08-28-2014 08:24 AM - edited 03-04-2019 11:38 PM
Hi,
I have managed to configure my router to connect to the internet through a cable modem, with a fixed ip of 192.168.1.254(modem internal ip).
I have a dhcp pool functional for the rest of the network, and it does assign ip's through a vlan on my extra interface card to computers connecting. However I can not get it to talk to the net, and I can not ping the computer from the router or vice versa.
Any thoughts on why?
I have linked the vlan to the interface through switchport and the are all on the subnet 192.168.0.0 255.255.240.0
Thanks
Ian
08-28-2014 12:09 PM
Hi @ianmatchett,
How many devices exist in your environment (or connecting to the router)? Can you provide an output example of the router config?
Rgrds,
Martin, IT Specialist
08-28-2014 02:24 PM
Hey Ian,
Post the 'show run' from router for more insight.
Regards,
RS.
08-29-2014 07:52 AM
Hey Guys,
We will have anywhere between 100 and 500 devices at any one time going through the router(From phones to tablets to computers) and all DHCP. WE have a very few static ip's as I am trying to keep it as simple as possible.
Show run:
Current configuration : 3210 bytes
!
! Last configuration change at 14:38:53 UTC Fri Aug 29 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname YWAMSeamill
!
boot-start-marker
boot-end-marker
!
!
enable secret
enable password
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.1.1 10.10.2.1
!
ip dhcp pool BigPool
import all
network 10.10.0.0 255.255.240.0
domain-name YWAMSeamill
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-690012190
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-690012190
revocation-check none
rsakeypair TP-self-signed-690012190
!
!
crypto pki certificate chain TP-self-signed-690012190
certificate self-signed 01
quit
license udi pid CISCO1921/K9 sn FGL172125JH
!
!
username SeamillAdmin privilege
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
switchport access vlan 20
no ip address
!
interface GigabitEthernet0/0/1
switchport access vlan 20
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
interface Vlan20
ip address dhcp
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
08-29-2014 08:21 AM
I got a few questions for you:
1. Is the DHCP pool configured to give IP addresses in the VLAN 20?
2. Is this router the default gateway for the VLAN 20?
3. If the second question is yes, Why is your interface vlan 20 configured to request an IP address via DHCP? Why don't you configure an static IP address here?
4. Did you configure any static routing pointing to the modem IP address?
5. One last note: In the first post you said that "You have linked the vlan to the interface through switchport and they are all on the subnet 192.168.0.0 255.255.240.0" ... I think You meant subnet 10.10.0.0 255.255.240.0, right?
Hope to see your answers.
Rgrds,
Martin, IT Specialist
08-29-2014 08:44 AM
Hi Martin,
Thanks for your questions, I am a newbie on all this so very very much appreciated.
1. I think so, that was the aim...
2. yes
3. Changed: see run file below
4. I have attempted to use a static route to the modem
5. That was a mistake, yes 10.10.x.x is what I want to use for the internal network
Current configuration : 3287 bytes
!
! Last configuration change at 15:21:25 UTC Fri Aug 29 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname YWAMSeamill
!
boot-start-marker
boot-end-marker
!
!
enable secret
enable password
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.1.1 10.10.2.1
!
ip dhcp pool BigPool
import all
network 10.10.0.0 255.255.240.0
domain-name YWAMSeamill
dns-server 4.4.4.2 4.4.4.1
default-router 192.168.1.1
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-690012190
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-690012190
revocation-check none
rsakeypair TP-self-signed-690012190
!
!
crypto pki certificate chain TP-self-signed-690012190
certificate self-signed 01
quit
license udi pid CISCO1921/K9 sn FGL172125JH
!
!
username SeamillAdmin
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
switchport access vlan 20
no ip address
!
interface GigabitEthernet0/0/1
switchport access vlan 20
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 10.10.1.1 255.255.255.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end
08-29-2014 09:08 AM
Hi @ianmatchett ,
Some points:
ip dhcp pool BigPool
default-router 10.10.1.1
!
interface vlan 20
ip address 10.10.1.1 255.255.240.0
!
NOTE: You have to release/renew the IP addressing in your computers for the new configuration to take effect.
-
ip route 0.0.0.0 0.0.0.0 192.168.1.254
-
Hope this help and let us now your results.
Rgrds,
Martin, IT Specialist
08-31-2014 01:05 PM
Hi Martin,
I have made the vlan 20 changes as you described, I can now ping the router from my pc attached through g0/0/0 on vlan 20. It gives it an ip of 10.10.0.1
I can ping outside world from the router, so if I try "google.com" it comes back successful, but I still can not get the pc to ping outside world. In fact, I can not ping the modem from the laptop, although I can from the router.
Here is what I have:
YWAMSeamill#show ip int brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 192.168.1.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet0/0/0 unassigned YES unset up up
GigabitEthernet0/0/1 unassigned YES unset down down
GigabitEthernet0/0/2 unassigned YES unset down down
GigabitEthernet0/0/3 unassigned YES unset down down
NVI0 unassigned YES unset administratively down down
Vlan1 unassigned YES unset down down
Vlan20 10.10.1.1 YES manual up up
YWAMSeamill#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.254
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.0.0/20 is directly connected, Vlan20
L 10.10.1.1/32 is directly connected, Vlan20
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.1/32 is directly connected, GigabitEthernet0/0
I feel like it is so close yet so far!!!
Ian
08-31-2014 01:40 PM
Hi @ianmatchett,
The fact that you can ping "google.com" from your router but not from your PC is because the modem doesn't have the 10.10.0.0/20 (subnet facing your laptop) directly connected and it doesn't know how to reach the subnet 10.10.0.0/20 although it knows how to reach the subnet 192.168.1.0/24 (subnet between your router and your modem).
If possible, configure your modem with a static route pointing to the 192.168.1.1 (router IP facing the modem) that tells the modem it can reach 10.10.0.0/20 through the router.
What type of modem do you have? So I can help you searching the way to configure that static route.
Let me know.
Rgrds,
Martin, IT Specialist
08-31-2014 02:50 PM
I feel like such a dunce!
Right, so got the route set up on the modem so I can reach it from my laptop, but still can't get outside through the laptop.
I am using a BT Business Hub, that has been our router as our modem, attempting to downgrade it to just servicing the broadband link. Do I need to put it into bridge mode? I was thinking I would just stop it issuing ip addresses.
Thanks
Ian
09-01-2014 03:39 AM
Hi @ianmatchett,
I'm glad to hear that. In that case, if your laptop can't get outside it could be because the modem isn't doing NAT for the 10.10.0.0/20. Can you check if you can configure NAT for the 10.10.0.0/20?
Hope to see your answers.
Rgrds,
Martin, IT Specialist
09-09-2014 08:33 AM
Hi Martin,
Sorry for the radio silence, I have been at a conference for last week, then the mountain of work/emails on return...
Re the modem, it is pretty limited, which is why I have bought the cisco router. Would setting it into bridge mode be an option? It would only be 192.168.1.254, static, would the router be able to push the return to 10.10.x.x network?
Ian
09-09-2014 03:10 PM
Hi @ianmatchett,
If that the case, I will do NAT overload in the router so it will translate the 10.10.x.x into 192.168.x.x (which is the subnet that the modem recognize).
Type the following commands:
access-list "x" permit 10.10.0.0 0.0.15.255
ip nat inside source list 1 interface GigabitEthernet0/0 overload
interface vlan 20
ip nat inside
interface GigabitEthernet0/0
ip nat outside
-
This has to work for you.
Let me know your results.
Rgrds,
Martin, IT Specialist
10-31-2014 09:49 AM
Hi Martin,
I have tried that already I am afraid, still no cigar. I can ping google.com from the router, but not a pc connected to the router.
I am wondering about setting the cable modem up in bridge mode and getting the 1900 to do the PPP etc? IS that possible?
Ian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide