Solved

Cisco 1811 Router

Posted on 2010-08-12
26
423 Views
Last Modified: 2012-05-10
I am looking to add a wireless router for our clients when they visit our facility.   I am new to managing the Cisco 1811 router.  What commands do I have to run to get my wireless Linksys router to see the Internet?

Below is my running-config:

These two DHCP scopes are not in use!!
"ip dhcp pool sdm-pool5
   default-router x.x.x.x
!
ip dhcp pool sdm-pool3
   network x.x.x.x 255.255.255.0
   default-router x.x.x.x
!"





Building configuration...

Current configuration : 5080 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
!
no aaa new-model
!
resource policy
!
clock timezone Pacific -8
clock summer-time Pacific date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.x.x 192.168.0.x
ip dhcp excluded-address 192.168.x.x
ip dhcp excluded-address 192.168.x.x
ip dhcp excluded-address x.x.x.x
ip dhcp excluded-address x.x.x.x x.x.x.x
!
ip dhcp pool sdm-pool1
   network 192.168.x.x 255.255.255.0
   dns-server 192.168.x.x
   default-router 192.168.x.x
!
ip dhcp pool sdm-pool2
   network x.x.x.x 255.255.255.224
   default-router x.x.x.x
!
ip dhcp pool sdm-pool5
   default-router x.x.x.x
!
ip dhcp pool sdm-pool3
   network x.x.x.x 255.255.255.0
   default-router x.x.x.x
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-2106434434
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2106434434
 revocation-check none
 rsakeypair TP-self-signed-2106434434
!
!
crypto pki certificate chain TP-self-signed-2106434434
 certificate self-signed 01
  3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32313036 34333434 3334301E 170D3039 30353034 31343337
  30305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31303634
  33343433 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B03E 1FCE7F74 5FEA97C4 FA7E1F1A 28D266B3 55859C6E 0DF13D90 CC03500E
  0FAFAADC 05D2E68F A20A64A8 7CE1635E 84A365F5 AE6DA420 D767B987 F9792398
  74B08A7A C0DADA94 EB4D604C DD8F28FA 32483441 34290628 4FA72F1A F8D207D2
  E4C2DF75 C0C74CE1 733D7B2B CCA543DA 9E99D786 729C64A2 19C4F210 777EA09F
  E6530203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
  551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
  301F0603 551D2304 18301680 14CB26B3 EE417138 2D6B7A53 87092A25 1325FD6F
  5F301D06 03551D0E 04160414 CB26B3EE 4171382D 6B7A5387 092A2513 25FD6F5F
  300D0609 2A864886 F70D0101 04050003 8181006B 114DB44B DF079DE4 FEF250AC
  4DF91F13 BE07F329 ED928948 90A07CCD 5E1122E2 D3F10456 D58EFF1C 23472F75
  4BC67DE0 DFF23621 27CD8EC9 45B971C6 E22BAA8E DD9BF815 DF674EDD F96B7408
  7E50D887 CF2762CE 9BA975AB 730CE86F 2F094AAD 827765E0 A94E4598 96A5DF99
  991C74A1 4F77A0DB 1ACD7687 D7B25983 0C189B
  quit
username admin privilege 15 secret 5 $1$fBHI$bh6brlA2//NJYqHYEnWx/1
!
!
!
!
!
!
interface FastEthernet0
 description $ETH-LAN$
 ip address x.x.x.x 255.255.0.0
 duplex auto
 speed auto
!
interface FastEthernet1
 description $ETH-WAN$
 ip address x.x.x.x 255.255.255.252
 ip flow ingress
 ip flow egress
 speed 10
 full-duplex
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
 switchport access vlan 3
 shutdown
!
interface FastEthernet8
 switchport access vlan 2
!
interface FastEthernet9
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$
 ip address x.x.x.x 255.255.255.224
 ip flow ingress
 ip flow egress
 ip tcp adjust-mss 1452
!
interface Async1
 no ip address
 encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!
ip flow-top-talkers
 top 10
 sort-by bytes
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 10 interface FastEthernet1 overload
!
access-list 10 permit x.x.x.0 0.0.0.255
access-list 10 permit 10.2.2.0 0.0.0.255
no cdp run
!
!
!
!
!
!
control-plane
!

line con 0
 login local
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end
0
Comment
Question by:jaymehall66
  • 12
  • 12
  • 2
26 Comments
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33421461
if your router can reach internet then add the following

interface Vlan1
ip nat inside
interface FastEthernet0
 ip nat outside
!
interface FastEthernet1
ip nat outside

remember your wirless client should have a proper gw
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33421467
sorry
 int f0
ip nat inside
0
 

Author Comment

by:jaymehall66
ID: 33422058
I do not want to use the current Vlan - can I create a new Vlan and use the gateway of the Cisco?

0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33422505
yes you can
0
 

Author Comment

by:jaymehall66
ID: 33425574
Hello -

I am obviously not doing something correctly.  My Linksys Router has a 10.2.2.x address with a 10.2.2.1 gw.  But there is still no access to the Internet.  64.x.x.x is my outside address.  

Any ideas:

Running-config:


Building configuration...

Current configuration : 5282 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
!
no aaa new-model
!
resource policy
!
clock timezone Pacific -8
clock summer-time Pacific date Apr 6 2003 2:00 Oct 26 2003 2:00
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.x.x 192.168.x.x
ip dhcp excluded-address 192.168.x.x
ip dhcp excluded-address 192.168.x.x
ip dhcp excluded-address 64.x.x.x
ip dhcp excluded-address 64.x.x.x 64.x.x.x
ip dhcp excluded-address 10.x.x.x
!
ip dhcp pool sdm-pool1
   network 192.x.x.x 255.255.255.0
   dns-server 192.x.x.x
   default-router 192.x.x.x
!
ip dhcp pool sdm-pool2
   network 64.x.x.x 255.x.x.x
   default-router 64.x.x.x
!
ip dhcp pool sdm-pool5
   default-router 64.x.x.x
!
ip dhcp pool sdm-pool3
   network 10.2.x.x 255.255.255.0
   default-router 10.2.x.x
!
!
no ip domain lookup
ip domain name yourdomain.com
!
!
crypto pki trustpoint TP-self-signed-2106434434
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2106434434
 revocation-check none
 rsakeypair TP-self-signed-2106434434
!
!
  quit
username admin privilege 15 secret 5 $1$fBHI$bh6brlA2//NJYqHYEnWx/1
!
!
!
!
!
!
interface FastEthernet0
 description $ETH-LAN$
 ip address 10..x.x.x 255.255.0.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 description $ETH-WAN$
 ip address 64.x.x.x 255.x.x.x
 ip flow ingress
 ip flow egress
 ip nat outside
 ip virtual-reassembly
 speed 10
 full-duplex
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
 switchport access vlan 5
!
interface FastEthernet6
!
interface FastEthernet7
 shutdown
!
interface FastEthernet8
 switchport access vlan 2
!
interface FastEthernet9
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$
 ip address 64.x.x.x 255.255.255.224
 ip flow ingress
 ip flow egress
 ip tcp adjust-mss 1452
!
interface Vlan5
 ip address 10.x.x.x 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
 encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 64.x.x.x
!
ip flow-top-talkers
 top 10
 sort-by bytes
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 10 interface FastEthernet1 overload
!
access-list 10 permit 64.x.x.x 0.0.0.255
access-list 10 permit 10.x.x.x 0.0.0.255
no cdp run
!
!
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33427233
i just want to visualize ur topology, see the below topology and tell me its correct or not

Wireless lan --- > wireless router------------cisco router---------------------internet
network ?             Lan IP ?   wan ip ?         Lan ip ?  wan ip 64.x.x.x ?    

if the above topology is correct , then
1) is there any device in between wireless router and cisco router ?
2) tell me the wireless network ip ?
3) wireless router LAN ip ?
4) wireless router wan ip ? ( connecting to cisco router )
5) cisco router Lan ip connecting to wireless router ?

i can see so many mis matches in the current config, once I get the above  informations we can easily srt out ur issue
0
 
LVL 2

Expert Comment

by:nmcnair
ID: 33430983
are you using the Linksys as a router or just an access point? IF you are plugging interface FastEthernet5 from the Cisco to the Linksys are you going into the Linksys Internet port or just one of the LAN ports. If you are going into the Internet (or WAN) port then what is the IP subnet of the Wireless LAN? You would need to include that IP subnet in access-list 10 and then turn off NAT on the Linksys (you can double NAT but it tends to create issues)..The other option is to ignore the routing function of the Linksys and plug from the Cisco to one of the LAN ports on the Linksys, then set the LAN IP to the 10.2.2.x with a gateway of whatever you have set on Vlan 5 on the Cisco. That would make the Linksys act more like a hub and not route or NAT any traffic..If you do that then it should work with the current setup. Also try doing a 'debug ip NAT' command (if you're not consoled in you also have to type 'term mon' to see the output) on the Cisco..See if when you send pings from the Linksys LAN subnet if you see translations pop up. If you see translations occurring but its still not working, copy and paste the results in here..
0
 

Author Comment

by:jaymehall66
ID: 33431097
Answers:

Wireless lan --- > wireless router------------cisco router---------------------internet network

Lan IP - for Ethernet fast port 5: DHCP Scope 10.2.2.1 - 10.2.2.254  
Wireless Linksys Router is 10.2.2.2
WAN ip/gateway  64.251.x.x ?    

if the above topology is correct , then
1) is there any device in between wireless router and cisco router ? No it is plugged directly into port 5
2) tell me the wireless network ip ? 10.2.2.1 - 10.2.2.254
3) wireless router LAN ip ? 10.2.2.2 DHCP
4) wireless router wan ip ? ( connecting to cisco router ) 10.2.2.1 DHCP (Gateway)

5) cisco router Lan ip connecting to wireless router ? 10.2.2.1
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33431153
one more thing,
what is the gw assigned to wirless clients ?
can you able to ping that gw
0
 

Author Comment

by:jaymehall66
ID: 33431229
The client (laptop) connecting to the Linksys router is given an IP address of 192.168.1.100 and a gateway of 192.168.1.1.  I can ping 10.2.2.1 (the gateway of the Linksys) from the laptop.

0
 
LVL 2

Expert Comment

by:nmcnair
ID: 33431458
you need to add the 192.168.1.0/24 to access-list 10 and make sure NATing is turned off on the linksys..
0
 

Author Comment

by:jaymehall66
ID: 33431542
Standard IP access list 10
    10 permit 64.x.x.x wildcard bits 0.0.0.255 (286 matches)
    20 permit 10.2.2.0, wildcard bits 0.0.0.255 (19 matches)
    30 permit 192.168.1.0, wildcard bits 0.0.0.255

I changed the Linksys from "gateway" to "Router"

Still no access.
0
 
LVL 14

Accepted Solution

by:
anoopkmr earned 500 total points
ID: 33431647
that i what I asked ealrier abt wireless network ? so now its clear 192.168.1.0/24

the above router config doesn't have a route to 192.168.1.0 ,
just add a route  on the cisco router

ip route 192.168.1.0 255.255.255.0 10.2.2.1
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 14

Expert Comment

by:anoopkmr
ID: 33431659
sorry the route will be like this

ip route 192.168.1.0 255.255.255.0 10.2.2.2
0
 

Author Comment

by:jaymehall66
ID: 33431687
    64.x.x.x/x is variably subnetted, 2 subnets, 2 masks
C       64.x.x.x/x is directly connected, Vlan1
C       64.x.x.x/x is directly connected, FastEthernet1 10.x.x.x/x is subnetted, 1 subnets
C       10.2.2.0 is directly connected, Vlan5
S    192.168.1.0/24 [1/0] via 10.2.2.2

Still no luck.
0
 

Author Comment

by:jaymehall66
ID: 33431739
It looks like I can tracert out.  It must be a dns issue.

0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33431766
just ping some public ip  from the laptop .
if u r getting the reply ,then we can confirm its a dns issue.
0
 

Author Comment

by:jaymehall66
ID: 33431805
I can ping the outside world.  I am wondering where I the DNS issue is.  This isn't a complicated network lol
0
 

Author Comment

by:jaymehall66
ID: 33432120
How do I view the DNS information of the Cisco Router and configure the Linksys to use it?
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33432509
sh run

ip dhcp pool sdm-pool1
network 192.x.x.x 255.255.255.0
dns-server 192.x.x.x
default-router 192.x.x.x

but in your scenario, dns has to be configured on the laptop, how the laptops are getting the  ip , if its from wireless router , there u have to mention the DNS
are using local DNS or  External DNS server. for browsing we can use external DNS
0
 

Author Comment

by:jaymehall66
ID: 33432637
It works!!  I am unable to ping/access our external Webmail website.  It that a NAT rule??

The mail server is located in:

interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$$ES_LAN$
 ip address 64.x.x.x 255.255.255.224
 ip flow ingress
 ip flow egress
 ip tcp adjust-mss 1452
!

Thanks for all the help!
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33432802
ur int f1 and vlan1 has the same ip network ? please clarify

where this webmail residing ? internet  or attached to vlan 1 ( locally)
0
 

Author Comment

by:jaymehall66
ID: 33432974
The webmail sits on the inside of our network and the PIX Firewall does a NAT translation which then goes out to the Cisco 1800 router via int f1.

So it looks like this::

Email server (internal 192.x.x.x) --------- PIX -----translated to external external address (64.x.x.x) ---------Cisco 1800 router ------Internet

The Email server is part of:

ip dhcp pool sdm-pool2
   network 64.251.69.64 255.255.255.224
   default-router 64.251.69.65

On Int F1.

0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33433368
so from inside you want to reach webmail on 64.x.x.x ip  isn'it ?

do the pIX have necessary configuration for allowing this traffic.
0
 

Author Comment

by:jaymehall66
ID: 33433805
Yes - the pix will all http to 64.x.x.x of the mail server
0
 
LVL 14

Expert Comment

by:anoopkmr
ID: 33433846
from the router , just tellnet webmail natted ip on port 443 (  i guess) and see its going or not ?

from windows clients can u reach the PIX outside ip ( ping )
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Hello All, I have been training on Multicast for a while now and whenever I start the topic , I find out that my friends /  Colleagues mention that they do not know how to test Multicast Joins. As most of the multicast would be video traffic and …
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now