Solved: Cisco 1720 internet router attempt

BernardRobbins · ‎09-13-2005

internet

|

isp

|

cisco 1720

204.246.200.XX1

|

Linux firewall/Nat

eth1

208.49.53.XX1

208.49.53.XX2 etc...

default route dev eth1

|

Lan

172.16.0.0/16

Do you see why this config wouldn't work?

Current configuration : 585 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

memory-size iomem 25

ip subnet-zero

no ip routing

!

no ip domain lookup

!

interface FastEthernet0

ip address 204.246.200.XX1 255.255.255.252

no ip route-cache

speed auto

full-duplex

!

interface Serial0

ip unnumbered FastEthernet0

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

no ip route-cache

no cdp enable

!

ip classless

no ip http server

!

line con 0

line aux 0

line vty 0 4

!

no scheduler allocate

!

end

Richard Burts · ‎09-13-2005

Bernard

Well this config addresses the two main issues that I identified in the first config. It seems to me that there are two issues to address in this config.

First the reason why you can not communicate with the devices in your LAN is that you do not have any routing information in the router that shows how to get to that LAN. You can either run a dynamic routing protocol between the router and the Linux or you can configure a static route on the router for the LAN addresses. It is not clear to me from your diagram what the address of the Linux connected to the router. That address is needed for the next hop of the static route.

The second issue is the failure to communicate with the Internet. Your post says that you can not ping the Internet from the router. It does not say whether you can ping the ISP next hop or not. That is an important distinction. If you can ping the ISP but not the Internet that points to one kind of problem. If you can not ping the ISP then that points to a different kind of problem. So please clarify what the problem is.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎09-13-2005

Bernard

I followed the link from your post and found the documentation for ip route by going through these steps:

IOS IP Configuration Guide Release 12.3

Part 2 IP Routing Protocols

Configuring IP Routing Protocol-Independent Features

Configuring Static Routes

HTH

Rick

HTH

Rick

View solution in original post

BernardRobbins · ‎09-13-2005

Also I am able to ping from my Linux router to the cisco and from the cisco to my linux router. I am unable to ping the internet from the cisco or the linux router.

Richard Burts · ‎09-13-2005

Bernard

I see several issues with this config. First and biggest problem is the configuration of:

no ip routing

If you want the Cisco to route then you need to enable routing. (The alternative is to configure it as a bridge.)

The next problem is perhaps due in part to problem number 1 and is that the router knows only about IP addresses that are directly connected. It has no information about how to reach the devices on your LAN and no information about how to reach the Internet. Information about remote addresses is usually learned from static routes, from a dynamic routing protocol, or from a default route (which is really a special case of static routes or learned from dynamic updates).

It looks to me like your router is using an IP address assigned by your provider, which is fine. Based on the drawing you gave I am surprised that the Linux is able to communicate with the Cisco since it looks like the Cisco has one subnet on its Ethernet and the Linux has a different subnet on its Ethernet. But if you say that it works then I accept that it does.

Fix the problem of enabling ip routing, put some routing information onto the Cisco and let us know how it works.

HTH

Rick

HTH

Rick

BernardRobbins · ‎09-13-2005

I sent the wrong config here is the right one:

Router#show running-config

Building configuration...

Current configuration : 567 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

memory-size iomem 25

ip subnet-zero

!

no ip domain lookup

!

interface FastEthernet0

ip address 204.246.200.XX1 255.255.255.252

speed auto

!

interface Serial0

ip unnumbered FastEthernet0

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

no cdp enable

!

ip classless

ip route 0.0.0.0 0.0.0.0 Serial0

no ip http server

!

line con 0

line aux 0

line vty 0 4

!

no scheduler allocate

!

end

Richard Burts · ‎09-13-2005

Bernard

Well this config addresses the two main issues that I identified in the first config. It seems to me that there are two issues to address in this config.

First the reason why you can not communicate with the devices in your LAN is that you do not have any routing information in the router that shows how to get to that LAN. You can either run a dynamic routing protocol between the router and the Linux or you can configure a static route on the router for the LAN addresses. It is not clear to me from your diagram what the address of the Linux connected to the router. That address is needed for the next hop of the static route.

The second issue is the failure to communicate with the Internet. Your post says that you can not ping the Internet from the router. It does not say whether you can ping the ISP next hop or not. That is an important distinction. If you can ping the ISP but not the Internet that points to one kind of problem. If you can not ping the ISP then that points to a different kind of problem. So please clarify what the problem is.

HTH

Rick

HTH

Rick

BernardRobbins · ‎09-13-2005

Thanks Rick! This fixed it:

ip route 208.49.53.XX1 255.255.255.255 fastEthernet 0

I can now ping from my Linux box to the cisco router and also the internet.

BernardRobbins · ‎09-13-2005

Can you point me to where the documentation is for this command. I cannot seem to find it anywhere in the configuration guides.

Richard Burts · ‎09-13-2005

Bernard

I am glad to know that my suggestion provided the solution for your situation.

I assume that you are asking for documentation for the ip route command. If so this URL is a good place to start:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fiprrp_r/ind_r/1rfindp1.htm#wp1018065

Let me point out that there are two main formats of the ip route command. In one format you identify the next hop address and in the other format you identify the outbound interface. The second format is the one that you used. In my experience this format is particularly well suited when the outbound interface is a point to point and somewhat less well suited when the outbound interface is multi-access as your FastEthernet is. The reason for that is that if you use the interface format, the router will have to ARP for every destination. This causes the router to do a bit more work and to increase the size of the ARP cache. It also is dependent on the neighboring device generating ARP responses for devices which may not be locally connected (proxy-arp). In your case these are not significant issues, but in some cases they might be.

HTH

Rick

HTH

Rick

BernardRobbins · ‎09-13-2005

I changed

ip route 0.0.0.0 0.0.0.0 Serial0

to

ip route 0.0.0.0 0.0.0.0 204.246.200.XX5

And it works.. Thanks!

I was wondering more about where ip route was in this section:

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_installation_and_configuration_guides_list.html

This is where I have found all the other information on how to set this up.

Richard Burts · ‎09-13-2005

Bernard

I followed the link from your post and found the documentation for ip route by going through these steps:

IOS IP Configuration Guide Release 12.3

Part 2 IP Routing Protocols

Configuring IP Routing Protocol-Independent Features

Configuring Static Routes

HTH

Rick

HTH

Rick