Solved

Cisco 1841 router

Posted on 2011-02-17
60
749 Views
Last Modified: 2012-05-11
I have a Cisco 1800 router and I need help to set it up.
I have 2 Fast Ethernet interfaces and one Serial on the router.
I have a modem from my ISP with the IP, gw and DNS information.

Please let me know how should I configure my interfaces so computers behind the router can access the internet?
0
Comment
Question by:stasila2010
  • 22
  • 20
  • 8
  • +3
60 Comments
 
LVL 13

Expert Comment

by:kdearing
ID: 34917923
Assuming you are inexperienced with this...

If this is a business environment, I strongly recommed hiring a local Cisco guy to come out and do this for you.
0
 

Author Comment

by:stasila2010
ID: 34918076
I do have a basic knowledge with the Cisco routers and this is not a business environment.

0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34918320
you need to configure your serial interface with the IP your ISP gave you, which more likely will be a static IP with the 255.255.255.252 mask so that it can communicate with their side of the WAN

in the router you will go into enable mode then into global configuration mode

type enable
then enable pasword if you have one set up
go into globla config by typing in config t
then go into interface config mode by typing in serial (serial ID)
in there you will give that interface an IP by typing the command ip address the IP the ISP give you then the mask

example: ip address 200.200.10.10 255.255.255.252

hit enter and type no shutdown after you are done make sure you give the router a default route out, for instance:

ip route 0.0.0.0 0.0.0.0 200.200.10.9 (the last IP in the command is the IP of the other side at the ISP, they would had provided this info)

do you feel comfortable doing this before i proceed?
0
 
LVL 11

Expert Comment

by:sysreq2000
ID: 34918336
This should get you started. Make sure you study up on the commands so you understand what it's doing. 8)

http://www.texflame.com/2010/11/basic-configuration-cisco-1841/
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34918366
actually this is very good, what sysreg2000 put up is better. pretty straight foward.
0
 
LVL 34

Assisted Solution

by:Istvan Kalmar
Istvan Kalmar earned 166 total points
ID: 34918394
please provide us the blank config, and the informations what the ISP gave for you....
0
 

Author Comment

by:stasila2010
ID: 34918448
Thank you. Yes I am very comfortable with those commands.
I will post my run config in a bit. I have tried that setup before and I was able to ping the outside world from the router but not from my LAN subnet behind the router.


ip route 0.0.0.0 0.0.0.0 206.186.200.22

access-list 99 permit 10.1.1.0 0.0.0.255
ip nat inside source list 99 interface f0/0 overload



0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34918481
did you give the F0/0 interface an IP address? in turn that IP address should be on the same subnet that your switch is on.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34918491
you need to add nat for interfaces:

int fast 0/0
 ip nat outside
int fast 0/1
 ip nat inside
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34918508
your switch should have a default-gateway configured as well pointing to the f0/0 of the router. i don't know, but do you have a switch i this mix?
0
 

Author Comment

by:stasila2010
ID: 34919625
I have attached the basic network diagram.
can you please post the configuration for the both interfaces on the router?

Thank you in advance.

Cisco.png
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34920159
you need:

int fast 0/1
 ip nat outside
 ip address 175.208.187.8 255.255.255.248
 no shu
int fast 0/0
 ip nat inside
 ip add 10.1.1.1 255.255.255.0
 no shu
ip dhcp pool DATA
 network 10.1.1.0 /24
 default router 10.1.1.1
 dns server 8.8.8.8
ip route 0.0.0.0 0.0.0.0 175.208.187.9
access-list 1 permit 10.1.1.0 0.0.0.255
ip nat inside source list 1 interface fast 0/0 overload
CTRL+Z
write
0
 

Author Comment

by:stasila2010
ID: 34920227
ikalmar, thank you for your quick reply. I will try it tonight and post the results tomorrow.

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34920318
ok...
0
 

Author Comment

by:stasila2010
ID: 34928167
with directly attached cable to E0/1 and the interface setting below I can only ping my gateway but nothing else from the router itself.

interface FastEthernet0/1
 ip address 175.208.187.8 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 no mop enabled

ip route 0.0.0.0 0.0.0.0 175.208.187.9
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34928206
what show the following:

tracert 4.2.2.2
0
 
LVL 11

Expert Comment

by:sysreq2000
ID: 34928262
I guess we never asked what kind of modem it is, and what type of connection to your isp.  8)
0
 

Author Comment

by:stasila2010
ID: 34928286
there is no tracert command on Cisco router. I can show you the output from traceroute command.

also my DNS settings on the router

ip name-server 206.192.0.140
ip name-server 206.192.0.210

Please note that i can't ping either IP address or domain names.

0
 

Author Comment

by:stasila2010
ID: 34928331
it's a EFM connection. I have a regular Cisco Linksys router and it's works just fine with those settings. The reason why I need a 1800 router is because I can create Loopbacks and forward the same ports to a different host on the LAN network. Let say I have 5 external IP's with the Loopbaks I can forward 5 port 80 to my internal network.

0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34928461
please show the config, and firstly I advise to reload the modem, and retry the internet connection
0
 

Author Comment

by:stasila2010
ID: 34928590
Current configuration : 4490 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption

!
boot-start-marker
boot system flash:c1841-advsecurityk9-mz.124-11.T.bin
warm-reboot count 10 uptime 10
boot-end-marker
!
security authentication failure rate 3 log
logging userinfo
logging buffered 51200
logging console warnings

no aaa new-model
no ip routing
no ip cef
!
!
!
!
ip name-server 206.191.0.140
ip name-server 206.191.0.210
ip ssh rsa keypair-name sshkeys
login block-for 120 attempts 5 within 60
login on-failure
login on-success

interface FastEthernet0/0
 description $ETH-LAN$
 ip address 10.1.1.13 255.255.255.0
 no ip redirects
 ip nat inside
 ip virtual-reassembly
 no ip route-cache
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface FastEthernet0/1
 ip address 175.208.187.8 255.255.255.248
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface Serial0/0/0
 no ip address
 ip nat outside
 ip virtual-reassembly
 no ip route-cache
 shutdown
!
ip route 0.0.0.0 0.0.0.0 175.208.187.9
!
!

ip nat inside source list 1 interface FastEthernet0/0 overload
!
!
logging trap debugging
logging 10.1.1.152
access-list 1 permit 10.1.1.0 0.0.0.255

I am also thinking the reloading the modem may resolve this issue but unfortunately I can't touch it until tomorrow. Does the config looks good to you guys?

0
 
LVL 6

Expert Comment

by:vikrantambhore
ID: 34931722
As per Attached Diagram your ISP Modem is Pluged into interface FastEthernet0/1
 so we should change ip nat inside source list 1 interface FastEthernet0/0 overload
to ip nat inside source list 1 interface FastEthernet0/1 overload


HTH
VIkrant
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34931743
yep, I've missed it:_

no ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source list 1 interface FastEthernet0/1 overload
0
 

Author Comment

by:stasila2010
ID: 34943729
I have reboot the modem and reload the router, I still can't ping anything except my modem IP address from the router.

here is the output from sh int

EFM#sh int f0/1
FastEthernet0/1 is up, line protocol is down
  Hardware is Gt96k FE, address is 0017.9578.4d95 (bia 0017.9578.4d95)
  Description: EFM Outside$ETH-LAN$
  Internet address is 175.208.187.8/29
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Auto-duplex, Auto Speed, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:02:20, output 00:01:49, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     17 packets input, 1290 bytes
     Received 10 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     185 packets output, 11370 bytes, 0 underruns
     0 output errors, 0 collisions, 2 interface resets
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier
     0 output buffer failures, 0 output buffers swapped out
0
 
LVL 13

Expert Comment

by:kdearing
ID: 34944260
The IP address on the FastEthernet0/1 interface is wrong.
175.208.187.8 /29 is a NETWORK address
Your default gateway is 175.208.187.9 which is correct

You have 5 IP addresses available for you to use.
FE0/1 should have an IP address of 175.208.187.10 - 175.208.187.14
0
 

Author Comment

by:stasila2010
ID: 34944351
I am getting the same result with the IP address below.

EFM#sh int f0/1
FastEthernet0/1 is up, line protocol is up
  Hardware is Gt96k FE, address is 0017.9578.4d95 (bia 0017.9578.4d95)
  Description: EFM Outside$ETH-LAN$
  Internet address is 175.208.187.12/29
  MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 100Mb/s, 100BaseTX/FX
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:46, output 00:00:03, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     19 packets input, 1410 bytes
     Received 12 broadcasts, 0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog
     0 input packets with dribble condition detected
     612 packets output, 36990 bytes, 0 underruns
0
 
LVL 13

Expert Comment

by:kdearing
ID: 34944431
From the router, can you ping your default gateway (ISP modem 175.208.187.9)?
0
 

Author Comment

by:stasila2010
ID: 34944464
Yes I can but nothing else.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 34945239
I would put a laptop directly connected to the ISP modem with the followning static IP info:
IP  175.208.187.10
Mask   255.255.255.248
Gateway   175.208.187.9
DNS   206.191.0.140 & 206.191.0.210


If you can ping the ISP modem, but not the DNS servers...
It appears your ISP has not added your assigned network (175.208.187.8 /29) to their routing tables.

I've seen it happen before on newly provisioned circuits.
Of course, it takes a while to convince them.
0
 

Author Comment

by:stasila2010
ID: 34945659
thanks for your reply. it's working with the laptop directly connected to the modem. it also works with a regular linksys router.
I am a little confused here. not sure what I am missing here with 1800 router.

0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 7

Expert Comment

by:GridLock137
ID: 34945835
so you are able to ping the DNS servers with the settings kdearing provided?
0
 

Author Comment

by:stasila2010
ID: 34945951
from the laptop i can but not from the cisco router.
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34946012
shot in the dark, have you configured the IP domain-lookup command on the router? this should not matter being you are pinging IPs but configure that on there and see if you can ping a website from the router.
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34946864
i think you may have the wrong IP address on the FA0/1 interface:

i subnetted your network on a paper to figure your range, your network address is actually the .8/29 which gives you 6 usable IP addresses as follows:

(net) 175.208.187.8 | (range of IPs) 175.208.187.9 - 175.208.187.14 | (broadcast) 175.208.187.15

the .9 address is already set for the ISP modem I assume, you should give fa0/1 the ip address of 175.208.187.10 255.255.255.248 which is the next usable IP address in your range.

0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34946881
you may also have to modify your access rules and NAT rule to reflect your new IP for interface fa0/1. the IP 175.208.187.8/29 is the network address with it's mask letting you know the amout of IPs you can use. the ISP probably did not provide the range of usable IP addresses. see above for your actual IP addresses to use.
0
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 34949127
Did you tried 8.8.8.8 for DNS server setting?
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34950772
I don't think its a DNS issue right now, I see the wrong IP on the fa0/1 interface. I would give that a try first.
0
 

Author Comment

by:stasila2010
ID: 34951875
I have assigned the same IP address to a Linksys router and it's working just fine. I also don't think it has anything to do with a DNS servers.
0
 
LVL 13

Accepted Solution

by:
kdearing earned 167 total points
ID: 34952059
At this point I think it's time to start over.
If a Linksys router works, then your issue is definitely the 1841.

I would do the following:

Completely wipe out existing config
Config the bare minimum (IP, subnet, gateway) on the WAN interface (F0/1) and test
Continue adding and testing where possible.
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34952178
if he wipes then he should follow the IP settings I posted above, he was using the network ID that the provider furnished, he has to use the next available IP in his range of that subnet whih is .10 for his FA0/1
0
 
LVL 13

Expert Comment

by:kdearing
ID: 34952268
That has already been covered and corrected about 16 posts ago
0
 

Author Comment

by:stasila2010
ID: 34952367
new config is attached.
new-config.txt
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34952443
no it was not... he was still using .8 and it was the laptop that was configure with .10 not fa0/1.
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34952456
.12 is good as well being it falls within that range.
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34952487
fa0/1 looks good and so does your route statement, make sure you give your fa0/0 int an ip as well so that it can communicate with your internal subnet, also make sure a gateway is configure on your switch like before, as well as your NAT statements.
0
 

Author Comment

by:stasila2010
ID: 34952566
I can see the progress after wiping out the old configuration. I can ping the outside world now from the router.
I will configure the second interface now and let you know if all other device on the LAN can ping as well.

how can I configure the Loopbaks interfaces with my other 5 IP addresses?

0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34952659
when you say loopback are you referring to actual loopback interfaces or the other interfaces left on the router?
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34952991
you can create loopback interfaces from global config using the interface loopback (loopback id), that will put you into loopback interface mode where you can apply an ip address to it in the same fashion you did with the other interfaces.
0
 

Author Comment

by:stasila2010
ID: 34955282
I have tried to set an IP address to the Loopback interface without any luck. Please take a look below and let me know if I did something wrong

EFM(config)#int lo1
EFM(config-if)#ip nat outside
EFM(config-if)#ip address 175.208.187.13 255.255.255.255
% 175.208.187.13 overlaps with FastEthernet0/1
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34955401
it should not matter but try giving that lo1 the 255.255.255.248 mask
0
 

Author Comment

by:stasila2010
ID: 34955488
same result

EFM(config-if)#ip address 175.208.187.13 255.255.255.248
% 175.208.187.8 overlaps with FastEthernet0/1

0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34955687
before we troubleshoot that, have you been able to get your end points to ping anything on the outside?
0
 

Author Comment

by:stasila2010
ID: 34955797
Thank you. Yes, I am able to ping outside world from my LAN now.  I had change the IP address on F0/0 and it's start working.
0
 
LVL 13

Expert Comment

by:kdearing
ID: 34955872
A Loopback cannot be in the same subnet as any other L3 interface.
Why do you need to configure loopback?
If you want to use the rest of your public IP addresses, then just use a static NAT between interal server and outside.
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34955964
other than what kdearing mentioned above which is true you are pretty much set, just set your NATting up.
0
 

Author Comment

by:stasila2010
ID: 34956024
can you please give me an example how to achieve it with the NAT?
0
 
LVL 7

Expert Comment

by:GridLock137
ID: 34956067
sorry for the multiple questions, what are you trying to accomplish?
0
 

Author Comment

by:stasila2010
ID: 34956170
I have 3 web servers on my LAN network . I need to forward port 80 from my external IP's to my servers on my LAN network.
I am currently using a Loopback interfaces to achieve that. In 3 weeks time I will switch over from on ISP to another and need to reconfigure the router.

ip nat inside source static tcp 10.1.1.184 80 Loopback1 80 extendable
ip nat inside source static tcp 10.1.1.3 80 Loopback2 80 extendable
ip nat inside source static tcp 10.1.1.7 80 Loopback3 80 extendable
0
 
LVL 7

Assisted Solution

by:GridLock137
GridLock137 earned 167 total points
ID: 34956217
this is a little pass my knowledge of things. i was able to help with the other things from earlier today and yesterday, which i'm glad you got up and running. my understanding of loopback interfaces is that they are for testing purposes only and i looked it up as kdearing mentioned you cannot have two interfaces on the same router on the same subnet.

I will look into this a little more, when i get home. ;o)

0
 

Author Comment

by:stasila2010
ID: 34956317
I will open a new question for my Loopbaks issue.  Thank you all for helping me with this.
I will divide the points and close this question.

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now