Help w/ routing on Cisco 1841...

Discussion in 'Cisco' started by Rick F., Dec 31, 2007.

  1. Rick F.

    Rick F. Guest

    Hi all.. It's been a LONG time since I've worked w/ IOS software (>10 years)
    and I'm a bit rusty with my knowledge, etc.. Anyway, I've got a 1841
    router using 12.4 IOS software and am trying to get a connection going w/
    my ISP over a cable modem connection (at home).. So far I've got the
    router successfully making a DHCP request to the cable system and getting
    a lease from it -- I can ping outside hosts w/o problems. However, I've
    got the NAT stuff enabled and want to configure the router to also work as
    a DHCP server and lease connections for machines on my home local-net
    using the 10.0.1.x series of IP's. For whatever reason, I can't seem to
    get the two ethernet ports (FastEthernet0/0 goes to the cable modem and
    FastEthernet0/1 is the local-net) to route traffic back and forth..
    Below is my configuration and some dumps of various things that I
    thought might be of interest. I'm hoping someone can shed some light on
    what my routing entries ought to look like as it's currently got some odd
    routes (IMHO) which is probably why it doesn't currently work..

    Anyway, if anyone can help, I'd be very grateful!

    1841_router#show running
    Building configuration...

    Current configuration : 1267 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname 1841_router
    !
    boot-start-marker
    boot-end-marker
    !
    no aaa new-model
    ip cef
    !
    !
    no ip dhcp use vrf connected
    no ip dhcp conflict logging
    ip dhcp excluded-address 10.0.1.1
    !
    ip dhcp pool Main
    network 10.0.0.0 255.255.254.0
    domain-name foo.com
    class CLASS1
    address range 10.0.1.1 10.0.1.100
    !
    !
    ip dhcp class CLASS1
    !
    ip domain name foo.com
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    description Outside Interface to Cable Modem
    ip address dhcp
    ip nat outside
    ip virtual-reassembly
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    speed auto
    full-duplex
    no cdp enable
    no mop enabled
    !
    interface FastEthernet0/1
    ip address 10.0.1.1 255.255.254.0
    ip nat inside
    ip virtual-reassembly
    speed auto
    half-duplex
    no mop enabled
    !
    router rip
    network 10.0.0.0
    !
    ip route 10.0.1.0 255.255.255.0 FastEthernet0/0 dhcp
    !
    !
    ip http server
    no ip http secure-server
    !
    dialer-list 1 protocol ip permit
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password foobar
    login
    !
    scheduler allocate 20000 1000
    end

    ========================================
    1841_router#show ip route
    Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    E1 - OSPF external type 1, E2 - OSPF external type 2
    i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
    ia - IS-IS inter area, * - candidate default, U - per-user static route
    o - ODR, P - periodic downloaded static route

    Gateway of last resort is 24.24.212.1 to network 0.0.0.0

    66.0.0.0/32 is subnetted, 1 subnets
    S 66.75.176.21 [254/0] via 24.24.212.1, FastEthernet0/0
    24.0.0.0/22 is subnetted, 1 subnets
    C 24.24.212.0 is directly connected, FastEthernet0/0
    10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
    C 10.0.0.0/23 is directly connected, FastEthernet0/1
    S 10.0.1.0/24 [1/0] via 24.24.212.1, FastEthernet0/0
    S* 0.0.0.0/0 [254/0] via 24.24.212.1
    1841_router#

    1841_router#show interfaces
    FastEthernet0/0 is up, line protocol is up
    Hardware is Gt96k FE, address is 0018.b90e.3da4 (bia 0018.b90e.3da4)
    Description: Outside Interface to Cable Modem
    Internet address is 24.24.212.15/22
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:03, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 2000 bits/sec, 4 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    13494 packets input, 811605 bytes
    Received 13468 broadcasts, 0 runts, 0 giants, 0 throttles
    1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog
    0 input packets with dribble condition detected
    855 packets output, 59877 bytes, 0 underruns
    0 output errors, 0 collisions, 4 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out
    FastEthernet0/1 is up, line protocol is up
    Hardware is Gt96k FE, address is 0018.b90e.3da5 (bia 0018.b90e.3da5)
    Internet address is 10.0.1.1/23
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Half-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:04, output 00:00:06, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    942 packets input, 66339 bytes
    Received 326 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog
    0 input packets with dribble condition detected
    285 packets output, 30896 bytes, 0 underruns
    0 output errors, 0 collisions, 4 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out
    NVI0 is up, line protocol is up
    Hardware is NVI
    Interface is unnumbered. Using address of NVI0 (0.0.0.0)
    MTU 1514 bytes, BW 10000000 Kbit, DLY 0 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation UNKNOWN, loopback not set
    Last input never, output never, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    0 packets input, 0 bytes, 0 no buffer
    Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
    0 packets output, 0 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 output buffer failures, 0 output buffers swapped out
    Rick F., Dec 31, 2007
    #1
    1. Advertising

  2. Rick F.

    Brian V Guest

    "Rick F." <> wrote in message
    news:477853de$0$9578$...
    > Hi all.. It's been a LONG time since I've worked w/ IOS software (>10
    > years)
    > and I'm a bit rusty with my knowledge, etc.. Anyway, I've got a 1841
    > router using 12.4 IOS software and am trying to get a connection going w/
    > my ISP over a cable modem connection (at home).. So far I've got the
    > router successfully making a DHCP request to the cable system and getting
    > a lease from it -- I can ping outside hosts w/o problems. However, I've
    > got the NAT stuff enabled and want to configure the router to also work as
    > a DHCP server and lease connections for machines on my home local-net
    > using the 10.0.1.x series of IP's. For whatever reason, I can't seem to
    > get the two ethernet ports (FastEthernet0/0 goes to the cable modem and
    > FastEthernet0/1 is the local-net) to route traffic back and forth..
    > Below is my configuration and some dumps of various things that I
    > thought might be of interest. I'm hoping someone can shed some light on
    > what my routing entries ought to look like as it's currently got some odd
    > routes (IMHO) which is probably why it doesn't currently work..
    >
    > Anyway, if anyone can help, I'd be very grateful!
    >
    > 1841_router#show running
    > Building configuration...
    >
    > Current configuration : 1267 bytes
    > !
    > version 12.4
    > service timestamps debug datetime msec
    > service timestamps log datetime msec
    > no service password-encryption
    > !
    > hostname 1841_router
    > !
    > boot-start-marker
    > boot-end-marker
    > !
    > no aaa new-model
    > ip cef
    > !
    > !
    > no ip dhcp use vrf connected
    > no ip dhcp conflict logging
    > ip dhcp excluded-address 10.0.1.1
    > !
    > ip dhcp pool Main
    > network 10.0.0.0 255.255.254.0
    > domain-name foo.com
    > class CLASS1
    > address range 10.0.1.1 10.0.1.100
    > !
    > !
    > ip dhcp class CLASS1
    > !
    > ip domain name foo.com
    > !
    > !
    > !
    > !
    > !
    > !
    > !
    > !
    > !
    > interface FastEthernet0/0
    > description Outside Interface to Cable Modem
    > ip address dhcp
    > ip nat outside
    > ip virtual-reassembly
    > no ip route-cache cef
    > no ip route-cache
    > no ip mroute-cache
    > speed auto
    > full-duplex
    > no cdp enable
    > no mop enabled
    > !
    > interface FastEthernet0/1
    > ip address 10.0.1.1 255.255.254.0
    > ip nat inside
    > ip virtual-reassembly
    > speed auto
    > half-duplex
    > no mop enabled
    > !
    > router rip
    > network 10.0.0.0
    > !
    > ip route 10.0.1.0 255.255.255.0 FastEthernet0/0 dhcp
    > !
    > !
    > ip http server
    > no ip http secure-server
    > !
    > dialer-list 1 protocol ip permit
    > !
    > !
    > !
    > !
    > control-plane
    > !
    > !
    > !
    > line con 0
    > line aux 0
    > line vty 0 4
    > password foobar
    > login
    > !
    > scheduler allocate 20000 1000
    > end
    >
    > ========================================
    > 1841_router#show ip route
    > Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
    > D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
    > N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
    > E1 - OSPF external type 1, E2 - OSPF external type 2
    > i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
    > level-2
    > ia - IS-IS inter area, * - candidate default, U - per-user static
    > route
    > o - ODR, P - periodic downloaded static route
    >
    > Gateway of last resort is 24.24.212.1 to network 0.0.0.0
    >

    <snip>


    Your close! You just need to setup your nat acl and overload the outside
    interface. You got this far, kudo's to you!
    Brian V, Dec 31, 2007
    #2
    1. Advertising

  3. Rick F.

    Rick F. Guest

    On 2007-12-31, Brian V <> wrote:
    >
    > Your close! You just need to setup your nat acl and overload the outside
    > interface. You got this far, kudo's to you!


    Thanks.. Most of it came from poking around and trying to remember stuff
    from a LONG time ago.. I think I found the nat ACL stuff in my 12.4
    docs but am not completely following you with your other comment about
    overloading the outside interface.. Can you elaborate a bit more on that
    so I can go looking a bit more in that direction? Thx!
    Rick F., Dec 31, 2007
    #3
  4. Rick F.

    Darren Green Guest

    Rick F. wrote:
    > On 2007-12-31, Brian V <> wrote:
    >> Your close! You just need to setup your nat acl and overload the outside
    >> interface. You got this far, kudo's to you!

    >
    > Thanks.. Most of it came from poking around and trying to remember stuff
    > from a LONG time ago.. I think I found the nat ACL stuff in my 12.4
    > docs but am not completely following you with your other comment about
    > overloading the outside interface.. Can you elaborate a bit more on that
    > so I can go looking a bit more in that direction? Thx!
    >
    >

    Hi,

    Create a standard ACL and NAT to the outside Fa0/0 interface. e.g

    access-list 10 permit 10.0.1.0 0.0.0.255 (a named access-list is also fine)

    Then tie this ACL to the outside interface and use overload as follows:

    ip nat inside source-list 10 interface fa0/0 overload

    Kind regards

    Darren
    Darren Green, Dec 31, 2007
    #4
  5. Rick F.

    Rick F. Guest

    On 2007-12-31, Darren Green <> wrote:
    > Create a standard ACL and NAT to the outside Fa0/0 interface. e.g
    >
    > access-list 10 permit 10.0.1.0 0.0.0.255 (a named access-list is also fine)
    >
    > Then tie this ACL to the outside interface and use overload as follows:
    >
    > ip nat inside source-list 10 interface fa0/0 overload


    Thanks much Darren!

    I'm almost there I believe.. I've got the config shown further
    below and things generally look good (or better).. I've got a few glitches
    that I believe are messing things up at this point -- primarily
    (I believe) w/ the DHCP server not setting the gateway address
    or DNS server address for clients that get the address info, so
    nothing really works.. I tried hard-coding the values that I
    thought should be there on a windows machine I plugged into
    the "FastEthernet0/1" interface (via a switch) and was not able
    to ping 10.0.1.1 for whatever reason even though the ACL was
    allowing it (per debug messages on the console).. Seems odd.. Anyway,
    if you notice anything odd, can you let me know? I'll fiddle some
    more with the DHCP server settings on the 1841 and see if I can get
    it to fill-in the DNS and gateway values -- something I'm not really
    familiar with (not NAT for that matter using IOS).. Thanks very much
    and Happy New Year!

    -- Rick

    1841_router#show running
    Building configuration...

    Current configuration : 1535 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname 1841_router
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    ip cef
    !
    !
    ip dhcp smart-relay
    no ip dhcp use vrf connected
    no ip dhcp conflict logging
    ip dhcp excluded-address 10.0.1.1
    !
    ip dhcp pool Main
    network 10.0.0.0 255.255.254.0
    domain-name foo.com
    class CLASS1
    address range 10.0.1.1 10.0.1.100
    !
    !
    ip dhcp class CLASS1
    !
    ip dhcp update dns both
    ip domain name foo.com
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    description Outside Interface to Cable Modem
    ip address dhcp
    ip nat outside
    ip virtual-reassembly
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    speed auto
    full-duplex
    no cdp enable
    no mop enabled
    !
    interface FastEthernet0/1
    ip address 10.0.1.1 255.255.254.0
    ip access-group 106 in
    ip nat inside
    ip virtual-reassembly
    speed auto
    half-duplex
    no mop enabled
    !
    ip route 10.0.1.0 255.255.255.0 FastEthernet0/0 dhcp
    !
    !
    no ip http server
    no ip http secure-server
    ip nat inside source list 10 interface FastEthernet0/0 overload
    !
    access-list 10 permit 10.0.1.0 0.0.0.255
    access-list 106 permit icmp any any log
    access-list 106 permit tcp any any log
    access-list 106 permit udp any any log
    access-list 106 permit ip any any log
    !
    !
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password foobar
    login
    !
    scheduler allocate 20000 1000
    end

    =============================================
    1841_router#show interfaces
    FastEthernet0/0 is up, line protocol is up
    Hardware is Gt96k FE, address is 0018.b90e.3da4 (bia 0018.b90e.3da4)
    Description: Outside Interface to Cable Modem
    Internet address is 24.24.239.155/21
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:02, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 2000 bits/sec, 4 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    8487 packets input, 510395 bytes
    Received 8478 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 watchdog
    0 input packets with dribble condition detected
    322 packets output, 24443 bytes, 0 underruns
    0 output errors, 0 collisions, 4 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier
    0 output buffer failures, 0 output buffers swapped out
    FastEthernet0/1 is up, line protocol is up
    Hardware is Gt96k FE, address is 0018.b90e.3da5 (bia 0018.b90e.3da5)
    Internet address is 10.0.1.1/23
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Half-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:01, output 00:00:03, output hang never
    Last clearing of "show interface" counters never
    ==================================================================
    *Jan 1 08:28:25.467: %SEC-6-IPACCESSLOGP: list 106 permitted udp 10.0.1.2(0) -> 10.0.1.8(0), 25 packets
    *Jan 1 08:28:25.467: %SEC-6-IPACCESSLOGP: list 106 permitted tcp 10.0.1.2(0) -> 10.0.1.8(0), 27 packets
    *Jan 1 08:29:25.467: %SEC-6-IPACCESSLOGP: list 106 permitted udp 10.0.1.2(0) -> 10.0.1.255(0), 2 packets
    *Jan 1 08:30:25.467: %SEC-6-IPACCESSLOGDP: list 106 permitted icmp 10.0.1.2 -> 10.0.1.1 (0/0), 1 packet
    *Jan 1 08:30:25.467: %SEC-6-IPACCESSLOGP: list 106 permitted udp 10.0.1.2(0) -> 10.0.1.1(0), 7 packets
    Rick F., Jan 1, 2008
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    4
    Views:
    14,323
    egray1975
    Jan 7, 2009
  2. Replies:
    1
    Views:
    4,020
  3. Replies:
    1
    Views:
    1,478
  4. corb
    Replies:
    4
    Views:
    7,205
    Trendkill
    Oct 10, 2007
  5. Replies:
    0
    Views:
    597
Loading...

Share This Page