03-28-2023 03:21 PM - last edited on 04-03-2023 03:29 AM by Translator
Hi there, I am setting a small Cisco lab on my home LAN, and am looking to configure a 2621 router to connect to my ISP. I would like to have this router on the same subnet as the existing router from the ISP, if that is possible. Am I missing anything here? I have tried several online videos showing the process, however none seem to specifically mention the 2621 model, and some commands are not recognized by my router. This is my current configuration:
Building configuration...
Current configuration : 1487 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway1
!
boot-start-marker
boot-end-marker
!
enable secret 5 xxx
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
username dcauley privilege 15 password 0 xxx
!
!
!
!
!
!
!
interface FastEthernet0/0
description WAN
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
description LAN
ip address 192.168.1.252 255.255.255.0
ip nat inside
duplex auto
speed auto
no cdp enable
!
ip nat inside source list 1 interface FastEthernet 0/1 overload
ip nat inside source list INTERNET_ACL interface FastEthernet 0/1 overload
no ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
!
!
ip access-list extended INTERNET_ACL
permit ip 192.168.0.0 0.0.0.255 any
access-list 1 permit 192.168.0.0 0.0.0.255
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end
Solved! Go to Solution.
03-29-2023 12:05 AM - last edited on 04-03-2023 03:32 AM by Translator
We could give better advice if we knew more about your environment, especially about the ISP connection and router. But here are some comments about the posted config.
You have this
ip nat inside source list 1 interface FastEthernet 0/1 overload
But acl 1 points to the wrong network
access-list 1 permit 192.168.0.0 0.0.0.255
Your interface uses 192.168.1 but the acl uses 192.168.0. Also you specify interface fa0/1 which is your inside interface. You should specify fa0/0 which is your outside interface.
You have a second nat statement
ip nat inside source list INTERNET_ACL interface FastEthernet 0/1 overload
I don't know why you have 2 nat statements and you should remove this one. For one thing it has the same issue of pointing to the wrong interface. Also it uses an extended access list and the acl specifies the destination as any. I have seen situations where nat using an extended acl with any causes problems. So delete this nat statement and the extended acl that it uses.
You have 2 default routes configured. The first one might work but there is a better way to do it
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
When a static route points to an outbound Ethernet interface without specifying a next hop address it requires that the router arp for every remote address to which it will forward traffic. And it requires that the upstream device supports proxy arp and some ISP disable proxy arp because of the security implications of it. A better statement would be
ip route 0.0.0.0 0.0.0.0 dhcp
The second default route
ip route 0.0.0.0 0.0.0.0 192.168.1.254
points to an address on your inside network. You should remove this statement.
03-29-2023 12:05 AM - last edited on 04-03-2023 03:32 AM by Translator
We could give better advice if we knew more about your environment, especially about the ISP connection and router. But here are some comments about the posted config.
You have this
ip nat inside source list 1 interface FastEthernet 0/1 overload
But acl 1 points to the wrong network
access-list 1 permit 192.168.0.0 0.0.0.255
Your interface uses 192.168.1 but the acl uses 192.168.0. Also you specify interface fa0/1 which is your inside interface. You should specify fa0/0 which is your outside interface.
You have a second nat statement
ip nat inside source list INTERNET_ACL interface FastEthernet 0/1 overload
I don't know why you have 2 nat statements and you should remove this one. For one thing it has the same issue of pointing to the wrong interface. Also it uses an extended access list and the acl specifies the destination as any. I have seen situations where nat using an extended acl with any causes problems. So delete this nat statement and the extended acl that it uses.
You have 2 default routes configured. The first one might work but there is a better way to do it
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
When a static route points to an outbound Ethernet interface without specifying a next hop address it requires that the router arp for every remote address to which it will forward traffic. And it requires that the upstream device supports proxy arp and some ISP disable proxy arp because of the security implications of it. A better statement would be
ip route 0.0.0.0 0.0.0.0 dhcp
The second default route
ip route 0.0.0.0 0.0.0.0 192.168.1.254
points to an address on your inside network. You should remove this statement.
03-30-2023 11:42 AM - last edited on 04-03-2023 03:33 AM by Translator
Richard, thank you so much for taking the time to help me. With your information, and a little reading of some documentation, I have successfully configured my 2621! My configuration is as follows.
Current configuration : 1146 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gateway1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip audit po max-events 100
!
interface FastEthernet0/0
ip address 192.168.1.253 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.10.253 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial1/0
no ip address
shutdown
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
interface Serial1/4
no ip address
shutdown
!
interface Serial1/5
no ip address
shutdown
!
interface Serial1/6
no ip address
shutdown
!
interface Serial1/7
no ip address
shutdown
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
!
access-list 1 permit 192.168.10.0 0.0.0.255
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
!
end
03-30-2023 01:06 PM
Thanks for the update. Glad to know that you have succeeded in configuring the router. Keep up your efforts and feel free to post again to the community as you have other questions.
03-29-2023 01:53 AM - last edited on 04-03-2023 03:35 AM by Translator
i do quick win as below :
no ip nat inside source list 1 interface FastEthernet 0/1 overload
ip nat inside source list 1 interface FastEthernet 0/0 overload
no ip nat inside source list INTERNET_ACL interface FastEthernet 0/1 overload
no ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
no ip route 0.0.0.0 0.0.0.0 192.168.1.254
no access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
Testing from PC :
configure IP address 192.168.1.10/24 Gateway 192.168.1.252 ( DNS 8.8.8.8)
Still have issue
Post below output :
show run
show ip route
show ip interface brief
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide