Cisco router basic config

g0/0
ip nat inside

You've got two outside interfaces. How are you going to control which one is used?

ASKER

Hello -

- It is a TW iz connection with a static IP.
- gi/0/0 is used as the management port.

- gi0/1 is the WAN (Internet)
- gi0/1 is the LAN

Thank you -
A

- gi0/1 is the WAN (Internet)
- gi0/1 is the LAN

I'm guessing that's a typo.

Assuming the g0/2 is the LAN, then that is your inside interface.

So:

g0/2
ip nat inside

ASKER

Hello Don,

Yes it is a typo. It is gi0/2.

Ah, missed that NAT setting... will fix that and let you know.

Thank you for your help,
Angel

ASKER

Hello -

The NAT setting did not help.

Are the routes incorrect?

Thank you,
A

Post the current config (please use the "code" feature when posting).

Remove the default route from g0/2

ASKER

Hello Posting current config as requested.
Thank you,
A

Using 3749 out of 262136 bytes
!
! Last configuration change at 18:48:49 UTC Tue Jan 28 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.2S#g/h#MA
enable password secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1 
 lease 0 2
!
ip dhcp pool PBM
 import all
 network 10.1.10.0 255.255.255.0
 dns-server 209.18.47.61 209.18.47.62 
 default-router 10.1.10.1 
!
!
!
ip domain name whsportscomplex.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41#74
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-41#74
 revocation-check none
 rsakeypair TP-self-signed-41#74
!
!
crypto pki certificate chain TP-self-signed-41#74
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
license udi pid CISCO2921/K9 sn 1234567
!
!
file privilege 0
username admin privilege 15 secret 4 3zS.#.#/w#.#o
username adminusr privilege 15 view enduserview password 0 secret
!
redundancy
!
!
!
!
!
! 
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 ip address 60.44.108.190 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 10.1.10.1 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip default-network 10.1.10.0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
 secret 5 $#.
 commands interface include switchport
 commands configure include cns trusted-server
 commands configure include cns
 commands configure include scheduler max-task-time
 commands configure include scheduler
 commands exec include dir all-filesystems
 commands exec include dir
 commands exec include write memory
 commands exec include write
 commands exec include configure terminal
 commands exec include configure
 commands exec include show ip interface brief
 commands exec include show ip interface
 commands exec include show ip
 commands exec include show diag
 commands exec include show version
 commands exec include show running-config
 commands exec include show interfaces
 commands exec include show
!
!
line con 0
 exec-timeout 59 30
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 password secret
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 password secret
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

How is the current config looking like, besides the missing nat setting?

Thank you,
A

SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

Hello -

Ok took care of the NAT settings
and removed the default router from gi0/2

not access to the internet yet.

I have also removed the default-network statement and still no go.

How is the DNS?

The pc gets the right ip from the right pool, yet it does not get a gateway ip.

Thank you -
A

Here is the current conf

Using 3899 out of 262136 bytes
!
! Last configuration change at 20:42:33 UTC Thu Jan 30 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.#/h#A
enable password secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.1.10.1 10.1.10.50
ip dhcp excluded-address 10.1.10.150 10.1.10.254
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1 
 lease 0 2
!
ip dhcp pool PBM
 import all
 network 10.1.10.0 255.255.255.0
 dns-server 209.18.47.61 209.18.47.62 
!
!
!
ip domain name mydomain.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41#74
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-41#74
 revocation-check none
 rsakeypair TP-self-signed-41#74
!
!
crypto pki certificate chain TP-self-signed-41#74
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
license udi pid CISCO2921/K9 sn #
!
!
file privilege 0
username admin privilege 15 secret 4 #wZ.Ell##co
username adminusr privilege 15 view enduserview password 0 secret
!
redundancy
!
!
!
!
!
! 
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 ip address 60.44.102.190 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 10.1.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip default-network 10.1.10.0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
 secret 5 $1#W.
 commands interface include switchport
 commands configure include cns trusted-server
 commands configure include cns
 commands configure include scheduler max-task-time
 commands configure include scheduler
 commands exec include dir all-filesystems
 commands exec include dir
 commands exec include write memory
 commands exec include write
 commands exec include configure terminal
 commands exec include configure
 commands exec include show ip interface brief
 commands exec include show ip interface
 commands exec include show ip
 commands exec include show diag
 commands exec include show version
 commands exec include show running-config
 commands exec include show interfaces
 commands exec include show
!
!
line con 0
 exec-timeout 59 30
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 password #
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 password #
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end

From the router, try to ping 8.8.8.8

post the output of a "show ip int brief" and "sh ip nat stat".

ASKER

Ok - here is the following:

ping 8.8.8.8

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

sho ip int brief

Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down
GigabitEthernet0/0         10.10.10.1      YES NVRAM  down                  down
GigabitEthernet0/1         60.44.102.190   YES NVRAM  up                    up  
GigabitEthernet0/2         10.1.10.1       YES NVRAM  up                    up  
NVI0                       unassigned      YES unset  administratively down down

sho ip nat stat

Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
  GigabitEthernet0/1
Inside interfaces:
  GigabitEthernet0/0, GigabitEthernet0/2
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 101 interface GigabitEthernet0/1 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, GigabitEthernet0/1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.1.10.0/24 is directly connected, GigabitEthernet0/2
L        10.1.10.1/32 is directly connected, GigabitEthernet0/2
      50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        60.44.102.188/30 is directly connected, GigabitEthernet0/1
L        60.44.102.190/32 is directly connected, GigabitEthernet0/1

ASKER CERTIFIED SOLUTION

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ASKER

Should we remove the default-network and default-router?

Thank you,
Angel

Yes.

no ip default-network 10.1.10.0

Do NOT remove the default-router statements.

ASKER

Ok,

Do you recommend to use the 8.8.8.8 ip for DNS or just keep what the Internet provider provides?

Looks like we are able to access the net.

Thank you,
A

I didn't say to change your DNS. I just wanted to verify that the router could access a non-local interface host.

ASKER

Hello -

No, understood. Just asking if you recommend it?

Otherwise we are good.

Thank you,
A

I prefer Google's DNS server. But DNS servers are like browsers, OS's, cars, and everything else. To each his own. :-)

ASKER

Hello Don,

Thank you again for your support -
A