Cisco 2621 -- Setup
Background -- During our network revamping, I aquired a Cisco 2621 for our lab. Looking over the configuration, I noticed it was running a 10.x IOS and some really messed up VPN configuration. After doing some research, the recomendation was to totaly erase the RAM which I did. Last week, I downloaded IOS release 12.3(10a) and loaded that. The router is now at a non-configured stage. After rebooting, I am at the <Router> prompt. There are a few things I'd like to do with this router, but unfortunally I am a beginer with Cisco routers and I want to use this as a learning experience.
1. I'd like to replace our Netopia router that came with our T1 with this router even if that is possible.
2. Since our servers are being maxed out by the programers, I'd like to take the burden of doing DHCP off of them and use the DHCP functionality of the router. Unless you think this is a bad idea.
3. A friend mentioned using NAT on the router. Not sure what or how NAT will help with my configurations. The maximum amount of computers hooked up to this network will not go over 15 hopefully ..... Suggestions?
As you can see from the above, its probally a simple configuration but I'm kind of stuck on where to start first. I've looked on Cisco's page for 'initial setup' after the reload, but i'm unable to find anything. Any input on how to configure this puppy would be great! Thanks again for your help....
1. I'd like to replace our Netopia router that came with our T1 with this router even if that is possible.
2. Since our servers are being maxed out by the programers, I'd like to take the burden of doing DHCP off of them and use the DHCP functionality of the router. Unless you think this is a bad idea.
3. A friend mentioned using NAT on the router. Not sure what or how NAT will help with my configurations. The maximum amount of computers hooked up to this network will not go over 15 hopefully ..... Suggestions?
As you can see from the above, its probally a simple configuration but I'm kind of stuck on where to start first. I've looked on Cisco's page for 'initial setup' after the reload, but i'm unable to find anything. Any input on how to configure this puppy would be great! Thanks again for your help....
ASKER
@ lrmoore --
1. The T1 comes in from the phone room, to the wall jack in the lab, to a small gray box which has a RJ45 cable comming out of it, into the Netopia router.
2. Whoot on DHCP!
3. Currently I don't have a firewall setup :( Awaiting on some boxes to set one up. The ISP gave me 12 IP's to work with. So far, almost all of those are used. So I guess NAT would be the answer to that...
At the SETUP prompt :)
1. The T1 comes in from the phone room, to the wall jack in the lab, to a small gray box which has a RJ45 cable comming out of it, into the Netopia router.
2. Whoot on DHCP!
3. Currently I don't have a firewall setup :( Awaiting on some boxes to set one up. The ISP gave me 12 IP's to work with. So far, almost all of those are used. So I guess NAT would be the answer to that...
At the SETUP prompt :)
For #1, you will need to have a WIC-1DSU-T1 module installed in the 2621.
This is all you need for DHCP:
!
ip dhcp pool Test
network 192.168.122.128 255.255.255.128
dns-server 192.168.122.149
netbios-name-server 192.168.122.149
!
#3 we'll have to work on after you get the initial config set up.
Decide what you want to use for IP addresses on the inside. Keep in mind the private IP ranges of:
192.168.0.0 - 192.168.255.0 255.255.255.0
172.16.0.0 - 172.16.32.0.0 255.255.0.0
10.0.0.0 - 10.255.255.0 255.0.0.0
This is all you need for DHCP:
!
ip dhcp pool Test
network 192.168.122.128 255.255.255.128
dns-server 192.168.122.149
netbios-name-server 192.168.122.149
!
#3 we'll have to work on after you get the initial config set up.
Decide what you want to use for IP addresses on the inside. Keep in mind the private IP ranges of:
192.168.0.0 - 192.168.255.0 255.255.255.0
172.16.0.0 - 172.16.32.0.0 255.255.0.0
10.0.0.0 - 10.255.255.0 255.0.0.0
ASKER
Tks, I just looked on the 2621 and I have a module on it already in the slot -- Ethernet 1E .. is that not the same ias the WIC-1DSU-T1 you mentioned? Also, if I have to wait on this module, can I still use the DHCP functionality of the router for the network along with the Netopia?
no NM-1E is nowhere near the same as a T1 WIC. Is this in the large slot on the left? the WIC goes in one of the small slots above the FastEthernet /console ports..
yes, you can still be a DHCP server. The router can be just another host on the network, but with a function...
yes, you can still be a DHCP server. The router can be just another host on the network, but with a function...
ASKER
Ok I understand now where the cards go... any suggestions on sites to buy this card? I will do #setup and use your ip suggestions above for FE 0/0 . What is the next step? Thanks much....
ASKER
Just as an update, I have a static Ip for the router as well *.*.*.5 ... if im not mistaken, we can configure FE 0/0 for DHCP and FE 0/1 for the static and run NAT ? Not sure if that is correct.... Tks....
ASKER
Update -- I go FE 0/0 setup to DHCP. Pluged the router into my 8port switch, and on my other computer, I set it up for aquiring DHCP and it did.... here is the info from the comptuer...
virtual.net
192.168.0.20
255.255.255.0
192.168.0.1
Now, if I want to set this up so that all the clients can get to the internet, how do I set this up? Would I have to setup FE 0/1 with the static IP ? Thanks....
virtual.net
192.168.0.20
255.255.255.0
192.168.0.1
Now, if I want to set this up so that all the clients can get to the internet, how do I set this up? Would I have to setup FE 0/1 with the static IP ? Thanks....
Yes, set up FE 0/1 with the static:
interface FE 0/0
ip nat inside
interface FE 0/1
ip address *.*.*.5 255.255.255.*
ip nat outside
no shut
ip nat inside source list 1 interface FastEthernet0/1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
Caution: you don't want to put both interfaces into the same switch unless you can set up VLANs for them.
interface FE 0/0
ip nat inside
interface FE 0/1
ip address *.*.*.5 255.255.255.*
ip nat outside
no shut
ip nat inside source list 1 interface FastEthernet0/1 overload
access-list 1 permit 192.168.0.0 0.0.0.255
Caution: you don't want to put both interfaces into the same switch unless you can set up VLANs for them.
ASKER
Ok, both connections are in the same switch but I'm still not able to get outside.... Here is my 'show run'
Current configuration : 1180 bytes
!
version 12.3
service timestamps debug datetime msec
sercice timestamps log datetime msec
no service password-encryption
!
hostname Cisco2621-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 ***************
enable password *********
!
no aaa new-model
ip subnet-zero
no ip routing
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.19 <---- From a previous post on these forums you replied
!
ip dhcp pool MainScope
network 192.168.0.0 255.255.255.0
domain-name virtual.net
dns-server 192.168.0.1
default-router 192.168.0.1
!
no ip cef
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
no ip route-cache
speed auto
half-duplex
no mop enable
no clns route-cache
!
interface FastEthernet0/1
ip address *.*.*.5 255.255.255.240
ip nat outside
no ip route-cache
duplex auto
speed auto
no clns route-cache
!
interface Ethernet1/0
no ip address
no ip route-cache
shutdown
half-duplex
no clns route-cache
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip http server
ip classless
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password *******
login
!
!
end
WHEW!!! Man thats a lot of typing :) ... one thing i did notice is that FE 0/0 is at half-duplex... would that matter? also, since my Netopia is the actual router on the nextowrk, shouldnt the DNS and default router be set to that? Lastly, how do I save configurations after each change.... so I dont loose anything... tks...
Current configuration : 1180 bytes
!
version 12.3
service timestamps debug datetime msec
sercice timestamps log datetime msec
no service password-encryption
!
hostname Cisco2621-1
!
boot-start-marker
boot-end-marker
!
enable secret 5 ***************
enable password *********
!
no aaa new-model
ip subnet-zero
no ip routing
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.19 <---- From a previous post on these forums you replied
!
ip dhcp pool MainScope
network 192.168.0.0 255.255.255.0
domain-name virtual.net
dns-server 192.168.0.1
default-router 192.168.0.1
!
no ip cef
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
no ip route-cache
speed auto
half-duplex
no mop enable
no clns route-cache
!
interface FastEthernet0/1
ip address *.*.*.5 255.255.255.240
ip nat outside
no ip route-cache
duplex auto
speed auto
no clns route-cache
!
interface Ethernet1/0
no ip address
no ip route-cache
shutdown
half-duplex
no clns route-cache
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip http server
ip classless
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password *******
login
!
!
end
WHEW!!! Man thats a lot of typing :) ... one thing i did notice is that FE 0/0 is at half-duplex... would that matter? also, since my Netopia is the actual router on the nextowrk, shouldnt the DNS and default router be set to that? Lastly, how do I save configurations after each change.... so I dont loose anything... tks...
> dns-server 192.168.0.1
This is a problem. The router cannot be the dns-server. It has no capability to be a dns proxy. You need to put in the public IP's of your real dns servers in the dhcp setup.
The default gateway for your dhcp clients absolutely must be the 192.168.0.1 ip address of the router.
You don't have to type any of it. Use cut/paste from your hyperterminal session, or capture the config with Hyperterm capture feature....
Yes, change the FE 0/0 to duplex auto instead of full, just like your FE 0/1 interface
Can you ping anything on your local lan by ip address?
To save the config:
router#copy run start
or
router#write mem
or
router#wr
This is a problem. The router cannot be the dns-server. It has no capability to be a dns proxy. You need to put in the public IP's of your real dns servers in the dhcp setup.
The default gateway for your dhcp clients absolutely must be the 192.168.0.1 ip address of the router.
You don't have to type any of it. Use cut/paste from your hyperterminal session, or capture the config with Hyperterm capture feature....
Yes, change the FE 0/0 to duplex auto instead of full, just like your FE 0/1 interface
Can you ping anything on your local lan by ip address?
To save the config:
router#copy run start
or
router#write mem
or
router#wr
One more thing you need - a default route pointing to the netopia..
ip route 0.0.0.0 0.0.0.0 <netopia's IP>
ip route 0.0.0.0 0.0.0.0 <netopia's IP>
ASKER
Thanks much.. i've inputed the above... just waiting to test it... also, do you know of a reference page where the commands are? Im kind of stuck on how to change the duplex to auto instead of full .... tks....
ASKER
Update -- Interesting.... I've done the above (except changing to auto) and I still can not get out with my client... From hyper term, I can ping the client 192.168.0.20, I can ping the netopia router *.*.*.1 and even the cisco *.*.*.5 no problem.. but when I try pinging the DNS servers that the ISP gave me, it times out... the interesting thing is that I can not even ping an IP address from the clients dos window........
Reassuring progress so far. The fact that you can ping the netopia shows that the NAT is working.
I'm still concerned that you have both interfaces plugged into the same switch. Two switches (or even an old hub) would work better if you can't setup any VLANS...
To change the duplex setting:
router(config)#interface fast 0/0
router(config-if)#no half-duplex
Can you post results of
router#sho ip route
router#sho interface fast 0/0
Command reference guides:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/index.htm
I'm still concerned that you have both interfaces plugged into the same switch. Two switches (or even an old hub) would work better if you can't setup any VLANS...
To change the duplex setting:
router(config)#interface fast 0/0
router(config-if)#no half-duplex
Can you post results of
router#sho ip route
router#sho interface fast 0/0
Command reference guides:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios123/123cgcr/index.htm
ASKER
Thanks..... at least there's progress.. :) .. Im not sure about VLANS at all so sorry I dont understand its concept.... What I did though was plug FA 0/0 into the 8 port switch... then I pluged FA 0/1 into the netopia router (there is 12 lan ports on the back of it) so it should be getting the ip directly from the netopia.... unless you have any other suggestions?
As requested:
--------------------------
Cisco2621-1#sho ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
Cisco2621-1#
--------------------------
As requested:
--------------------------
Cisco2621-1#sho ip route
Default gateway is not set
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
Cisco2621-1#
--------------------------
That's what I was afraid of...
You should be OK if you're like this:
[8-port sw]-----FA0/0
| FA0/1-----------[Netopia]
Test
PC
You need a default gateway set on the router:
Cisco2621-1#config t
Cisco2621-1(config)#ip route 0.0.0.0 0.0.0.0 *.*.*.1
Cisco2621-1(config)#end
Cisco2621-1#
You should be OK if you're like this:
[8-port sw]-----FA0/0
| FA0/1-----------[Netopia]
Test
PC
You need a default gateway set on the router:
Cisco2621-1#config t
Cisco2621-1(config)#ip route 0.0.0.0 0.0.0.0 *.*.*.1
Cisco2621-1(config)#end
Cisco2621-1#
ASKER
Sorry my mistake, hit the send button.. here is the rest
--------------------------
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0001.429c.6cc0 (bia 0001.429c.6cc0)
Internet address is 192.168.0.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
136613 packets input, 9179749 bytes
Received 135721 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
2789 packets output, 270288 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 babbles, 0 late collision, 8 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Cisco2621-1#
--------------------------
Interface FA 0/1
FastEthernet0/1 is up, line protocol is up
Hardware is AmdFE, address is 0001.429c.6cc1 (bia 0001.429c.6cc1)
Internet address is 151.200.165.5/28
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 2 packets/sec
5 minute output rate 1000 bits/sec, 2 packets/sec
5385 packets input, 460231 bytes
Received 4967 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
2343 packets output, 217965 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Cisco2621-1#
--------------------------
Also, i am not getting the following error:
<date (which is wrong :) >%CDP-4-DUPLEX_MISMAATCH: duplex mismatch discovered on FastEthernet 0/0 (not full duplex), with CISCO 2621-1 FastEthernet0/1 (full duplex).
<date> >%CDP-4-DUPLEX_MISMAATCH: duplex mismatch discovered on FastEthernet 0/1 (not half duplex), with CISCO 2621-1 FastEthernet0/0 (half duplex).
tks
--------------------------
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0001.429c.6cc0 (bia 0001.429c.6cc0)
Internet address is 192.168.0.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
136613 packets input, 9179749 bytes
Received 135721 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
2789 packets output, 270288 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 babbles, 0 late collision, 8 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Cisco2621-1#
--------------------------
Interface FA 0/1
FastEthernet0/1 is up, line protocol is up
Hardware is AmdFE, address is 0001.429c.6cc1 (bia 0001.429c.6cc1)
Internet address is 151.200.165.5/28
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 2000 bits/sec, 2 packets/sec
5 minute output rate 1000 bits/sec, 2 packets/sec
5385 packets input, 460231 bytes
Received 4967 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
2343 packets output, 217965 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
Cisco2621-1#
--------------------------
Also, i am not getting the following error:
<date (which is wrong :) >%CDP-4-DUPLEX_MISMAATCH: duplex mismatch discovered on FastEthernet 0/0 (not full duplex), with CISCO 2621-1 FastEthernet0/1 (full duplex).
<date> >%CDP-4-DUPLEX_MISMAATCH: duplex mismatch discovered on FastEthernet 0/1 (not half duplex), with CISCO 2621-1 FastEthernet0/0 (half duplex).
tks
You can get rif of those messages with:
Cisco2621-1#config t
Cisco2621-1(config)#no cdp run
Those messages makes it seam like you have both interfaces plugged into the same switch so that they see each other with CDP. That is what I cautioned about in my first post..
You should not:
FA 0/0 ----- S
| W-------PC 192.168.0.20
FA 0/1------ I
T
C
H --------[Netopia]------WAN
Cisco2621-1#config t
Cisco2621-1(config)#no cdp run
Those messages makes it seam like you have both interfaces plugged into the same switch so that they see each other with CDP. That is what I cautioned about in my first post..
You should not:
FA 0/0 ----- S
| W-------PC 192.168.0.20
FA 0/1------ I
T
C
H --------[Netopia]------WAN
ASKER
Ok ill look over my configuration.. also for some reason, it will not take the gateway .. in your last post, the *.*.*.1 is the netopia IP correct? Tks....
ASKER
Update -- I got it ! :) ... I was looking over the IP ? files and saw the command default-gateway. Thinking this was the problem, I read the help for that... "Specify default gateway (if not routing IP). Then it hit me, you asked earlier to do a ip route xxxx stuff.... so I looked further and found another command : Routing - Enable IP routing...... so i did a ip routing and now it works! I am using this box on the DHCP switch.... Now lastly, how can we check to see that everything is up and running like planed? The sho run command? Tks ...
Great detective work! Isn't this fun to learn new things?
Yes, sho run will help, but the only real test is that it actually works!
Yes, sho run will help, but the only real test is that it actually works!
ASKER
Great !!!! So once I get that WAN card in, how difficult will it be to revamp the router to replace the Netopia... that might have to be a new 'ticket' on the forums ;) ....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you for all your help.. well worth the points ;) ..... Im glad that i signed up on these forums.... very helpful ppl here... Tks and i'm going to attempt to write this up for future reference :) ... tks again... !!
Scott
Scott
2. Sure, you can use the router as the dhcp server no problem
3. If your T1 is to the internet, and you don't have any other firewall (bad idea), and all of your internal IP addresses are private IP's, then yes, you'll need NAT.
For an initial setup, simply type
router#setup
and answer the questions....