• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 497
  • Last Modified:

provide internet to LAN

I have cisco linksys E1000 that I managed to bridge with another ATT wireless router
in the other side I have normal CISCO router 2600 series.
I want to plug the Cisco Linksys E1000 to Cisco 2600 router which is plugged to a Cisco Switch 3550.
once done, I will configure Cisco 2600 router to provide internet access to the PCs that are plugged to the switch.
to start  I need to know first:
 which port of Linksys E1000 should go to which port  of Cisco 2600 router.

Thanks
0
jskfan
Asked:
jskfan
  • 38
  • 19
2 Solutions
 
SouljaCommented:
Why can't you just plug a switch into the E1000 and let that provide the internet access?
0
 
jskfanAuthor Commented:
You mean, configure a switch port with NO SWITCHPORT command then plug E1000??
0
 
jskfanAuthor Commented:
Or just leave it L2 port?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
SouljaCommented:
Just leave L2 port. Why can't the E1000 provide the routing?
0
 
jskfanAuthor Commented:
E1000 is supposed to be bridged to ATT wireless router.

I was not sure E1000 can be connected to L2 port of  cisco switch 3550 and will provide internet to the PCs connected to the same switch
0
 
jskfanAuthor Commented:
I will just move the cisco 3550 switch by the ATT wireless router and see if there is a way to plug it to the switch.

0
 
SouljaCommented:
If the ATT router has a built in switch then I see no reason you can't plug the 3550 into it. You might need a crossover if the ATT router's switch ports doesn't have Auto-MDIX. I know the 3550 doesn't.
0
 
jskfanAuthor Commented:
In real world , an internet DSL is connected to the Cisco router and a NATTING is done at the router level. Why they don't plug the DSL to the switch as you have suggested ?

0
 
jskfanAuthor Commented:
0
 
jskfanAuthor Commented:

Switch#
Switch#sh run
Building configuration...

Current configuration : 4114 bytes
!
version 12.2
 
hostname Switch
 
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 
!
interface FastEthernet0/6
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet0/7
 switchport access vlan 20
 switchport mode access
 
interface FastEthernet0/11
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
 
interface Vlan1
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.10
ip route 0.0.0.0 0.0.0.0 192.168.1.254 254
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 0 4
 login
line vty 5 15
 login
!
end

Notice that the ip route 0.0.0.0 0.0.0.0 192.168.1.254 254
it was provided to te switch automatically-- even if I remove ip route 0.0.0.0 0.0.0.0 192.168.3.10
 , it still doesnot work
===============================================



Router4#sh run
Building configuration...

Current configuration : 936 bytes
!
version 12.4
 
!
hostname Router4
 
ip cef
 
no ip domain lookup
  
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.3.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 
!
line con 0
line aux 0
line vty 0 4
 no login
 transport input all
line vty 5 15
 login
 transport input pad telnet rlogin udptn v120 ssh
!
!
end

================================================
Regarding my PC ethernet adapter:
IP 192.168.3.60
Subnet Mask: 255.255.255.0
DG=192.168.3.10

it didn not work [I could not get it to go to internet]

I changed the IP to Automatic, and I did not get it to go to internet too.

Open in new window

0
 
jskfanAuthor Commented:
I could not get it to work
0
 
SouljaCommented:
Can you recap what you are trying to do. I can't remember.
0
 
jskfanAuthor Commented:
Let me make it very simple.
I have a cisco 2600 router configured as shown in the code below.

I connected my PC to Fa0/1 of the router and configured my PC :
IP 192.168.3.60
SM = 255.255.255.0
DG=192.168.3.10

I can ping from my PC the DG [192.168.3.10]  which is te IP address of fa0/1 of 2600 router
I also can ping the IP of fa0/0 of cisco 2600 router [192.168.1.75] obtained from ATT router through its DHCP config.
 

 but cannot get to internet or even ping the ATT router [192.168.1.254] from my PC
Router4#sh run
Building configuration...

Current configuration : 936 bytes
!
version 12.4
 
!
hostname Router4
 
ip cef
 
no ip domain lookup
  
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.3.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
 
!
line con 0
line aux 0
line vty 0 4
 no login
 transport input all
line vty 5 15
 login
 transport input pad telnet rlogin udptn v120 ssh
!
!
end

Open in new window

0
 
SouljaCommented:
The ATT router would need to have a route to the 192.168.3.0 network.

ip route 192.168.3.0 255.255.255.0 x.x.x.x  (ip address of the 2600 fa0/0)

Can you configure static ip's between the ATT router and the 2600?

Also, what purpose is the 2600 serving that the 3550 can't do?
0
 
jskfanAuthor Commented:
<<Also, what purpose is the 2600 serving that the 3550 can't do?>>

I need to create separate vlans on the switch

0
 
jskfanAuthor Commented:
Soulja:

It does not matter if I can plug the AT&T router straight to the Cisco3550 switch and create separate vlans for my PCs and enable them to access internet.

Do you have a configuration for this approach?

thanks
0
 
SouljaCommented:
Your 3550 should be able to do layer 3.

Give the ATT router a static ip address on it's inside interface.  Create your vlan interfaces and vlans on the 3550 and then assign the ATT router's port it's connected to to it's relevant vlan. Then create static routes on the ATT routes for return traffic to the vlans.

ip route x.x.x.x 255.255.255.0 y.y.y.y  (y.y.y.y is the vlan interface of the vlan that the att router is sitting on)
ip route x.x.y.x 255.255.255.0 y.y.y.y


an so on.
0
 
jskfanAuthor Commented:

<<Give the ATT router a static ip address on it's inside interface>>
This is AT&T 2Wire router , where can I do that ?
0
 
SouljaCommented:
Ohhhh!!! That is why you are using the 2600, so you initially had the att router in bridge mode? If so, then go with that setup and reintroduce the 2600 into the picture.
0
 
jskfanAuthor Commented:
here is the current config:
Router4#sh run
Building configuration...
 
hostname Router4
 
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.3.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list NATLIST interface FastEthernet0/0 overload
!
ip access-list extended NATLIST
 deny   ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
 permit ip 192.168.0.0 0.0.255.255 any
 
!
line con 0
line aux 0
line vty 0 4
 no login
 transport input all
line vty 5 15
 login
 transport input pad telnet rlogin udptn v120 ssh
!
!
end
0
 
jskfanAuthor Commented:
so far I realized I cannot ping ATT router from source fa0/1 of the 2600 router but from fa0/0  as a source [of the same router] I can :


Router4#ping ip 192.168.1.254 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.10
.....
Success rate is 0 percent (0/5)
=========================

Router4#ping ip 192.168.1.254 source fastEthernet 0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.75
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
 
0
 
SouljaCommented:
Is pinging the att router necessary. Is it in bridged mode?
0
 
SouljaCommented:
Can you ping out to the internet from the 2600?
0
 
jskfanAuthor Commented:
it works now:
Router4#sh run
Building configuration...

Current configuration : 1078 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.3.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list NATLIST interface FastEthernet0/0 overload
!
ip access-list extended NATLIST
 permit ip 192.168.0.0 0.0.255.255 any
!
!
!
!
control-plane
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 no login
 transport input all
line vty 5 15
 login
 transport input pad telnet rlogin udptn v120 ssh
!
!
end
0
 
jskfanAuthor Commented:
My PC is connected straight to the FA0/1 of 2600 router.
I want to plug my PC to a vlan on the switch and be able to connect to internet
I have vlan 20 for interfaces range 1-6 and vlan 30 7-11 and 12 is a Trunk to fa0/1

I will post a new question about this
0
 
SouljaCommented:
ok
0
 
jskfanAuthor Commented:
mmm, from PC I can ping 192.168.1.254 but cannot get to internet
0
 
jskfanAuthor Commented:
from PC I can ping 192.168.1.254 but cannot get to internet
any idea ?
ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . :
  IPv4 Address. . . . . . . . . . . : 192.168.3.60
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.3.10
0
 
SouljaCommented:
Where is your default route?

ip route 0.0.0.0 0.0.0.0 dhcp
0
 
jskfanAuthor Commented:
I will try it
0
 
jskfanAuthor Commented:

I used:
ip route 0.0.0.0 0.0.0.0 dhcp

I can ping from the router to internet.
But still cannot get to internet from my PC.
0
 
jskfanAuthor Commented:
Though I can ping google.com from fa0/1 which is the DG of my PC and can ping the DG from my PC:

Router4#ping 213.165.70.39 source fastEthernet 0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 213.165.70.39, timeout is 2 seconds:
Packet sent with a source address of 192.168.3.10
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 144/149/152 ms
C:\>ping 192.168.3.10

Pinging 192.168.3.10 with 32 bytes of data:
Reply from 192.168.3.10: bytes=32 time=1ms TTL=255
Reply from 192.168.3.10: bytes=32 time=1ms TTL=255
Reply from 192.168.3.10: bytes=32 time=1ms TTL=255
Reply from 192.168.3.10: bytes=32 time=1ms TTL=255
0
 
SouljaCommented:
Post your current config.
0
 
jskfanAuthor Commented:
This is my current config:
Router4#sh run
Building configuration...

Current configuration : 1088 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.3.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list NATLIST interface FastEthernet0/0 overload
!
ip access-list extended NATLIST
 permit ip 192.168.0.0 0.0.255.255 any
!
!
!
!
control-plane
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 no login
 transport input all
line vty 5 15
 login
 transport input pad telnet rlogin udptn v120 ssh
!
!
end

Open in new window

0
 
jskfanAuthor Commented:
My PC config :
IPv4 Address. . . . . . . . . . . : 192.168.3.60
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.3.10
0
 
SouljaCommented:
Post sh ip nat translations

The only thing I can think of is it being the ACL, but I would think it is fine.

Try changing it to:

ip access-list extended NATLIST
 permit ip 192.168.3.0 0.255.255.255 any

or

ip access-list extended NATLIST
 permit ip any any

!
0
 
jskfanAuthor Commented:
I tried them both but still cannot connect from my PC to internet while my pc is connected to Fa0/1
0
 
SouljaCommented:
Post your sh ip nat translations
0
 
jskfanAuthor Commented:

Router4#ping www.google.com

Translating "www.google.com"...domain server (192.168.1.254) [OK]

Translating "www.google.com"...domain server (192.168.1.254) [OK]

Translating "www.google.com"...domain server (192.168.1.254) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.73.99, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/75/76 ms
Router4#sh ip nat tra
Pro Inside global      Inside local       Outside local      Outside global
icmp 192.168.1.75:7    192.168.1.75:7     74.125.73.99:7     74.125.73.99:7
udp 192.168.1.75:57715 192.168.1.75:57715 192.168.1.254:53   192.168.1.254:53
udp 192.168.1.75:58312 192.168.1.75:58312 192.168.1.254:53   192.168.1.254:53
udp 192.168.1.75:59707 192.168.1.75:59707 192.168.1.254:53   192.168.1.254:53
Router4#

Open in new window

0
 
SouljaCommented:
I just put this in packet tracer and it worked.

Hmmm,

Try changing the route to

ip route 0.0.0.0 0.0.0.0 fastethernet 0/0

For the acl, I put the wrong wildcard mask.

Try

ip access-list extended NATLIST
 permit ip 192.168.3.0 0.0.0.255 any
0
 
SouljaCommented:
Where is the 192.168.1.75  and 254 address coming from?
0
 
jskfanAuthor Commented:
The tracert as well as the Ping to one of Google's IP addresses worked.
it goes to the IP of Fa0/1: 192.168.3.10
Then to the IP address of ATT Router:192.168.1.254
Then to internet.
But the browser doesn 't seem to go to internet when plugged through Cisco2600 router. But when I use the wireless connection it goes to internet.
Also. when I ping www.Google.com it doesn't reply as shown below
C:\>tracert 74.125.73.105

Tracing route to 74.125.73.105 over a maximum of 30 hops

  1     1 ms     1 ms     1 ms  192.168.3.10
  2     3 ms     2 ms     2 ms  192.168.1.254
  3    22 ms    22 ms    22 ms  108.69.96.3
  4    23 ms    32 ms     *     99.167.141.60
  5    34 ms    22 ms    22 ms  99.167.141.26
  6    24 ms    22 ms    22 ms  12.83.70.13
  7    23 ms    23 ms    23 ms  12.123.153.137
  8    37 ms    24 ms    24 ms  12.249.135.14
  9    25 ms    25 ms    25 ms  209.85.253.120
 10    59 ms    46 ms    74 ms  216.239.48.192
 11    61 ms     *       84 ms  72.14.232.249



C:\>ping 74.125.73.105

Pinging 74.125.73.105 with 32 bytes of data:
Reply from 74.125.73.105: bytes=32 time=63ms TTL=44
Reply from 74.125.73.105: bytes=32 time=61ms TTL=44
Reply from 74.125.73.105: bytes=32 time=59ms TTL=44
Reply from 74.125.73.105: bytes=32 time=58ms TTL=46

Ping statistics for 74.125.73.105:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 58ms, Maximum = 63ms, Average = 60ms

C:\>ping www.google.com
Ping request could not find host www.google.com. Please check the name and try again.

Open in new window

0
 
jskfanAuthor Commented:
After I ping Google's IP from my PC, then on the router I type:
SHOW IP NAT TRANSLATIONS , I get the output shown in the code.
As you notice the 192.168.3.60 is my PC static IP address
C:\>ping 74.125.73.105

Pinging 74.125.73.105 with 32 bytes of data:
Reply from 74.125.73.105: bytes=32 time=61ms TTL=44
Reply from 74.125.73.105: bytes=32 time=59ms TTL=44
Reply from 74.125.73.105: bytes=32 time=58ms TTL=46
Reply from 74.125.73.105: bytes=32 time=58ms TTL=44

Ping statistics for 74.125.73.105:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 58ms, Maximum = 61ms, Average = 59ms

Router4#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
icmp 192.168.1.75:1    192.168.3.60:1     74.125.73.105:1    74.125.73.105:1
udp 192.168.1.75:137   192.168.3.60:137   99.167.141.60:137  99.167.141.60:137

Open in new window

0
 
jskfanAuthor Commented:
Telnet to Google's IP on port 80 works
right after telnet I see the output of the transaltion on the router:
 Router4#sh ip nat trans
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.1.75:50312 192.168.3.60:50312 74.125.73.105:80   74.125.73.105:80
udp 192.168.1.75:51727 192.168.3.60:51727 192.168.1.254:53   192.168.1.254:53

0
 
jskfanAuthor Commented:
<<Where is the 192.168.1.75  and 254 address coming from? >>.

the 1.75 is the IP address of cisco 2600 FA0/0 obtained through DHCP
The 1.254 is the IP of the ATT router.
0
 
SouljaCommented:
I though the ATT router was being bridged. It looks like it is an extra hop, so it's like you are double natting.
0
 
jskfanAuthor Commented:
<<I though the ATT router was being bridged>>
where can I check that?
I have 2Wire ATT, but could not find the Bridge settings.
0
 
jskfanAuthor Commented:
And I tried both Firefox and IE, with no luck
0
 
jskfanAuthor Commented:
the Traceroute above shows that the PC is going through192.168.1.254 this is the IP of the ATT router, I don't see the path through Fa0/ of Cisco router that got 192.168.1.75 through DHCP.
can this be an issue??
0
 
SouljaCommented:
No, that is not an issue, and it isn't an extra hop, since the 2600 interface and att router is on the same subnet. Can you try just removing the NAT commands from your 2600.
0
 
jskfanAuthor Commented:
I caught the root cause of the issue. it is DNS issue.
the way I found out was that from my PC when I ping www.google.com, I get :
C:\>ping www.google.com
Ping request could not find host www.google.com. Please check the name and try a
gain.

When I ping Google's IP address, the I get a Reply.:
C:\>ping 74.125.73.103

Pinging 74.125.73.103 with 32 bytes of data:
Reply from 74.125.73.103: bytes=32 time=64ms TTL=45
Reply from 74.125.73.103: bytes=32 time=58ms TTL=45
Reply from 74.125.73.103: bytes=32 time=58ms TTL=45
Reply from 74.125.73.103: bytes=32 time=59ms TTL=43

Ping statistics for 74.125.73.103:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 58ms, Maximum = 64ms, Average = 59ms

What I did was, typing Google IP address 74.125.73.103 on the browser, then I managed to access Google web Page.
Now I need your help to make the router provide my PC the DNS service so that it can access Internet.

Thanks
0
 
jskfanAuthor Commented:
I added this command, and it is working now:
ip dns server
0
 
jskfanAuthor Commented:
This is the config that worked :
Router4#sh run
Building configuration...

Current configuration : 1108 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router4
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
 
!
interface FastEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Serial0/0
 no ip address
 shutdown
!
interface FastEthernet0/1
 ip address 192.168.3.10 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip dns server
!
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list NATLIST interface FastEthernet0/0 overload
!
ip access-list extended NATLIST
 permit ip any any
!
access-list 10 permit any
!
!
!
control-plane
!
!
!
!
!
!
dial-peer cor custom
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
 no login
 transport input all
line vty 5 15
 login
 transport input pad telnet rlogin udptn v120 ssh
!
!
end

Open in new window

0
 
jskfanAuthor Commented:
Forgot one thing to mention.
On TCP/IP config on my PC I had to type DNS address the IP address of the 2600 Router Fa0/1 [192.168.3.10]
0
 
SouljaCommented:
Man, you didn't have dns on your pc? If that was the case, the command was not needed on the router, you just need to enter the dns of your isp.
0
 
jskfanAuthor Commented:
Yeah...
I pasted the config of my PC... it was static IP.

This is just a test lab. Next I will set up Vlans on 3550 switch , and will make sure each vlan can connect to internet.

I will post a new Question soon. Just watch for it ..)

0
 
jskfanAuthor Commented:
Excellent!!!
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

  • 38
  • 19
Tackle projects and never again get stuck behind a technical roadblock.
Join Now