Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

1700 Router with 2950 Switch and Comcast Home ISP

Hello All,

So I have been working on this for weeks and it seems no matter what I do it will not work.  Ultimately I am trying to get my 1700 Router to act as a firewall and accept the incoming Comcast Home connection, No Static IP.  I have the Cisco WIC4-ESW in the 1700 and that is going into the 2950 Switch.  I am trying to get this to work so that all the connections from the switch as you can see will all get internet access.  I have a cheap Netgear wireless router that I recently purchased a Cisco 1141 to get rid of the access point part of that Netgear and it is working fine.  The issue is when I disconnect it and plug it into the Ethernet0 interface of the router, nothing gets internet anymore.  If I connect back to that cheap Netgear it all works again.  I have even put a route in my laptop to use the default gateway of the router, but it will still not work.  I can ping the public DNS Servers that I used from the switich and the router when the connection is moved to the router, but I cannot access the internet on any of the connected devices.  Can those of you more understanding of these configs please tell me where I went wrong on both the switch config and router config please?  Any help is apppreciated and if you need any clarification please feel free to ask me.  Thank you very much!

Rob

Configs attached as it would not let me paste them in this message...sorry

16 REPLIES
Purple

1700 Router with 2950 Switch and Comcast Home ISP

Hi,

1° on the router

no ip default-gateway 192.168.101.101

no ip route 0.0.0.0 0.0.0.0 FastEthernet0 permanent

2° on the switch

interface FastEthernet0/2

no switchport mode trunk   <<<< not needed as you only have one vlan(as far as i can see)

switchport mode access

interface FastEthernet0/7

switchport mode access

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

1700 Router with 2950 Switch and Comcast Home ISP

Thank you so much Alain for your suggestions.  I did make those changes but unfortunately they did not help me getting access to the internet I am still unable to.  Any other suggestions?  Updated Configs:

Router:

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname WRX-STI

!

boot-start-marker

boot system flash:c1700-advsecurityk9-mz.124-25d.bin

boot-end-marker

!

logging buffered 51200 warnings

enable secret 5 $1$f3Xd$xLmMcvIj2F1OQBmdoMueg/

enable password 7 0215105E0E020E7440

!

no aaa new-model

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

ip cef

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.101.1 192.168.101.109

ip dhcp excluded-address 192.168.101.151 192.168.101.254

!

ip dhcp pool Home

   import all

   network 192.168.101.0 255.255.255.0

   domain-name missioncriticalco.biz

   dns-server 8.8.8.8 8.8.4.4

   default-router 192.168.101.101

   lease 3

!

!

ip domain name missioncriticalco.biz

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

!

!

crypto pki trustpoint TP-self-signed-1035340128

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1035340128

revocation-check none

rsakeypair TP-self-signed-1035340128

!

!

crypto pki certificate chain TP-self-signed-1035340128

certificate self-signed 01

  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31303335 33343031 3238301E 170D3032 30333034 30383134

  35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30333533

  34303132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BBED FD08B77C 6805013F 987243B0 026FDE6E 43A9572A DF1879EE 665D0C3D

  A4DAE804 97FBB908 BA313F54 B6344469 0A430454 77DF47FD B5FA2922 9AEC4E5C

  7A6546A1 A2EDEE83 04E655C4 6FB1D409 B3DAE99F 9AEFC199 43757837 5906C581

  9104504B BEE612E5 E7613D3A A5C014F7 635F82D6 C4B86BBB 83997868 330D2F65

  32A90203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603

  551D1104 21301F82 1D575258 2D535449 2E6D6973 73696F6E 63726974 6963616C

  636F2E62 697A301F 0603551D 23041830 1680143B FA29BBBA DF1F441F 646EB026

  C4891F30 8541E930 1D060355 1D0E0416 04143BFA 29BBBADF 1F441F64 6EB026C4

  891F3085 41E9300D 06092A86 4886F70D 01010405 00038181 005F5C80 55C7C6E6

  26DAA97C 3D255E90 DB6B6235 A3F22FF1 07D08C93 144964BF 3C86BA7F 071EACA4

  4A917180 B3D54B69 CE55FE33 D592ECB5 2F4E01E0 26E54A76 7A597110 3F7524B7

  5B2CEA71 EAE8EE2A C2C17130 8F562189 29566774 4B2FC88A EC6D874B 44ABFD8A

  EF7D514D EEA6CCCB 3E6D2707 259928AF D5740FE8 FAA77AB9 63

  quit

username rwmission

username Rob privilege 15 secret 5 $1$cXmF$1vy22vLT2vG6Z5v7.ufyq/

!

!

!

!

!

!

interface FastEthernet0

description Comcast$ES_WAN$$ETH-WAN$

ip address dhcp client-id FastEthernet0

ip nat outside

no ip virtual-reassembly

ip route-cache flow

speed auto

full-duplex

!

interface FastEthernet1

description To 2950 Swtich

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface Serial0

no ip address

shutdown

!

interface Vlan1

description $ES_LAN$

ip address 192.168.101.101 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1412

!

interface Vlan2

no ip address

!

interface Dialer0

no ip address

ip mtu 1452

encapsulation ppp

shutdown

dialer pool 1

dialer-group 1

!

ip forward-protocol nd

!

no ip http server

ip http access-class 2

ip http authentication local

ip http secure-server

ip nat inside source list 1 interface FastEthernet0 overload

!

logging trap errors

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.101.0 0.0.0.255

access-list 2 remark Auto generated by SDM Management Access feature

access-list 2 remark SDM_ACL Category=1

access-list 2 permit 192.168.101.4

access-list 3 remark SDM_ACL Category=1

access-list 3 permit 192.168.101.4

access-list 100 remark Auto generated by SDM Management Access feature

access-list 100 remark SDM_ACL Category=1

access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq telnet

access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq 22

access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq www

access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq 443

access-list 100 permit tcp host 192.168.101.4 host 192.168.101.101 eq cmd

access-list 100 deny   tcp any host 192.168.101.101 eq telnet

access-list 100 deny   tcp any host 192.168.101.101 eq 22

access-list 100 deny   tcp any host 192.168.101.101 eq www

access-list 100 deny   tcp any host 192.168.101.101 eq 443

access-list 100 deny   tcp any host 192.168.101.101 eq cmd

access-list 100 deny   udp any host 192.168.101.101 eq snmp

access-list 100 permit ip any any

access-list 101 remark Auto generated by SDM Management Access feature

access-list 101 remark SDM_ACL Category=1

access-list 101 permit ip host 192.168.101.4 any

access-list 102 remark Auto generated by SDM Management Access feature

access-list 102 remark SDM_ACL Category=1

access-list 102 permit ip host 192.168.101.4 any

dialer-list 1 protocol ip permit

!

control-plane

!

banner motd ^C

Rob's Cisco 1700 Router

^C

!

line con 0

exec-timeout 0 0

password 7 0215105E0E020E7440

logging synchronous

line aux 0

line vty 0 4

access-class 101 in

privilege level 15

password 7 107D1D1C0013135E00

login local

line vty 5 15

access-class 102 in

privilege level 15

password 7 121A0A15000A

login local

!

end

Switch:

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname GT500

!

enable secret 5 $1$PZOf$P1Z0ysQY3/0j7O4ioT7vY/

enable password Steeda

!

username Rob

ip subnet-zero

!

ip domain-name missioncriticalco.biz

ip ssh time-out 120

ip ssh authentication-retries 3

!

!

spanning-tree mode rapid-pvst

spanning-tree portfast default

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

!

!

!

interface FastEthernet0/1

description Netgear

spanning-tree portfast disable

!

interface FastEthernet0/2

description Cisco 1700

switchport mode access

spanning-tree portfast disable

!

interface FastEthernet0/3

description Desktop

!

interface FastEthernet0/4

description Laptop

!

interface FastEthernet0/5

description Printer

!

interface FastEthernet0/6

description Playstation 3

!

interface FastEthernet0/7

description Aironet Access Point

switchport mode access

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface Vlan1

ip address 192.168.101.6 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.101.101

ip http server

banner motd ^C

Rob's Cisco 2950 Switch ^C

!

line con 0

exec-timeout 0 0

line vty 0 4

login local

transport input telnet ssh

line vty 5 15

login local

!

!

end

Purple

1700 Router with 2950 Switch and Comcast Home ISP

Hi,

post output of following on the 1700:

-show ip interface brief

-show ip route

and following on the switch:

-show interface status | ex notconnect

-show spanning-tree

Also can you ping 8.8.8.8 from the router and from the switch ?

if so can you do this on router:

access-list 199 permit icmp any any

do debug ip nat 199

do debug ip packet 199

then ping  8.8.8.8 from a host and post show log  command output

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

1700 Router with 2950 Switch and Comcast Home ISP

Good Morning Alain,

I ran all of those commands.  I can ping from the router but it was unsuccessful from the switch and the host.  Also never run debug commands and cannot figure out where to run them.  tried in configure terminal and just enable prompt and they error out.  I also did enter the line "access-list 199 permit icmp any any" you just cant see it in this but it was successful.

Router output:

WRX-STI#sh ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Dialer0                    unassigned      YES NVRAM  administratively down down
FastEthernet0              76.119.167.87   YES DHCP   up                    up
FastEthernet1              unassigned      YES unset  up                    up
FastEthernet2              unassigned      YES unset  up                    down
FastEthernet3              unassigned      YES unset  up                    down
FastEthernet4              unassigned      YES unset  up                    down
NVI0                       unassigned      NO  unset  up                    up
Serial0                    unassigned      YES NVRAM  administratively down down
Vlan1                      192.168.101.101 YES NVRAM  up                    up
Vlan2                      unassigned      YES NVRAM  up                    down
WRX-STI#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 76.119.160.1 to network 0.0.0.0

     69.0.0.0/32 is subnetted, 1 subnets
S       69.252.65.132 [254/0] via 76.119.160.1, FastEthernet0
     76.0.0.0/21 is subnetted, 1 subnets
C       76.119.160.0 is directly connected, FastEthernet0
C    192.168.101.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [254/0] via 76.119.160.1
WRX-STI#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/52/56 ms

Switch Output:

GT500#show interface status | ex notconnect

Port      Name               Status       Vlan       Duplex  Speed Type
Fa0/1     Netgear            connected    1          a-full  a-100 10/100BaseTX
Fa0/2     Cisco 1700         connected    1          a-full  a-100 10/100BaseTX
Fa0/3     Desktop            connected    1          a-full  a-100 10/100BaseTX
Fa0/4     Laptop             connected    1          a-full  a-100 10/100BaseTX
Fa0/5     Printer            connected    1          a-full  a-100 10/100BaseTX
Fa0/7     Aironet Access Poi connected    1          a-full  a-100 10/100BaseTX
GT500#show spanning-tree

VLAN0001
  Spanning tree enabled protocol rstp
  Root ID    Priority    32768
             Address     000b.5f71.0f82
             Cost        19
             Port        2 (FastEthernet0/2)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32769  (priority 32768 sys-id-ext 1)
             Address     000c.ce6d.43c0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/2            Root FWD 19        128.2    P2p Peer(STP)
Fa0/3            Desg FWD 19        128.3    Edge P2p
Fa0/4            Desg FWD 19        128.4    Edge P2p
Fa0/5            Desg FWD 19        128.5    Edge P2p
Fa0/7            Desg FWD 19        128.7    Edge P2p

GT500#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)

Thank you in advance for your continued help.

Rob

Purple

1700 Router with 2950 Switch and Comcast Home ISP

Hi,

conf t

logging buffered 7

logging buffered 100000

logging console 6

logging monitor 6

service timestamp debug uptime

do clear log   <<<<< accept

access-list 199 permit icmp any any

do debug ip nat 199

do debug ip packet 199

<>>

then issue following in conf t: do sh log     <<

then post output here

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

1700 Router with 2950 Switch and Comcast Home ISP

Good Morning Alain,

Output as you requested:

WRX-STI#config t
Enter configuration commands, one per line.  End with CNTL/Z.
WRX-STI(config)#logging buffered 7
WRX-STI(config)#logging buffered 100000
WRX-STI(config)#logging console 6
WRX-STI(config)#logging monitor 6
WRX-STI(config)#service timestamp debug uptime
WRX-STI(config)#do clear log
Clear logging buffer [confirm]
WRX-STI(config)#access-list 199 permit icmp any any
WRX-STI(config)#do debug ip nat 199
debug ip nat 199
               ^
% Invalid input detected at '^' marker.

WRX-STI(config)#do debug ip packet 199
IP packet debugging is on for access list 199
WRX-STI(config)#do sh log
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level informational, 35 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level informational, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 0 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled

No active filter modules.

    Trap logging: level errors, 7 message lines logged

Log Buffer (100000 bytes):
WRX-STI(config)#

Purple

1700 Router with 2950 Switch and Comcast Home ISP

ok so did you do the ping test to see any output ?

Because here the router doesn't see any  icmp packet.

Can you post ipconfig of the device that is pinging and the debug output after pinging 8.8.8.8 from the device

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

1700 Router with 2950 Switch and Comcast Home ISP

Alain,

From Computer:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Rob Mission>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : RobMission-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : ASIX AX88772A USB2.0 to Fast Ethernet Ada
pter
   Physical Address. . . . . . . . . : 00-50-B6-58-9E-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f4cf:87b7:4d79:1702%17(Preferred)
   Autoconfiguration IPv4 Address. . : 169.254.23.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 520114358
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-14-DD-09-60-EB-69-4E-21-23

   DNS Servers . . . . . . . . . . . : 216.146.35.35
                                       216.146.36.36
                                       192.168.101.100
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 00-26-C7-70-58-C6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 60-EB-69-4E-21-23
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{6FF4B651-9CC8-43DC-AE99-720EF4F7CDB3}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A8F849FB-11D4-4240-BED8-5E694C4772F4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{677BB46D-89E1-4727-B12B-0CE94ECFE83E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Rob Mission>

From Router after ping:

WRX-STI#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
WRX-STI(config)#logging buffered 7
WRX-STI(config)#logging buffered 100000
WRX-STI(config)#logging console 6
WRX-STI(config)#logging monitor 6
WRX-STI(config)#service timestamp debug uptime
WRX-STI(config)#do clear log
Clear logging buffer [confirm]
WRX-STI(config)#access-list 199 permit icmp any any
WRX-STI(config)#do debug ip nat 199
debug ip nat 199
               ^
% Invalid input detected at '^' marker.

WRX-STI(config)#do debug ip packet 199
IP packet debugging is on for access list 199
WRX-STI(config)#do sh log
Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level informational, 31 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level informational, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 0 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled

No active filter modules.

    Trap logging: level errors, 7 message lines logged

Log Buffer (100000 bytes):
WRX-STI(config)#
*Apr  1 19:30:11.353: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to down
WRX-STI(config)#

Purple

1700 Router with 2950 Switch and Comcast Home ISP

Hi,

Your PC ha got an APIPA address because of DHCP operation not working correctly so it is normal it isn't working.

edit ACL 100 like this to not filter DHCP requests:

ip access-list extended 100

10 permit udp any eq bootpc  any eq bootps

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

1700 Router with 2950 Switch and Comcast Home ISP

Alain,

Multiple issues here.  Now my computer will not get the address from the netgear on the NIC so I have to use the wifi for it.  I still cannot ping when connected to the router and I feel like I hosed everything.  Here all all the outputs and thank you for your continued help.

Router Config:

version 12.4

service timestamps debug uptime

service timestamps log datetime msec

no service password-encryption

!

hostname WRX-STI

!

boot-start-marker

boot system flash:c1700-advsecurityk9-mz.124-25d.bin

boot-end-marker

!

logging buffered 100000 debugging

logging console informational

logging monitor informational

enable secret 5 $1$f3Xd$xLmMcvIj2F1OQBmdoMueg/

enable password 7 0215105E0E020E7440

!

no aaa new-model

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

ip cef

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.101.1 192.168.101.109

ip dhcp excluded-address 192.168.101.151 192.168.101.254

!

ip dhcp pool Home

   import all

   network 192.168.101.0 255.255.255.0

   domain-name missioncriticalco.biz

   dns-server 8.8.8.8 8.8.4.4

   default-router 192.168.101.101

   lease 3

!

!

ip domain name missioncriticalco.biz

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

!

!

crypto pki trustpoint TP-self-signed-1035340128

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1035340128

revocation-check none

rsakeypair TP-self-signed-1035340128

!

!

crypto pki certificate chain TP-self-signed-1035340128

certificate self-signed 01

  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31303335 33343031 3238301E 170D3032 30333034 30383134

  35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30333533

  34303132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BBED FD08B77C 6805013F 987243B0 026FDE6E 43A9572A DF1879EE 665D0C3D

  A4DAE804 97FBB908 BA313F54 B6344469 0A430454 77DF47FD B5FA2922 9AEC4E5C

  7A6546A1 A2EDEE83 04E655C4 6FB1D409 B3DAE99F 9AEFC199 43757837 5906C581

  9104504B BEE612E5 E7613D3A A5C014F7 635F82D6 C4B86BBB 83997868 330D2F65

  32A90203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603

  551D1104 21301F82 1D575258 2D535449 2E6D6973 73696F6E 63726974 6963616C

  636F2E62 697A301F 0603551D 23041830 1680143B FA29BBBA DF1F441F 646EB026

  C4891F30 8541E930 1D060355 1D0E0416 04143BFA 29BBBADF 1F441F64 6EB026C4

  891F3085 41E9300D 06092A86 4886F70D 01010405 00038181 005F5C80 55C7C6E6

  26DAA97C 3D255E90 DB6B6235 A3F22FF1 07D08C93 144964BF 3C86BA7F 071EACA4

  4A917180 B3D54B69 CE55FE33 D592ECB5 2F4E01E0 26E54A76 7A597110 3F7524B7

  5B2CEA71 EAE8EE2A C2C17130 8F562189 29566774 4B2FC88A EC6D874B 44ABFD8A

  EF7D514D EEA6CCCB 3E6D2707 259928AF D5740FE8 FAA77AB9 63

  quit

username rwmission

username Rob privilege 15 secret 5 $1$cXmF$1vy22vLT2vG6Z5v7.ufyq/

!

!

!

!

!

!

interface FastEthernet0

description Comcast$ES_WAN$$ETH-WAN$

ip address dhcp client-id FastEthernet0

ip nat outside

no ip virtual-reassembly

ip route-cache flow

speed auto

full-duplex

!

interface FastEthernet1

description To 2950 Swtich

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface Serial0

no ip address

shutdown

!

interface Vlan1

description $ES_LAN$

ip address 192.168.101.101 255.255.255.0

ip access-group 100 in

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1412

!

interface Vlan2

no ip address

!

interface Dialer0

no ip address

ip mtu 1452

encapsulation ppp

shutdown

dialer pool 1

dialer-group 1

!

ip forward-protocol nd

!

no ip http server

ip http access-class 2

ip http authentication local

ip http secure-server

ip nat inside source list 1 interface FastEthernet0 overload

!

logging trap errors

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.101.0 0.0.0.255

access-list 2 remark Auto generated by SDM Management Access feature

access-list 2 remark SDM_ACL Category=1

access-list 2 permit 192.168.101.4

access-list 3 remark SDM_ACL Category=1

access-list 3 permit 192.168.101.4

access-list 100 permit tcp any host 192.168.101.101 eq cmd

access-list 100 permit tcp any host 192.168.101.101 eq 443

access-list 100 permit tcp any host 192.168.101.101 eq www

access-list 100 permit tcp any host 192.168.101.101 eq 22

access-list 100 permit tcp any host 192.168.101.101 eq telnet

access-list 100 permit udp any eq bootpc any eq bootps

access-list 101 remark Auto generated by SDM Management Access feature

access-list 101 remark SDM_ACL Category=1

access-list 101 permit ip host 192.168.101.4 any

access-list 102 remark Auto generated by SDM Management Access feature

access-list 102 remark SDM_ACL Category=1

access-list 102 permit ip host 192.168.101.4 any

access-list 199 permit icmp any any

dialer-list 1 protocol ip permit

!

control-plane

!

banner motd ^C

Rob's Cisco 1700 Router

^C

!

line con 0

exec-timeout 0 0

password 7 0215105E0E020E7440

logging synchronous

line aux 0

line vty 0 4

access-class 101 in

privilege level 15

password 7 107D1D1C0013135E00

login local

line vty 5 15

access-class 102 in

privilege level 15

password 7 121A0A15000A

login local

!

end

Switch Config:

version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname GT500
!
enable secret 5 $1$PZOf$P1Z0ysQY3/0j7O4ioT7vY/
enable password Steeda
!
username Rob
ip subnet-zero
!
ip domain-name missioncriticalco.biz
ip ssh time-out 120
ip ssh authentication-retries 3
!
!
spanning-tree mode rapid-pvst
spanning-tree portfast default
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description Netgear
spanning-tree portfast disable
!
interface FastEthernet0/2
description Cisco 1700
switchport mode access
spanning-tree portfast disable
!
interface FastEthernet0/3
description Desktop
!
interface FastEthernet0/4
description Laptop
!
interface FastEthernet0/5
description Printer
!
interface FastEthernet0/6
description Playstation 3
!
interface FastEthernet0/7
description Aironet Access Point
switchport mode access
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface Vlan1
ip address 192.168.101.6 255.255.255.0
no ip route-cache
!
ip default-gateway 192.168.101.101
ip http server
banner motd ^C
Rob's Cisco 2950 Switch ^C
!
line con 0
exec-timeout 0 0
line vty 0 4
login local
transport input telnet ssh
line vty 5 15
login local
!
!
end

Laptop Ping Test:

C:\Users\Rob Mission>ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 192.168.101.101: Destination net unreachable.
Reply from 192.168.101.101: Destination net unreachable.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
    Packets: Sent = 4, Received = 2, Lost = 2 (50% loss),

C:\Users\Rob Mission>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : RobMission-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : missioncriticalco.biz

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : missioncriticalco.biz
   Description . . . . . . . . . . . : ASIX AX88772A USB2.0 to Fast Ethernet Ada
pter
   Physical Address. . . . . . . . . : 00-50-B6-58-9E-F0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f4cf:87b7:4d79:1702%17(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.101.111(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, February 14, 2014 4:59:54 PM
   Lease Expires . . . . . . . . . . : Monday, February 17, 2014 4:59:54 PM
   Default Gateway . . . . . . . . . : 192.168.101.101
   DHCP Server . . . . . . . . . . . : 192.168.101.101
   DHCPv6 IAID . . . . . . . . . . . : 520114358
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-14-DD-09-60-EB-69-4E-21-23

   DNS Servers . . . . . . . . . . . : 216.146.35.35
                                       216.146.36.36
                                       8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wireless Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 00-26-C7-70-58-C6
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 60-EB-69-4E-21-23
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.missioncriticalco.biz:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : missioncriticalco.biz
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A8F849FB-11D4-4240-BED8-5E694C4772F4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{677BB46D-89E1-4727-B12B-0CE94ECFE83E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Rob Mission>

Router Logging from Ping:

Syslog logging: enabled (1 messages dropped, 0 messages rate-limited,
                0 flushes, 0 overruns, xml disabled, filtering disabled)
    Console logging: level informational, 29 messages logged, xml disabled,
                     filtering disabled
    Monitor logging: level informational, 0 messages logged, xml disabled,
                     filtering disabled
    Buffer logging: level debugging, 0 messages logged, xml disabled,
                    filtering disabled
    Logging Exception size (4096 bytes)
    Count and timestamp logging messages: disabled

No active filter modules.

    Trap logging: level errors, 7 message lines logged

Purple

Re: 1700 Router with 2950 Switch and Comcast Home ISP

Hi,

Can you post a quick sketch of your topology because what I had understood is that you had some wired client connected to 2950 which was itself connected to 1700(itself connected to modem).

the PC now has an IP from the 1700 with the correct default gateway( the 1700).

Now  we'll have to find out why it won't connect with outside world. Let me review your config one more time 

ok so on 1700 do this:

enable

conf t

do debug ip nat

do clear log

ping from PC

do sh log

post output here

also do a traceroute to 8.8.8.8 from the PC  and post ouput

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Re: 1700 Router with 2950 Switch and Comcast Home ISP

Alain,

I am sorry for the confusion.  The netgear device was referenced in the original request.  It is a cheap home router.  The setup that I am trying to get connected is the 1700 router with the wic that is plugged into the 2950 switch.  My ISP Modem is comcast.  what I have to do to test this each time we adjust the configs is remove the comcast connection to the netgear and put it on the 1700 router Ethernet port because that is not providing internet yet and remove the connection that the netgear router as to the switch also as it is running DHCP when the 1700 is not connected.  When I email you I have to then move it off the router and put it back on the netgear because that is all that has internet at the moment.  All mt devices are plugged into the switch and if you look at the switch config in the description line I have what is connected to what port.  Again I am sorry for the confusion, ultimately I want to run my entire home off of the router and the switch from Cisco.  I hope this helps.

Rob

Purple

1700 Router with 2950 Switch and Comcast Home ISP

Hi,

ok I forgot you had this infamous ACL inbound on Vlan1 

Do this:

int vlan1

no ip access-group 100 in

then try to ping from the host again to 8.8.8.8

This time it should be working hopefully and you don't need it for management filtering if you already have access-class for vty line and http.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

1700 Router with 2950 Switch and Comcast Home ISP

Alain,

Still not able to ping 8.8.8.8 and it shows no internet access.  I ping 8.8.8.8 and I get "Destination host unreachable"  Here is the updated config of the router with the change you suggested.  Could there be something at the switch level that is causing this?  That config is in the last post on Friday.  Thanks. 

Rob

version 12.4

service timestamps debug uptime

service timestamps log datetime msec

no service password-encryption

!

hostname WRX-STI

!

boot-start-marker

boot system flash:c1700-advsecurityk9-mz.124-25d.bin

boot-end-marker

!

logging buffered 100000 debugging

logging console informational

logging monitor informational

enable secret 5 $1$f3Xd$xLmMcvIj2F1OQBmdoMueg/

enable password 7 0215105E0E020E7440

!

no aaa new-model

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

ip cef

!

!

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.101.1 192.168.101.109

ip dhcp excluded-address 192.168.101.151 192.168.101.254

!

ip dhcp pool Home

   import all

   network 192.168.101.0 255.255.255.0

   domain-name missioncriticalco.biz

   dns-server 8.8.8.8 8.8.4.4

   default-router 192.168.101.101

   lease 3

!

!

ip domain name missioncriticalco.biz

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

!

!

crypto pki trustpoint TP-self-signed-1035340128

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1035340128

revocation-check none

rsakeypair TP-self-signed-1035340128

!

!

crypto pki certificate chain TP-self-signed-1035340128

certificate self-signed 01

  30820255 308201BE A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31303335 33343031 3238301E 170D3032 30333034 30383134

  35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30333533

  34303132 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BBED FD08B77C 6805013F 987243B0 026FDE6E 43A9572A DF1879EE 665D0C3D

  A4DAE804 97FBB908 BA313F54 B6344469 0A430454 77DF47FD B5FA2922 9AEC4E5C

  7A6546A1 A2EDEE83 04E655C4 6FB1D409 B3DAE99F 9AEFC199 43757837 5906C581

  9104504B BEE612E5 E7613D3A A5C014F7 635F82D6 C4B86BBB 83997868 330D2F65

  32A90203 010001A3 7D307B30 0F060355 1D130101 FF040530 030101FF 30280603

  551D1104 21301F82 1D575258 2D535449 2E6D6973 73696F6E 63726974 6963616C

  636F2E62 697A301F 0603551D 23041830 1680143B FA29BBBA DF1F441F 646EB026

  C4891F30 8541E930 1D060355 1D0E0416 04143BFA 29BBBADF 1F441F64 6EB026C4

  891F3085 41E9300D 06092A86 4886F70D 01010405 00038181 005F5C80 55C7C6E6

  26DAA97C 3D255E90 DB6B6235 A3F22FF1 07D08C93 144964BF 3C86BA7F 071EACA4

  4A917180 B3D54B69 CE55FE33 D592ECB5 2F4E01E0 26E54A76 7A597110 3F7524B7

  5B2CEA71 EAE8EE2A C2C17130 8F562189 29566774 4B2FC88A EC6D874B 44ABFD8A

  EF7D514D EEA6CCCB 3E6D2707 259928AF D5740FE8 FAA77AB9 63

  quit

username rwmission

username Rob privilege 15 secret 5 $1$cXmF$1vy22vLT2vG6Z5v7.ufyq/

!

!

!

!

!

!

interface FastEthernet0

description Comcast$ES_WAN$$ETH-WAN$

ip address dhcp client-id FastEthernet0

ip nat outside

no ip virtual-reassembly

ip route-cache flow

speed auto

full-duplex

!

interface FastEthernet1

description To 2950 Swtich

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface Serial0

no ip address

shutdown

!

interface Vlan1

description $ES_LAN$

ip address 192.168.101.101 255.255.255.0

ip nat inside

ip virtual-reassembly

ip route-cache flow

ip tcp adjust-mss 1412

!

interface Vlan2

no ip address

!

interface Dialer0

no ip address

ip mtu 1452

encapsulation ppp

shutdown

dialer pool 1

dialer-group 1

!

ip forward-protocol nd

!

no ip http server

ip http access-class 2

ip http authentication local

ip http secure-server

ip nat inside source list 1 interface FastEthernet0 overload

!

logging trap errors

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.101.0 0.0.0.255

access-list 2 remark Auto generated by SDM Management Access feature

access-list 2 remark SDM_ACL Category=1

access-list 2 permit 192.168.101.4

access-list 3 remark SDM_ACL Category=1

access-list 3 permit 192.168.101.4

access-list 100 permit tcp any host 192.168.101.101 eq cmd

access-list 100 permit tcp any host 192.168.101.101 eq 443

access-list 100 permit tcp any host 192.168.101.101 eq www

access-list 100 permit tcp any host 192.168.101.101 eq 22

access-list 100 permit tcp any host 192.168.101.101 eq telnet

access-list 100 permit udp any eq bootpc any eq bootps

access-list 101 remark Auto generated by SDM Management Access feature

access-list 101 remark SDM_ACL Category=1

access-list 101 permit ip host 192.168.101.4 any

access-list 102 remark Auto generated by SDM Management Access feature

access-list 102 remark SDM_ACL Category=1

access-list 102 permit ip host 192.168.101.4 any

access-list 199 permit icmp any any

dialer-list 1 protocol ip permit

!

control-plane

!

banner motd ^C

Rob's Cisco 1700 Router

^C

!

line con 0

exec-timeout 0 0

password 7 0215105E0E020E7440

logging synchronous

line aux 0

line vty 0 4

access-class 101 in

privilege level 15

password 7 107D1D1C0013135E00

login local

line vty 5 15

access-class 102 in

privilege level 15

password 7 121A0A15000A

login local

!

end

Purple

1700 Router with 2950 Switch and Comcast Home ISP

Hi,

Can you ping your default-gateway and the DHCP address that the router received from the modem ?

Can you "ping 8.8.8.8 sourcing from Vlan 1" on the router with the" debug ip nat" enabled and post sh log output ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

1700 Router with 2950 Switch and Comcast Home ISP

Alain,

I think I know what I did I will test this again this evening and let you know. 

Rob

1026
Views
0
Helpful
16
Replies
CreatePlease to create content