Solved: Cisco 2621 Router config for home lab use.

dcauley · ‎03-28-2023

Hi there, I am setting a small Cisco lab on my home LAN, and am looking to configure a 2621 router to connect to my ISP. I would like to have this router on the same subnet as the existing router from the ISP, if that is possible. Am I missing anything here? I have tried several online videos showing the process, however none seem to specifically mention the 2621 model, and some commands are not recognized by my router. This is my current configuration:

Building configuration...

Current configuration : 1487 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway1
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxx
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username dcauley privilege 15 password 0 xxx
!
!
!
!
!
!
!
interface FastEthernet0/0
description WAN
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.1.252 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
!
ip nat inside source list 1 interface FastEthernet 0/1 overload
ip nat inside source list INTERNET_ACL interface FastEthernet 0/1 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
!
!
ip access-list extended INTERNET_ACL
permit ip 192.168.0.0 0.0.0.255 any
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Richard Burts · ‎03-29-2023

We could give better advice if we knew more about your environment, especially about the ISP connection and router. But here are some comments about the posted config.

You have this

ip nat inside source list 1 interface FastEthernet 0/1 overload

But acl 1 points to the wrong network

access-list 1 permit 192.168.0.0 0.0.0.255

Your interface uses 192.168.1 but the acl uses 192.168.0. Also you specify interface fa0/1 which is your inside interface. You should specify fa0/0 which is your outside interface.

You have a second nat statement

ip nat inside source list INTERNET_ACL interface FastEthernet 0/1 overload

I don't know why you have 2 nat statements and you should remove this one. For one thing it has the same issue of pointing to the wrong interface. Also it uses an extended access list and the acl specifies the destination as any. I have seen situations where nat using an extended acl with any causes problems. So delete this nat statement and the extended acl that it uses.

You have 2 default routes configured. The first one might work but there is a better way to do it

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

When a static route points to an outbound Ethernet interface without specifying a next hop address it requires that the router arp for every remote address to which it will forward traffic. And it requires that the upstream device supports proxy arp and some ISP disable proxy arp because of the security implications of it. A better statement would be

ip route 0.0.0.0 0.0.0.0 dhcp

The second default route

ip route 0.0.0.0 0.0.0.0 192.168.1.254

points to an address on your inside network. You should remove this statement.

HTH

Rick

View solution in original post

Richard Burts · ‎03-29-2023

We could give better advice if we knew more about your environment, especially about the ISP connection and router. But here are some comments about the posted config.

You have this

ip nat inside source list 1 interface FastEthernet 0/1 overload

But acl 1 points to the wrong network

access-list 1 permit 192.168.0.0 0.0.0.255

Your interface uses 192.168.1 but the acl uses 192.168.0. Also you specify interface fa0/1 which is your inside interface. You should specify fa0/0 which is your outside interface.

You have a second nat statement

ip nat inside source list INTERNET_ACL interface FastEthernet 0/1 overload

I don't know why you have 2 nat statements and you should remove this one. For one thing it has the same issue of pointing to the wrong interface. Also it uses an extended access list and the acl specifies the destination as any. I have seen situations where nat using an extended acl with any causes problems. So delete this nat statement and the extended acl that it uses.

You have 2 default routes configured. The first one might work but there is a better way to do it

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

When a static route points to an outbound Ethernet interface without specifying a next hop address it requires that the router arp for every remote address to which it will forward traffic. And it requires that the upstream device supports proxy arp and some ISP disable proxy arp because of the security implications of it. A better statement would be

ip route 0.0.0.0 0.0.0.0 dhcp

The second default route

ip route 0.0.0.0 0.0.0.0 192.168.1.254

points to an address on your inside network. You should remove this statement.

HTH

Rick

dcauley · ‎03-30-2023

Richard, thank you so much for taking the time to help me. With your information, and a little reading of some documentation, I have successfully configured my 2621! My configuration is as follows.

Current configuration : 1146 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
interface FastEthernet0/0
ip address 192.168.1.253 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.10.253 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Serial1/4
no ip address
shutdown
!
interface Serial1/5
no ip address
shutdown
!
interface Serial1/6
no ip address
shutdown
!
interface Serial1/7
no ip address
shutdown
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end

Richard Burts · ‎03-30-2023

Thanks for the update. Glad to know that you have succeeded in configuring the router. Keep up your efforts and feel free to post again to the community as you have other questions.

HTH

Rick

balaji.bandi · ‎03-29-2023

i do quick win as below :

no ip nat inside source list 1 interface FastEthernet 0/1 overload

ip nat inside source list 1 interface FastEthernet 0/0 overload

no ip nat inside source list INTERNET_ACL interface FastEthernet 0/1 overload
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
no  ip route 0.0.0.0 0.0.0.0 192.168.1.254

no access-list 1 permit 192.168.0.0 0.0.0.255

access-list 1 permit 192.168.1.0 0.0.0.255

Testing from PC :

configure IP address 192.168.1.10/24 Gateway 192.168.1.252 ( DNS 8.8.8.8)

Still have issue

Post below output :

show run

show ip route

show ip interface brief

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help