Cisco → [Config] Cisco 1841 config with Comcast

I think I have a NAT issue, and am unsure where to start.

Router can ping out via IP or name.
Switch can ping out via IP NOT name.

Switch is GW for network (3560)
Router is 1841.

 
BryanRtr01#sh run
Building configuration...
 
Current configuration : 1473 bytes
!
version 12.4
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname BryanRtr01
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
no logging console
enable secret 5 $1$WL3u$roegSCByt9tXk2dUTryt..
enable password 7 010703094B5B57
!
no aaa new-model
!
resource policy
!
clock timezone PST -8
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.150 192.168.1.254
!
ip dhcp pool main
   import all
   network 192.168.1.0 255.255.255.0
   dns-server 8.8.8.8 8.8.4.4
   default-router 192.168.1.1
!
!
ip domain name hsd1.ca.comcast.net
!
!
!
!
interface FastEthernet0/0
 description Comcast Internet Line
 ip address dhcp
 ip nat outside
 duplex auto
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 description Local Lan
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
!
no ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
snmp-server community public RO
!
control-plane
!
!
line con 0
 password 7 010703094B5B57
 login
line aux 0
 password 7 010703094B5B57
 login
line vty 0 4
 password 7 06120A2C5C1E58
 login
!
end
 
BryanRtr01#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS 
 
level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static 
 
route
       o - ODR, P - periodic downloaded static route
 
Gateway of last resort is 50.xxx.xxx.xxx to network 0.0.0.0
 
     50.xxx.xxx.xxx/23 is subnetted, 1 subnets
C       50.xxx.xxx.xxx is directly connected, FastEthernet0/0
     69.0.0.0/32 is subnetted, 1 subnets
S       69.xxx.xxx.xxx [254/0] via 50.xxx.xxx.xxx, FastEthernet0/0
C    192.xxx.xxx.xxx/24 is directly connected, FastEthernet0/1
S*   0.0.0.0/0 [1/0] via 50.xxx.xxx.xxx, FastEthernet0/0
BryanRtr01#ping google.com
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 74.125.239.99, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/13/16 ms
BryanRtr01#ping 8.8.8.8
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/33/36 ms
 
BryanRtr01#telnet 192.168.1.1
Trying 192.168.1.1 ... Open  (MAIN SWITCH AND IS GW FOR PCS)
 
User Access Verification
 
BryanSwitch01#sh run
Building configuration...
 
Current configuration : 1002 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname BryanSwitch01
!
no logging console
enable secret 5 $1$pCca$ICnsiInYbV9smBfcuEwKe/
enable password 7 010703094B5B57
!
no aaa new-model
clock timezone PST -8
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface GigabitEthernet0/1
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip http server
!
!
control-plane
!
!
line con 0
 password 7 0010160B140B5A
 login
line vty 0 4
 password 7 0010160B140B5A
 login
line vty 5 15
 password 7 0010160B140B5A
 login
!
end
 
BryanSwitch01#ping google.com
 
Translating "google.com"...domain server (255.255.255.255)
% Unrecognized host or address, or protocol not running.
 
BryanSwitch01#ping 8.8.8.8
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 25/230/1032 ms
BryanSwitch01#
 

PC plugged into f0/1 on switch will get a dhcp address from main router. Unable to get out. Nat tran & stat shows no nat entries.

Where to start?

If you're trying to ping by domain name via the switch, first you'll need to define a name server in the switch:

ip name-server 8.8.8.8

If you're able to ping from the switch, you are able to get out via NAT. Your switch resides in the 192.168.... IP space.

Since you are doing DHCP, you don't need to define a default route, since one is being provided to you by the ISP. You can get rid of the following line:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp

Can you post an example of the IP your computer is getting via DHCP?

Flaming question... if you have a flat network where the PCs can talk -- at layer 2 (ethernet) -- to the router, why in the **** would you make the switch their default gateway?!? That is completely unnecessary. (and idiotic) If that layer-3 switch were being used for layer-3 purposes (inter-vlan routing), then it would be a different story.

Computer on ethernet will get ip (from DHCP)

192.168.1.100
255.255.255.0
192.168.1.1

I had tried both with and without the line:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp

Both ways failed.

The router doesn't have any ports, (just f0/1 and f0/0) and to test this config I wanted to use the only switch I had available at the moment. The 8 port one. Its a flat network, but I don't see why using the switch would make a difference as the gateway. If I wanted to expand this network with other services, I have a switch in place that can run what I wanted.

Any reason why I can't run a flat network with that switch as is? I assumed it would be fine, just overkill right now.

cramer is right... I didn't even catch that. You need to set your default gateway to the .254 address, not the .1, in your DHCP config. It's not going to work (obviously) any other way. You're looking for the gateway out of the subnet, not the piece of equipment.

But the switch is set to route all traffic to .254....

Why would that not work?

Because you're coming here and asking questions

You don't route within a subnet, you route between them. A gateway address is used as your "exit" from a subnet. Your switch and router's LAN interface lie within the same subnet. You need your gateway address of your computer set to the IP address of the LAN interface.

I wasn't trying to be 'smart' on you.. I just didn't understand.

I have used this model switch before, on a flat network, without dhcp, and used the switch as the GW, but the router was another IP. In that network, however, I do route traffic to different routers, one for Internet and other traffic down a p2p line.

But I didn't see how that config would be different than mine here, other than DHCP running.

Will try it. Thanks.

I didn't take it as being smart... just poking a little fun... If it worked that way, you wouldn't be looking for help

I'm sure you've seen something similar, but this config isn't that case. If you make the change, then test it out for a bit. Come back and we'll go through a few other configs that will utilize the switch and router being in different IP subnets, allowing you to route between them... then NAT out to the Internet.

Changed the gateway in dhcp to 254, removed the route as requested, no luck.

PC showed the .254 as gateway.

PC can still ping switch and router. But not traffic. NAT not working it appears.

BryanRtr01#sh ip nat stat
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
  FastEthernet0/0
Inside interfaces:
  FastEthernet0/1
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface FastEthernet0/0 refcount 0
Queued Packets: 0
BryanRtr01#sh ip nat tran
 
BryanRtr01#
 

Got it working.

Back to 192.168.1.1 as gateway.

Removed route from router.

Added the following on switch (gw)

ip routing
system mtu routing 1500
 

All good now, NAT working and I am online.

Glad it's working for you. I can't see for the life of me how it's working now by simply adding "ip routing" because it is a flat network. Changing your gateway to the .254 address should have worked. Everything was in the same broadcast domain.

I'm with you, but it must be a Layer 3 switch and there must be a default route in there somewhere, whether configured or from a DHCP server.