3620 Router config for Cable modem ISP

Discussion in 'Cisco' started by Stephen, Jan 24, 2004.

  1. Stephen

    Stephen Guest

    Hello all,

    I have tried to use a config that I found on Packetatack.com to
    configure my 3620 for my Comcast internet provider. I have it connected
    through a 3550 switch to my cable modem. I have changed the local
    network ip's to match what already works for me.

    I can see through the switch to other hosts on my network, but I cannot
    reach the web from any of my computers.

    Can anyone give me half a clue what is missing/wrong?

    Thanks,
    SPN

    config follows except for passwords and usernames.

    --
    !
    ! begin configuration here
    !
    !
    version 12.1
    !
    clock timezone EST -3
    ip subnet-zero
    !
    !Use your favorite nameserver either ISP or other
    !
    ip name-server 68.38.224.5
    ip name-server 68.39.224.6
    !
    !Use the router as a DHCP server for your network
    !
    no ip dhcp conflict logging
    !
    ! exclude a range for your printers, router and any other static device
    !
    ip dhcp excluded-address 10.1.1.1 10.1.1.9
    !
    ip dhcp pool DHCP-POOL
    network 10.1.1.0 255.255.255.0
    domain-name cox.rr.com
    dns-server 24.28.192.64 24.28.192.65
    default-router 10.1.1.1
    !
    !
    interface Ethernet0/0
    description Outside interface to COX/RR
    !
    !This will force the assigned MAC(if needed) to the Ethernet interface
    !
    mac-address 0050.9999.c3be
    ip address dhcp
    ip nat outside
    ip access-group 107 in
    !
    interface Ethernet0/1
    description Inside interface to your network
    ip address 10.1.1.1 255.255.255.0
    ip nat inside
    !
    ip nat inside source list 1 interface Ethernet0/0 overload
    ip classless
    ip route 0.0.0.0 0.0.0.0
    no http server
    !
    access-list 1 permit 10.1.1.0 0.0.0.255
    !
    !Access list 107 will deny private IP ranges from outside your network
    to come it as a
    !security measure. It also denies ICMP PINGs to help *hide* the router
    from scanners. Lastly
    !it denies the FINGER protocol.
    !
    access-list 107 deny ip 10.0.0.0 0.255.255.255 any log
    access-list 107 deny ip 172.0.0.0 0.255.255.255 any log
    access-list 107 deny ip 127.0.0.0 0.255.255.255 any log
    access-list 107 deny ip 255.0.0.0 0.255.255.255 any log
    access-list 107 deny ip 224.0.0.0 0.255.255.255 any log
    access-list 107 deny ip 192.168.50.0 0.0.0.255 any log
    access-list 107 deny icmp any any echo log
    access-list 107 deny tcp any any eq finger
    access-list 107 permit ip any any
    ! no cdp run
     
    Stephen, Jan 24, 2004
    #1
    1. Advertisements

  2. Stephen

    Thomas Larus Guest

    Stephen:

    The "ip route 0.0.0.0 0.0.0.0" in your configuration is not enough to point
    to your outside next-hop. I see you have DHCP-assigned IP address on your
    outside interface. Perhaps you can use it to get you default gateway, too.

    http://www.cisco.com/en/US/customer...9/products_feature_guide09186a0080087cce.html

    This link on CCO says:

    "By using DHCP rather than the IP Control Protocol (IPCP), a DHCP client can
    acquire other useful information such as DNS addresses, the DNS default
    domain name, and the default route."

    Alternatively, you could find out what the default gateway will be for the
    range of addresses that you are a part of, and point to that with your
    static route. Here is a Cisco document on connecting a Cisco behind a
    non-Cisco cable modem.

    http://www.cisco.com/en/US/customer...s_configuration_example09186a0080094be1.shtml

    Both of the above links are customer links, so not everyone will be able to
    open them. You may need to log in first.

    I hope this helps.

    Tom Larus, CCIE #10,014
    Author of CCIE Warm-Up: Advice and Learning Labs
    http://www.ipexpert.com/products_services/product.asp?sku=ip7777
     
    Thomas Larus, Jan 25, 2004
    #2
    1. Advertisements

  3. This is (with some cuts) the 2514 (12.2.12) config i am using for my
    cable provider. Works fine for me. As you see there is no ip routing
    statement - the box decides for itself (via dhcp client) that the router
    on the outside interface is the gateway of last resort. Which is good,
    since i have no way of knowing it in advance.

    interface Ethernet0
    mac-address 0060.xxxx.xxxx
    ip address dhcp client-id Ethernet0
    ip nat outside
    !
    interface Ethernet1
    ip address 192.168.24.2 255.255.255.0
    ip nat inside
    !
    ip nat inside source list 7 interface Ethernet0 overload
    !
    access-list 7 permit 192.168.24.0 0.0.0.255
     
    Joop van der Velden, Jan 25, 2004
    #3
  4. Stephen

    ^V^ Guest

    Thanks Tom. Thanks Joop.

    Another of the problems I encountered was that the IOS running on the
    router did not support dhcp. I'll try out your suggestions in a few
    days.

    Thanks again,
    SPN
     
    ^V^, Jan 26, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.