• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 761
  • Last Modified:

Cisco 1841 router

I have a Cisco 1800 router and I need help to set it up.
I have 2 Fast Ethernet interfaces and one Serial on the router.
I have a modem from my ISP with the IP, gw and DNS information.

Please let me know how should I configure my interfaces so computers behind the router can access the internet?
0
stasila2010
Asked:
stasila2010
  • 22
  • 20
  • 8
  • +3
3 Solutions
 
kdearingCommented:
Assuming you are inexperienced with this...

If this is a business environment, I strongly recommed hiring a local Cisco guy to come out and do this for you.
0
 
stasila2010Author Commented:
I do have a basic knowledge with the Cisco routers and this is not a business environment.

0
 
GridLock137Commented:
you need to configure your serial interface with the IP your ISP gave you, which more likely will be a static IP with the 255.255.255.252 mask so that it can communicate with their side of the WAN

in the router you will go into enable mode then into global configuration mode

type enable
then enable pasword if you have one set up
go into globla config by typing in config t
then go into interface config mode by typing in serial (serial ID)
in there you will give that interface an IP by typing the command ip address the IP the ISP give you then the mask

example: ip address 200.200.10.10 255.255.255.252

hit enter and type no shutdown after you are done make sure you give the router a default route out, for instance:

ip route 0.0.0.0 0.0.0.0 200.200.10.9 (the last IP in the command is the IP of the other side at the ISP, they would had provided this info)

do you feel comfortable doing this before i proceed?
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
sysreq2000Commented:
This should get you started. Make sure you study up on the commands so you understand what it's doing. 8)

http://www.texflame.com/2010/11/basic-configuration-cisco-1841/
0
 
GridLock137Commented:
actually this is very good, what sysreg2000 put up is better. pretty straight foward.
0
 
Istvan KalmarHead of IT Security Division Commented:
please provide us the blank config, and the informations what the ISP gave for you....
0
 
stasila2010Author Commented:
Thank you. Yes I am very comfortable with those commands.
I will post my run config in a bit. I have tried that setup before and I was able to ping the outside world from the router but not from my LAN subnet behind the router.


ip route 0.0.0.0 0.0.0.0 206.186.200.22

access-list 99 permit 10.1.1.0 0.0.0.255
ip nat inside source list 99 interface f0/0 overload



0
 
GridLock137Commented:
did you give the F0/0 interface an IP address? in turn that IP address should be on the same subnet that your switch is on.
0
 
Istvan KalmarHead of IT Security Division Commented:
you need to add nat for interfaces:

int fast 0/0
 ip nat outside
int fast 0/1
 ip nat inside
0
 
GridLock137Commented:
your switch should have a default-gateway configured as well pointing to the f0/0 of the router. i don't know, but do you have a switch i this mix?
0
 
stasila2010Author Commented:
I have attached the basic network diagram.
can you please post the configuration for the both interfaces on the router?

Thank you in advance.

Cisco.png
0
 
Istvan KalmarHead of IT Security Division Commented:
you need:

int fast 0/1
 ip nat outside
 ip address 175.208.187.8 255.255.255.248
 no shu
int fast 0/0
 ip nat inside
 ip add 10.1.1.1 255.255.255.0
 no shu
ip dhcp pool DATA
 network 10.1.1.0 /24
 default router 10.1.1.1
 dns server 8.8.8.8
ip route 0.0.0.0 0.0.0.0 175.208.187.9
access-list 1 permit 10.1.1.0 0.0.0.255
ip nat inside source list 1 interface fast 0/0 overload
CTRL+Z
write
0
 
stasila2010Author Commented:
ikalmar, thank you for your quick reply. I will try it tonight and post the results tomorrow.

0
 
Istvan KalmarHead of IT Security Division Commented:
ok...
0
 
stasila2010Author Commented:
with directly attached cable to E0/1 and the interface setting below I can only ping my gateway but nothing else from the router itself.

interface FastEthernet0/1
 ip address 175.208.187.8 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 no mop enabled

ip route 0.0.0.0 0.0.0.0 175.208.187.9
0
 
Istvan KalmarHead of IT Security Division Commented:
what show the following:

tracert 4.2.2.2
0
 
sysreq2000Commented:
I guess we never asked what kind of modem it is, and what type of connection to your isp.  8)
0
 
stasila2010Author Commented:
there is no tracert command on Cisco router. I can show you the output from traceroute command.

also my DNS settings on the router

ip name-server 206.192.0.140
ip name-server 206.192.0.210

Please note that i can't ping either IP address or domain names.

0
 
stasila2010Author Commented:
it's a EFM connection. I have a regular Cisco Linksys router and it's works just fine with those settings. The reason why I need a 1800 router is because I can create Loopbacks and forward the same ports to a different host on the LAN network. Let say I have 5 external IP's with the Loopbaks I can forward 5 port 80 to my internal network.

0
 
Istvan KalmarHead of IT Security Division Commented:
please show the config, and firstly I advise to reload the modem, and retry the internet connection
0
 
stasila2010Author Commented:
Current configuration : 4490 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption

!
boot-start-marker
boot system flash:c1841-advsecurityk9-mz.124-11.T.bin
warm-reboot count 10 uptime 10
boot-end-marker
!
security authentication failure rate 3 log
logging userinfo
logging buffered 51200
logging console warnings

no aaa new-model
no ip routing
no ip cef
!
!
!
!
ip name-server 206.191.0.140
ip name-server 206.191.0.210
ip ssh rsa keypair-name sshkeys
login block-for 120 attempts 5 within 60
login on-failure
login on-success

interface FastEthernet0/0
 description $ETH-LAN$
 ip address 10.1.1.13 255.255.255.0
 no ip redirects
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface FastEthernet0/1
 ip address 175.208.187.8 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface Serial0/0/0
 no ip address
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 shutdown
!
ip route 0.0.0.0 0.0.0.0 175.208.187.9
!
!

ip nat inside source list 1 interface FastEthernet0/0 overload
!
!
logging trap debugging
logging 10.1.1.152
access-list 1 permit 10.1.1.0 0.0.0.255

I am also thinking the reloading the modem may resolve this issue but unfortunately I can't touch it until tomorrow. Does the config looks good to you guys?

0
 
vikrantambhoreCommented:
As per Attached Diagram your ISP Modem is Pluged into interface FastEthernet0/1
 so we should change ip nat inside source list 1 interface FastEthernet0/0 overload
to ip nat inside source list 1 interface FastEthernet0/1 overload


HTH
VIkrant
0
 
Istvan KalmarHead of IT Security Division Commented:
yep, I've missed it:_

no ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 1 interface FastEthernet0/1 overload
0
 
stasila2010Author Commented:
I have reboot the modem and reload the router, I still can't ping anything except my modem IP address from the router.

here is the output from sh int

EFM#sh int f0/1
FastEthernet0/1 is up, line protocol is down
  Hardware is Gt96k FE, address is 0017.9578.4d95 (bia 0017.9578.4d95)
  Description: EFM Outside$ETH-LAN$
  Internet address is 175.208.187.8/29
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:02:20, output 00:01:49, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     17 packets input, 1290 bytes
     Received 10 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     185 packets output, 11370 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
0
 
kdearingCommented:
The IP address on the FastEthernet0/1 interface is wrong.
175.208.187.8 /29 is a NETWORK address
Your default gateway is 175.208.187.9 which is correct

You have 5 IP addresses available for you to use.
FE0/1 should have an IP address of 175.208.187.10 - 175.208.187.14
0
 
stasila2010Author Commented:
I am getting the same result with the IP address below.

EFM#sh int f0/1
FastEthernet0/1 is up, line protocol is up
  Hardware is Gt96k FE, address is 0017.9578.4d95 (bia 0017.9578.4d95)
  Description: EFM Outside$ETH-LAN$
  Internet address is 175.208.187.12/29
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:46, output 00:00:03, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     19 packets input, 1410 bytes
     Received 12 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     612 packets output, 36990 bytes, 0 underruns
0
 
kdearingCommented:
From the router, can you ping your default gateway (ISP modem 175.208.187.9)?
0
 
stasila2010Author Commented:
Yes I can but nothing else.
0
 
kdearingCommented:
I would put a laptop directly connected to the ISP modem with the followning static IP info:
IP  175.208.187.10
Mask   255.255.255.248
Gateway   175.208.187.9
DNS   206.191.0.140 & 206.191.0.210


If you can ping the ISP modem, but not the DNS servers...
It appears your ISP has not added your assigned network (175.208.187.8 /29) to their routing tables.

I've seen it happen before on newly provisioned circuits.
Of course, it takes a while to convince them.
0
 
stasila2010Author Commented:
thanks for your reply. it's working with the laptop directly connected to the modem. it also works with a regular linksys router.
I am a little confused here. not sure what I am missing here with 1800 router.

0
 
GridLock137Commented:
so you are able to ping the DNS servers with the settings kdearing provided?
0
 
stasila2010Author Commented:
from the laptop i can but not from the cisco router.
0
 
GridLock137Commented:
shot in the dark, have you configured the IP domain-lookup command on the router? this should not matter being you are pinging IPs but configure that on there and see if you can ping a website from the router.
0
 
GridLock137Commented:
i think you may have the wrong IP address on the FA0/1 interface:

i subnetted your network on a paper to figure your range, your network address is actually the .8/29 which gives you 6 usable IP addresses as follows:

(net) 175.208.187.8 | (range of IPs) 175.208.187.9 - 175.208.187.14 | (broadcast) 175.208.187.15

the .9 address is already set for the ISP modem I assume, you should give fa0/1 the ip address of 175.208.187.10 255.255.255.248 which is the next usable IP address in your range.

0
 
GridLock137Commented:
you may also have to modify your access rules and NAT rule to reflect your new IP for interface fa0/1. the IP 175.208.187.8/29 is the network address with it's mask letting you know the amout of IPs you can use. the ISP probably did not provide the range of usable IP addresses. see above for your actual IP addresses to use.
0
 
Istvan KalmarHead of IT Security Division Commented:
Did you tried 8.8.8.8 for DNS server setting?
0
 
GridLock137Commented:
I don't think its a DNS issue right now, I see the wrong IP on the fa0/1 interface. I would give that a try first.
0
 
stasila2010Author Commented:
I have assigned the same IP address to a Linksys router and it's working just fine. I also don't think it has anything to do with a DNS servers.
0
 
kdearingCommented:
At this point I think it's time to start over.
If a Linksys router works, then your issue is definitely the 1841.

I would do the following:

Completely wipe out existing config
Config the bare minimum (IP, subnet, gateway) on the WAN interface (F0/1) and test
Continue adding and testing where possible.
0
 
GridLock137Commented:
if he wipes then he should follow the IP settings I posted above, he was using the network ID that the provider furnished, he has to use the next available IP in his range of that subnet whih is .10 for his FA0/1
0
 
kdearingCommented:
That has already been covered and corrected about 16 posts ago
0
 
stasila2010Author Commented:
new config is attached.
new-config.txt
0
 
GridLock137Commented:
no it was not... he was still using .8 and it was the laptop that was configure with .10 not fa0/1.
0
 
GridLock137Commented:
.12 is good as well being it falls within that range.
0
 
GridLock137Commented:
fa0/1 looks good and so does your route statement, make sure you give your fa0/0 int an ip as well so that it can communicate with your internal subnet, also make sure a gateway is configure on your switch like before, as well as your NAT statements.
0
 
stasila2010Author Commented:
I can see the progress after wiping out the old configuration. I can ping the outside world now from the router.
I will configure the second interface now and let you know if all other device on the LAN can ping as well.

how can I configure the Loopbaks interfaces with my other 5 IP addresses?

0
 
GridLock137Commented:
when you say loopback are you referring to actual loopback interfaces or the other interfaces left on the router?
0
 
GridLock137Commented:
you can create loopback interfaces from global config using the interface loopback (loopback id), that will put you into loopback interface mode where you can apply an ip address to it in the same fashion you did with the other interfaces.
0
 
stasila2010Author Commented:
I have tried to set an IP address to the Loopback interface without any luck. Please take a look below and let me know if I did something wrong

EFM(config)#int lo1
EFM(config-if)#ip nat outside
EFM(config-if)#ip address 175.208.187.13 255.255.255.255
% 175.208.187.13 overlaps with FastEthernet0/1
0
 
GridLock137Commented:
it should not matter but try giving that lo1 the 255.255.255.248 mask
0
 
stasila2010Author Commented:
same result

EFM(config-if)#ip address 175.208.187.13 255.255.255.248
% 175.208.187.8 overlaps with FastEthernet0/1

0
 
GridLock137Commented:
before we troubleshoot that, have you been able to get your end points to ping anything on the outside?
0
 
stasila2010Author Commented:
Thank you. Yes, I am able to ping outside world from my LAN now.  I had change the IP address on F0/0 and it's start working.
0
 
kdearingCommented:
A Loopback cannot be in the same subnet as any other L3 interface.
Why do you need to configure loopback?
If you want to use the rest of your public IP addresses, then just use a static NAT between interal server and outside.
0
 
GridLock137Commented:
other than what kdearing mentioned above which is true you are pretty much set, just set your NATting up.
0
 
stasila2010Author Commented:
can you please give me an example how to achieve it with the NAT?
0
 
GridLock137Commented:
sorry for the multiple questions, what are you trying to accomplish?
0
 
stasila2010Author Commented:
I have 3 web servers on my LAN network . I need to forward port 80 from my external IP's to my servers on my LAN network.
I am currently using a Loopback interfaces to achieve that. In 3 weeks time I will switch over from on ISP to another and need to reconfigure the router.

ip nat inside source static tcp 10.1.1.184 80 Loopback1 80 extendable
ip nat inside source static tcp 10.1.1.3 80 Loopback2 80 extendable
ip nat inside source static tcp 10.1.1.7 80 Loopback3 80 extendable
0
 
GridLock137Commented:
this is a little pass my knowledge of things. i was able to help with the other things from earlier today and yesterday, which i'm glad you got up and running. my understanding of loopback interfaces is that they are for testing purposes only and i looked it up as kdearing mentioned you cannot have two interfaces on the same router on the same subnet.

I will look into this a little more, when i get home. ;o)

0
 
stasila2010Author Commented:
I will open a new question for my Loopbaks issue.  Thank you all for helping me with this.
I will divide the points and close this question.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

  • 22
  • 20
  • 8
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now