kevkirr
asked on
Cisco 803 configuration
I have recently been attempting to configure a Cisco 803 router using the Cisco Fast-Step configuration program....I'm relatively new to router configuration and am wondering if there are any other options which need to be configured that the software doesn't cover....I have set up the router with an ip of 192.168.0.1 and subnet mask of 255.255.255.0, enabled the DHCP server on the router, set the pc's to obtain an ip automatically and not to use any dialup connection and yet my pc's cannot access the internet....they can ping the router ok....
>Now configure the NAT statement
>router(config)# ip nat inside source list 1 dialer 1 <---- if you use dialer interface
>router(config)# ip nat inside source list 1 bri 0 <---- if you are not using dialer interface.
One more thing.
Add the word "overload" to the end of the NAT statement. This will allow more than one user to connect using NAT at a time.
router(config)# ip nat inside source list 1 dialer 1 overload
>router(config)# ip nat inside source list 1 dialer 1 <---- if you use dialer interface
>router(config)# ip nat inside source list 1 bri 0 <---- if you are not using dialer interface.
One more thing.
Add the word "overload" to the end of the NAT statement. This will allow more than one user to connect using NAT at a time.
router(config)# ip nat inside source list 1 dialer 1 overload
Also make sure that you have a default route that points to the outside interface:
ip route 0.0.0.0 0.0.0.0 dialer 1
ip route 0.0.0.0 0.0.0.0 dialer 1
ASKER
Excellent NicBrey....I was pretty certain that the Fast-Step didn't cover everything....I'll be having another go this evening and will try out your suggestions....if they work I'll close the question tomorrow, otherwise I'll be back with the configuration file looking for further assistance....
No problem... good luck !!
ASKER
Ok that was almost a complete waste of time....I did discover that the hub and router don't see eye to eye though....if I connect the hub to the router and the pc's to the hub they cannot locate the DHCP server but if I connect them to the router's built in hub they work perfectly??? I've tried every combination of setting the uplink/normal switch on the hub and hub/no hub switch on the router without success??? This is ok at the moment as there are only 4 machines on the network but there may be more after a few weeks so I don't know what I'll do with it....
Anyhow back to my original problem....
The commands given above yield the following results(via telnet logging):
User Access Verification
Username: x
Password:
router>enable
Password:
router#configure
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface ethernet 0
router(config-if)#ip nat inside
router(config-if)#exit
router(config)#interface dialer 1
router(config-if)#ip nat outside
router(config-if)#exit
router(config)#access-list
Translating "ip"...domain server (255.255.255.255)
^
% Invalid input detected at '^' marker.
router(config)#ip nat inside source list 1 dialer 1
^
% Invalid input detected at '^' marker.
router(config)#exit
router#exit
Anyhow back to my original problem....
The commands given above yield the following results(via telnet logging):
User Access Verification
Username: x
Password:
router>enable
Password:
router#configure
Configuring from terminal, memory, or network [terminal]?
Enter configuration commands, one per line. End with CNTL/Z.
router(config)#interface ethernet 0
router(config-if)#ip nat inside
router(config-if)#exit
router(config)#interface dialer 1
router(config-if)#ip nat outside
router(config-if)#exit
router(config)#access-list
Translating "ip"...domain server (255.255.255.255)
^
% Invalid input detected at '^' marker.
router(config)#ip nat inside source list 1 dialer 1
^
% Invalid input detected at '^' marker.
router(config)#exit
router#exit
ASKER
The running configuration is (via telnet logging):
User Access Verification
Username: router
Password:
router>enable
Password:
router#sh running-config
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable secret 5 $1$FcI.$kYBz5rbtNSgemdb5E7
!
username router password 7 15220A1F173D24362C
!
ip subnet-zero
no ip source-route
!
ip dhcp pool DHCPPoolLAN_0
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
ip access-group 121 in
no ip directed-broadcast
no ip proxy-arp
ip nat inside
!
interface BRI0
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication chap pap callin
!
interface Dialer1
description ISP
ip address negotiated
ip access-group 121 in
no ip directed-broadcast
no ip proxy-arp
ip nat outside
encapsulation ppp
no ip split-horizon
dialer remote-name Cisco1
dialer idle-timeout 300
dialer string 1890927171 class DialClass
dialer hold-queue 10
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname p17269
ppp chap password 7 071B2E4E4B1B14
ppp pap sent-username p17269 password 7 010709065E190B
!
ip nat inside source list 18 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
map-class dialer DialClass
access-list 18 permit 192.168.0.0 0.0.0.255
access-list 121 deny udp any eq netbios-dgm any
access-list 121 deny udp any eq netbios-ns any
access-list 121 deny udp any eq netbios-ss any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
!
time-range TIME
periodic daily 0:00 to 23:59
!
end
router#exit
I have the monitor configuration file as well as the startup configuration if there are any other pieces of information in these that would be useful....
User Access Verification
Username: router
Password:
router>enable
Password:
router#sh running-config
Building configuration...
Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
enable secret 5 $1$FcI.$kYBz5rbtNSgemdb5E7
!
username router password 7 15220A1F173D24362C
!
ip subnet-zero
no ip source-route
!
ip dhcp pool DHCPPoolLAN_0
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
isdn switch-type basic-net3
!
!
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
ip access-group 121 in
no ip directed-broadcast
no ip proxy-arp
ip nat inside
!
interface BRI0
no ip address
no ip directed-broadcast
encapsulation ppp
dialer pool-member 1
isdn switch-type basic-net3
ppp authentication chap pap callin
!
interface Dialer1
description ISP
ip address negotiated
ip access-group 121 in
no ip directed-broadcast
no ip proxy-arp
ip nat outside
encapsulation ppp
no ip split-horizon
dialer remote-name Cisco1
dialer idle-timeout 300
dialer string 1890927171 class DialClass
dialer hold-queue 10
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname p17269
ppp chap password 7 071B2E4E4B1B14
ppp pap sent-username p17269 password 7 010709065E190B
!
ip nat inside source list 18 interface Dialer1 overload
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
map-class dialer DialClass
access-list 18 permit 192.168.0.0 0.0.0.255
access-list 121 deny udp any eq netbios-dgm any
access-list 121 deny udp any eq netbios-ns any
access-list 121 deny udp any eq netbios-ss any
access-list 121 deny tcp any eq 137 any
access-list 121 deny tcp any eq 138 any
access-list 121 deny tcp any eq 139 any
access-list 121 permit ip any any time-range TIME
dialer-list 1 protocol ip permit
!
line con 0
exec-timeout 120 0
transport input none
stopbits 1
line vty 0 4
exec-timeout 0 0
login local
!
time-range TIME
periodic daily 0:00 to 23:59
!
end
router#exit
I have the monitor configuration file as well as the startup configuration if there are any other pieces of information in these that would be useful....
Hi there,
Yes, that was a typo from my side - sorry bout that...
Just leave the ip out of the access list statement. - see you already have a correct have access list 18
The config looks fine...
Looks like you either have a duplex mismatch between your Ethernet 0 interface and your hub, or a faulty cable. You should use a straight through (normal patch cable) if you connect a router to a hub and at the back of the router, the Hub button should be pressed down.
If you do a "show interface ethernet 0" you will see the duplex setting. try setting it to half manually.
router(config-if)#duplex half
Yes, that was a typo from my side - sorry bout that...
Just leave the ip out of the access list statement. - see you already have a correct have access list 18
The config looks fine...
Looks like you either have a duplex mismatch between your Ethernet 0 interface and your hub, or a faulty cable. You should use a straight through (normal patch cable) if you connect a router to a hub and at the back of the router, the Hub button should be pressed down.
If you do a "show interface ethernet 0" you will see the duplex setting. try setting it to half manually.
router(config-if)#duplex half
ASKER
Does the config already allow for dial on demand and on what criteria will it drop the ISDN connection?
ASKER
Is it the exec-timeout?
Also what is the BRI0 interface used for?
Also what is the BRI0 interface used for?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I didn't even see the dialler timeout....every time I look at the configuration above it makes more sense to me....I'm going to leave this open until tomorrow evening just in case I have any other problems but after that the points are all yours....
Yeah, once you get the hang of the Cisco IOS, it really does make sense how everything fits together. No problem, leave it open until you are happy...
ASKER
Sorry about the delay in getting back to this....I've been up to my eyes in work lately so I haven't had time to even look at it....I'm closing the question and awarding the points as you have been very helpful Nic....
Thanks - Glad to help...
Telnet to the router and go into priveledged mode. The prompt will look like
router#
You need to add the following lines to the config
Under Ethernet interface
router(config-if)#ip nat inside
Under BRI interface or if you are using dialer profiles, under the dialer interface
router(config-if)#ip nat outside
Create an access list for the internal network addresses for NAT
router(config)#access-list
Now configure the NAT statement
router(config)# ip nat inside source list 1 dialer 1 <---- if you use dialer interface
router(config)# ip nat inside source list 1 bri 0 <---- if you are not using dialer interface.
If you post the config here and just edit out the passwords etc. I can tell you exactly what commands to add...