asked on Cisco 1710 Change Static IP Address
During SDSL upgrade from 256K to 1M, the ISP changed static IP address from 216.153.xxx.xx/24 to 64.65.xxx.xxx/30
I attached laptop to the ISP equipment with the new static IP allocation, and I verified external connectivity (I was able to route out past the ISP).
I changed the IP address on the Ethernet0 interface using:
Config-if# ip address 64.65.xxx.xxx 255.255.255.252
#wr mem
From there I can ping gateway, but not out past the gateway. I can only imagine that I am missing something in the configuration (which I have included below). Is there something other than the ethernet0 interface that needs to be modified?
I would appreciate any assistance.
Current configuration : 2622 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Band
!
enable password 7
!
memory-size iomem 15
ip subnet-zero
!
!
no ip domain-lookup
!
ip inspect name myfw http java-list 98
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name myfw tftp
ip inspect name myfw ftp
ip inspect name myfw realaudio
ip inspect name myfw fragment maximum 256 timeout 1
ip inspect name myfw cuseeme
ip inspect name myfw vdolive
ip inspect name myfw sqlnet
ip inspect name myfw streamworks
ip inspect name myfw smtp
ip inspect name myfw h323
ip inspect name myfw rcmd
ip inspect name fwin tcp
ip inspect name fwin udp
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key minda address 64.65.xxx.xx
!
!
crypto ipsec transform-set strong esp-des esp-md5-hmac
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto map mymap 11 ipsec-isakmp
set peer 64.65.xxx.xx
set transform-set strong
match address 120
!
!
!
!
interface Ethernet0
description connected to Internet
ip address 216.153.xxx.xx 255.255.255.0
ip access-group 110 in
ip nat outside
ip inspect myfw in
ip inspect myfw out
half-duplex
crypto map mymap
!
interface FastEthernet0
description connected to Beth_4th
ip address 10.6.xxx.xx 255.255.255.0
ip nat inside
speed auto
!
router rip
version 2
passive-interface Ethernet0
network 10.0.0.0
no auto-summary
!
ip nat inside source route-map nonat interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
ip pim bidir-enable
!
access-list 98 permit 10.1.0.0 0.0.0.255
access-list 101 deny ip 10.6.xxx.xx 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 permit ip 10.6.xxx.xx 0.0.0.255 any
access-list 110 permit esp any any
access-list 110 permit udp any any eq isakmp
access-list 110 permit tcp any host 216.153.xxx.xx eq telnet
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any echo
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded
access-list 110 permit ip 10.0.0.0 0.0.0.255 any
access-list 110 permit ahp any any
access-list 120 permit ip 10.6.xxx.xx 0.0.0.255 10.0.0.0 0.0.0.255
!
route-map nonat permit 5
match ip address 101
!
!
line con 0
exec-timeout 0 0
password 7
login
line aux 0
line vty 0 4
password 7
login
!
no scheduler allocate
end
I attached laptop to the ISP equipment with the new static IP allocation, and I verified external connectivity (I was able to route out past the ISP).
I changed the IP address on the Ethernet0 interface using:
Config-if# ip address 64.65.xxx.xxx 255.255.255.252
#wr mem
From there I can ping gateway, but not out past the gateway. I can only imagine that I am missing something in the configuration (which I have included below). Is there something other than the ethernet0 interface that needs to be modified?
I would appreciate any assistance.
Current configuration : 2622 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Band
!
enable password 7
!
memory-size iomem 15
ip subnet-zero
!
!
no ip domain-lookup
!
ip inspect name myfw http java-list 98
ip inspect name myfw tcp
ip inspect name myfw udp
ip inspect name myfw tftp
ip inspect name myfw ftp
ip inspect name myfw realaudio
ip inspect name myfw fragment maximum 256 timeout 1
ip inspect name myfw cuseeme
ip inspect name myfw vdolive
ip inspect name myfw sqlnet
ip inspect name myfw streamworks
ip inspect name myfw smtp
ip inspect name myfw h323
ip inspect name myfw rcmd
ip inspect name fwin tcp
ip inspect name fwin udp
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto isakmp policy 11
hash md5
authentication pre-share
crypto isakmp key minda address 64.65.xxx.xx
!
!
crypto ipsec transform-set strong esp-des esp-md5-hmac
crypto mib ipsec flowmib history tunnel size 200
crypto mib ipsec flowmib history failure size 200
!
crypto map mymap 11 ipsec-isakmp
set peer 64.65.xxx.xx
set transform-set strong
match address 120
!
!
!
!
interface Ethernet0
description connected to Internet
ip address 216.153.xxx.xx 255.255.255.0
ip access-group 110 in
ip nat outside
ip inspect myfw in
ip inspect myfw out
half-duplex
crypto map mymap
!
interface FastEthernet0
description connected to Beth_4th
ip address 10.6.xxx.xx 255.255.255.0
ip nat inside
speed auto
!
router rip
version 2
passive-interface Ethernet0
network 10.0.0.0
no auto-summary
!
ip nat inside source route-map nonat interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
ip pim bidir-enable
!
access-list 98 permit 10.1.0.0 0.0.0.255
access-list 101 deny ip 10.6.xxx.xx 0.0.0.255 10.0.0.0 0.0.0.255
access-list 101 permit ip 10.6.xxx.xx 0.0.0.255 any
access-list 110 permit esp any any
access-list 110 permit udp any any eq isakmp
access-list 110 permit tcp any host 216.153.xxx.xx eq telnet
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any echo
access-list 110 permit icmp any any unreachable
access-list 110 permit icmp any any time-exceeded
access-list 110 permit ip 10.0.0.0 0.0.0.255 any
access-list 110 permit ahp any any
access-list 120 permit ip 10.6.xxx.xx 0.0.0.255 10.0.0.0 0.0.0.255
!
route-map nonat permit 5
match ip address 101
!
!
line con 0
exec-timeout 0 0
password 7
login
line aux 0
line vty 0 4
password 7
login
!
no scheduler allocate
end
RoutersNetwork Operations
Last Comment
grsteed
ASKER
At this point, configuration is being done via console, so telnet is not of any concern. That can be addressed once I've got the Internet connectivity established.
The posted configuration is the current / working configuration. So, I seek assistance with making the requisite changes with the new IP addresses, specifically 64.65.xxx.xxx/30
The posted configuration is the current / working configuration. So, I seek assistance with making the requisite changes with the new IP addresses, specifically 64.65.xxx.xxx/30
Ok, These are the commands that you need to enter. With the correct IP's of course.
Conf t
int e0
no ip address 216.153.xxx.xx 255.255.255.0
ip address 64.65.xxx.xxx 255.255.255.252
exit
wr mem
That should do it.
Gary
Conf t
int e0
no ip address 216.153.xxx.xx 255.255.255.0
ip address 64.65.xxx.xxx 255.255.255.252
exit
wr mem
That should do it.
Gary
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
According to these links, using the address instead of the interface seems to be preferred.
http://www.cisco.com/warp/public/105/default.html
http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_i2gt.html#wp1106404
Since your are using RIP, it can change how that route shows up (connected vs static), and whether it gets advertised. It may need to be redistributed.
Gary
http://www.cisco.com/warp/public/105/default.html
http://www.cisco.com/en/US/docs/ios/12_3t/ip_route/command/reference/ip2_i2gt.html#wp1106404
Since your are using RIP, it can change how that route shows up (connected vs static), and whether it gets advertised. It may need to be redistributed.
Gary
interface Ethernet0
description connected to Internet
ip address 216.153.xxx.xx 255.255.255.0
Also you still have this in your ACL that you might want to change if telnet is needed.
access-list 110 permit tcp any host 216.153.xxx.xx eq telnet
Cheers,
Gary