Solved

Cisco 2801 No WAN Connectivity

Posted on 2006-11-09
16
513 Views
Last Modified: 2008-02-14
Ok, bare with me guys, we had Cox communications and during the setup they sold the company to Sudden Link. We have been very dissappointed in the level of support we are recieving from them so I'm trying my best to set this up myself. We have a cisco 2801 plugged into a radiance r400 fiber to copper converter. I am unable to ping out or surf on the wan interface. Does this config look correct? The IP INFO from sudden link is as follows:

CIDR BLOCK:
70.XX.XX.48/28 ROUTED TO 70.XX.XX.170
Usables:  .49 - .62
Subnet Mask: 255.255.255.240
Gateway:  70.XX.XX.169


This is my config on the 2801.

Current configuration : 2089 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname route01
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
ip inspect name SDM_LOW http
!
!
ip domain name mydomain.com
ip name-server 192.168.1.1
ip name-server 192.168.1.2
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description $ETH-LAN$$FW_INSIDE$
 ip address 192.168.1.11 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description $FW_OUTSIDE$$ETH-WAN$
 ip address 70.XX.XX.49 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 70.XX.XX.169
ip route 70.XX.XX.48 255.255.255.240 FastEthernet0/1
!
ip http server
no ip http secure-server
ip nat inside source static network 192.168.1.0 XX.XX.XX.50 /32
!
no logging trap
!
!
control-plane
!
banner login ^C**Unauthorized access prohibited**^C
!
line con 0
 login local
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 exec-timeout 90 0
 login local
 transport input telnet
!
end


Thanks for any help...
0
Comment
Question by:ronayers
  • 5
  • 5
  • 3
  • +1
16 Comments
 
LVL 16

Expert Comment

by:btassure
Comment Utility
Can you post a sh ip route and a sh ip int brief please?
0
 

Author Comment

by:ronayers
Comment Utility
sh ip route
------------
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     70.0.0.0/28 is subnetted, 1 subnets
C       70.XX.XX.48 is directly connected, FastEthernet0/1
C    192.168.1.0/24 is directly connected, FastEthernet0/0


sh ip int brief
----------------
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0       192.168.1.11    YES   NVRAM  up                    up
FastEthernet0/1       70.XX.XX.49     YES   manual up                     up
NVI0                       unassigned       YES    unset  up                      up
0
 
LVL 16

Expert Comment

by:btassure
Comment Utility
You need to set your gateway.

Conf t
ip default-gateway 70.XX.XX.169
end
wr
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
First, "ip route 70.XX.XX.48 255.255.255.240 FastEthernet0/1" is not needed. You're directly connected to this network so no static route is needed. But it's not hurting anything.

Second, you've been allocated a block of addresses (49-62) for use on your INSIDE network. The IP address of your outside interface should be the 70.x.x.170 address. (I'm not sure of the mask, but I would assume /30)

The default route is not showing up in the routing table because the next hop address is on an unknown network. Once you get the ouside interface ip address correct, the default route will show up.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
CIDR BLOCK:
70.XX.XX.48/28 ROUTED TO 70.XX.XX.170
==============================
interface FastEthernet0/1
 no ip address 70.XX.XX.49 <== this should be the .170 IP
 ip address 70.XX.XX.170 255.255.255.252

They are routing the .48 subnet to you via .170 which is what you would have on your WAN IP
This is why your correct default route does not appear in your route table.
You do not use "ip default-gateway", use what you already have "ip route 0.0.0.0 0.0.0.0 70.x.x.169"



0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
Gotcha by 1 minute! ;-)
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
gotdammit...
need more coffee. . .
getting too slow...

<8-}

0
 
LVL 16

Expert Comment

by:btassure
Comment Utility
Move to the UK. You get a 5 hour drop on everyone else :oD
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:ronayers
Comment Utility
Ok awesome, seems that I'm able to ping out once I change the IP, however, I'm still unable to surf out using this as a gateway... Is the nat correct? I used to working on a pix, I didn't realize how different the two were until now.
0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
Comment Utility
One way to do it would be to change your nat config to

access-list 1 permit any
ip nat inside source list 1 interface f0/1 overload

0
 

Author Comment

by:ronayers
Comment Utility
Wow, thank you guys soo much, its working like a champ, my only problem is that I'm getting 15k a sec off all the bandwidth speed tests out there. This is supposedly a 3mb line. Is there anything in the config that would limit the bandwidth to 15k?
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
When you say 15k, do you mean 15 thousand bits per second or 15 thousand bytes per second?
0
 

Author Comment

by:ronayers
Comment Utility
no I mean 15k as in a 14.4 baud rate modem 8/
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
I don't see anything in your config that would cause a 99.5% drop in performance. I'd call your provider.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Post result of "show interface"
Looking for CRC errors on either the WAN or the LAN interface
0
 

Author Comment

by:ronayers
Comment Utility
I called and we got it all strightened out... Thanks guys...
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now