cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3313
Views
5
Helpful
12
Replies

configuring cisco 870 series access router to link my LAN to the internet

tomocisco
Level 1
Level 1

before my company started using cisco routers, our server platform is window server 2003, we also configured to use its routing features to connect our LAN to the internet,our end users were successfully accessing the internet. Recently, we purcahsed cisco 870 series access routers for the purpose of connecting our LAN to the internet, after configuring it from the command line interface, we were able to browse the internet for some hours before everything went down and we've not been able to recoonnect again. the only information, we have from our service provider are the IP address to assign to our server (which acts as a router to connect to the internet), the default gateway and the ip address of the dns servers. in using a router to achieve connectivity to the internet do we need extra information? i went through a sample configuration i saw in cisco website, and i saw configuration for NAT, PPP authentication etc. please can someone help with configuration guide. my LAN is using 172.10.1.0 , 255.255.255.0, the default gateway of the isp is 10.100.130.25 255.255.255.248, ip address given for me to use for my server is 10.100.130.26, the dns servers ip address are 10.77.134.3, 10.77.134.4 (pls some figures were altered by me). i will appreciate any help rendered.

1 Accepted Solution

Accepted Solutions

So you can't even ping the IP of your provider? The I would say you either have incorrect IP information - of your config on the dialer/fe0/4 is incorrect.

What type of circuit has the ISP provided you?

View solution in original post

12 Replies 12

andrew.prince
Level 10
Level 10

Post the current router configuration - remove any sensitive information.

here is my router config. i also added it as an attachment.

Oliverouter_Internet#sho run

Building configuration...

Current configuration : 1676 bytes

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

hostname Oliverouter_Internet

boot-start-marker

boot-end-marker

enable secret xxx

no aaa new-model

dot11 syslog

ip cef

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

ip name-server 77.x.15.4

ip name-server 77.x.15.3

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

username internetrouter password xxx

archive

log config

hidekeys

interface FastEthernet0

interface FastEthernet1

interface FastEthernet2

interface FastEthernet3

interface FastEthernet4

ip address 10.194.136.226 255.255.255.224

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

interface Vlan1

ip address 172.30.1.50 255.255.255.0

ip nat inside

ip virtual-reassembly

interface Dialer1

ip address negotiated

ip mtu 1492

encapsulation ppp

dialer pool 1

dialer-group 1

ip forward-protocol nd

ip route 10.194.136.224 255.255.255.224 10.194.136.225

ip route 10.194.136.225 255.255.255.255 Dialer1

ip route 172.20.1.0 255.255.255.0 172.20.1.1

ip http server

no ip http secure-server

ip nat pool internet 10.194.136.226 10.194.136.226 netmask 255.255.255.224

ip nat inside source list 1 pool internet overload

access-list 1 permit 172.20.1.0 0.0.0.255

dialer-list 1 protocol ip permit

control-plane

line con 0

no modem enable

line aux 0

line vty 0 4

password 7 0100

login

scheduler max-task-time 5000

end

Try

add:-

ip route 0.0.0.0 0.0.0.0 10.194.136.225

remove:-

ip route 10.194.136.224 255.255.255.224 10.194.136.225

HTH>

thanks so much, i will try now, i'll get back to you to inform you if it works.

hello, i tried adding the default route: ip route 0.0.0.0 0.0.0.0 10.194.136.225 and i removed the route ip route 10.194.136.224 255.255.255.224 10.194.136.225 but i still could not access the internet. any other suggestion? thanks.

please, i really need to be advised on what is wrong with my configuration & how to correct it. my company's LAN routes through cisco 2800 series router to our other branches & to Cisco 870 which is supposed to link us to the internet but we are not accessing the internet. Below is the configuration of both routers. is there something i am overlooking. thanks.

RouterA (Cisco2800)

show run

Building configuration...

Current configuration : 2312 bytes

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

boot-start-marker

boot-end-marker

security authentication failure rate 3 log

security passwords min-length 6

logging buffered 51200 debugging

logging console critical

enable secret 5 $1$5rd

no aaa new-model

resource policy

clock timezone PCTime 1

ip subnet-zero

no ip source-route

ip tcp synwait-time 10

ip cef

no ip bootp server

ip domain name olivemfb.com

ip name-server 172.20.1.50

ip name-server 172.20.1.52

ip name-server 172.20.1.51

interface FastEthernet0/0

description $INSIDE LAN$

ip address 172.20.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

interface FastEthernet0/1

description $ES_WAN$$FW_OUTSIDE$

ip address 172.30.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

ip classless

ip route 0.0.0.0 0.0.0.0 172.30.1.50 permanent

ip route 172.25.2.0 255.255.255.0 172.30.1.2 permanent

ip route 172.25.4.0 255.255.255.0 172.30.1.3 permanent

ip http server

ip http authentication local

ip http timeout-policy idle 60 life 86400 requests 10000

logging trap debugging

access-list 101 remark SDM_ACL Category=4

access-list 101 permit ip 172.25.0.0 0.0.255.255 172.20.1.0

0.0.0.255 log

access-list 102 remark SDM_ACL Category=4

access-list 102 deny ip any 172.20.1.0 0.0.0.255 log

control-plane

end

Internet Router (Cisco870)

Oliverouter_Internet#show run

Current configuration : 1986 bytes

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

hostname Oliverouter_Internet

boot-start-marker

boot-end-marker

enable secret 5 $1$A2

no aaa new-model

dot11 syslog

ip cef

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

ip name-server 77.x.15.4

ip name-server 77.x.15.3

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

archive

log config

hidekeys

interface Loopback1

no ip address

interface FastEthernet0

interface FastEthernet1

interface FastEthernet2

interface FastEthernet3

interface FastEthernet4

ip address 10.194.136.226 255.255.255.224

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

pppoe enable group global

pppoe-client dial-pool-number 1

interface Vlan1

ip address 172.30.1.50 255.255.255.0

ip nat inside

ip virtual-reassembly

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.194.136.225

ip route 10.194.136.225 255.255.255.255 Dialer1

ip route 172.20.1.0 255.255.255.0 172.30.1.1

ip http server

no ip http secure-server

ip nat pool internet 10.194.136.226 10.194.136.226 netmask

255.255.255.224

ip nat inside source list 1 pool internet overload

access-list 1 remark SDM_ACL Category=16

access-list 1 permit 172.20.1.0 0.0.0.255

access-list 1 permit 172.30.1.0 0.0.0.255

access-list 1 permit 172.25.2.0 0.0.0.255

access-list 1 permit 172.25.4.0 0.0.0.255

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 172.30.1.0 0.0.0.255

dialer-list 1 protocol ip permit

end

Nothing is jumping out - try the below from the 870:-

ping 10.194.136.225 so 10.194.136.226

post results?

And post the output of:-

show ip route

show ip int brief

show int fa 0/4

Hello,

these are the result of ping, show ip route, show ip int brief and show int fa4. thanks

Internet#ping 10.194.136.225

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.194.136.225, timeout is 2

seconds:

.....

Success rate is 0 percent (0/5)

Internet#ping 10.194.136.226

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.194.136.226, timeout is 2

seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4

Internet#show ip route

Gateway of last resort is 10.194.136.225 to network 0.0.0.0

172.20.0.0/24 is subnetted, 1 subnets

S 172.20.1.0 [1/0] via 172.30.1.1

172.30.0.0/24 is subnetted, 1 subnets

C 172.30.1.0 is directly connected, Vlan1

10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C 10.194.136.224/27 is directly connected, FastEthernet4

S 10.194.136.225/32 is directly connected, Dialer1

S* 0.0.0.0/0 [1/0] via 10.194.136.225

Internet#show ip int brie

Interface IP-Address OK? Method Status

Prot

ocol

FastEthernet0 unassigned YES unset up

up

FastEthernet1 unassigned YES unset up

down

FastEthernet2 unassigned YES unset up

down

FastEthernet3 unassigned YES unset up

down

FastEthernet4 10.194.136.226 YES NVRAM up

up

Vlan1 172.30.1.50 YES NVRAM up

up

Loopback1 unassigned YES NVRAM up

up

NVI0 10.194.136.226 YES unset up

up

Dialer1 unassigned YES NVRAM up

up

Internet# show int fa4

FastEthernet4 is up, line protocol is up

Hardware is PQUICC_FEC, address is 0022.557f.dfd8 (bia

0022.557f.dfd8)

Internet address is 10.194.136.226/27

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, 100BaseTX/FX

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:14, output 00:00:11, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output

drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

14 packets input, 896 bytes

Received 0 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

0 watchdog

0 input packets with dribble condition detected

964 packets output, 60294 bytes, 0 underruns

0 output errors, 0 collisions, 2 interface resets

0 babbles, 0 late collision, 0 deferred

0 lost carrier, 0 no carrier

0 output buffer failures, 0 output buffers swapped out

So you can't even ping the IP of your provider? The I would say you either have incorrect IP information - of your config on the dialer/fe0/4 is incorrect.

What type of circuit has the ISP provided you?

garsmi
Level 1
Level 1

Several questions for you on this.

1) Is this DSL, Cable, T1 etc...

2) The config attached shows your configured for PAP. Are you sure your provider is even doing PPPOE, if so, did you confirm if it is PAP or CHAP? (from the info you gave, it sounds like they are assigning you a static block of addresses)

3) Your initial statements say the provider gave you a Default GW of 10.100.130.25, but your WAN interface is configured for 10.194.136.226? That is a completely different subnet that what you said your provider gave you.

4) What kind of device is the router connected to? Is it a cable/DSL modem of some sort. If it is, can you take your laptop & give it an IP & plug directly into it & get to the Internet?

5) You mentioned this is for your internet for a LAN & a remote office? How many users is this for? An 870 Series is a SOHO device.

You are trying to tackle too much at once. First you need to get the internet working from the router, after that works, you need to get it working from the LOCAL LAN, then worry about a remote office.

thanks very much. i will look into all these. i am confident it will all be resolved as i clear the issues with my isp. i will get back to you when it is resolved. i appreciate your time to attend to me and i am very grateful for your advices.

thanks to all that contributed to my resolving this issue of accessing the internet using cisco 871. it was a dns related problem and is now resolved.

thanks so much.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: