Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Basic Internet Routing Configuration Help -- Cisco 2811

Hi everyone,

I want to start by saying that I brought a Cisco 2811 Router to use at home and to practice advanced networking with. So far, I believe I've configured everything as it should be, however, I am not getting any internet connection.

DHCP is set up and working properly, I can lease addresses without issue.
Both interfaces are configured, fe0/1 with a static IP, and fe0/0 as a DHCP client.

I have connected fe0/0 directly to the Cable modem and it acquires an IP without issue. Connecting my laptop directly into fe0/1 allows my laptop to lease an IP from the router's DHCP server. So I know everything up to there is working properly. I've set up NAT as best I can with what I know, but I am still not getting the router to provide internet access. 

The following is my Router's Configuration. Does anything seem to be missing? I used Configuration Professional to set it up.

------------Begin Configuration-------------


Building configuration...


Current configuration : 2570 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Network
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
no logging buffered
logging console critical
enable secret 5 $1$4FJS$RQUEiWuTaMOAGhVx1O1Du0
enable password 7 046F03070C291D175F40
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
aaa session-id common
dot11 syslog
no ip source-route
no ip routing
no ip gratuitous-arps
!
!
no ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool Network
   import all
   network 192.168.100.0 255.255.255.0
   dns-server 4.2.2.2 4.2.2.1 
   lease 7
!
!
no ip bootp server
ip domain name Network
ip name-server 4.2.2.2
ip name-server 4.2.2.1
login block-for 5 attempts 5 within 1
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username Admin password 7 1526035D5D7C72252B3B
archive
 log config
  hidekeys

!
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-WAN$
 ip address dhcp client-id FastEthernet0/0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 ip address 192.168.100.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 duplex full
 speed auto
 no mop enabled
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
ip nat pool Network 192.168.100.1 192.168.100.254 netmask 255.255.255.0
ip nat inside source list 101 interface FastEthernet0/0 overload
!
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
access-list 101 remark INTERNET ACCESS THROUGH NAT
access-list 101 remark CCP_ACL Category=2
access-list 101 permit ip 192.168.100.0 0.0.0.255 any
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd ^C Welcome! ^C
!
line con 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 password 7 107D0C1A10051B1F15
 login authentication local_auth
 transport input telnet
!
scheduler allocate 20000 1000
!
end

------------------End Configuration-------------------

 

Does anything seem amiss? Thank you all in advance for your help!

John

17 REPLIES

hi,try to use standard ACL

hi,

try to use standard ACL for your NAT/PAT:

no ip nat inside source list 101 interface FastEthernet0/0 overload
no access-list 101

access-list 10 permit 192.168.100.0 0.0.0.255

ip nat inside source list 10 interface FastEthernet0/0 overload

 

Hall of Fame Super Silver

I agree with John that a

I agree with John that a standard access list is better for NAT here. It accomplishes what you need since all that you are checking is the source address.

 

I believe that the major issue is that I do not see a default route in the config. Perhaps something like this

ip route 0.0.0.0 0.0.0.0 dhcp

 

There are a couple of things that I might want to clean up, such as why you are disabling cef, the ip NAT pool that you configure but do not use, and access list 100 and dialer list that are not used. But the big issue is the routing issue.

 

HTH

 

Rick

hi rick,i'm not sure if the

hi rick,

i'm not sure if the static route with dhcp as next-hop would be necessary.

the import all on the DHCP config would usually takes care of this.

New Member

I will definitely try both of

I will definitely try both of your solutions later today after classes end. Thanks for the input, guys!

Hall of Fame Super Silver

John makes an interesting

John makes an interesting comment about the import all. I wonder if that is sufficient? I see where that helps the clients but was not clear that it would help the router itself. Would the original poster give us the output of show ip route from the router? And tell us if the import all is sufficient to generate a default route for the router?

 

HTH

 

Rick

New Member

It looks to me like Import

It looks to me like Import all imports optional parameters from the DHCP server. If, the ISP DHCP server is not passing a static default route, then the router will have no routing table except for connected, and will not be able to get any futher than the connected networks.

I think ip route 0.0.0.0 0.0.0.0 dhcp may fix it.

 

 

 

New Member

Hi Richard,As requested, here

Hi Richard,

As requested, here is a copy of the results of show ip route after connecting to the modem:

Network#sh ip route
Default gateway is 98.202.230.1

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

I managed to find time to try both ip route 192.168.100.0 0.0.0.255 dchp as well as removing access list 101 and replacing it with a standard access list.

Unfortunately, I still cannot get internet access. Windows Network center is reporting that the network is unidentified and that there is no network access. I am however, able to ping the router's FastEthernet0/1 interface and the computer did lease an IP address from its server.

Could I bother for you to elaborate on what you meant by:

There are a couple of things that I might want to clean up, such as why you are disabling cef, the ip NAT pool that you configure but do not use, and access list 100 and dialer list that are not used. But the big issue is the routing issue.

Thanks for your help and time.

John

hi,it should be ip route 0.0

hi,

it should be ip route 0.0.0.0 0.0.0.0 dchp and NOT ip route 192.168.100.0 0.0.0.255 dchp.

could you post show ip route and show run from your 2811?

can you ping 8.8.8.8 from the router?

Hall of Fame Super Silver

The output of show ip route

The output of show ip route was very interesting and helpful. When I read the config a bit more carefully I found this which is the real cause of the problem.

no ip routing

With ip routing disabled the router can not forward traffic from your PC. Enable ip routing and it probably will work. If you still have problems with access to internet then post back with fresh output of show ip route.

 

If you want to find out more about the other aspects of the configuration we can certainly do that. But first lets make sure that we have solved the routing problem.

 

HTH

 

Rick

good one rick! 

good one rick!

 

New Member

Sorry, I did actually do ip

Sorry, I did actually do ip route 0.0.0.0 0.0.0.0 dhcp I just typed the wrong command into the reply. I'll definitely post my current config again later today as well as ping 8.8.8.8. Thank you.

To Richard:

I will enable ip routing. The command is ip routing correct?

And thanks for your help, I look forward to learning more about the configuration.

John

Hall of Fame Super Silver

John Yes the command is ip

John

 

Yes the command is ip routing

 

HTH

 

Rick

New Member

Hi Richard,I've set ip

Hi Richard,

I've set ip routing on the router, here are the results of sh ip route after doing so:

Network#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 98.202.230.1 to network 0.0.0.0

     69.0.0.0/32 is subnetted, 1 subnets
S       69.252.216.134 [254/0] via 98.202.230.1, FastEthernet0/0
     98.0.0.0/23 is subnetted, 1 subnets
C       98.202.230.0 is directly connected, FastEthernet0/0
C    192.168.100.0/24 is directly connected, FastEthernet0/1
S*   0.0.0.0/0 [1/0] via 98.202.230.1
Network#

It looks much more correct this way, however, I still have no access to the internet.

For John, here are the results of ping 8.8.8.8:

Network#ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 48/51/52 ms
Network#

Everything seems to be fine.

And as requested, here is the current configuration:

 

---------------------Begin Configuration---------------------

 


Building configuration...


Current configuration : 2368 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Network
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096
logging console critical
enable secret 5 $1$4FJS$RQUEiWuTaMOAGhVx1O1Du0
enable password 7 046F03070C291D175F40
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
aaa session-id common
dot11 syslog
no ip source-route
no ip gratuitous-arps
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool Network
   import all
   network 192.168.100.0 255.255.255.0
   lease 7
!
!
no ip bootp server
ip domain name Network
login block-for 5 attempts 5 within 1
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username Admin password 7 1526035D5D7C72252B3B
archive
 log config
  hidekeys

!
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-WAN$
 ip address dhcp client-id FastEthernet0/0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 ip address 192.168.100.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 duplex full
 speed auto
 no mop enabled
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip http server
no ip http secure-server
ip nat pool Network 192.168.100.1 192.168.100.254 netmask 255.255.255.0
ip nat inside source list 10 interface FastEthernet0/0 overload
!
!
logging trap debugging
logging facility local2
access-list 10 permit 192.168.100.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd ^C Welcome! ^C
!
line con 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 password 7 107D0C1A10051B1F15
 login authentication local_auth
 transport input telnet
!
scheduler allocate 20000 1000
!
end

--------------------End Configuration-------------

What do you guys think? Thanks for all the help so far.

Note: I still have the original configuration on hand if we need to revert. Thanks again.

-John

hi,routing table and ping

hi,

your routing table and ping looks good.

add this to your DHCP pool:

 

ip dhcp pool Network

default-router 192.168.100.1

 

could you try with a PC behind the router or a LAN switch with the auto obtain IP set? issue an ipconfig /all from DOS prompt and make sure you've got a DNS. if you don't, add dns-server 8.8.8.8 on your DHCP pool.

Hall of Fame Super Silver

John ip routing was the major

John

 

ip routing was the major issue and I am glad that it is now cleared up. Things look much better on the router now.

The ping demonstrates that the router does have Internet access. If the PCs connected to the network do not have Internet access it might be caused by not having the correct default gateway or it might be caused by not having DNS. John Lloyd has made good suggestions that cover both of these issues.

 

If there is still a problem after you do what John suggests then I would ask you to do a tracert from a PC to an Internet destination (specifying it by name) and then another tracert from a PC to an Internet destination (specifying it by IP address).

 

HTH

 

Rick

New Member

Hi Again,I sentdhcp pool

Hi Again,

I sent

dhcp pool Network

default-router 192.168.100.1

to the router and wrote it to config. I still didn't have internet access at first, so I followed John's tip and hooked up my machine to an old Catalyst 2849G switch I had laying around. The switch has no settings, just gets an ip from the router and does its own thing. After doing so, I do now have internet access. I'm using it to post this reply in fact.

Here are the results of ipconfig /all on my Ethernet NIC on my machine before even having the switch:
 

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : hsd1.ut.comcast.net.
   Description . . . . . . . . . . . : Intel(R) Ethernet Connection I217-LM
   Physical Address. . . . . . . . . : 54-EE-75-27-6F-06
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7cdd:83b5:e603:127e%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.100.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, October 02, 2014 7:57:10 AM
   Lease Expires . . . . . . . . . . : Thursday, October 09, 2014 7:57:10 AM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 192.168.100.1
   DHCPv6 IAID . . . . . . . . . . . : 290778741
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-B2-3D-AF-54-EE-75-27-6F-06

   DNS Servers . . . . . . . . . . . : 75.75.76.76
                                       75.75.75.75
   NetBIOS over Tcpip. . . . . . . . : Enabled

It seems everything was working as it should, but I didn't have internet access and windows still reported it as an unknown network.

After hooking up my Switch, Windows reported seeing 'Network' (From my router's host name, I presume?) and once I reset the modem, I had internet access. 

This was a huge learning experience and I am glad to have help from all of you. Is there anything else I can to do optimize my configurations? Also, why didn't I have internet access when directed hooked up to FastEthernet0/1 even though my machine acquired IP's and DNS info?

Here is another copy of the running config with today's changes:

---------------------Begin Configuration------------------------


Building configuration...


Current configuration : 2401 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Network
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096
logging console critical
enable secret 5 $1$4FJS$RQUEiWuTaMOAGhVx1O1Du0
enable password 7 046F03070C291D175F40
!
aaa new-model
!
!
aaa authentication login local_auth local
!
!
aaa session-id common
dot11 syslog
no ip source-route
no ip gratuitous-arps
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1
!
ip dhcp pool Network
   import all
   network 192.168.100.0 255.255.255.0
   default-router 192.168.100.1 
   lease 7
!
!
no ip bootp server
ip domain name Network
login block-for 5 attempts 5 within 1
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username Admin password 7 1526035D5D7C72252B3B
archive
 log config
  hidekeys

!
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-WAN$
 ip address dhcp client-id FastEthernet0/0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 ip address 192.168.100.1 255.255.255.0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat inside
 ip virtual-reassembly
 duplex full
 speed auto
 no mop enabled
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip http server
no ip http secure-server
ip nat pool Network 192.168.100.1 192.168.100.254 netmask 255.255.255.0
ip nat inside source list 10 interface FastEthernet0/0 overload
!
!
logging trap debugging
logging facility local2
access-list 10 permit 192.168.100.0 0.0.0.255
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner motd ^C Welcome! ^C
!
line con 0
 login authentication local_auth
 transport output telnet
line aux 0
 exec-timeout 15 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 password 7 107D0C1A10051B1F15
 login authentication local_auth
 transport input telnet
!
scheduler allocate 20000 1000
!
end

--------------------------End Configuration-------------------------

 

Let me know if there is anything else you guys need or I should do, I'll be back after classes today. Thanks again!

 

-John

Hall of Fame Super Silver

John One thing I notice in

John

 

One thing I notice in your output is this

   Default Gateway . . . . . . . . . :

With no default gateway that could be a problem. I suspect that after connecting through the switch the PC did have a default gateway (though I do not have a good explanation of why going through the switch makes much difference - I started to raise the possibility that you were using a straight through Ethernet cable where PC to router would normally need cross over cable but if you learned an IP address that indicates that the cable was working).

 

Here are some things that I notice in your config:

- you have these in the config

enable secret 5 $1$4FJS$RQUEiWuTaMOAGhVx1O1Du0
enable password 7 046F03070C291D175F40

They are redundant and with enable secret in the config enable password would not be used. So you might as well remove it.

- I do not see that you are using this and so it might as well be removed

ip nat pool Network 192.168.100.1 192.168.100.254 netmask 255.255.255.0

- These also are not used and could be removed

access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit

- This uses the default community string and could make it possible for anyone to access your router using SNMP and learn information. From a security perspective it would be better if you changed "public" to some thing that would not be so easy to guess by outsiders.

 

HTH

 

Rick

593
Views
0
Helpful
17
Replies