Solved: Cisco 1100 behind existing router

alexander2003 · ‎03-09-2022

Hello,
I currently have a problem configuring it Cisco 1100 behind an existing modem.

The IP of the existing modem is 192.168.0.1

I have connected the Cisco 1100 via LAN the modem. The interface has the IP 192.168.0.99.

I have also set up the IP route, however I am not able to ping other devices.

Can anyone help me or tell me where the error is? Do I need NAT? Unfortunately I cannot set the existing router to bridge mode.

My goal would have been to connect the Cisco 1100 to the existing modem via the Gig0/0/0 interface. The LAN ports Gig0/1/0-7 should all be in VLAN 1 with the network 10.10.1.0.

I am 18 years old and new to the Cisco world. Would be very grateful for any help.

Config:

version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname CiscoRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$OBcO$UZPJhYt7xrDQwWIE4Y6l.1
!
no aaa new-model
!
!
ip dhcp pool lan-pool1
 network 10.10.1.0 255.255.255.0
 default-router 10.10.1.1
 dns-server 8.8.8.8
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3433423209
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3433423209
 revocation-check none
 rsakeypair TP-self-signed-3433423209
!
!
crypto pki certificate chain TP-self-signed-3433423209
!
!
license udi pid C1111-8P sn FCZ2240122N
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
redundancy
 mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Loopback0
 no ip address
!
interface GigabitEthernet0/0/0
 ip address 192.168.0.99 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 negotiation auto
!
interface GigabitEthernet0/1/0
 switchport mode access
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
 ip address 10.10.1.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
!
!
!
control-plane
!
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 login
!
!
!
!
!
!

Georg Pauwen · ‎03-09-2022

Hello,

you are missing this line:

-->

ip nat inside source list 1 interface GigabitEthernet0/0/0 overload

View solution in original post

Karsten Iwen · ‎03-09-2022

Two options here:

1) If your Modem/Router supports it, configure it with a static route for 10.10.1.0/24 with a next hop of 192.168.0.99.

2) If it doesn't support static routes, you need to configure NAT/PAT on your router.

The whole problem is that the Modem/router has no idea how to reach the network 10.10.1.0/24.

And you also should remove the route

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

This one is not needed here.

Richard Burts · ‎03-09-2022

There are some things in your post that are not clear. In some parts you refer the 1100 to be connected to a modem and in other parts you describe it connected to a router. Which is it?

Are you sure that 192.168.0.1 is the correct address of the device that you are connecting to? Can the 1100 ping that address? Perhaps the output of these commands on the 1100 might be helpful

show ip interface brief
show ip route
show arp

You say that you are not able to ping other devices. What devices are these? What are their IP addresses? Are they reached through interface G0/0/0 (on the outside) or are they reached through interface vlan 1?

I have some comments about your configuration.

- You have configured 2 static default routes

ip route 0.0.0.0 0.0.0.0 192.168.0.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

It appears that both of them describe the same forwarding path. You only need one of them. For several reasons I would suggest that you remove the entry that specifies the outbound interface and keep the entry that specifies a next hop address.

- It is not clear whether this modem/router that you connect to is connected to the Internet (seems likely) or is connected to something else (in which case please clarify what it connects to).

# if connected to the Internet then there needs to be Network Address Translation to allow your inside network 10.10.1.0 to access the Internet. Perhaps the modem/router might be able to do that NAT? Or else you will need to configure NAT on your 1100.

# if connected to something else then whatever it is connected to will need routing information about both 10.10.1.0 and perhaps 192.168.0.0

HTH

Rick

alexander2003 · ‎03-09-2022

Thank you for the quick reply.
The Cisco 1100 is connected to a router, which is also responsible for Internet access, so it is directly connected to the Internet. The IP address of the router is 192.168.0.1.

The IP address can also be pinged from the 1100. However, it is not possible to ping another computer on the 192.168.0 network.

How do I set up NAT on the 1100? Internface gig0/0/0 is my ip nat outside. But what is my IP nat inside? In that case all my ports (0/1/0-7) would be my ip nat inside?

Thanks

Georg Pauwen · ‎03-09-2022

Hello,

make the changes marked in bold:

version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname CiscoRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$OBcO$UZPJhYt7xrDQwWIE4Y6l.1
!
no aaa new-model
!
--> ip dhcp excluded-address 10.10.1.1
!
ip dhcp pool lan-pool1
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 8.8.8.8
!
subscriber templating
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-3433423209
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3433423209
revocation-check none
rsakeypair TP-self-signed-3433423209
!
crypto pki certificate chain TP-self-signed-3433423209
!
license udi pid C1111-8P sn FCZ2240122N
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface Loopback0
no ip address
!
interface GigabitEthernet0/0/0
ip address 192.168.0.99 255.255.255.0
--> ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/1/0
switchport mode access
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
ip address 10.10.1.1 255.255.255.0
--> ip nat inside
!
ip forward-protocol nd
no ip http server
ip http secure-server
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
--> no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
--> access-list 1 permit 10.10.1.0 0.0.0.255
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
end
!

alexander2003 · ‎03-09-2022

Thanks for the answer.
I have made the changes.

Now I can send a ping directly from the router to google.com, etc..

But now when I connect my PC it gets the IP address 10.10.1.2 but I can't ping to 192.168.0.1 or open a page.

Georg Pauwen · ‎03-09-2022

Hello,

can your PC ping 192.168.0.99 ?

alexander2003 · ‎03-09-2022

Yes, I can ping 192.168.0.99 from the PC.

Georg Pauwen · ‎03-09-2022

Hello,

post the running configuration again with the changes you have made.

alexander2003 · ‎03-09-2022

Attached is the current config.
Thanks a lot!

version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname CiscoRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$OBcO$UZPJhYt7xrDQwWIE4Y6l.1
!
no aaa new-model
!
ip dhcp excluded-address 10.10.1.1
!
ip dhcp pool lan-pool1
network 10.10.1.0 255.255.255.0
default-router 10.10.1.1
dns-server 8.8.8.8
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3433423209
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3433423209
revocation-check none
rsakeypair TP-self-signed-3433423209
!
!
crypto pki certificate chain TP-self-signed-3433423209
!
!
license udi pid C1111-8P sn FCZ2240122N
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface GigabitEthernet0/0/0
ip address 192.168.0.99 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/1/0
switchport mode access
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
ip address 10.10.1.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
no ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
!
access-list 1 permit 10.10.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
!
!
!
!
!
end

Georg Pauwen · ‎03-09-2022

Hello,

you are missing this line:

-->

ip nat inside source list 1 interface GigabitEthernet0/0/0 overload

alexander2003 · ‎03-09-2022

Now it works!
Thanks a lot!

Georg Pauwen · ‎03-09-2022

Glad to hear that !