Skip navigation
Cisco Learning Home > Learning Center > Discussions

_Communities

1236 Views 14 Replies Latest reply: Feb 22, 2012 3:19 PM by Derrick B, CCENT RSS

Currently Being Moderated

router configuration

Feb 19, 2012 6:56 PM

Derrick B, CCENT 86 posts since
Sep 27, 2009

Hi all,

 

Some of you may hae seen I am rebuilding my network, and I am working on a design. Unfortunatly, my cisco knowledge isnt as sharp as I thought it was. So, first things first, I am connecting a cable modem to a cisco router (1721) then to a pc.

 

Currently NAT is turned off on the modem, It is supposedly in bridging mode, gets an IP address via dhcp and dhcp on the modem is on.

 

The router is a 1721 with a WIC-4ESW. This is the current configuration.:

 

service timestamps debug datetime msec

 

service timestamps log datetime msec

 

service password-encryption

 

!

 

hostname CROUTEX

 

!

 

boot-start-marker

 

boot-end-marker

 

!

 

enable secret 5

 

no aaa new-model

 

ip cef

 

!

 

!

 

!

 

!

 

no ip domain lookup

 

ip domain name

 

!

 

multilink bundle-name authenticated

 

!

 

!

 

!

 

!

 

!

 

username password 7

 

archive

 

log config

 

  hidekeys

 

!

 

!

 

!

 

!

 

!

 

!

 

!

 

interface FastEthernet0

 

description outside

 

no ip address

 

speed auto

 

!

 

interface FastEthernet1

 

!

 

interface FastEthernet2

 

!

 

interface FastEthernet3

 

!

 

interface FastEthernet4

 

!

 

interface Vlan1

 

ip address 192.168.1.1 255.255.255.0

 

!

 

ip forward-protocol nd

 

!

 

!

 

no ip http server

 

no ip http secure-server

 

!

 

!

 

!

 

!

 

control-plane

 

!

 

!

 

line con 0

 

exec-timeout 0 0

 

logging synchronous

 

line aux 0

 

line vty 0 1

 

exec-timeout 0 0

 

password 7

 

logging synchronous

 

login local

 

transport input ssh

 

line vty 2 4

 

login

 

!

 

 

Now a few things I know. I want to administer the device remotely via ssh from within the network. I gave vlan1 an ip address for this, on what is supposed to be the internal range. Is this correct?

 

I know I need to give the external and internal interfaces ip addresses. From my research it appears that ethernet ports on a router cannot be configured with ip addresses like serial ports or whatnot. So I configured the vlan1 ip and assigned the inside interface (fa1) to vlan 1 (sw access vlan 1). Now I need to configure first the external port (fa0) that is coming from the modem, then NAT , and DHCP. I've looked at various articles and they give me a few commands, but I havent really gotten the information in the format I need it in. Can someone provide me with a breakdown step by step, and perhaps explinations on the way?

 

This article is interesting, but it has information all over the place and I cant tell what information is what in some places. They should have made it a walkthrough, not just a config copy.

 

http://www.cisco.com/en/US/tech/tk86/tk89/technologies_configuration_example09186a0080094be1.shtml

  • Paul Stewart  -  CCIE Security, CCSI 6,993 posts since
    Jul 18, 2008
    Currently Being Moderated
    1. Feb 19, 2012 7:05 PM (in response to Derrick B, CCENT)
    Re: router configuration

    Regarding the four port esw, you can use vlan 1 as a routing interface and place the IP address there. Some versions also let you type "no switchport" under the respective esw port and use it just like any routed port.

     

    Different versions of code configure the DHCP client differently.  Mine is configured as follows

     

    int fa0/0

    ip address dhcp

     

    ip route 0.0.0.0 0.0.0.0 dhcp

     

    It is also worth noting that some form of NAT needs to be configured to.  If you want it to behave like a soho router you configure what cisco calls PAT.

     

    interface x (your outside interface)
    ip nat outside

     

    interface y (your inside interface)

    ip nat inside

     

    access-list 1 permit 192.168.1.0 0.0.0.0.255

     

    ip nat inside source list 1 interface x overload

  • Scott Morris - CCDE/4xCCIE/2xJNCIE 8,398 posts since
    Oct 7, 2008
    Currently Being Moderated
    3. Feb 20, 2012 8:14 AM (in response to Derrick B, CCENT)
    Re: router configuration

    You could always use a known DNS server like 8.8.8.8...  Or you could look at what is provided by your ISP and figure that even if your IP changes, the DNS servers will most likely not change!  So just use them.

     

    But yes, you'll likely want DHCP on your own router, or a local machine to handle things, as the SPs DHCP server will not be set to grant IP addresses to your systems other than the directly attached ones.

     

    The last two commands he has will allow NAT of your internal IPs to the outside interface IP (given by SP) to access the internet.  It has an ACL on there to limit NAT only to the devices in that particular subnet.

     

    HTH,

     

    Scott

  • Scott Morris - CCDE/4xCCIE/2xJNCIE 8,398 posts since
    Oct 7, 2008
    Currently Being Moderated
    5. Feb 20, 2012 8:41 AM (in response to Derrick B, CCENT)
    Re: router configuration

    When you say "issue" what do you mean?

     

    Can you ping someplace using an IP but not a name?  (that indicates DNS rather than transport)

     

    What does "show ip nat translation" show on your router?  You should have entries from your PCs going out.

     

    Scott

  • ESummers 312 posts since
    Sep 10, 2010
    Currently Being Moderated
    7. Feb 21, 2012 4:55 AM (in response to Derrick B, CCENT)
    Re: router configuration

    I don't want to interfere in Scott and Paul's troubleshooting, but I wanted to confirm something from your original post.

     

    Can you confirm that the cable modem is truly bridging, and passing through the ISP-assigned IP address to your router's external interface?  Your OP noted:

     

    "Currently NAT is turned off on the modem, It is supposedly in bridging mode, gets an IP address via dhcp and dhcp on the modem is on."

     

    This seems to indicate that your cable modem is pulling and holding the ISP-assigned IP address, so you must be getting multiple public IPs for your router to also get an ISP-assigned IP.  Also, you would not need DHCP enabled on the cable modem unless for some reason this is required to pass-through the public IP to the router.  If your cable modem is assigning a private IP to your router external interface, and the cablem modem NAT functionality is also disabled, that would explain part of the issue.

     

    Can you verify the IP address being assigned to the router's external interface (show interface fa0)? 

     

    Also, I noticed a possible typo:

    "ip nat inside source list 1 interface FastEthernet1 overload"

     

    That should be:

    ip nat inside source list 1 interface FASTETHERNET0 overload

     

    Best of luck,

    Ed

  • ESummers 312 posts since
    Sep 10, 2010
    Currently Being Moderated
    11. Feb 22, 2012 5:43 AM (in response to Derrick B, CCENT)
    Re: router configuration

    Which "default gateway" can the PC not ping? If the PCs are on the same subnet as your vlan1, your "default router" statement should be 192.168.1.1 (in your dhcp pool).  The hosts need a default gateway that is on the same network as they are (as the purpose is to help them reach other networks).

     

    ***Note:  Consider changing your user (sephiroth) password. The encryption on those passwords is reversible, and now both the password and your current public IP has been posted.

     

    Best of luck,

    Ed

  • ESummers 312 posts since
    Sep 10, 2010
    Currently Being Moderated
    13. Feb 22, 2012 9:35 AM (in response to Derrick B, CCENT)
    Re: router configuration

    Gotcha.  With that, I wouldn't worry so much AS LONG AS you have connectivity to other devices on "the Internet".  Your ISP may just be filtering ICMP/ping on that device.  We generally maintain a short list of "known-pingable" public addresses for this purpose, as several installers have wasted time trying to ping a device that filtered pings. 

     

    As long as your traffic is getting out, probably no issue there.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)