Re: Cisco 1841 with two FastEthernet ports

allenvcisco · ‎03-27-2013

Hello,

I am having the most difficult time trying to setup the Cisco 1841 with a new Fiber Optic ISP. I have no experience with Cisco equipment but have taught myself some basics. All my attempts have ended with failure. I definitely will be taking some cisco courses soon.

Our current setup

20mbs Fiber Optic ISP

- They are providing us a x.x.129.233/30 WAN IP and a x.x.131.225/27 Public IP Block

Cisco 1841 Router (Which has no configuration at all, it was wiped by the ISP)

1x HP Procruve 2610 24 port Gigabit Switch

What we need is simple, we just need to distribute the Public IP block through to the LAN on the switch side. Any help would be greatly appreciated. I would post a config if I had one already made, but the 1841 is a clean slate. I just wiped it again to start fresh.

Allen Vicencio Diaz

Reza Sharifi · ‎03-27-2013

Hi,

Let start with physical layer first. Is the fiber connection between your1841 and the ISP is up?

Can you issue "sh ip int bri" and see if the interface connecting to the ISP in up and up mode?

Also, do you see link light on the port connecting to the ISP?

HTH

allenvcisco · ‎04-09-2013

Hi,

Sorry for late response, link light to ISP is on, interface is up and is in up mode but ISP reported that they were not able to ping the WAN side. I have since created a basic config and will post it here, I am not sure how to proceed with it any further, I understand what balbaletabrez stated, but I do not want DHCP internally, just need access to the public facing IP block that was given to us directly, no need for internal private IPs as all the devices are designed specifically to be connected as such.

Building configuration...

Current configuration : 1768 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Router
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$soxg$.OTiRzadt3KKt/m/6yjnN.
enable password 7 00141607075E12070B2C4540
!
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip subnet-zero
ip gratuitous-arps
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip bootp server
!
username root password 7 11391C041417125D
!
!
!
interface FastEthernet0/0
ip address x.x.129.234 255.255.255.252
ip verify unicast source reachable-via rx allow-default 100
speed auto
full-duplex
no mop enabled
!
interface FastEthernet0/1
ip address x.x.131.225 255.255.255.224
speed auto
full-duplex
no mop enabled
!
ip classless
ip route x.0.0.0 255.0.0.0 x.x.131.224
ip route x.x.131.224 255.255.255.224 x.x.129.233
!
ip http server
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
snmp-server community public RO
no cdp run
!
control-plane
!
banner motd ^C
^C
!
line con 0
exec-timeout 5 0
login authentication local_auth
transport output telnet
line aux 0
exec-timeout 15 0
login authentication local_auth
transport output telnet
line vty 0 4
password 7 0236015A08031673
login authentication local_auth
transport input telnet
!
end

Bilal Nawaz · ‎04-09-2013

Hello, I'm not entirely sure what purpose your routes are serving. Maybe you can clarify that for us.

ip route x.0.0.0 255.0.0.0 x.x.131.224
ip route x.x.131.224 255.255.255.224 x.x.129.233

But I would add that you probably need a default route back to your ISP
E.g. Ip route 0.0.0.0 0.0.0.0 x.x.129.233

(Assuming the .129.233 is their WAN IP)

And I'd probably take out this route:
No ip route x.x.131.224 255.255.255.224 x.x.129.233

Because it looks like you are pointing towards a network which is already connected through a connected network.

I'd also take out the first route, for now, again I'm not sure what this is providing.
Lets just get to a stage where we get a good ping ;-)

After you have done this, could you please show us a output of 'show ip route' and test a ping to their WAN IP.

Since its a directly connected network you should be able to ping, everything seems good in an 'up up' state.
One thing I would change is the fa configuration and manually set the duplex and speed, I.e.

Int fa0/0
Speed 100
Duplex full

Assuming their speed 100 duplex full too?

Hope this helps

Sent from Cisco Technical Support iPhone App

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Neil key · ‎04-10-2013

Don't put your passwords in as they are easy to crack, your root password is Peacey1 and vty is Peacey2. If they are your ISP then you are open to being hacked into VERY easily.

balbaletabrez · ‎03-27-2013

Hi

Create NAT and DHCP for internal network... Google it to know the configuration

Sent from Cisco Technical Support Android App

Velimir Filipov · ‎04-10-2013

Nonoon guys no NAT is required.

I guess x.x.129.233/30 is on the provider side, so x.x.129.234/30 should be on your router as configured at the moment.

The static routes you made are definetely wrong. Remove them. Other config seems OK.

You should have just default route pointing to the ISP router.

ip route 0.0.0.0 0.0.0.0 x.x.129.233

Ok, now the question is why the provider can't ping your WAN interface. If they do it from a different IP other than x.x.129.233, its due to lack of default route on your router.

If they can't ping it from the directly attached IP to your router - x.x.129.233, then im assuming there is an issue with the fiber link.