Cisco 1921 ISR no internet

sojab0on · ‎02-27-2019

Hi due to the strain on the isp supplied Modem/router Ziggo connectbox that could not handle the troughput loads of my media and did not keep track of connected devices well enough i search for an good alternative.

Then at a previous company i worked the 1921 isr router was decommssioned and they said just take it with you otherwise it will go in to the trashbin.

So i reset the router at home and setup the following connfig (This is the current running config)

router#show running-config
Building configuration...

Current configuration : 1979 bytes
!
! Last configuration change at 14:30:45 UTC Wed Feb 27 2019 by michel
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
!
ip dhcp pool Ip-home
network 10.20.0.0 255.255.255.0
default-router 10.20.0.1
dns-server 1.0.0.1 1.1.1.1 8.8.8.8 8.8.4.4 10.20.0.1
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ172993FD
!
!
username michel privilege 15 secret 4 aSdhQ.11zsWHZ8E7FqIVdpjkSKzSNykog.cTXMIWKqk
!
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.20.0.1 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip nat inside source list 199 interface GigabitEthernet0/1 overload
ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1
!
ip access-list extended NAT
permit ip 10.20.0.0 0.0.0.255 any
!
access-list 1 permit 10.20.0.0 0.0.0.255 any
access-list 199 permit ip any any
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end

The problem is that the ISP delivers an IP to Gigabiteethernet 0/1

but the devices connected to Gigbitethernet 0/0 where the ip are given out correctly and the devices get defaultgaeway and the dns server, they still get no internet connection.

i used my fallback 4g hotspot to type this on a laptop.

Can some one help me break down where i configured it wrong.

Regards
Michel

sojab0on · ‎02-27-2019

I know where the problem in de basic config lies

ip nat intside
ip virtual-reassembly in

where needed on the GE 0/0 config

when i put those there the Connection works to outside.

But troughput is not what it should be, i know this router cant handle an 400 mbps line but i cant get even to 250 mbps on a direct cable link to the router.

At boot the router in putty also gives a line
default route without gateway may impact performance

Dont know if that could be the troughput problem as well.

2 test i did

1. wifi troughput via an acesspoint with is connect trouch an cat5e connect and an gb 8 port witch to the router now cant even get speeds above 80 mbps even when the wifi devices are directly next to it on 5ghz wifi channel.

2. direct cable test server directly connected to GE 0/0 with an cat 6 coper cable with an 1gb nic in the server cant even get a steady speed test, they jitter around and stop under 250 mbps

so is there a way to get a maximized troughput of say 300 or 350mbps

Georg Pauwen · ‎02-27-2019

Hello,

I have made some changes/additions (marked in bold) to your configuration:

Current configuration : 1979 bytes
!
! Last configuration change at 14:30:45 UTC Wed Feb 27 2019 by michel
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
!
ip dhcp excluded-address 10.20.0.1
!
ip dhcp pool Ip-home
network 10.20.0.0 255.255.255.0
default-router 10.20.0.1
dns-server 1.0.0.1 1.1.1.1 8.8.8.8 8.8.4.4 10.20.0.1
!
no ipv6 cef
multilink bundle-name authenticated
!
license udi pid CISCO1921/K9 sn FCZ172993FD
!
username michel privilege 15 secret 4 aSdhQ.11zsWHZ8E7FqIVdpjkSKzSNykog.cTXMIWKqk
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.20.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
--> no ip nat inside source list 199 interface GigabitEthernet0/1 overload
--> no ip nat inside source list NAT interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
--> no ip access-list extended NAT
permit ip 10.20.0.0 0.0.0.255 any
!
access-list 1 permit 10.20.0.0 0.0.0.255
--> no access-list 199 permit ip any any
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end

sojab0on · ‎02-27-2019

At no ip nat inside source list 199

It give me error Dynamic mapping in use, cannot remove

What do i need to change to get that removed

sojab0on · ‎02-27-2019

Made most of the changes you gave

Building configuration...

Current configuration : 1965 bytes
!
! Last configuration change at 15:14:16 UTC Wed Feb 27 2019 by michel
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.20.0.1
!
ip dhcp pool Ip-home
import all
network 10.20.0.0 255.255.255.0
default-router 10.20.0.1
dns-server 1.0.0.1 1.1.1.1 8.8.8.8 8.8.4.4 10.20.0.1
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ172993FD
!
!
username michel privilege 15 secret 4 aSdhQ.11zsWHZ8E7FqIVdpjkSKzSNykog.cTXMIWKqk
!
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
!
!
interface Loopback0
ip address 10.20.0.253 255.255.255.0
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.20.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip nat inside source list 199 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
access-list 1 permit 10.20.1.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end

But the bold line wont remove it keeps giving %Error: Dynamic mapping in use, cannot remove

How can i remove that line do in need te remove something else or do i need to create an config file where all the changes you gave are in and reload the router trough putty with that config file pushed in ?

Georg Pauwen · ‎02-27-2019

Hello

your access list 1 is wrong:

--> no access-list 1 permit 10.20.1.0 0.0.0.255

access-list 1 permit 10.20.0.0 0.0.0.255

To get rid of the other access list, try:

clear ip nat translation *

and then try to delete it again...

sojab0on · ‎02-27-2019

Okay tried that and it ineed removed the line after that.

here is the latest rnning-config

Building configuration...

Current configuration : 1897 bytes
!
! Last configuration change at 15:54:13 UTC Wed Feb 27 2019 by michel
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.20.0.1
!
ip dhcp pool Ip-home
import all
network 10.20.0.0 255.255.255.0
default-router 10.20.0.1
dns-server 1.0.0.1 1.1.1.1 8.8.8.8 8.8.4.4 10.20.0.1
!
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FCZ172993FD
!
!
username michel privilege 15 secret 4 aSdhQ.11zsWHZ8E7FqIVdpjkSKzSNykog.cTXMIWKqk
!
!
csdb tcp synwait-time 30
csdb tcp idle-time 3600
csdb tcp finwait-time 5
csdb tcp reassembly max-memory 1024
csdb tcp reassembly max-queue-length 16
csdb udp idle-time 30
csdb icmp idle-time 10
csdb session max-session 65535
!
!
!
!
interface Loopback0
ip address 10.20.0.253 255.255.255.0
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.20.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 dhcp
!
access-list 1 permit 10.20.0.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
privilege level 15
login local
transport input all
!
scheduler allocate 20000 1000
!
end

sojab0on · ‎02-27-2019

Connection is live now trough the 1921

But the troughput still is flakky

Wifi speeds are gooing up for 80 to 190mbps

cable speeds is bouncing around between 270mbps ans 331 mbps

The device as i could find cant handle the full line speed i can get 400 mbps correct me if i am wrong

the line speed was manageable with the router/modem its self but that device is just a bunch of crap slow not well protected and dhcp tables are strange with device names not showing up or devices that do have internet not showing up at all in the dhcp client list.

Georg Pauwen · ‎02-27-2019

Hello,

change the IP address of the Loopback interface to something else, such as 1.1.1.1/32, as now it is in the same subnet as your inside NAT interface.

Also, change the order of the DNS servers in your DHCP pool:

dns-server 8.8.8.8 8.8.4.4 1.0.0.1 1.1.1.110.20.0.1

sojab0on · ‎02-27-2019

Still no luck on the line speed.
still boucing speeds between 150-350 mbps

But normaly it should be stable speeds, i do have an coper line but is coaxial coper connection.

so it not split as ADSL is here in holland.

Do you know what the max speed is this router can handle, dont know for shure if it can handle 400 Mbps connection i get from the isp.