mbruno
join:2003-07-03
Fruitland, MD | [HELP] help with new router config Cisco 1921 greetings all,
I am trying to configure my new router so that I can get internet access. I am all most there but something is blocking my return path. I can ping out from the router but can not ping anything on my internal network or for that matter reach the internet from my pc. The interface of gigabit 0/0 is DHCP from my ISP and gigabit 0/1 is going to my switch. Can someone please help me with this? I would love to get this going by tonight. I don't know if this config is different on the Cisco 1921 but I know it worked on my Cisco 871 router.
Thanks
ALL
Current configuration : 1685 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname orion1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
no logging console
enable secret 5 *********
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.200 10.10.10.220
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
login on-failure log
login on-success log
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn ********
!
!
username *******
!
!
!
!
!
!
interface GigabitEthernet0/0
description (outside interface to Internet)
bandwidth 6000
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 3 permit 128.154.0.0 0.0.255.255
access-list 3 permit 10.10.0.0 0.0.255.255
access-list 102 permit udp host 10.10.10.209 any
!
no cdp advertise-v2
no cdp run
!
snmp-server community *******
snmp-server community *******
!
control-plane
!
!
line con 0
password 7 **********
logging synchronous
login
transport preferred ssh
transport output all
line aux 0
line vty 0 4
password 7 ***********
login
transport preferred ssh
transport input ssh
transport output ssh
!
scheduler allocate 20000 1000
end
orion1#
orion1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 71.200.56.1 to network 0.0.0.0
S* 0.0.0.0/0 [254/0] via 71.200.56.1
68.0.0.0/32 is subnetted, 1 subnets
S 68.87.64.10 [254/0] via 71.200.56.1, GigabitEthernet0/0
71.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 71.200.56.0/22 is directly connected, GigabitEthernet0/0
L 71.200.57.11/32 is directly connected, GigabitEthernet0/0
orion1#
orion1#
orion1#sh ip int br
orion1#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 71.200.57.11 YES DHCP up up
GigabitEthernet0/1 unassigned YES NVRAM up up
NVI0 unassigned YES unset administratively down down
orion1# |
|
|
|
| interface GigabitEthernet0/1
no ip address
duplex auto
speed auto There's your problem -- your own routing table shows it knows about the public networks via gi0/0,
however no network(s) are being learned from gi 0/1, which I'm presuming is where your LAN is
connected. Give it the 10.10.10.1/29 address and I think you should be in business.
1921 router, huh? Would you be willing to provide pics of the chassis internals and possibly a
'sh ver' from it? I've been wondering about this puppy for awhile now 
Regards |
|
mbruno
join:2003-07-03
Fruitland, MD | said by HELLFIRE:interface GigabitEthernet0/1
no ip address
duplex auto
speed auto There's your problem -- your own routing table shows it knows about the public networks via gi0/0, however no network(s) are being learned from gi 0/1, which I'm presuming is where your LAN is connected. Give it the 10.10.10.1/29 address and I think you should be in business. 1921 router, huh? Would you be willing to provide pics of the chassis internals and possibly a 'sh ver' from it? I've been wondering about this puppy for awhile now Regards Why give it a 10.10.10.1/29 address? I mean my 871 has no ip address on the other port and it works fine. This would only give 6 ip address for internal stuff? |
|
1 edit | reply to mbruno
For the sake of arguement, change your first access statement to the following and remove all the others for the time being:
access-list 1 permit any
Then change your overload statement to the following:
ip nat inside source list 1 int gi0/0 overload
This may not be the most "locked down" approach, but at least it may give you connectivity and allow you to work backwards in order to better secure things later...
Also, on your gi0/0 interface, since you're using dhcp, I'd add the following command:
ip dhcp client update dns
Additionally, if you're configuring through the SDM, there's half of your issues. The SDM is notorious for "not" passing all commands when looking at your config via command line. Real talk; if you aren't proficient in CISCO IOS, now is a good time to learn:
»www.trainsignal.com/Cisco-CCNA-T···-P3.aspx (CCNA Video Tutorial)
By the way, which interface is your internal LAN assigned to? On my 871w, my internal LAN is assigned to Int BVI1...
Jay |
|
mbruno
join:2003-07-03
Fruitland, MD | I guess you have to start somewhere? |
|
1 edit | Agreed....
Are you up and running yet? |
|
mbruno
join:2003-07-03
Fruitland, MD | no not yet using old router right now |
|
| reply to mbruno
I'm thinking the issue "may" be with your access control list (for starters). I've just spent all weekend getting re-acquainted with my 871w and I'd forgotten a lot (I'm mostly a manager now).
As was mentioned, there didn't seem to be an ip address assigned to your internal LAN, unless I overlooked that as well. |
|
mbruno
join:2003-07-03
Fruitland, MD | reply to DocLarge
said by DocLarge:For the sake of arguement, change your first access statement to the following and remove all the others for the time being: access-list 1 permit any Then change your overload statement to the following: ip nat inside source list 1 int gi0/0 overload This may not be the most "locked down" approach, but at least it may give you connectivity and allow you to work backwards in order to better secure things later... Also, on your gi0/0 interface, since you're using dhcp, I'd add the following command: ip dhcp client update dns Additionally, if you're configuring through the SDM, there's half of your issues. The SDM is notorious for "not" passing all commands when looking at your config via command line. Real talk; if you aren't proficient in CISCO IOS, now is a good time to learn: » www.trainsignal.com/Cisco-CCNA-T···-P3.aspx (CCNA Video Tutorial) By the way, which interface is your internal LAN assigned to? On my 871w, my internal LAN is assigned to Int BVI1... Jay here is my old 871 config.
Building configuration...
Current configuration : 3351 bytes
!
! No configuration change since last restart
!
version 12.3
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname orion
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
no logging console
enable secret 5 ************
!
username******privilege 15 secret 5 $1********.
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.200 10.10.10.220
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
ip flow-cache timeout active 1
ip domain name *******
ip ips po max-events 100
login on-failure log
login on-success log
no ftp-server write-enable
!
!
!
!
class-map match-all voice-traffic
match access-group 102
!
!
policy-map VOICE-POLICY
class voice-traffic
priority percent 70
class class-default
fair-queue
!
!
!
!
!
interface FastEthernet0
no ip address
no cdp enable
!
interface FastEthernet1
no ip address
no cdp enable
!
interface FastEthernet2
no ip address
no cdp enable
!
interface FastEthernet3
no ip address
no cdp enable
!
interface FastEthernet4
description (outside interface to Internet)
bandwidth 6000
ip address dhcp
ip nat outside
ip virtual-reassembly
service-policy output VOICE-POLICY
ip route-cache flow
duplex auto
speed auto
no cdp enable
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452
!
ip classless
!
ip flow-export source FastEthernet4
ip flow-export version 5
ip flow-export destination 10.10.10.211 9996
ip flow-top-talkers
top 10
sort-by bytes
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.249 5001 71.200.58.152 5001 extendable
!
logging history warnings
logging trap debugging
logging source-interface FastEthernet4
access-list 1 permit 10.10.10.0 0.0.0.255
access-list 3 permit 128.154.0.0 0.0.255.255
access-list 3 permit 10.10.0.0 0.0.255.255
access-list 102 permit udp any any range 16384 32776
access-list 102 permit udp any any precedence critical
access-list 102 permit udp any any dscp ef
access-list 102 permit udp host 10.10.10.209 any
snmp-server community******
snmp-server community ********
snmp-server ifindex persist
snmp-server enable traps tty
snmp-server enable traps config
snmp-server enable traps entity
snmp-server enable traps syslog
no cdp advertise-v2
no cdp run
!
!
control-plane
!
!
line con 0
logging synchronous
login local
no modem enable
transport preferred all
transport output all
line aux 0
transport preferred all
transport output all
line vty 0 4
access-class 3 in
privilege level 15
login local
transport preferred ssh
transport input ssh
transport output ssh
!
scheduler max-task-time 5000
ntp clock-period 17175119
ntp server 206.246.118.250
ntp server 129.6.15.29
end
orion# |
|
1 edit | reply to mbruno
Okay,
unless I'm still missing something, your 1921 config is missing having an ip address assigned to either an internal interface or a management vlan. Again, it's been a while, but something does appear to be missing... |
|
mbruno
join:2003-07-03
Fruitland, MD | my point exactly! Now what is it is the question? |
|
| reply to mbruno
Give me a second...I'm going to get some background info on the 1912... |
|
mbruno
join:2003-07-03
Fruitland, MD | if I was a betting man which i am not. I would say it has to be something on the gig 0/1 interface. but I do not know what. |
|
3 edits | No question to made. More like a statement. I'm skimming through a document pertaining to your router...
EDIT
Okay, set up a management vlan on your 1921 similar to what you had on your 871:
int vlan 1
ip address 10.10.10.1 255.255.255.0
no shut
2nd Edit
You could also assign that ip address to gi0/1 as well. Just a thought... |
|
mbruno
join:2003-07-03
Fruitland, MD | anyluck yet? I am on Cisco site right now looking. Man this is pissing me off. |
|
mbruno
join:2003-07-03
Fruitland, MD | reply to DocLarge
said by DocLarge:No question to made. More like a statement. I'm skimming through a document pertaining to your router... EDITOkay, set up a management vlan on your 1921 similar to what you had on your 871: int vlan 1 ip address 10.10.10.1 255.255.255.0 no shut I don't recall it leting me do that. |
|
| Try assigning the ip address to your gi0/1 interface:
int gi0/0
ip address 10.10.10.1 255.255.255.0
no shut
speed 100
duplex full |
|
mbruno
join:2003-07-03
Fruitland, MD | reply to mbruno
said by mbruno:said by DocLarge:No question to made. More like a statement. I'm skimming through a document pertaining to your router... EDITOkay, set up a management vlan on your 1921 similar to what you had on your 871: int vlan 1 ip address 10.10.10.1 255.255.255.0 no shut I don't recall it leting me do that. Give me a couple of seconds while I try this. I mean more like 4 to 5 min so the cable modem will forget the mac address. k |
|
| Sure thing... |
|
mbruno
join:2003-07-03
Fruitland, MD | no same thing
here is my new config:
Current configuration : 1617 bytes
!
! Last configuration change at 22:14:16 UTC Sun Sep 5 2010
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname orion1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
no logging console
enable secret 5 ******
!
no aaa new-model
!
no ipv6 cef
no ip source-route
ip cef
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.200 10.10.10.220
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
!
login on-failure log
login on-success log
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn *******
!
!
username *******
!
!
!
!
!
!
interface GigabitEthernet0/0
description (outside interface to Internet)
bandwidth 6000
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
ip address 10.10.10.1 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
!
access-list 1 permit any
!
no cdp advertise-v2
no cdp run
!
snmp-server community ******
snmp-server community *******
!
control-plane
!
!
line con 0
password 7 ********
logging synchronous
login
transport preferred ssh
transport output all
line aux 0
line vty 0 4
password 7 *****
login
transport preferred ssh
transport input ssh
transport output ssh
!
scheduler allocate 20000 1000
end
orion1# |
|
