tidewaterskanska
asked on
Basic cisco 831 internet configuration
I need to configure my 831 to access the internet and allow dhcp clients to access the internet. I have no idea where to start. I am not looking for anything fancy just a basic config to get my clients on the internet. Anyone able to point me in a direction?
Thank you in advance.
James
Thank you in advance.
James
ASKER
My router has Interface Ethernet1, and Fastethernet1 - 4 (all 4 ports are interface ethernet0, not sure I understand that)
There is no fa0/0 or 0/1 port.
So should I do this...
ip nat inside source list 1 interface e1 overload
interface Ethernet1
description outside
ip address X.X.X.X <Mask>
ip nat outside
speed 100
full-duplex
interface FastEthernet1
description inside
ip address 10.0.0.1 255.0.0.0
ip nat inside
duplex auto
speed auto
Well I am going to try that whie I wait for a responce, thank you for the general outline I will let you know how it works out.
James
There is no fa0/0 or 0/1 port.
So should I do this...
ip nat inside source list 1 interface e1 overload
interface Ethernet1
description outside
ip address X.X.X.X <Mask>
ip nat outside
speed 100
full-duplex
interface FastEthernet1
description inside
ip address 10.0.0.1 255.0.0.0
ip nat inside
duplex auto
speed auto
Well I am going to try that whie I wait for a responce, thank you for the general outline I will let you know how it works out.
James
ASKER
I cannot access the internet, what am I doing wrong? Here is the current config...
show run
Building configuration...
Current configuration : 1075 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 831_Test
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
interface Ethernet0
description inside
ip address 10.0.0.1 255.0.0.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description outside
ip address 216.54.x.x 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex half
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 216.54.x.x!
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet1 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end
831_Test#
show run
Building configuration...
Current configuration : 1075 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 831_Test
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
!
interface Ethernet0
description inside
ip address 10.0.0.1 255.0.0.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description outside
ip address 216.54.x.x 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex half
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 216.54.x.x!
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet1 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end
831_Test#
Config looks okay. So when you say you can't reach internet, how are you trying to reach ?
The machine behind 10.0.0.0/24 network should have a default gateway of 10.0.0.1 and also should have the DNS Server addresses configured for it to resolve the names. So try this;
From a setup where you can reach internet, ping a site, grab its ip address and go to the inside machine and try pinging by ip address and see.
Cheers,
Rajesh
The machine behind 10.0.0.0/24 network should have a default gateway of 10.0.0.1 and also should have the DNS Server addresses configured for it to resolve the names. So try this;
From a setup where you can reach internet, ping a site, grab its ip address and go to the inside machine and try pinging by ip address and see.
Cheers,
Rajesh
ASKER
(scream yell rant rave)
Now I cannot ping the client from the router, but I can ping the router from the client. And still no internet. Lights are blinking happily but no one is home.
How am I trying to reach the internet...
My laptop is connected to a netgear gigabit switch with Auto uplink on port 5. Laptop is connected to port 1, and the fastethernet1 port of the 831 router is connected to port 5 on the netgear. Then the E1 port of the 831 is connected to two daisy chained Netgear switched to the internet modem. The laptop is configured as follows ip 10.0.0.2, sub 255.255.255.0, gateway 10.0.0.1, DNS are the ISP provided addresses. The router is configured as above except I changed the subnet mask of ethernet0 to 255.255.255.0. Keep in mind E0 is Fastethernet 1 - 4, fastethernet1 is up up which is where the switch is plugged into. Could the issue be with the access-list? I don't see where the access-list references http, or even if it should. Where oh where has my little dog gone, I need help this is too simple to be this complicated. Thanks also to RSIVANANDAN for your suggestions.
Now I cannot ping the client from the router, but I can ping the router from the client. And still no internet. Lights are blinking happily but no one is home.
How am I trying to reach the internet...
My laptop is connected to a netgear gigabit switch with Auto uplink on port 5. Laptop is connected to port 1, and the fastethernet1 port of the 831 router is connected to port 5 on the netgear. Then the E1 port of the 831 is connected to two daisy chained Netgear switched to the internet modem. The laptop is configured as follows ip 10.0.0.2, sub 255.255.255.0, gateway 10.0.0.1, DNS are the ISP provided addresses. The router is configured as above except I changed the subnet mask of ethernet0 to 255.255.255.0. Keep in mind E0 is Fastethernet 1 - 4, fastethernet1 is up up which is where the switch is plugged into. Could the issue be with the access-list? I don't see where the access-list references http, or even if it should. Where oh where has my little dog gone, I need help this is too simple to be this complicated. Thanks also to RSIVANANDAN for your suggestions.
ASKER
Ok, I can now ping back and forth between the laptop and the router(bad switch), however I cannot access the internet still. I tested the internet with my laptop to make sure the switches weren't a problem or the cabling. Any new ideas?
James
James
No Access-list is not a problem since it is only used for nat translations. If you have changed the subnet mask for e0 then you should also change that in your laptop and change access-list to;
access-list 1 permit 10.0.0.0 0.0.0.255
Do all these and ensure the connectivity, then try to ping 66.94.230.48, it is yahoo's address, if you are able to ping then it means networking is fine and we've got a DNS problem.
Cheers,
Rajesh
access-list 1 permit 10.0.0.0 0.0.0.255
Do all these and ensure the connectivity, then try to ping 66.94.230.48, it is yahoo's address, if you are able to ping then it means networking is fine and we've got a DNS problem.
Cheers,
Rajesh
ASKER
Rajesh, I am pretty certain I have done all that you suggested thus far, yet I still cannot access the internet. Here is a new copy of the config in case I messed things up in the process of fixing them. Question, access-list 1 permit 192.168.1.0 0.0.0.0.255, why is the subnet 0.0.0.255 and not 255.0.0.0? (Which I have changed everything to a /24 which i easier for me to work with).
I have also switched to 192.168.1.0 because it is easier for me to work with.
I have removed the ! to save space where I could...I tried to ping from within the router and from the laptop to the address you suggested, 0 success.
Any more ideas?
show run
Building configuration...
Current configuration : 1105 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 831_internet
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
ip cef
!
interface Ethernet0
description INSIDE
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description OUTSIDE
ip address 216.54.99.12 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex half
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 216.54.2.25
!
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end
Thank you, heres to hoping for a connecting future!
James
I have also switched to 192.168.1.0 because it is easier for me to work with.
I have removed the ! to save space where I could...I tried to ping from within the router and from the laptop to the address you suggested, 0 success.
Any more ideas?
show run
Building configuration...
Current configuration : 1105 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 831_internet
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
ip cef
!
interface Ethernet0
description INSIDE
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description OUTSIDE
ip address 216.54.99.12 255.255.255.240
ip nat outside
ip virtual-reassembly
duplex half
!
interface Ethernet2
no ip address
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 216.54.2.25
!
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet1 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end
Thank you, heres to hoping for a connecting future!
James
I hope there won't be any more changes until we resolve this;
>>Question, access-list 1 permit 192.168.1.0 0.0.0.0.255, why is the subnet 0.0.0.255 and not 255.0.0.0?
Access-list use wildcards and not subnet mask. 0.0.0.255 tells to match the first 3 octects and ignore the last octect.
Now, see if you have ip routing enabled on the router. Do 'show ip route' and you should see 3 routes (2 connected interfaces and one static default route). If not, then enable it in config mode by 'ip routing'
Go to the laptop and get 3 outputs;
1. ipconfig/all
2. tracert www.yahoo.com
3. tracert 66.94.230.48
Post 'em back here. As far as the router goes, commands wise it looks good. So we need to check where in the way it is getting blocked.
Cheers,
Rajesh
>>Question, access-list 1 permit 192.168.1.0 0.0.0.0.255, why is the subnet 0.0.0.255 and not 255.0.0.0?
Access-list use wildcards and not subnet mask. 0.0.0.255 tells to match the first 3 octects and ignore the last octect.
Now, see if you have ip routing enabled on the router. Do 'show ip route' and you should see 3 routes (2 connected interfaces and one static default route). If not, then enable it in config mode by 'ip routing'
Go to the laptop and get 3 outputs;
1. ipconfig/all
2. tracert www.yahoo.com
3. tracert 66.94.230.48
Post 'em back here. As far as the router goes, commands wise it looks good. So we need to check where in the way it is getting blocked.
Cheers,
Rajesh
ASKER
No more changes :)
Thank you for the wildcards info.
Here is the output for "show ip route"
Gateway of last resort is not set
216.54.99.0/28 is subnetted, 1subnets
c 216.54.99.0 is directly connected, Ethernet1
c 192.168.1.0/24 is directly connected, Ethernet0
Is the top line understood to be S (static) or is a static route missing?
Laptop output:
1. Dhcp Enabled No
IP address 192.168.1.2
subnet mask 255.255.255.0
default gateway 192.168.1.1
DNS Servers 216.54.2.10
216.54.2.11
2. Unable to resolve target system name
3. Tracing route to 66.94.230.48 over a maximum of 30 hops
1 1ms 1ms 1ms 192.168.1.1
2 192.168.1.1 reports: Destination host unreachable
Trace complete.
Just a wild guess, is it possible the Ethernet0 port is dead?
Thank you,
James
Thank you for the wildcards info.
Here is the output for "show ip route"
Gateway of last resort is not set
216.54.99.0/28 is subnetted, 1subnets
c 216.54.99.0 is directly connected, Ethernet1
c 192.168.1.0/24 is directly connected, Ethernet0
Is the top line understood to be S (static) or is a static route missing?
Laptop output:
1. Dhcp Enabled No
IP address 192.168.1.2
subnet mask 255.255.255.0
default gateway 192.168.1.1
DNS Servers 216.54.2.10
216.54.2.11
2. Unable to resolve target system name
3. Tracing route to 66.94.230.48 over a maximum of 30 hops
1 1ms 1ms 1ms 192.168.1.1
2 192.168.1.1 reports: Destination host unreachable
Trace complete.
Just a wild guess, is it possible the Ethernet0 port is dead?
Thank you,
James
So that explains the problem. No the Ethernet port is working just fine. You don't have a static default route in your route table and that is why it is not able to pass through the router.
Check to see if you have default route;
ip route 0.0.0.0 0.0.0.0 <IP Address of ISP Router>
then do 'sh ip route' and it should say with an S that it is a static route.
Cheers,
Rajesh
Check to see if you have default route;
ip route 0.0.0.0 0.0.0.0 <IP Address of ISP Router>
then do 'sh ip route' and it should say with an S that it is a static route.
Cheers,
Rajesh
ASKER
Hmmm, that command does exist actually.
I re-inputted the command again just in case then did the sh ip route and am receiving the same results.
Just to satisfy my curiosity I used the same config on a different router and received the same results.
I have also used two different IOS's, the current one I am using is c831-k9o3sy6-mz.124-4.t1.b
Just another amature thought...should there be some sort of mapping betweeen E0 and the fe1 port, or is that "understood" within the router?
I have also contacted my cable company to verify that the line was clean.
I am sitting on the edge of my seat in anticipation of your next move....(hits the speed clock)
James
I re-inputted the command again just in case then did the sh ip route and am receiving the same results.
Just to satisfy my curiosity I used the same config on a different router and received the same results.
I have also used two different IOS's, the current one I am using is c831-k9o3sy6-mz.124-4.t1.b
Just another amature thought...should there be some sort of mapping betweeen E0 and the fe1 port, or is that "understood" within the router?
I have also contacted my cable company to verify that the line was clean.
I am sitting on the edge of my seat in anticipation of your next move....(hits the speed clock)
James
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Rajesh,
Funny you should mention the subnet difference...
I did discuss this issue with the ISP last night and even the tech thought the difference was odd and that it should not work, however, when I use those same settings on to connect my laptop directly to the internet everything works fine, though I admit the tech from my ISP did not think it should. I will call them again this morning and see if they have any suggestions or can change the gateway address to one that is more suitable. I will let you know what happens.
James
Funny you should mention the subnet difference...
I did discuss this issue with the ISP last night and even the tech thought the difference was odd and that it should not work, however, when I use those same settings on to connect my laptop directly to the internet everything works fine, though I admit the tech from my ISP did not think it should. I will call them again this morning and see if they have any suggestions or can change the gateway address to one that is more suitable. I will let you know what happens.
James
ASKER
Rajeesh,
Apparently the gateway is a "virtual gateway" because we have two providers for load balancing and redundancy. Hopefully that helps. calling the ISP in about an hour to see what they suggest.
James
Apparently the gateway is a "virtual gateway" because we have two providers for load balancing and redundancy. Hopefully that helps. calling the ISP in about an hour to see what they suggest.
James
ASKER
Rajeesh,
I looked at another router on my network that uses the same connection to the internet, I discovered the ip route ISP address is 216.54.99.1 (it seems the 216.54.2.25 addres sis the gateway for the virtual gateway address 216.54.99.1), which I then added to the ip route of the 831 router and here is the new output as requested previously...
1. tracert www.yahoo.com
Unable to resolve target system name www.yahoo.com
2. tracert 66.94.230.48
Tracing route to 66.94.230.48 over a maximum of 30 hops
1 5ms 1ms 1 ms 192.168.1.1
2 x x x Request timed out
3 x x x Request timed out
.
.
30 x x x Request timed out
Also, show ip route:
Gateway of last resort is 216.54.99.1 to network 0.0.0.0
216.54.99.0/28 is subnetted, 1 subnets
c 216.54.99.0 is directly connected, Ethernet1
c 192.168.1.0/24 is directly connected, Ethernet0
s* 0.0.0.0/0 [1/0] via 216.54.99.1
I think we are making progress now. I await your reply.
James
I looked at another router on my network that uses the same connection to the internet, I discovered the ip route ISP address is 216.54.99.1 (it seems the 216.54.2.25 addres sis the gateway for the virtual gateway address 216.54.99.1), which I then added to the ip route of the 831 router and here is the new output as requested previously...
1. tracert www.yahoo.com
Unable to resolve target system name www.yahoo.com
2. tracert 66.94.230.48
Tracing route to 66.94.230.48 over a maximum of 30 hops
1 5ms 1ms 1 ms 192.168.1.1
2 x x x Request timed out
3 x x x Request timed out
.
.
30 x x x Request timed out
Also, show ip route:
Gateway of last resort is 216.54.99.1 to network 0.0.0.0
216.54.99.0/28 is subnetted, 1 subnets
c 216.54.99.0 is directly connected, Ethernet1
c 192.168.1.0/24 is directly connected, Ethernet0
s* 0.0.0.0/0 [1/0] via 216.54.99.1
I think we are making progress now. I await your reply.
James
At this stage, I believe there is a problem between your router and ISP premise. If you take a closer look at the output, you can see that the local traffic gets till the router and from there it can't reach.
How to confirm this?
Logon to the router and from there ping the address (IP Address of Yahoo) and see if you can get through, if not CALL ISP and tell them that it ain't working.
Also from the router, you can do a trace route <IP address of Yahoo> and see how far it gets.
Post the outputs here.
Cheers,
Rajesh
How to confirm this?
Logon to the router and from there ping the address (IP Address of Yahoo) and see if you can get through, if not CALL ISP and tell them that it ain't working.
Also from the router, you can do a trace route <IP address of Yahoo> and see how far it gets.
Post the outputs here.
Cheers,
Rajesh
ASKER
Rajeesh,
Well, I fianlly broke down and called Cisco...
Two problems..
The gateway of last resort must be of the same subnet, for this you get yoru points Rajeesh, nice job it helped me to understand our virtual gateway and the router conifg.
Second, we were missing the IP NAT OUTSIDE command.
After these two changes I was surfing the internet like an old pro with long hair who just happens to be bald.
Good work Rajeesh thank you for your help.
James
Well, I fianlly broke down and called Cisco...
Two problems..
The gateway of last resort must be of the same subnet, for this you get yoru points Rajeesh, nice job it helped me to understand our virtual gateway and the router conifg.
Second, we were missing the IP NAT OUTSIDE command.
After these two changes I was surfing the internet like an old pro with long hair who just happens to be bald.
Good work Rajeesh thank you for your help.
James
I don't understand, if you take a look at my *very* first post, you can see that 'ip nat outside' is configured on the outside interface. During the changes if you have missed it I wouldn't know because even in the last posted config you have it in place there!!!!
Anyways thnx for the points.
Cheers,
Rajesh
Anyways thnx for the points.
Cheers,
Rajesh
LAN (10.0.0.0/8)--------------
Say the interface FA0/1 is connected to LAN and is having an ip address of 10.0.0.1/8
Interface FA0/0 is connected to Internet with a *Public IP* of x.x.x.x
So the basic configuration would look like this below;
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname <Hostname>
!
enable secret 5
enable password
!
ip subnet-zero
!
!
ip nat inside source list 1 interface fa0/0 overload
!
access-list 1 permit 10.0.0.0 0.255.255.255
!
interface FastEthernet0/0
description outside
ip address X.X.X.X <Mask>
ip nat outside
speed 100
full-duplex
!
interface FastEthernet0/1
description inside
ip address 10.0.0.1 255.0.0.0
ip nat inside
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 X.X.X.Y
!
ip http server
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
Hope this helps.
Cheers,
Rajesh