Angel Rosa
asked on
Cisco router basic config
Hello -
We are working on setting up a basic config for a 2921 cisco router -- this is our current basic config. Are we missing anything. We are unable to access the internet.
======
Building configuration...
Current configuration : 5175 bytes
!
! Last configuration change at 22:07:01 UTC Thu Jan 23 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.xA
enable password SECRET
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool HOUSE
import all
network 10.1.10.0 255.255.255.0
dns-server 209.18.47.61 209.18.47.62
!
!
!
ip domain name mydomain.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41561274
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi cate-41561 274
revocation-check none
rsakeypair TP-self-signed-41561274
!
!
crypto pki certificate chain TP-self-signed-41561274
certificate self-signed 01
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313330 37333439 3734301E 170D3133 31323236 32333238
03551D0E 04160414 2D0AABC0 E884537A CEF24534 591FE227 3F17C157 300D0609
2A864886 F70D0101 05050003 81810022 AB031C47 E03A6559 9E522095 3CB0CDF2
7AC5AB48 2D8B98FB 761B7F23 CB541B10 ED1B6A4B 8EB2C7DF 68796648 500F28A0
CD85FA3E 63123577 F38E7C59 389A2DFC 78D2EA51 0BD64AE3 58547B2D 6BA8E160
BCCF7AF5 66197197 51A080D3 57E89326 17835B19 F9E630CA 38FD3596 1E90764E
quit
license udi pid CISCO2921/K9 sn ##########
!
!
file privilege 0
username admin privilege 15 secret 4 3xo
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I NTF-INFO-G E 0/0$
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 60.44.108.190 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 10.1.10.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip nat inside source list 199 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
access-list 199 permit ip any any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
secret 5 $xW.
commands interface include switchport
commands configure include cns trusted-server
commands configure include cns
commands configure include scheduler max-task-time
commands configure include scheduler
commands exec include dir all-filesystems
commands exec include dir
commands exec include write memory
commands exec include write
commands exec include configure terminal
commands exec include configure
commands exec include show ip interface brief
commands exec include show ip interface
commands exec include show ip
commands exec include show diag
commands exec include show version
commands exec include show running-config
commands exec include show interfaces
commands exec include show
!
!
line con 0
exec-timeout 59 30
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password SECRET
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
password SECRET
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end
We are working on setting up a basic config for a 2921 cisco router -- this is our current basic config. Are we missing anything. We are unable to access the internet.
======
Building configuration...
Current configuration : 5175 bytes
!
! Last configuration change at 22:07:01 UTC Thu Jan 23 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.xA
enable password SECRET
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool HOUSE
import all
network 10.1.10.0 255.255.255.0
dns-server 209.18.47.61 209.18.47.62
!
!
!
ip domain name mydomain.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41561274
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-41561274
!
!
crypto pki certificate chain TP-self-signed-41561274
certificate self-signed 01
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34313330 37333439 3734301E 170D3133 31323236 32333238
03551D0E 04160414 2D0AABC0 E884537A CEF24534 591FE227 3F17C157 300D0609
2A864886 F70D0101 05050003 81810022 AB031C47 E03A6559 9E522095 3CB0CDF2
7AC5AB48 2D8B98FB 761B7F23 CB541B10 ED1B6A4B 8EB2C7DF 68796648 500F28A0
CD85FA3E 63123577 F38E7C59 389A2DFC 78D2EA51 0BD64AE3 58547B2D 6BA8E160
BCCF7AF5 66197197 51A080D3 57E89326 17835B19 F9E630CA 38FD3596 1E90764E
quit
license udi pid CISCO2921/K9 sn ##########
!
!
file privilege 0
username admin privilege 15 secret 4 3xo
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$I
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 60.44.108.190 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 10.1.10.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip nat inside source list 199 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
access-list 199 permit ip any any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
secret 5 $xW.
commands interface include switchport
commands configure include cns trusted-server
commands configure include cns
commands configure include scheduler max-task-time
commands configure include scheduler
commands exec include dir all-filesystems
commands exec include dir
commands exec include write memory
commands exec include write
commands exec include configure terminal
commands exec include configure
commands exec include show ip interface brief
commands exec include show ip interface
commands exec include show ip
commands exec include show diag
commands exec include show version
commands exec include show running-config
commands exec include show interfaces
commands exec include show
!
!
line con 0
exec-timeout 59 30
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password SECRET
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
password SECRET
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end
What sort of internet connection is it?
g0/0
ip nat inside
You've got two outside interfaces. How are you going to control which one is used?
ip nat inside
You've got two outside interfaces. How are you going to control which one is used?
ASKER
Hello -
- It is a TW iz connection with a static IP.
- gi/0/0 is used as the management port.
- gi0/1 is the WAN (Internet)
- gi0/1 is the LAN
Thank you -
A
- It is a TW iz connection with a static IP.
- gi/0/0 is used as the management port.
- gi0/1 is the WAN (Internet)
- gi0/1 is the LAN
Thank you -
A
- gi0/1 is the WAN (Internet)I'm guessing that's a typo.
- gi0/1 is the LAN
Assuming the g0/2 is the LAN, then that is your inside interface.
So:
g0/2
ip nat inside
ASKER
Hello Don,
Yes it is a typo. It is gi0/2.
Ah, missed that NAT setting... will fix that and let you know.
Thank you for your help,
Angel
Yes it is a typo. It is gi0/2.
Ah, missed that NAT setting... will fix that and let you know.
Thank you for your help,
Angel
ASKER
Hello -
The NAT setting did not help.
Are the routes incorrect?
Thank you,
A
The NAT setting did not help.
Are the routes incorrect?
Thank you,
A
Post the current config (please use the "code" feature when posting).
Remove the default route from g0/2
Remove the default route from g0/2
ASKER
Hello Posting current config as requested.
Thank you,
A
Thank you,
A
Using 3749 out of 262136 bytes
!
! Last configuration change at 18:48:49 UTC Tue Jan 28 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.2S#g/h#MA
enable password secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool PBM
import all
network 10.1.10.0 255.255.255.0
dns-server 209.18.47.61 209.18.47.62
default-router 10.1.10.1
!
!
!
ip domain name whsportscomplex.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41#74
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-41#74
revocation-check none
rsakeypair TP-self-signed-41#74
!
!
crypto pki certificate chain TP-self-signed-41#74
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
license udi pid CISCO2921/K9 sn 1234567
!
!
file privilege 0
username admin privilege 15 secret 4 3zS.#.#/w#.#o
username adminusr privilege 15 view enduserview password 0 secret
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 60.44.108.190 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 10.1.10.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip default-network 10.1.10.0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
secret 5 $#.
commands interface include switchport
commands configure include cns trusted-server
commands configure include cns
commands configure include scheduler max-task-time
commands configure include scheduler
commands exec include dir all-filesystems
commands exec include dir
commands exec include write memory
commands exec include write
commands exec include configure terminal
commands exec include configure
commands exec include show ip interface brief
commands exec include show ip interface
commands exec include show ip
commands exec include show diag
commands exec include show version
commands exec include show running-config
commands exec include show interfaces
commands exec include show
!
!
line con 0
exec-timeout 59 30
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password secret
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
password secret
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How is the current config looking like, besides the missing nat setting?
Thank you,
A
Thank you,
A
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hello -
Ok took care of the NAT settings
and removed the default router from gi0/2
not access to the internet yet.
I have also removed the default-network statement and still no go.
How is the DNS?
The pc gets the right ip from the right pool, yet it does not get a gateway ip.
Thank you -
A
Here is the current conf
Ok took care of the NAT settings
and removed the default router from gi0/2
not access to the internet yet.
I have also removed the default-network statement and still no go.
How is the DNS?
The pc gets the right ip from the right pool, yet it does not get a gateway ip.
Thank you -
A
Here is the current conf
Using 3899 out of 262136 bytes
!
! Last configuration change at 20:42:33 UTC Thu Jan 30 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.#/h#A
enable password secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.1.10.1 10.1.10.50
ip dhcp excluded-address 10.1.10.150 10.1.10.254
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool PBM
import all
network 10.1.10.0 255.255.255.0
dns-server 209.18.47.61 209.18.47.62
!
!
!
ip domain name mydomain.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41#74
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-41#74
revocation-check none
rsakeypair TP-self-signed-41#74
!
!
crypto pki certificate chain TP-self-signed-41#74
certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
license udi pid CISCO2921/K9 sn #
!
!
file privilege 0
username admin privilege 15 secret 4 #wZ.Ell##co
username adminusr privilege 15 view enduserview password 0 secret
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 60.44.102.190 255.255.255.252
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
ip address 10.1.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip default-network 10.1.10.0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
secret 5 $1#W.
commands interface include switchport
commands configure include cns trusted-server
commands configure include cns
commands configure include scheduler max-task-time
commands configure include scheduler
commands exec include dir all-filesystems
commands exec include dir
commands exec include write memory
commands exec include write
commands exec include configure terminal
commands exec include configure
commands exec include show ip interface brief
commands exec include show ip interface
commands exec include show ip
commands exec include show diag
commands exec include show version
commands exec include show running-config
commands exec include show interfaces
commands exec include show
!
!
line con 0
exec-timeout 59 30
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
password #
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
password #
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end
From the router, try to ping 8.8.8.8
post the output of a "show ip int brief" and "sh ip nat stat".
post the output of a "show ip int brief" and "sh ip nat stat".
ASKER
Ok - here is the following:
ping 8.8.8.8
sho ip int brief
sho ip nat stat
show ip route
ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
sho ip int brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 10.10.10.1 YES NVRAM down down
GigabitEthernet0/1 60.44.102.190 YES NVRAM up up
GigabitEthernet0/2 10.1.10.1 YES NVRAM up up
NVI0 unassigned YES unset administratively down down
sho ip nat stat
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
GigabitEthernet0/1
Inside interfaces:
GigabitEthernet0/0, GigabitEthernet0/2
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 101 interface GigabitEthernet0/1 refcount 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/1
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.10.0/24 is directly connected, GigabitEthernet0/2
L 10.1.10.1/32 is directly connected, GigabitEthernet0/2
50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 60.44.102.188/30 is directly connected, GigabitEthernet0/1
L 60.44.102.190/32 is directly connected, GigabitEthernet0/1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Should we remove the default-network and default-router?
Thank you,
Angel
Thank you,
Angel
Yes.
no ip default-network 10.1.10.0
Do NOT remove the default-router statements.
no ip default-network 10.1.10.0
Do NOT remove the default-router statements.
ASKER
Ok,
Do you recommend to use the 8.8.8.8 ip for DNS or just keep what the Internet provider provides?
Looks like we are able to access the net.
Thank you,
A
Do you recommend to use the 8.8.8.8 ip for DNS or just keep what the Internet provider provides?
Looks like we are able to access the net.
Thank you,
A
I didn't say to change your DNS. I just wanted to verify that the router could access a non-local interface host.
ASKER
Hello -
No, understood. Just asking if you recommend it?
Otherwise we are good.
Thank you,
A
No, understood. Just asking if you recommend it?
Otherwise we are good.
Thank you,
A
I prefer Google's DNS server. But DNS servers are like browsers, OS's, cars, and everything else. To each his own. :-)
ASKER
Hello Don,
Thank you again for your support -
A
Thank you again for your support -
A
ASKER
Great to communicate with.
Thank you -
A
Thank you -
A