Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2235
Views
20
Helpful
10
Replies

2921 Router Setup for Comcast Cable Modem - HELP!

dstriplin1
Level 1
Level 1

‎03-26-2019 06:39 AM

Hi All,

 

I'm leaning with my new Cisco 2921 router and I have a Comcast cable modem that sets the IP via DHCP from the ISP.  I have configured the router with what I thought would work, but I seem to be missing something.  When I connect my pc via ethernet, I get a valid IP address on the correct network, but I cannot get internet access.  Right now I'm just trying to get my router working, but once it works, I will connect it to a 3750 I have in my lab also, but for now, that is irrelevant.  Here is the basic topology of my lab network. Thanks in advance for your help! 

 

ISP- Comcast Cable modem assigned IP via DHCP

Network 10.0.1.0/24

PC address - 10.0.1.22

Default GW - 10.0.1.1

 

Router Interfaces-

Gig0/0 - WAN from ISP

GIg0/1 - LAN (10.0.1.0/24)

 

Current Config that is running:

Lab2921#show running-config
Building configuration...

Current configuration : 2312 bytes
!
! Last configuration change at 13:00:16 UTC Tue Mar 26 2019
!
version 15.7
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Lab2921
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
enable secret 5 $1$aP02$GoblxTJ6F3.kaw7Soxvr50
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.0.1.1
ip dhcp excluded-address 10.0.1.2
ip dhcp excluded-address 10.0.1.177
ip dhcp excluded-address 10.0.1.169
ip dhcp excluded-address 10.0.1.100 10.0.1.254
ip dhcp excluded-address 10.0.1.1 10.0.1.5
!
ip dhcp pool InsideDHCP
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 75.75.75.75 75.75.76.76
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vty-async
!
!
!
license udi pid CISCO2921/K9 sn FTX1728AHR1
!
!
!
redundancy
!
!
!
!
no cdp run
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Facing the ISP (the WAN)
ip address dhcp
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description Facing my LAN (the LAN)
ip address 10.0.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 102 interface GigabitEthernet0/1 overload
!
!
!
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.1.0 0.0.0.255 any
!
control-plane
!
!
vstack
banner motd ^C
***********************************************************
AUTHORIZED ACCESS ONLY
***********************************************************
^C
!
line con 0
exec-timeout 0 0
password AlphaBravo9
login
stopbits 1
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
transport input none
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

 

Labels:
0 Helpful
10 Replies 10

Mark Malone
VIP Alumni
VIP Alumni

‎03-26-2019 06:49 AM

Hi
External interface should be ip nat outside and the LAN ip nat inside to start get out to the internet

nterface GigabitEthernet0/0
description Facing the ISP (the WAN)
ip address dhcp
ip nat outside

dstriplin1
Level 1
Level 1
In response to Mark Malone

‎03-26-2019 07:12 AM

Thanks for your help!  I have added the config line items that you stated, but I still have no internet access.  Here is the config after trying again...

 

Lab2921#show running-config
Building configuration...

Current configuration : 2312 bytes
!
! Last configuration change at 13:23:37 UTC Tue Mar 26 2019
!
version 15.7
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Lab2921
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
enable secret 5 $1$aP02$GoblxTJ6F3.kaw7Soxvr50
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.0.1.1
ip dhcp excluded-address 10.0.1.2
ip dhcp excluded-address 10.0.1.177
ip dhcp excluded-address 10.0.1.169
ip dhcp excluded-address 10.0.1.100 10.0.1.254
ip dhcp excluded-address 10.0.1.1 10.0.1.5
!
ip dhcp pool InsideDHCP
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 75.75.75.75 75.75.76.76
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vty-async
!
!
!
license udi pid CISCO2921/K9 sn FTX1728AHR1
!
!
!
redundancy
!
!
!
!
no cdp run
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Facing the ISP (the WAN)
ip address dhcp
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description Facing my LAN (the LAN)
ip address 10.0.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 102 interface GigabitEthernet0/1 overload
!
!
!
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.1.0 0.0.0.255 any
!
control-plane
!
!
vstack
banner motd ^C
***********************************************************
AUTHORIZED ACCESS ONLY
***********************************************************
^C
!
line con 0
exec-timeout 0 0
password AlphaBravo9
login
stopbits 1
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
transport input none
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

 

Lab2921#show ip int
Embedded-Service-Engine0/0 is administratively down, line protocol is down
Internet protocol processing disabled
GigabitEthernet0/0 is up, line protocol is up
Internet address is 69.180.36.8/23
Broadcast address is 255.255.255.255
Address determined by DHCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are No CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
Output features: NAT Inside, Common Flow Table, Stateful Inspection, NAT ALG proxy
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
GigabitEthernet0/1 is up, line protocol is up
Internet address is 10.0.1.1/24
Broadcast address is 255.255.255.255
Address determined by setup command
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, No CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
Output features: Post-routing NAT Outside, Common Flow Table, Stateful Inspection, NAT ALG proxy
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled
GigabitEthernet0/2 is administratively down, line protocol is down
Internet protocol processing disabled
NVI0 is up, line protocol is up
Internet address will be negotiated using IPCP
Broadcast address is 255.255.255.255
MTU is 1514 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP Null turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
Output features: Post-routing NAT NVI Output
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to dstriplin1

‎03-26-2019 07:27 AM

Hi

the NAT statements still look the wrong way around ? or is that just the old conf shown ?

 

outside is always external interface , inside is always LAN side

 

what IP are you getting on the WAN is it a public IP address , is the midem in bridge mode to pull back the public IP address to the Cisco router or what way is that setup

dstriplin1
Level 1
Level 1
In response to Mark Malone

‎03-26-2019 07:33 AM

Hi Mark,

 

The modem is the modem that comcast provides and assigns address via dhcp.  Right now I"m getting ip address 69.180.36.8 with dns entries of 75.75.75.75 , 75.75.76.76.  Here is the latest build so you can look, I thought I switched the NAT per your suggestion, but I might have made a mistake

 

Lab2921#show run
Building configuration...

Current configuration : 2352 bytes
!
! Last configuration change at 14:01:42 UTC Tue Mar 26 2019
!
version 15.7
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Lab2921
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
enable secret 5 $1$aP02$GoblxTJ6F3.kaw7Soxvr50
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.0.1.1
ip dhcp excluded-address 10.0.1.2
ip dhcp excluded-address 10.0.1.177
ip dhcp excluded-address 10.0.1.169
ip dhcp excluded-address 10.0.1.100 10.0.1.254
ip dhcp excluded-address 10.0.1.1 10.0.1.5
!
ip dhcp pool InsideDHCP
import all
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 75.75.75.75 75.75.76.76
class any
!
!
ip dhcp class any
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vty-async
!
!
!
license udi pid CISCO2921/K9 sn FTX1728AHR1
!
!
!
redundancy
!
!
!
!
no cdp run
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Facing the ISP (the WAN)
ip address dhcp
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description Facing my LAN (the LAN)
ip address 10.0.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 102 interface GigabitEthernet0/0 overload
!
!
!
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.1.0 0.0.0.255 any
!
control-plane
!
!
vstack
banner motd ^C
***********************************************************
AUTHORIZED ACCESS ONLY
***********************************************************
^C
!
line con 0
exec-timeout 0 0
password AlphaBravo9
login
stopbits 1
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
transport input none
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

 

 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to dstriplin1

‎03-26-2019 08:13 AM

Hi,

Please make below changes:

ip dhcp pool InsideDHCP
import all
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
no dns-server 75.75.75.75 75.75.76.76

dns-server 8.8.8.8 8.8.4.4

class any

!
interface GigabitEthernet0/0
description Facing the ISP (the WAN)
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description Facing my LAN (the LAN)
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache cef
duplex auto
speed auto
no cdp enable

!

no ip nat inside source list 102 interface GigabitEthernet0/0 overload

!

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

 

Must release and renew the IP on your PC.

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

dstriplin1
Level 1
Level 1
In response to Deepak Kumar

‎03-26-2019 08:38 AM

I did as requested, but still no internet access.....

 

Here is the sh run so you can take a look.  Thanks in advane!

 

Lab2921#show run
Building configuration...

Current configuration : 2452 bytes
!
! Last configuration change at 15:06:44 UTC Tue Mar 26 2019
!
version 15.7
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Lab2921
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
enable secret 5 $1$aP02$GoblxTJ6F3.kaw7Soxvr50
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.0.1.1
ip dhcp excluded-address 10.0.1.2
ip dhcp excluded-address 10.0.1.177
ip dhcp excluded-address 10.0.1.169
ip dhcp excluded-address 10.0.1.100 10.0.1.254
ip dhcp excluded-address 10.0.1.1 10.0.1.5
!
ip dhcp pool InsideDHCP
import all
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 8.8.8.8 8.8.4.4
class any
!
!
ip dhcp class any
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vty-async
!
!
!
license udi pid CISCO2921/K9 sn FTX1728AHR1
!
!
!
redundancy
!
!
!
!
no cdp run
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Facing the ISP (the WAN)
ip address dhcp
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
bridge-group 59
bridge-group 59 spanning-disabled
!
interface GigabitEthernet0/1
description Facing my LAN (the LAN)
ip address 10.0.1.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache cef
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip default-gateway 10.0.1.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
!
!
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.1.0 0.0.0.255 any
!
control-plane
!
!
vstack
banner motd ^C
***********************************************************
AUTHORIZED ACCESS ONLY
***********************************************************
^C
!
line con 0
exec-timeout 0 0
password AlphaBravo9
login
stopbits 1
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
transport input none
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

 

0 Helpful

Georg Pauwen
VIP
VIP

‎03-26-2019 07:38 AM

Hello,

 

I hope I am not adding anything redundant that has not already been said by Mark, but make sure the lines in bold match your confguration:

 

Lab2921#show running-config
Building configuration...

Current configuration : 2312 bytes
!
! Last configuration change at 13:23:37 UTC Tue Mar 26 2019
!
version 15.7
no parser cache
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Lab2921
!
boot-start-marker
boot-end-marker
!
!
logging userinfo
enable secret 5 $1$aP02$GoblxTJ6F3.kaw7Soxvr50
!
no aaa new-model
!
ip dhcp excluded-address 10.0.1.1
ip dhcp excluded-address 10.0.1.2
ip dhcp excluded-address 10.0.1.177
ip dhcp excluded-address 10.0.1.169
ip dhcp excluded-address 10.0.1.100 10.0.1.254
ip dhcp excluded-address 10.0.1.1 10.0.1.5
!
ip dhcp pool InsideDHCP
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 75.75.75.75 75.75.76.76
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
vty-async
!
license udi pid CISCO2921/K9 sn FTX1728AHR1
!
redundancy
!
no cdp run
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Facing the ISP (the WAN)
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description Facing my LAN (the LAN)
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache cef
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
--> no ip nat inside source list 102 interface GigabitEthernet0/1 overload
!
access-list 1 permit 10.0.1.0 0.0.0.255
--> no access-list 102 permit ip 10.0.1.0 0.0.0.255 any
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
control-plane
!
vstack
banner motd ^C
***********************************************************
AUTHORIZED ACCESS ONLY
***********************************************************
^C
!
line con 0
exec-timeout 0 0
password AlphaBravo9
login
stopbits 1
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
exec-timeout 120 0
login local
length 0
transport input none
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
!
end

dstriplin1
Level 1
Level 1
In response to Georg Pauwen

‎03-26-2019 07:51 AM

Georg,

 

Thanks for the assistance.  I've changed the interfaces as described.  When I updated the config, I still don't have internet access.  Any thoughts?

 

 

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to dstriplin1

‎03-26-2019 08:18 AM

Is the modem in bridge mode ?
0 Helpful

Georg Pauwen
VIP
VIP
In response to dstriplin1

‎03-26-2019 08:28 AM

Hello,

 

what IP address is being assigned to interface GigabitEthernet0/0 by the modem ?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card