco.biz
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.101.101
lease 3
!
!
ip domain name missioncriticalco.biz
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
crypto pki trustpoint TP-self-signed-1035340128
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1035340128
revocation-check none
rsakeypair TP-self-signed-1035340128
!
!
crypto pki certificate chain TP-self-signed-1035340128
certificate self-signed 01
30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303335 33343031 3238301E 170D3032 30333034 30383134
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30333533
34303132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BBED FD08B77C 6805013F 987243B0 026FDE6E 43A9572A DF1879EE 665D0C3D
A4DAE804 97FBB908 BA313F54 B6344469 0A430454 77DF47FD B5FA2922 9AEC4E5C
7A6546A1 A2EDEE83 04E655C4 6FB1D409 B3DAE99F 9AEFC199 43757837 5906C581
9104504B BEE612E5 E7613D3A A5C014F7 635F82D6 C4B86BBB 83997868 330D2F65
32A90203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
551D1104 21301F82 1D575258 2D535449 2E6D6973 73696F6E 63726974 6963616C
636F2E62 697A301F 0603551D 23041830 1680143B FA29BBBA DF1F441F 646EB026
C4891F30 8541E930 1D060355 1D0E0416 04143BFA 29BBBADF 1F441F64 6EB026C4
891F3085 41E9300D 06092A86 4886F70D 01010405 00038181 005F5C80 55C7C6E6
26DAA97C 3D255E90 DB6B6235 A3F22FF1 07D08C93 144964BF 3C86BA7F 071EACA4
4A917180 B3D54B69 CE55FE33 D592ECB5 2F4E01E0 26E54A76 7A597110 3F7524B7
5B2CEA71 EAE8EE2A C2C17130 8F562189 29566774 4B2FC88A EC6D874B 44ABFD8A
EF7D514D EEA6CCCB 3E6D2707 259928AF D5740FE8 FAA77AB9 63
quit
username rwmission
username Rob privilege 15 secret 5 $1$cXmF$1vy22vLT2vG6Z5v7.ufyq/
!
!
!
!
!
!
interface FastEthernet0
description Comcast$ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet0
ip nat outside
no ip virtual-reassembly
ip route-cache flow
speed auto
full-duplex
!
interface FastEthernet1
description To 2950 Swtich
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Serial0
no ip address
shutdown
!
interface Vlan1
description $ES_LAN$
ip address 192.168.101.101 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Vlan2
no ip address
!
interface Dialer0
no ip address
ip mtu 1452
encapsulation ppp
shutdown
dialer pool 1
dialer-group 1
!
ip forward-protocol nd
!
no ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap errors
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.101.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.101.4
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.101.4
access-list 100 permit tcp any host 192.168.101.101 eq cmd
access-list 100 permit tcp any host 192.168.101.101 eq 443
access-list 100 permit tcp any host 192.168.101.101 eq www
access-list 100 permit tcp any host 192.168.101.101 eq 22
access-list 100 permit tcp any host 192.168.101.101 eq telnet
access-list 100 permit udp any eq bootpc any eq bootps
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip host 192.168.101.4 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip host 192.168.101.4 any
access-list 199 permit icmp any any
dialer-list 1 protocol ip permit
!
control-plane
!
banner motd ^C
Rob's Cisco 1700 Router
^C
!
line con 0
exec-timeout 0 0
password 7 0215105E0E020E7440
logging synchronous
line aux 0
line vty 0 4
access-class 101 in
privilege level 15
password 7 107D1D1C0013135E00
login local
line vty 5 15
access-class 102 in
privilege level 15
password 7 121A0A15000A
login local
!
end
Switch Config:
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname GT500
!
enable secret 5 $1$PZOf$P1Z0ysQY3/0j7O4ioT7vY/
enable password Steeda
!
username Rob
ip subnet-zero
!
ip domain-name missioncriticalco.biz
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description Netgear
spanning-tree portfast disable
!
interface FastEthernet0/2
description Cisco 1700
switchport mode access
spanning-tree portfast disable
!
interface FastEthernet0/3
description Desktop
!
interface FastEthernet0/4
description Laptop
!
interface FastEthernet0/5
description Printer
!
interface FastEthernet0/6
description Playstation 3
!
interface FastEthernet0/7
description Aironet Access Point
switchport mode access
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
ip address 192.168.101.6 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.101.101
ip http server
banner motd ^C
Rob's Cisco 2950 Switch ^C
!
line con 0
exec-timeout 0 0
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
!
!
end
Laptop Ping Test:
C:\Users\Rob Mission>ping 8.8.8.8
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 192.168.101.101: Destination net unreachable.
Reply from 192.168.101.101: Destination net unreachable.
Request timed out.
Request timed out.
Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),
C:\Users\Rob Mission>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : RobMission-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : missioncriticalco.biz
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : missioncriticalco.biz
Description . . . . . . . . . . . : ASIX AX88772A USB2.0 to Fast Ethernet Ada
pter
Physical Address. . . . . . . . . : 00-50-B6-58-9E-F0
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f4cf:87b7:4d79:1702%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.101.111(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, February 14, 2014 4:59:54 PM
Lease Expires . . . . . . . . . . : Monday, February 17, 2014 4:59:54 PM
Default Gateway . . . . . . . . . : 192.168.101.101
DHCP Server . . . . . . . . . . . : 192.168.101.101
DHCPv6 IAID . . . . . . . . . . . : 520114358
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-14-DD-09-60-EB-69-4E-21-23
DNS Servers . . . . . . . . . . . : 216.146.35.35
216.146.36.36
8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
Physical Address. . . . . . . . . : 00-26-C7-70-58-C6
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 60-EB-69-4E-21-23
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.missioncriticalco.biz:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : missioncriticalco.biz
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A8F849FB-11D4-4240-BED8-5E694C4772F4}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{677BB46D-89E1-4727-B12B-0CE94ECFE83E}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Rob Mission>
Router Logging from Ping:
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
0 flushes, 0 overruns, xml disabled, filtering disabled)
Console logging: level informational, 29 messages logged, xml disabled,
filtering disabled
Monitor logging: level informational, 0 messages logged, xml disabled,
filtering disabled
Buffer logging: level debugging, 0 messages logged, xml disabled,
filtering disabled
Logging Exception size (4096 bytes)
Count and timestamp logging messages: disabled
No active filter modules.
Trap logging: level errors, 7 message lines logged
02-15-2014 03:13 AM
Hi,
Can you post a quick sketch of your topology because what I had understood is that you had some wired client connected to 2950 which was itself connected to 1700(itself connected to modem).
the PC now has an IP from the 1700 with the correct default gateway( the 1700).
Now we'll have to find out why it won't connect with outside world. Let me review your config one more time
ok so on 1700 do this:
enable
conf t
do debug ip nat
do clear log
ping from PC
do sh log
post output here
also do a traceroute to 8.8.8.8 from the PC and post ouput
Regards
Alain
Don't forget to rate helpful posts.
02-15-2014 05:51 AM
Alain,
I am sorry for the confusion. The netgear device was referenced in the original request. It is a cheap home router. The setup that I am trying to get connected is the 1700 router with the wic that is plugged into the 2950 switch. My ISP Modem is comcast. what I have to do to test this each time we adjust the configs is remove the comcast connection to the netgear and put it on the 1700 router Ethernet port because that is not providing internet yet and remove the connection that the netgear router as to the switch also as it is running DHCP when the 1700 is not connected. When I email you I have to then move it off the router and put it back on the netgear because that is all that has internet at the moment. All mt devices are plugged into the switch and if you look at the switch config in the description line I have what is connected to what port. Again I am sorry for the confusion, ultimately I want to run my entire home off of the router and the switch from Cisco. I hope this helps.
Rob
02-18-2014 10:31 AM
Hi,
ok I forgot you had this infamous ACL inbound on Vlan1
Do this:
int vlan1
no ip access-group 100 in
then try to ping from the host again to 8.8.8.8
This time it should be working hopefully and you don't need it for management filtering if you already have access-class for vty line and http.
Regards
Alain
Don't forget to rate helpful posts.
02-18-2014 02:49 PM
Alain,
Still not able to ping 8.8.8.8 and it shows no internet access. I ping 8.8.8.8 and I get "Destination host unreachable" Here is the updated config of the router with the change you suggested. Could there be something at the switch level that is causing this? That config is in the last post on Friday. Thanks.
Rob
version 12.4
service timestamps debug uptime
service timestamps log datetime msec
no service password-encryption
!
hostname WRX-STI
!
boot-start-marker
boot system flash:c1700-advsecurityk9-mz.124-25d.bin
boot-end-marker
!
logging buffered 100000 debugging
logging console informational
logging monitor informational
enable secret 5 $1$f3Xd$xLmMcvIj2F1OQBmdoMueg/
enable password 7 0215105E0E020E7440
!
no aaa new-model
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip cef
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.101.1 192.168.101.109
ip dhcp excluded-address 192.168.101.151 192.168.101.254
!
ip dhcp pool Home
import all
network 192.168.101.0 255.255.255.0
domain-name missioncriticalco.biz
dns-server 8.8.8.8 8.8.4.4
default-router 192.168.101.101
lease 3
!
!
ip domain name missioncriticalco.biz
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
!
!
crypto pki trustpoint TP-self-signed-1035340128
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1035340128
revocation-check none
rsakeypair TP-self-signed-1035340128
!
!
crypto pki certificate chain TP-self-signed-1035340128
certificate self-signed 01
30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303335 33343031 3238301E 170D3032 30333034 30383134
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30333533
34303132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BBED FD08B77C 6805013F 987243B0 026FDE6E 43A9572A DF1879EE 665D0C3D
A4DAE804 97FBB908 BA313F54 B6344469 0A430454 77DF47FD B5FA2922 9AEC4E5C
7A6546A1 A2EDEE83 04E655C4 6FB1D409 B3DAE99F 9AEFC199 43757837 5906C581
9104504B BEE612E5 E7613D3A A5C014F7 635F82D6 C4B86BBB 83997868 330D2F65
32A90203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603
551D1104 21301F82 1D575258 2D535449 2E6D6973 73696F6E 63726974 6963616C
636F2E62 697A301F 0603551D 23041830 1680143B FA29BBBA DF1F441F 646EB026
C4891F30 8541E930 1D060355 1D0E0416 04143BFA 29BBBADF 1F441F64 6EB026C4
891F3085 41E9300D 06092A86 4886F70D 01010405 00038181 005F5C80 55C7C6E6
26DAA97C 3D255E90 DB6B6235 A3F22FF1 07D08C93 144964BF 3C86BA7F 071EACA4
4A917180 B3D54B69 CE55FE33 D592ECB5 2F4E01E0 26E54A76 7A597110 3F7524B7
5B2CEA71 EAE8EE2A C2C17130 8F562189 29566774 4B2FC88A EC6D874B 44ABFD8A
EF7D514D EEA6CCCB 3E6D2707 259928AF D5740FE8 FAA77AB9 63
quit
username rwmission
username Rob privilege 15 secret 5 $1$cXmF$1vy22vLT2vG6Z5v7.ufyq/
!
!
!
!
!
!
interface FastEthernet0
description Comcast$ES_WAN$$ETH-WAN$
ip address dhcp client-id FastEthernet0
ip nat outside
no ip virtual-reassembly
ip route-cache flow
speed auto
full-duplex
!
interface FastEthernet1
description To 2950 Swtich
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface Serial0
no ip address
shutdown
!
interface Vlan1
description $ES_LAN$
ip address 192.168.101.101 255.255.255.0
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1412
!
interface Vlan2
no ip address
!
interface Dialer0
no ip address
ip mtu 1452
encapsulation ppp
shutdown
dialer pool 1
dialer-group 1
!
ip forward-protocol nd
!
no ip http server
ip http access-class 2
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0 overload
!
logging trap errors
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.101.0 0.0.0.255
access-list 2 remark Auto generated by SDM Management Access feature
access-list 2 remark SDM_ACL Category=1
access-list 2 permit 192.168.101.4
access-list 3 remark SDM_ACL Category=1
access-list 3 permit 192.168.101.4
access-list 100 permit tcp any host 192.168.101.101 eq cmd
access-list 100 permit tcp any host 192.168.101.101 eq 443
access-list 100 permit tcp any host 192.168.101.101 eq www
access-list 100 permit tcp any host 192.168.101.101 eq 22
access-list 100 permit tcp any host 192.168.101.101 eq telnet
access-list 100 permit udp any eq bootpc any eq bootps
access-list 101 remark Auto generated by SDM Management Access feature
access-list 101 remark SDM_ACL Category=1
access-list 101 permit ip host 192.168.101.4 any
access-list 102 remark Auto generated by SDM Management Access feature
access-list 102 remark SDM_ACL Category=1
access-list 102 permit ip host 192.168.101.4 any
access-list 199 permit icmp any any
dialer-list 1 protocol ip permit
!
control-plane
!
banner motd ^C
Rob's Cisco 1700 Router
^C
!
line con 0
exec-timeout 0 0
password 7 0215105E0E020E7440
logging synchronous
line aux 0
line vty 0 4
access-class 101 in
privilege level 15
password 7 107D1D1C0013135E00
login local
line vty 5 15
access-class 102 in
privilege level 15
password 7 121A0A15000A
login local
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide