08-27-2008 05:42 AM - edited 03-03-2019 11:17 PM
before my company started using cisco routers, our server platform is window server 2003, we also configured to use its routing features to connect our LAN to the internet,our end users were successfully accessing the internet. Recently, we purcahsed cisco 870 series access routers for the purpose of connecting our LAN to the internet, after configuring it from the command line interface, we were able to browse the internet for some hours before everything went down and we've not been able to recoonnect again. the only information, we have from our service provider are the IP address to assign to our server (which acts as a router to connect to the internet), the default gateway and the ip address of the dns servers. in using a router to achieve connectivity to the internet do we need extra information? i went through a sample configuration i saw in cisco website, and i saw configuration for NAT, PPP authentication etc. please can someone help with configuration guide. my LAN is using 172.10.1.0 , 255.255.255.0, the default gateway of the isp is 10.100.130.25 255.255.255.248, ip address given for me to use for my server is 10.100.130.26, the dns servers ip address are 10.77.134.3, 10.77.134.4 (pls some figures were altered by me). i will appreciate any help rendered.
Solved! Go to Solution.
09-03-2008 06:56 AM
So you can't even ping the IP of your provider? The I would say you either have incorrect IP information - of your config on the dialer/fe0/4 is incorrect.
What type of circuit has the ISP provided you?
08-27-2008 05:44 AM
Post the current router configuration - remove any sensitive information.
08-29-2008 12:21 AM
here is my router config. i also added it as an attachment.
Oliverouter_Internet#sho run
Building configuration...
Current configuration : 1676 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Oliverouter_Internet
boot-start-marker
boot-end-marker
enable secret xxx
no aaa new-model
dot11 syslog
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip name-server 77.x.15.4
ip name-server 77.x.15.3
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
username internetrouter password xxx
archive
log config
hidekeys
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address 10.194.136.226 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Vlan1
ip address 172.30.1.50 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ip forward-protocol nd
ip route 10.194.136.224 255.255.255.224 10.194.136.225
ip route 10.194.136.225 255.255.255.255 Dialer1
ip route 172.20.1.0 255.255.255.0 172.20.1.1
ip http server
no ip http secure-server
ip nat pool internet 10.194.136.226 10.194.136.226 netmask 255.255.255.224
ip nat inside source list 1 pool internet overload
access-list 1 permit 172.20.1.0 0.0.0.255
dialer-list 1 protocol ip permit
control-plane
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 0100
login
scheduler max-task-time 5000
end
08-29-2008 12:27 AM
Try
add:-
ip route 0.0.0.0 0.0.0.0 10.194.136.225
remove:-
ip route 10.194.136.224 255.255.255.224 10.194.136.225
HTH>
09-01-2008 06:59 AM
thanks so much, i will try now, i'll get back to you to inform you if it works.
09-01-2008 08:53 AM
hello, i tried adding the default route: ip route 0.0.0.0 0.0.0.0 10.194.136.225 and i removed the route ip route 10.194.136.224 255.255.255.224 10.194.136.225 but i still could not access the internet. any other suggestion? thanks.
09-03-2008 05:41 AM
please, i really need to be advised on what is wrong with my configuration & how to correct it. my company's LAN routes through cisco 2800 series router to our other branches & to Cisco 870 which is supposed to link us to the internet but we are not accessing the internet. Below is the configuration of both routers. is there something i am overlooking. thanks.
RouterA (Cisco2800)
show run
Building configuration...
Current configuration : 2312 bytes
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
boot-start-marker
boot-end-marker
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$5rd
no aaa new-model
resource policy
clock timezone PCTime 1
ip subnet-zero
no ip source-route
ip tcp synwait-time 10
ip cef
no ip bootp server
ip domain name olivemfb.com
ip name-server 172.20.1.50
ip name-server 172.20.1.52
ip name-server 172.20.1.51
interface FastEthernet0/0
description $INSIDE LAN$
ip address 172.20.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
interface FastEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address 172.30.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.1.50 permanent
ip route 172.25.2.0 255.255.255.0 172.30.1.2 permanent
ip route 172.25.4.0 255.255.255.0 172.30.1.3 permanent
ip http server
ip http authentication local
ip http timeout-policy idle 60 life 86400 requests 10000
logging trap debugging
access-list 101 remark SDM_ACL Category=4
access-list 101 permit ip 172.25.0.0 0.0.255.255 172.20.1.0
0.0.0.255 log
access-list 102 remark SDM_ACL Category=4
access-list 102 deny ip any 172.20.1.0 0.0.0.255 log
control-plane
end
Internet Router (Cisco870)
Oliverouter_Internet#show run
Current configuration : 1986 bytes
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname Oliverouter_Internet
boot-start-marker
boot-end-marker
enable secret 5 $1$A2
no aaa new-model
dot11 syslog
ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
ip name-server 77.x.15.4
ip name-server 77.x.15.3
vpdn enable
vpdn-group 1
request-dialin
protocol pppoe
archive
log config
hidekeys
interface Loopback1
no ip address
interface FastEthernet0
interface FastEthernet1
interface FastEthernet2
interface FastEthernet3
interface FastEthernet4
ip address 10.194.136.226 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
interface Vlan1
ip address 172.30.1.50 255.255.255.0
ip nat inside
ip virtual-reassembly
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 10.194.136.225
ip route 10.194.136.225 255.255.255.255 Dialer1
ip route 172.20.1.0 255.255.255.0 172.30.1.1
ip http server
no ip http secure-server
ip nat pool internet 10.194.136.226 10.194.136.226 netmask
255.255.255.224
ip nat inside source list 1 pool internet overload
access-list 1 remark SDM_ACL Category=16
access-list 1 permit 172.20.1.0 0.0.0.255
access-list 1 permit 172.30.1.0 0.0.0.255
access-list 1 permit 172.25.2.0 0.0.0.255
access-list 1 permit 172.25.4.0 0.0.0.255
access-list 2 remark SDM_ACL Category=2
access-list 2 permit 172.30.1.0 0.0.0.255
dialer-list 1 protocol ip permit
end
09-03-2008 06:00 AM
Nothing is jumping out - try the below from the 870:-
ping 10.194.136.225 so 10.194.136.226
post results?
And post the output of:-
show ip route
show ip int brief
show int fa 0/4
09-03-2008 06:40 AM
Hello,
these are the result of ping, show ip route, show ip int brief and show int fa4. thanks
Internet#ping 10.194.136.225
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.194.136.225, timeout is 2
seconds:
.....
Success rate is 0 percent (0/5)
Internet#ping 10.194.136.226
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.194.136.226, timeout is 2
seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4
Internet#show ip route
Gateway of last resort is 10.194.136.225 to network 0.0.0.0
172.20.0.0/24 is subnetted, 1 subnets
S 172.20.1.0 [1/0] via 172.30.1.1
172.30.0.0/24 is subnetted, 1 subnets
C 172.30.1.0 is directly connected, Vlan1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.194.136.224/27 is directly connected, FastEthernet4
S 10.194.136.225/32 is directly connected, Dialer1
S* 0.0.0.0/0 [1/0] via 10.194.136.225
Internet#show ip int brie
Interface IP-Address OK? Method Status
Prot
ocol
FastEthernet0 unassigned YES unset up
up
FastEthernet1 unassigned YES unset up
down
FastEthernet2 unassigned YES unset up
down
FastEthernet3 unassigned YES unset up
down
FastEthernet4 10.194.136.226 YES NVRAM up
up
Vlan1 172.30.1.50 YES NVRAM up
up
Loopback1 unassigned YES NVRAM up
up
NVI0 10.194.136.226 YES unset up
up
Dialer1 unassigned YES NVRAM up
up
Internet# show int fa4
FastEthernet4 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0022.557f.dfd8 (bia
0022.557f.dfd8)
Internet address is 10.194.136.226/27
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:14, output 00:00:11, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output
drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
14 packets input, 896 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
964 packets output, 60294 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
09-03-2008 06:56 AM
So you can't even ping the IP of your provider? The I would say you either have incorrect IP information - of your config on the dialer/fe0/4 is incorrect.
What type of circuit has the ISP provided you?
09-03-2008 12:14 PM
Several questions for you on this.
1) Is this DSL, Cable, T1 etc...
2) The config attached shows your configured for PAP. Are you sure your provider is even doing PPPOE, if so, did you confirm if it is PAP or CHAP? (from the info you gave, it sounds like they are assigning you a static block of addresses)
3) Your initial statements say the provider gave you a Default GW of 10.100.130.25, but your WAN interface is configured for 10.194.136.226? That is a completely different subnet that what you said your provider gave you.
4) What kind of device is the router connected to? Is it a cable/DSL modem of some sort. If it is, can you take your laptop & give it an IP & plug directly into it & get to the Internet?
5) You mentioned this is for your internet for a LAN & a remote office? How many users is this for? An 870 Series is a SOHO device.
You are trying to tackle too much at once. First you need to get the internet working from the router, after that works, you need to get it working from the LOCAL LAN, then worry about a remote office.
09-04-2008 10:12 AM
thanks very much. i will look into all these. i am confident it will all be resolved as i clear the issues with my isp. i will get back to you when it is resolved. i appreciate your time to attend to me and i am very grateful for your advices.
09-24-2008 03:38 AM
thanks to all that contributed to my resolving this issue of accessing the internet using cisco 871. it was a dns related problem and is now resolved.
thanks so much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide