TekSavvy → Help with a Cisco

Hello TSI Forum

Does anyone have a minute to help a cisco newb? I have a 1921 ISR, and I'm having problems getting network traffic outside my net.

ge0/0 is my internet, pulls the TSI ip just fine, I can ping from the router outside

ge0/1 is my lan, set up from config pro express, I can get IP's via dhcp and everything is cool. sort of. I can get to 192.168.100.1 (thomson config page) via the route, but anything outside the route is not accessible.

My default route points to ge0/0. I can post my config here if necessary. I would LOVE to get this up and running, I am not the smartest cookie on cisco, but I've got this far. I want to complete my self-learning.

Nudge me, oh smart ones

Hi Rod

Did you setup NAT on the Cisco router to translate your internal IP's to the external IP provided by Teksavvy?

Dang. I can only help with this Sisqo

You can remove your default route as the dhcp client config on gig0/0 will populate a default route when it pulls an address. You also need to setup nat if you haven't already. Are you using cable or dsl as the config will be different?

2 most common config problems I see when people get into CISCO Cisco gear to run on their home
internet is the following :

a) "no ip routing" is turned on -- TURN THIS OFF!! FOR THE LOVE OF GOD!!

b) NAT is missing or misconfigured

Your current config (minus any passwords or public IPs would be of immense help), or you can try in the
Cisco forum's FAQ for a config to crib

Regards

This, the most annoying feature cisco has. It doesn't route...by default.

I have ip routing enabled, and I'm working on the NAT side of things now. I have the TSI address at ge0/0 and removed the default route. I have internal IP's on ge0/1

Still can't get outside, so I'm working on it. Anyone in Ottawa want to earn a timmys?

LOL!

....Feature, sounds like a Microsoft deal where they remove something and call it a feature .

....a Router that doesn't route by default.....I'm sure that would go over well with the people at Ford, "Hey we've designed this amazing car....that doesn't move by default...".

but carry on. Sounds exciting, I want to get into some more super cool gear, but things like this would drive me batty, so I'll just live with my less than amazing netgear device.

I live in Gatineau, technically I could lend you a hand. Although this is one of those one off I'd rather not do too often :P

Gatineau! When did you move up to the frozen north? I thought you were in Chatham with the rest of the guys.

Gabe, I'd be willing to bring the device to you for setup/programming and compensate you for your time. I'm SO close, it's just *this* far away. DM me if you're interested!

I've lived in Gatineau pretty much 90% of my life. It only made sense for me to move back here when we opened an office here in Gatineau.

I GOT IT!!!!!!!!!!!

OMGZ

Just to satisfy my curiosity, What did you change?

I'm so glad it's finally working. What I had originally done was set up the router as a client on my original LAN. It had a bunch of stuck config entries from me banging around in IOS, and it was not liking that so much.

I did a factory reset, then went through a few wizards in the CCP software. It picked up my TSI (rcable) dhcp address on load, and I had to set up: DHCP, NAT, and DNS.

After that, I refreshed my connections on my PC, SAVED RUNNING CONFIG, and reloaded.

In 24 hours I've gone from a consumer model tp-link router, to an enterprise-class gigabit cisco network. Can ya'll feel the power?

RUH RUH RUH!

DNS is still a bit sketchy. I'm working on the fine-tuning now.

MMMMMM CISCO

Yeah, I got some funky DNS issue going.

I'm running Cisco 1921 ISR at home. I have configured it for MLPPP, static IP address + a block of 6 additional IP addresses. I guess you were looking for a simple configuration were you have an external modem connected to one of the Gigabit interfaces and another one is used for your LAN. Here is a variant of configuration that will work for you:

!
! No configuration change since last restart
!
version 15.3
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname router
!
!
enable secret 4 XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
!
no aaa new-model
clock timezone EST -5 0
clock summer-time EDT recurring
!
no ip source-route
!
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.100
!
ip dhcp pool home
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 206.248.154.22 206.248.154.170
lease infinite
!
!
!
no ip domain lookup
ip cef
!
!
!
license udi pid CISCO1921/K9 sn XXXXXXXXXXX
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
!
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
no ip redirects
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
no cdp enable
!
!
interface Dialer0
ip address negotiated
ip access-group 1 in
ip access-group 1 out
no ip redirects
no ip proxy-arp
ip mtu 1486
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1446
dialer pool 1
dialer-group 1
ppp pap sent-username user@teksavvy.com password 7 XXXXXXXXXXXXXX
ppp ipcp address accept
no cdp enable
hold-queue 224 in
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 2 interface Dialer0 overload
ip route 0.0.0.0 0.0.0.0 Dialer0
!
dialer-list 1 protocol ip permit
no cdp run
!
!
access-list 1 permit any
access-list 2 permit 192.168.0.0 0.0.0.255
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
no scheduler allocate
ntp source Dialer0
ntp server 206.186.121.118 prefer
ntp server 209.172.32.214
!
end

Hey Thanks! I sort of got it working, and am tweaking.

The config example really helps.

Here is my run cfg. My current situation is Internet is working, but DNS resolution is SLOOOOOOOOOOW

router#sh run
Building configuration...

Current configuration : 4291 bytes
!
! Last configuration change at 18:16:03 PCTime Wed Sep 4 2013 by rod
! NVRAM config last updated at 18:15:34 PCTime Wed Sep 4 2013 by rod
! NVRAM config last updated at 18:15:34 PCTime Wed Sep 4 2013 by rod
version 15.1
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
aaa session-id common
clock timezone PCTime -5 0
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.99
ip dhcp excluded-address 192.168.2.201 192.168.2.254
!
ip dhcp pool ccp-pool1
import all
network 192.168.2.0 255.255.255.0
domain-name lan
default-router 192.168.2.1
dns-server 206.248.154.170 206.248.154.22
lease 0 12
!
!
no ip domain lookup
ip domain name lan
multilink bundle-name authenticated
!

[skipped crypto section for brevity]

username rod privilege 15 password 0 [omitted]
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ES_LAN$$ETH-LAN$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description $ETH-WAN$
ip address dhcp client-id GigabitEthernet0/1
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1/0
no ip address
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
no ip address
!
interface FastEthernet0/1/3
no ip address
!
interface FastEthernet0/1/4
no ip address
!
interface FastEthernet0/1/5
no ip address
!
interface FastEthernet0/1/6
no ip address
!
interface FastEthernet0/1/7
no ip address
!
interface FastEthernet0/1/8
no ip address
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 254
ip route 0.0.0.0 0.0.0.0 24.212.248.129 254
ip route 0.0.0.0 0.0.0.0 24.212.248.129 254
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
!
!
!
!
!
control-plane
!
!
!

!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
transport input all
!
scheduler allocate 20000 1000
end

1. You don't have a Dialer interface configured. Why? It sounds like your modem is establishing PPPoE session. It doesn't make sense in case of using an external router. Your modem has to be switched to a bridge mode.
2. Remove unnecessary default routes (ip route 0.0.0.0 ...). Look at my example and set up only one.
3. Looks like you have a 9-port EtherSwitch module installed in the router. That module is only 100Mbit (FastEthernet). But as I understand you are trying to get 1Gbit network running.
4. Disable all "ip http ...". They will be seen from outside.

By the way, are you on DSL or cable?

I'm on rCable no dialer req'd

I have a gigabit switch (srw2008) on ge0/0 which is serving 2 gigabit ethernet connections.

I'm not using any of the FE connections on the addon module, as yes, they are 100mb.

It seems you are on cable. Then ignore my question about Dialer interface (1) and try to remove "ip domain name lan".

s_tux, I owe you a double double!

I'm up and running now on the 1921, with the PROPER SINGLE default route :P

Let's see what other fun I can get up to

Out of sheer curiosity, where did you pick up that 1921, and how much $ did it set you back?

It was on the government surplus site, »www.gcsurplus.ca/mn-eng. ··· nc=wfsav

and I paid ~100 bucks for it. It's not in the best cosmetic shape, but I am now running it as my border router.

I have no idea what I bought, and I just did a 24 hour crash course in cisco networking. LOL!

*got wireless AP installed*

*does a tap dance*