Help for a newbie to Cisco routing

Discussion in 'Cisco' started by baron1211, Oct 3, 2008.

  1. baron1211

    baron1211 Guest

    Hello everybody,

    I hope someone can help. I have inherated a network with a business
    class Cable connection and a Cisco 2960G switch. Between the Cable
    modem and the switch is a netgear wireless router. The network has 25
    hardwired connections and 2 wireless access points. The problem is
    that the Netgear router is being overloaded and dropping the internet
    connection. I have purchased a Cisco 2621 router to replace the
    netgear as the router. I have configured the Router with a static
    address for ethernet port 0/0 of 192.168.1.1( the address of the
    internal network) and have set ethernet port 0/1 to recieve its
    address from DHCP( from the cable modem). My problem is that I can
    not get out from any of the computers on the network. I can ping from
    the router and do a traceroute, but can't figure out how to connect
    the 2 lan ports. I have been reading alot about the router and its
    configuration and can not find the piece that explains how to setup
    routing between the 2 lan ports. Do I need to use NAT on both ports
    one pointing in and one pointing out? Or do I need to set a static
    route between the ports? Or do I need a combination of the 2 options?


    Thank you for any assistance.

    Daryl
     
    baron1211, Oct 3, 2008
    #1
    1. Advertisements

  2. baron1211

    John Agosta Guest


    Do your internal users have IP configurations ?
    Your internal computers were probably obtaining thier IP addresses / gateway
    information
    from the Netgear router, which you have replaced.
    You will need to look into configuring your new Cisco as a DHCP server
    so your internal users can obtain what they need.
    Once the above is verified, you will need to NAT your inside interface to
    your outside interface.
     
    John Agosta, Oct 3, 2008
    #2
    1. Advertisements

  3. baron1211

    baron1211 Guest

    The network has it own DHCP and DNS server on it. All the clients
    recieve thier address from it. The netgear is just a router at this
    point. What I am hoping to accomplish is, Keep the internal network
    as it is and use the 2621 and its 2 LAN ports to allow the clients to
    connect to the internet.

    I have been trying to figure out how to set the routing between the 2
    port on the 2621 so it passes internet traffic from the outside world
    to my internal network. Below is a show ip interface output. I don't
    know if this will help

    Library#show ip interface
    FastEthernet0/0 is up, line protocol is down
    Internet address is 192.168.1.1/24
    Broadcast address is 255.255.255.255
    Address determined by non-volatile memory
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.9
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is disabled
    IP Flow switching is disabled
    IP CEF switching is disabled
    IP Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast
    Router Discovery is enabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Probe proxy name replies are disabled
    Policy routing is disabled
    Network address translation is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
    BGP Policy Mapping is disabled
    Serial0/0 is administratively down, line protocol is down
    Internet protocol processing disabled
    FastEthernet0/1 is up, line protocol is down
    Internet address will be negotiated using DHCP
    Broadcast address is 255.255.255.255
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is enabled
    IP Flow switching is disabled
    IP CEF switching is disabled
    IP Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Probe proxy name replies are disabled
    Policy routing is disabled
    Network address translation is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
    BGP Policy Mapping is disabled

    Hope this give some view ito how I have tried to set it up and where I
    have messed up.

    Thanks

    Daryl
     
    baron1211, Oct 3, 2008
    #3
  4. baron1211

    John Agosta Guest

    The network has it own DHCP and DNS server on it. All the clients
    recieve thier address from it. The netgear is just a router at this
    point. What I am hoping to accomplish is, Keep the internal network
    as it is and use the 2621 and its 2 LAN ports to allow the clients to
    connect to the internet.

    I have been trying to figure out how to set the routing between the 2
    port on the 2621 so it passes internet traffic from the outside world
    to my internal network. Below is a show ip interface output. I don't
    know if this will help

    Library#show ip interface
    FastEthernet0/0 is up, line protocol is down
    Internet address is 192.168.1.1/24
    Broadcast address is 255.255.255.255
    Address determined by non-volatile memory
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Multicast reserved groups joined: 224.0.0.1 224.0.0.2 224.0.0.9
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is disabled
    IP Flow switching is disabled
    IP CEF switching is disabled
    IP Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast
    Router Discovery is enabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Probe proxy name replies are disabled
    Policy routing is disabled
    Network address translation is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
    BGP Policy Mapping is disabled
    Serial0/0 is administratively down, line protocol is down
    Internet protocol processing disabled
    FastEthernet0/1 is up, line protocol is down
    Internet address will be negotiated using DHCP
    Broadcast address is 255.255.255.255
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is enabled
    IP Flow switching is disabled
    IP CEF switching is disabled
    IP Fast switching turbo vector
    IP multicast fast switching is enabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Probe proxy name replies are disabled
    Policy routing is disabled
    Network address translation is disabled
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
    BGP Policy Mapping is disabled

    Hope this give some view ito how I have tried to set it up and where I
    have messed up.

    Thanks

    Daryl

    Your "line protocol is down" indicates the Ethernets are not terminated
    correctly.
    Are there hubs / switches involved ? You may have the wrong cable type.
    (crossover vs straigh through issues)
    Also, it would help to see a "show run" output.
     
    John Agosta, Oct 3, 2008
    #4
  5. baron1211

    baron1211 Guest

    The setup goes from a comcast cable modem to the cisco 2621 router
    then to a 2960G 48 port switch. I will get a Show run and post this
    morning. Right now I have a strait thru cable from the modem to the
    router and a strait thru to the switch.

    Comcast Modem Cisco 2621 Cisco
    2060G 48
    ___ Strait thru _________ Strait thru
    ___________
    | | ------------------- |
    |--------------------------- | |-------------
    Inside Network
    ------- Port 0/1 ---------------- Port
    0/0 ------------------




    Sorry for the lame artwork, but this is the basic setup I have put
    togeather. I have had a netgear router inplace of the Cisco for
    several weeks now and it has functioned,not reliablly, but functioned.

    Thanks for all the help.

    Daryl
     
    baron1211, Oct 6, 2008
    #5
  6. baron1211

    baron1211 Guest

    OK here is a SHOW RUN.

    Library#show run
    Building configuration...

    Current configuration : 917 bytes
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Library
    !
    enable secret 5 $1$H2KO$nJxIjx6nLnkvtEvvIPi/c0
    enable password T0rnad0
    !
    ip subnet-zero
    !
    !
    !
    ip dhcp-client network-discovery informs 2 discovers 0
    !
    !
    !
    interface FastEthernet0/0
    ip address 192.168.1.1 255.255.255.0
    ip nat outside
    ip irdp
    speed auto
    full-duplex
    !
    interface Serial0/0
    no ip address
    shutdown
    no fair-queue
    !
    interface FastEthernet0/1
    ip address dhcp
    ip route-cache same-interface
    speed auto
    full-duplex
    !
    router rip
    network 192.168.1.0
    !
    ip classless
    ip default-network 192.168.1.0
    ip route 192.168.1.0 255.255.255.0 FastEthernet0/1
    ip http server
    !
    access-list 1 permit 192.168.1.0 0.0.0.255
    access-list dynamic-extended
    dialer-list 1 protocol ip permit
    dialer-list 1 protocol ipx permit
    !
    line con 0
    line aux 0
    line vty 0 4
    password T0rnad0
    login
    !
    end

    Hope this give some more information.

    Daryl
     
    baron1211, Oct 6, 2008
    #6
  7. This is the only "ip nat xxxside" - Statement.
    They mostly come in pairs: Inside-Outside.

    In my opinion, *this* interface points to your INside?!
    and this will be the OUTside?
    I would change this word...
    perhaps to 'hurr1ca3' :)

    And I'd miss some 'nat pool' statement as well?

    Greetings, Holger
     
    Holger Petersen, Oct 6, 2008
    #7
  8. baron1211

    baron1211 Guest

    ok, I have redone the setup of the router. I have ethernet0/0 as my
    link to the Cable modem getting its address from DHCP and having NAT
    pointing inside. And etherent0/1 is my internal port with a static
    address with NAT pointing out. Does that seem correct? I am going to
    work this thru and make sure it is correct. need to learn how to set
    this stuff up correctly. Any help is greatly appreaciated.


    Building configuration...

    Current configuration : 708 bytes
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Library
    !
    enable secret 5 $1$aVwD$IZlEoK1HBuf8xmlHqUzcw.
    enable password ********
    !
    ip subnet-zero
    no ip routing
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address dhcp
    ip nat inside
    no ip route-cache
    no ip mroute-cache
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    no ip route-cache
    no ip mroute-cache
    shutdown
    !
    interface FastEthernet0/1
    ip address 192.168.1.1 255.255.255.0
    ip nat outside
    no ip route-cache
    no ip mroute-cache
    speed auto
    full-duplex
    !
    ip classless
    ip http server
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password ********
    login
    !
    end

    And "hurr1ca3" will be a good one to remember in the future :)
     
    baron1211, Oct 7, 2008
    #8
  9. baron1211

    baron1211 Guest

    OK, lets see if this is better.


    Building configuration...

    Current configuration : 788 bytes
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Library
    !
    enable secret 5 $1$aVwD$IZlEoK1HBuf8xmlHqUzcw.
    enable password
    !
    ip subnet-zero
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    description WAN-Connection-C2621-DCHP
    ip address dhcp
    ip nat inside
    no ip mroute-cache
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    no ip mroute-cache
    shutdown
    !
    interface FastEthernet0/1
    description LAN-Connection-Library-Patrons
    ip address 192.168.1.1 255.255.255.0
    ip nat outside
    no ip mroute-cache
    speed auto
    full-duplex
    !
    ip nat pool patrons 192.168.1.2 192.168.1.254 netmask 255.255.255.0
    ip classless
    ip http server
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password
    login
    !
    end
     
    baron1211, Oct 7, 2008
    #9
  10. baron1211

    baron1211 Guest

    I think I got it this time. Sorry for being so stupid on how this all
    work. I am trying to learn.


    Building configuration...

    Current configuration : 883 bytes
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Library
    !
    enable secret 5 $1$aVwD$IZlEoK1HBuf8xmlHqUzcw.
    enable password
    !
    ip subnet-zero
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    description WAN-Connection-C2621-DCHP
    ip address dhcp
    ip nat inside
    no ip mroute-cache
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    no ip mroute-cache
    shutdown
    !
    interface FastEthernet0/1
    description LAN-Connection-Library-Patrons
    ip address 192.168.1.1 255.255.255.0
    ip nat outside
    no ip mroute-cache
    speed auto
    full-duplex
    !
    ip nat pool patrons 192.168.1.2 192.168.1.254 netmask 255.255.255.0
    ip classless
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    ip http server
    !
    access-list 101 permit ip 192.0.0.0 0.255.255.255 any
    !
    line con 0
    line aux 0
    line vty 0 4
    password
    login
    !
    end
     
    baron1211, Oct 7, 2008
    #10
  11. baron1211

    baron1211 Guest

    Thank you for all yoru help. I won't be able to test until to morrow
    morning. Hopefully you won't hear from me again :)

    Daryl
     
    baron1211, Oct 7, 2008
    #11
  12. So this interface gets " IP NAT OUTSIDE " iirc.
    And ther goes " IP NAT INSIDE "
    Other way! Look from the router:

    cable (and Internet) is 'outside'
    LAN is 'inside'


    And don't miss the other mentioned "ip nat pool ..." statements...

    good luck, Holger
     
    Holger Petersen, Oct 7, 2008
    #12
  13. baron1211

    baron1211 Guest

    OK, Have fixed the IP NAT statements to have out going to the cable
    modem and i going to the LAN. I have the NAT POOL created and the
    Access list for PERMIT IP 192.*.*.* 0.255.255.255 any.

    Current configuration : 935 bytes
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Library
    !
    enable secret 5 $1$aVwD$IZlEoK1HBuf8xmlHqUzcw.
    enable password
    !
    ip subnet-zero
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    description WAN-Connection-C2621-DCHP
    ip address dhcp
    ip nat outside
    no ip mroute-cache
    shutdown
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    no ip mroute-cache
    shutdown
    !
    interface FastEthernet0/1
    description LAN-Connection-Library-Patrons
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    no ip mroute-cache
    speed auto
    full-duplex
    !
    ip nat pool patrons 192.168.1.2 192.168.1.254 netmask 255.255.255.0
    ip classless
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    ip http server
    !
    access-list 101 permit ip 192.0.0.0 0.255.255.255 any
    access-list 101 permit ip 0.0.0.0 192.168.1.254 any
    !
    line con 0
    line aux 0
    line vty 0 4
    password
    login
    !
    end

    Better?
     
    baron1211, Oct 7, 2008
    #13
  14. baron1211

    htan68

    Joined:
    Oct 8, 2008
    Messages:
    1
    Likes Received:
    0
    ip nat inside source list 101 interface FastEthernet0/0 overload
     
    htan68, Oct 8, 2008
    #14
  15. May be correct...
    ^^^
    ^^^
    But not 'best' ?
    Or does it work?

    Holger
     
    Holger Petersen, Oct 8, 2008
    #15
  16. baron1211

    baron1211 Guest

    no it doesn't. Just plugged it in and get address for both port, but
    no routing between them. do I need to remove the access lists? or did
    I mess something else up.

    The address for my lan side should be 192.168.1.1. It is also my
    default gateway out, set by DHCP on the server. The pool of address
    that shoulod be allow to send out should be everything in the
    192.168.1.0 network. Did I not do that? From your question I am
    assuming I didn't. If I remove access list 101 and create on the is
    "permit ip 192.168.1.0 192.168.1.254" would that be correct, or should
    I add to aqccess list 101 and put in that range?

    Daryl
     
    baron1211, Oct 8, 2008
    #16
  17. baron1211

    mkupec

    Joined:
    Oct 8, 2008
    Messages:
    1
    Likes Received:
    0
    Location:
    Woodbridge, Va
    You might want to try removing the "shutdown" statement on FastEthernet 0/0.

    Doing so will allow you access to the Cablemodem from the router.
     
    mkupec, Oct 8, 2008
    #17
  18. baron1211

    baron1211 Guest

    -
    OK, here is a "show ip interface" output. I have an address for the
    therenetporty0/0 from DHCP and a static address from my setup. But I
    still can not get out to the internet from a system behind the
    router. I bellieve it is setup to froward all traffic from the
    192.168.1.0 netwrok to etherent port 0/0. any ideas?


    #show ip interface
    FastEthernet0/0 is up, line protocol is down
    Internet address is 71.237.188.162/22
    Broadcast address is 255.255.255.255
    Address determined by DHCP
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is disabled
    IP Flow switching is disabled
    IP CEF switching is disabled
    IP Feature Fast switching turbo vector
    IP multicast fast switching is disabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Probe proxy name replies are disabled
    Policy routing is disabled
    Network address translation is enabled, interface in domain outside
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
    BGP Policy Mapping is disabled
    Serial0/0 is administratively down, line protocol is down
    Internet protocol processing disabled
    FastEthernet0/1 is up, line protocol is down
    Internet address is 192.168.1.1/24
    Broadcast address is 255.255.255.255
    Address determined by non-volatile memory
    MTU is 1500 bytes
    Helper address is not set
    Directed broadcast forwarding is disabled
    Outgoing access list is not set
    Inbound access list is not set
    Proxy ARP is enabled
    Security level is default
    Split horizon is enabled
    ICMP redirects are always sent
    ICMP unreachables are always sent
    ICMP mask replies are never sent
    IP fast switching is enabled
    IP fast switching on the same interface is disabled
    IP Flow switching is disabled
    IP CEF switching is disabled
    IP Feature Fast switching turbo vector
    IP multicast fast switching is disabled
    IP multicast distributed fast switching is disabled
    IP route-cache flags are Fast
    Router Discovery is disabled
    IP output packet accounting is disabled
    IP access violation accounting is disabled
    TCP/IP header compression is disabled
    RTP/IP header compression is disabled
    Probe proxy name replies are disabled
    Policy routing is disabled
    Network address translation is enabled, interface in domain inside
    WCCP Redirect outbound is disabled
    WCCP Redirect inbound is disabled
    WCCP Redirect exclude is disabled
    BGP Policy Mapping is disabled

    Did I miss something or not set something ?

    Daryl
     
    baron1211, Oct 8, 2008
    #18
  19. That's good.


    But let ud take a look at

    show IP nat translations

    You did not read the message from Artie(sp?):

    | http://www.cisco.com/en/US/tech/tk175/tk15/technologies_configuration_example09186a0080093fd2.shtml
    |
    |
    | ip nat inside source list 101 interface FastEthernet0/0 overload
    | ip classless
    | ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    | no ip http server
    | !
    | access-list 101 permit ip 192.168.1.0 0.255.255.255 any

    Why do you have _two_ access-list?

    good luck, Holger
     
    Holger Petersen, Oct 8, 2008
    #19
  20. baron1211

    baron1211 Guest

    Yes I could. I can ping out from the router and do a trace route
    out. I believe I have it set to route all traffic to the
    Fastethernet0/0.(ip route 0.0.0.0 0.0.0.0 FastEthernet0/0) I have the
    nat pool set as anything from 192.168.1.2 - 192.168.1.254. Have
    Insdie NAT pointing to fastethernet port 0/1 and outside pointing to
    Fastetherent 0/0. Both interfaces show in the "show ip route" command
    as connected. I have redone the router from scratch last night
    thinking I messed something up with my playing around. here is how it
    is configured right now. It should be back to where I was yesterday
    morning before i started tweeking it.


    Current configuration : 873 bytes
    !
    version 12.2
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname Library
    !
    enable secret 5 $1$aVwD$IZlEoK1HBuf8xmlHqUzcw.
    enable password
    !
    ip subnet-zero
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    description WAN-Connection-C2621-DCHP
    ip address dhcp
    ip nat outside
    no ip mroute-cache
    duplex auto
    speed auto
    !
    interface Serial0/0
    no ip address
    no ip mroute-cache
    shutdown
    !
    interface FastEthernet0/1
    description LAN-Connection-Library-Patrons
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    no ip mroute-cache
    speed auto
    full-duplex
    !
    ip nat pool patrons 192.168.1.2 192.168.1.254 netmask 255.255.255.0
    ip classless
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    ip http server
    !
    access-list 103 permit ip 192.0.0.0 0.255.255.255 any
    !
    line con 0
    line aux 0
    line vty 0 4
    password
    login
    !
    end

    I still can not get out to the internet from a laptop behind the
    router. I can ping the outside port (Fastethernet0/0) from the laptop
    and can ping the laptop from the router. I can also bing the inside
    port(fastehternet0/1) from the laptop. To my limited knowledge it
    sound like I can route from fastethernet0/1 to fastethernet0/0, but
    can not get beyond that point from the laptop from behind the router.
    Do I need a "IP route" for fastethernet0/0?
     
    baron1211, Oct 9, 2008
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.