Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1281
Views
0
Helpful
5
Replies

Cisco 1841 - Routing Between Ethernet Ports

coconut_munkey
Level 1
Level 1

‎05-02-2013 10:59 AM - edited ‎03-04-2019 07:47 PM

I have a Cisco 1841 that has an ADSL (ATM) card installed.  It was previously used with an ADSL line to provide NAT routing for an office.  Now I want to use it witha cable modem, which would mean abandoning the ADSL interface and instead routing between the two Ethernet ports.

Between the Cisco and the LAN is a Linux transparent proxy.  It provides routing between 192.168.1.0 (LAN) and 192.168.2.111 (Cisco LAN interface). 

The network looks like this:

Cable Modem(174.76.21.1)(gateway) --- (174.76.21.10)(WAN) Cisco 1841 (LAN)(192.168.2.111) --- (192.168.2.11) Linux Proxy (192.168.1.10) --- (192.168.1.0) LAN

For testing and diagnostics, I've connected a laptop to each FastEthernet port on the router.  One laptop is configured with the IP 174.76.21.1 to simulate the cable modem gateway and the other laptop has the IP 192.168.2.11 to simulate the Linux proxy.  From those systems I've performed the following diagnostics with the following results:

From 192.168.2.11

Ping 192.168.2.111 - OK

Ping 174.76.21.15 - OK

Ping 174.76.21.1 - Timed out

From 174.76.21.1

Ping 174.76.21.15 - OK

NAT translation to LAN IP's failing

There are some vestiges of the ADSL configuration, but I've cleaned most of it out and shut down the ATM interfaces.  Here's my config:

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no logging buffered

!

no aaa new-model

!

resource policy

!

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

ip subnet-zero

ip cef

!

!

no ip dhcp use vrf connected

!

!

ip name-server 209.244.0.3

ip name-server 209.244.0.4

!

bridge irb

!

interface FastEthernet0/0

description LAN0$FW_INSIDE$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ETH-LAN$

ip address 192.168.2.111 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat inside

ip tcp adjust-mss 1452

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description WAN$ETH-WAN$

ip address 174.76.21.10 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip nat outside

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface ATM0/0/0.1 point-to-point

shutdown

!

interface ATM0/0/0.2 point-to-point

shutdown

pvc 0/35

  pppoe-client dial-pool-number 1

!

!

interface BVI1

mtu 1492

no ip address

!

ip classless

ip route 0.0.0.0 0.0.0.0 174.76.21.1

ip route 192.168.1.0 255.255.255.0 192.168.2.11

!

ip http server

ip nat inside source list 1 interface FastEthernet0/1 overload

ip nat inside source list 2 interface FastEthernet0/1 overload

ip nat inside source static tcp 192.168.1.13 1723 interface FastEthernet0/1 1723

ip nat inside source static tcp 192.168.1.14 6004 interface FastEthernet0/1 6004

!

ip access-list extended sdm_bvi1_out

remark SDM_ACL Category=1

permit ip any any

remark SDM_ACL Category=1

ip access-list extended sdm_dialer0_out

remark SDM_ACL Category=1

permit ip any any

remark SDM_ACL Category=1

!

access-list 1 permit 192.168.2.0 0.0.0.255

access-list 2 remark SDM_ACL Category=2

access-list 2 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

!

control-plane

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

line aux 0

line vty 0 4

login

!

end

Where am I going wrong?

Labels:
0 Helpful
5 Replies 5

enkli
Level 1
Level 1

‎05-02-2013 12:06 PM

As you have traffic fro 1.0 you do not need the nat for 2.0


Sent from Cisco Technical Support Android App

0 Helpful

coconut_munkey
Level 1
Level 1
In response to enkli

‎05-02-2013 01:05 PM

Okay.  But the .1.0 LAN is still not getting out to the internet.  It can see as far as the WAN Ethernet interface, but no further.  It seems like the router isn't forwarding to the final hop - the ISP's gateway.

0 Helpful

ahmadamr85
Level 1
Level 1
In response to coconut_munkey

‎05-03-2013 01:45 AM

try to connect directly to interface f0/0 and take an IP from the 192.168.2.0/24 range, if you get internet connection then it might be an issue with the linux box

after that connect behind the linux proxy and take an IP from the 192.168.1.0/24 range and do a traceroute and provide the output of show ip nat translation

0 Helpful

coconut_munkey
Level 1
Level 1
In response to ahmadamr85

‎05-03-2013 07:02 AM

Thank you for the suggestion, Ahmad.  I am currently doing as you suggest - testing with a system hooked directly to f0/0 with a 2.x address and the Linux proxy removed from the picture.  The system with the 2.x address is unable to get any further than the f0/1 interface on the router.

0 Helpful

ahmadamr85
Level 1
Level 1
In response to coconut_munkey

‎05-03-2013 07:09 AM

Can you provide the output of show ip nat translation

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card