cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1380
Views
0
Helpful
2
Replies

Cisco 1921 Configuration

smutnpj10
Level 1
Level 1
I'm trying to configure a Cisco 1921 router to connect with my cable modem.  The router obtains an IP address from DHCP and I can ping resources on the internet while on the router.   The router hands out DHCP addresses to the clients but the clients can't access the internet.  I'm missing something simple.  Here is my config:

R1-1921#sh run
Building configuration...
Current configuration : 6236 bytes
!
! Last configuration change at 19:11:10 EST Thu Nov 5 2015 by **
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1-1921
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.153-3.M6.bin
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 $1$F3oi$EtowSjpBITAVsWVxr4EDM.
enable password *****
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
memory-size iomem 10
clock timezone EST -5 0
clock summer-time EDT recurring
!
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.100
ip dhcp excluded-address 192.168.1.201 192.168.1.254
ip dhcp excluded-address 192.168.2.1 192.168.2.100
ip dhcp excluded-address 192.168.2.201 192.168.2.254
ip dhcp excluded-address 10.10.10.1 10.10.10.100
ip dhcp excluded-address 10.10.10.201 10.10.10.254
ip dhcp excluded-address 192.168.20.1 192.168.20.100
ip dhcp excluded-address 192.168.20.201 192.168.20.254
!
ip dhcp pool vlan2_Home_DHCP
 network 192.168.2.0 255.255.255.0
 option 43 hex f104.0a0a.140b
 domain-name ***
 dns-server 8.8.8.8 8.8.4.4
 default-router 192.168.2.254
 lease 7
!
ip dhcp pool vlan10_Home_DHCP
 network 10.10.0.0 255.255.0.0
 option 43 hex f104.0a0a.140b
 domain-name ***
 default-router 10.10.10.1
 dns-server 8.8.8.8 8.8.4.4
 lease 7
!
ip dhcp pool vlan20_Home_DHCP
 network 192.168.20.0 255.255.255.0
 option 43 hex f104.0a0a.140b
 domain-name ***
 dns-server 8.8.8.8 8.8.4.4
 default-router 192.168.2.254
 lease 7
!
ip dhcp pool vlan1_Home_DHCP
 network 192.168.1.0 255.255.255.0
 option 43 hex f104.0a0a.140b
 domain-name ***
 dns-server 8.8.8.8 8.8.4.4
 default-router 192.168.1.254
 lease 7
!
!
!
ip domain name ***
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-2424561219
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2424561219
 revocation-check none
 rsakeypair TP-self-signed-2424561219
!
!
crypto pki certificate chain TP-self-signed-2424561219
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32343234 35363132 3139301E 170D3135 31313032 31383034
  35395A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 34323435
  36313231 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  81008E99 C46CD1DA 4626A4A1 614268A4 FC70E1B0 66E4D691 6F1DDA9E EE15D3D6
  44469CAF D9EB6EAF B155D164 5E75CD1E B0541204 98C7BC8A E973A18A 852F7BC3
  09B33BDB C4C63C75 4C8B7A60 BA3BB4E7 C980BDFA 19A90217 35F50803 C92973F4
  48E993E3 BFC1EE4D C9A8ABE7 C094E89B 9629195A 0763605A D577278C B8C39AB9
  0CEF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14B9ECCC A5378EAC C33EA600 3A11948F 56021544 74301D06
  03551D0E 04160414 B9ECCCA5 378EACC3 3EA6003A 11948F56 02154474 300D0609
  2A864886 F70D0101 05050003 81810046 FC666C70 E65C191B 951D69CC BE68D6D1
  B5EC7175 ED432B26 7C44E882 1C006392 04F30A7C E782CB04 CC898FD4 2B5F9085
  A84DB5BA 0996408A 46D36AE7 20A4BADA D418EC0D 08782215 F7A94E46 C7EEF16F
  998E78F0 17026E9A 0705D4F7 FCEEED19 AB467E35 6A8E2CED A35BD0C3 236CF87D
  76F3BF78 45D940EF DF0A8934 D411F3
        quit
license udi pid CISCO1921/K9 sn ******
!
!
!
redundancy
!
!
!
!
!
ip ssh time-out 60
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip address 172.40.59.1 255.255.255.255
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
 no cdp enable
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 192.168.1.253 255.255.255.0
 no cdp enable
!
interface GigabitEthernet0/0.2
 encapsulation dot1Q 2
 ip address 192.168.2.253 255.255.255.0
 no cdp enable
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.10.10.1 255.255.0.0
 no cdp enable
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
 no cdp enable
!
interface GigabitEthernet0/1
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip default-network 192.168.1.0
ip route 0.0.0.0 0.0.0.0 dhcp 20
!
no service-routing capabilities-manager
no cdp run
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.10.0 0.0.0.255
access-list 2 permit 192.168.20.0 0.0.0.255
access-list 2 permit 192.168.30.0 0.0.0.255
access-list 2 permit 192.168.40.0 0.0.0.255
access-list 2 permit 192.168.1.0 0.0.0.255
access-list 2 permit 10.10.20.0 0.0.0.255
access-list 3 permit 192.168.10.0 0.0.0.255
access-list 3 permit 192.168.20.0 0.0.0.255
access-list 3 permit 192.168.30.0 0.0.0.255
access-list 3 permit 192.168.40.0 0.0.0.255
access-list 3 permit 192.168.1.0 0.0.0.255
access-list 23 permit 10.10.10.0 0.0.0.7
!
control-plane
!
!
!
line con 0
 exec-timeout 0 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 privilege level 15
 login local
 transport input all
line vty 5 15
 privilege level 15
 login local
 transport input all
!
scheduler allocate 20000 1000
!
end
1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

Your modem would need routes back to the subnets and NAT setup for those subnets.

However an alternative way of doing it is to NAT all src IPs to the gi0/1 interface IP which it looks like you may be trying to do.

If you are then -

1) you need to add "ip nat inside" to each subinterface

2) the acl for your NAT is only referencing 192.168.1.x clients whereas your other acls reference all subnets.

If you want to have all subnets access the internet change the NAT statement to reference one of the other acls

3) not sure what you are doing with "ip default-network 192.168.1.0" statement.

Just remove it and use the default route you have in your configuration and you don't need to add an AD at the end.

Jon

View solution in original post

2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

Your modem would need routes back to the subnets and NAT setup for those subnets.

However an alternative way of doing it is to NAT all src IPs to the gi0/1 interface IP which it looks like you may be trying to do.

If you are then -

1) you need to add "ip nat inside" to each subinterface

2) the acl for your NAT is only referencing 192.168.1.x clients whereas your other acls reference all subnets.

If you want to have all subnets access the internet change the NAT statement to reference one of the other acls

3) not sure what you are doing with "ip default-network 192.168.1.0" statement.

Just remove it and use the default route you have in your configuration and you don't need to add an AD at the end.

Jon

Thanks Jon.  That was it.  I didn't have the "ip nat inside" on all of the sub interfaces.  I didn't get around to adding the acls yet as I was trying the native first.  I appreciate you quick response.

Review Cisco Networking for a $25 gift card