Solved

Cisco router basic config

Posted on 2014-01-23
23
1,496 Views
Last Modified: 2014-02-05
Hello -

We are working on setting up a basic config for a 2921 cisco router -- this is our current basic config. Are we missing anything. We are unable to access the internet.

======

Building configuration...

Current configuration : 5175 bytes
!
! Last configuration change at 22:07:01 UTC Thu Jan 23 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.xA
enable password SECRET
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1
 lease 0 2
!
ip dhcp pool HOUSE
 import all
 network 10.1.10.0 255.255.255.0
 dns-server 209.18.47.61 209.18.47.62
!
!
!
ip domain name mydomain.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41561274
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-41561274
 revocation-check none
 rsakeypair TP-self-signed-41561274
!
!
crypto pki certificate chain TP-self-signed-41561274
 certificate self-signed 01
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34313330 37333439 3734301E 170D3133 31323236 32333238  
  03551D0E 04160414 2D0AABC0 E884537A CEF24534 591FE227 3F17C157 300D0609
  2A864886 F70D0101 05050003 81810022 AB031C47 E03A6559 9E522095 3CB0CDF2
  7AC5AB48 2D8B98FB 761B7F23 CB541B10 ED1B6A4B 8EB2C7DF 68796648 500F28A0
  CD85FA3E 63123577 F38E7C59 389A2DFC 78D2EA51 0BD64AE3 58547B2D 6BA8E160
  BCCF7AF5 66197197 51A080D3 57E89326 17835B19 F9E630CA 38FD3596 1E90764E
        quit
license udi pid CISCO2921/K9 sn ##########
!
!
file privilege 0
username admin privilege 15 secret 4 3xo
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 ip address 60.44.108.190 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 10.1.10.1 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip nat inside source list 199 interface GigabitEthernet0/2 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/2
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
access-list 199 permit ip any any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
 secret 5 $xW.
 commands interface include switchport
 commands configure include cns trusted-server
 commands configure include cns
 commands configure include scheduler max-task-time
 commands configure include scheduler
 commands exec include dir all-filesystems
 commands exec include dir
 commands exec include write memory
 commands exec include write
 commands exec include configure terminal
 commands exec include configure
 commands exec include show ip interface brief
 commands exec include show ip interface
 commands exec include show ip
 commands exec include show diag
 commands exec include show version
 commands exec include show running-config
 commands exec include show interfaces
 commands exec include show
!
!
line con 0
 exec-timeout 59 30
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 password SECRET
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 password SECRET
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end
0
Comment
Question by:afrosa
  • 12
  • 10
23 Comments
 
LVL 14

Expert Comment

by:brendanmeyer
ID: 39805297
What sort of internet connection is it?
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39805345
g0/0
 ip nat inside


You've got two outside interfaces.  How are you going to control which one is used?
0
 

Author Comment

by:afrosa
ID: 39806812
Hello -

- It is a TW iz connection with a static IP.
- gi/0/0 is used as the management port.

- gi0/1 is the WAN (Internet)
- gi0/1 is the LAN

Thank you -
A
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39806863
- gi0/1 is the WAN (Internet)
- gi0/1 is the LAN
I'm guessing that's a typo.

Assuming the g0/2 is the LAN, then that is your inside interface.

So:

g0/2
 ip nat inside
0
 

Author Comment

by:afrosa
ID: 39806911
Hello Don,

Yes it is a typo. It is gi0/2.

Ah, missed that NAT setting... will fix that and let you know.

Thank you for your help,
Angel
0
 

Author Comment

by:afrosa
ID: 39817768
Hello -

The NAT setting did not help.

Are the routes incorrect?

Thank you,
A
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39817813
Post the current config (please use the "code" feature when posting).

Remove the default route from g0/2
0
 

Author Comment

by:afrosa
ID: 39818430
Hello Posting current config as requested.
Thank you,
A

Using 3749 out of 262136 bytes
!
! Last configuration change at 18:48:49 UTC Tue Jan 28 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.2S#g/h#MA
enable password secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1 
 lease 0 2
!
ip dhcp pool PBM
 import all
 network 10.1.10.0 255.255.255.0
 dns-server 209.18.47.61 209.18.47.62 
 default-router 10.1.10.1 
!
!
!
ip domain name whsportscomplex.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41#74
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-41#74
 revocation-check none
 rsakeypair TP-self-signed-41#74
!
!
crypto pki certificate chain TP-self-signed-41#74
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
license udi pid CISCO2921/K9 sn 1234567
!
!
file privilege 0
username admin privilege 15 secret 4 3zS.#.#/w#.#o
username adminusr privilege 15 view enduserview password 0 secret
!
redundancy
!
!
!
!
!
! 
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 ip address 10.10.10.1 255.255.255.0
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 ip address 60.44.108.190 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 10.1.10.1 255.255.255.0
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip default-network 10.1.10.0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
 secret 5 $#.
 commands interface include switchport
 commands configure include cns trusted-server
 commands configure include cns
 commands configure include scheduler max-task-time
 commands configure include scheduler
 commands exec include dir all-filesystems
 commands exec include dir
 commands exec include write memory
 commands exec include write
 commands exec include configure terminal
 commands exec include configure
 commands exec include show ip interface brief
 commands exec include show ip interface
 commands exec include show ip
 commands exec include show diag
 commands exec include show version
 commands exec include show running-config
 commands exec include show interfaces
 commands exec include show
!
!
line con 0
 exec-timeout 59 30
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 password secret
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 password secret
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end

Open in new window

0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 500 total points
ID: 39818549
As previously stated:

int g0/2
 ip nat inside
0
 

Author Comment

by:afrosa
ID: 39819204
How is the current config looking like, besides the missing nat setting?

Thank you,
A
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 500 total points
ID: 39819218
G0/0 also needs the "ip nat inside" statement.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:afrosa
ID: 39822347
Hello -

Ok took care of the NAT settings
and removed the default router from gi0/2

not access to the internet yet.

I have also removed the default-network statement and still no go.

How is the DNS?

The pc gets the right ip from the right pool, yet it does not get a gateway ip.

Thank you -
A

Here is the current conf

Using 3899 out of 262136 bytes
!
! Last configuration change at 20:42:33 UTC Thu Jan 30 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname myrouter
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 .J4j.#/h#A
enable password secret
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
aaa session-id common
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.1.10.1 10.1.10.50
ip dhcp excluded-address 10.1.10.150 10.1.10.254
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1 
 lease 0 2
!
ip dhcp pool PBM
 import all
 network 10.1.10.0 255.255.255.0
 dns-server 209.18.47.61 209.18.47.62 
!
!
!
ip domain name mydomain.com
ip name-server 209.18.47.61
ip name-server 209.18.47.62
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-41#74
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-41#74
 revocation-check none
 rsakeypair TP-self-signed-41#74
!
!
crypto pki certificate chain TP-self-signed-41#74
 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer
license udi pid CISCO2921/K9 sn #
!
!
file privilege 0
username admin privilege 15 secret 4 #wZ.Ell##co
username adminusr privilege 15 view enduserview password 0 secret
!
redundancy
!
!
!
!
!
! 
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no mop enabled
!
interface GigabitEthernet0/1
 ip address 60.44.102.190 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 ip address 10.1.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip default-network 10.1.10.0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit ip 10.1.10.0 0.0.0.255 any
!
!
snmp-server community public RO
snmp-server enable traps entity-sensor threshold
!
!
!
control-plane
!
!
parser view enduserview
 secret 5 $1#W.
 commands interface include switchport
 commands configure include cns trusted-server
 commands configure include cns
 commands configure include scheduler max-task-time
 commands configure include scheduler
 commands exec include dir all-filesystems
 commands exec include dir
 commands exec include write memory
 commands exec include write
 commands exec include configure terminal
 commands exec include configure
 commands exec include show ip interface brief
 commands exec include show ip interface
 commands exec include show ip
 commands exec include show diag
 commands exec include show version
 commands exec include show running-config
 commands exec include show interfaces
 commands exec include show
!
!
line con 0
 exec-timeout 59 30
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 password #
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 password #
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
cns trusted-server all-agents yourname
!
end

Open in new window

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39822438
From the router, try to ping 8.8.8.8

post the output of a "show ip int brief" and "sh ip nat stat".
0
 

Author Comment

by:afrosa
ID: 39822516
Ok - here is the following:

ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Open in new window


sho ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down
GigabitEthernet0/0         10.10.10.1      YES NVRAM  down                  down
GigabitEthernet0/1         60.44.102.190   YES NVRAM  up                    up  
GigabitEthernet0/2         10.1.10.1       YES NVRAM  up                    up  
NVI0                       unassigned      YES unset  administratively down down

Open in new window


sho ip nat stat
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
  GigabitEthernet0/1
Inside interfaces:
  GigabitEthernet0/0, GigabitEthernet0/2
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 101 interface GigabitEthernet0/1 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

Open in new window


show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, GigabitEthernet0/1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.1.10.0/24 is directly connected, GigabitEthernet0/2
L        10.1.10.1/32 is directly connected, GigabitEthernet0/2
      50.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        60.44.102.188/30 is directly connected, GigabitEthernet0/1
L        60.44.102.190/32 is directly connected, GigabitEthernet0/1

Open in new window

0
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 39822642
Do this:

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
ip route 0.0.0.0 0.0.0.0 60.44.102.189

Then try pinging 8.8.8.8

If that doesn't work, ping 60.44.102.189
0
 

Author Comment

by:afrosa
ID: 39822668
Should we remove the default-network and default-router?

Thank you,
Angel
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39822682
Yes.

no ip default-network 10.1.10.0

Do NOT remove the default-router statements.
0
 

Author Comment

by:afrosa
ID: 39822738
Ok,

Do you recommend to use the 8.8.8.8 ip for DNS or just keep what the Internet provider provides?

Looks like we are able to access the net.

Thank you,
A
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39822849
I didn't say to change your DNS.  I just wanted to verify that the router could access a non-local interface host.
0
 

Author Comment

by:afrosa
ID: 39822865
Hello -

No, understood. Just asking if you recommend it?

Otherwise we are good.

Thank you,
A
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39822891
I prefer Google's DNS server.  But DNS servers are like browsers, OS's, cars, and everything else.  To each his own.  :-)
0
 

Author Comment

by:afrosa
ID: 39836716
Hello Don,

Thank you again for your support -
A
0
 

Author Closing Comment

by:afrosa
ID: 39836728
Great to communicate with.

Thank you -
A
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Network ports are the threads that hold network communication together. They are an essential part of networking that can be easily ignore or misunderstood, my goals is to show those who don't have a strong network foundation how network ports opera…
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now