Solved: Re: Cisco 2811 ISR connection to ISP Router and PoE Switch

PieroBoccadoro · ‎02-06-2024

Hi everyone,

first of all, let me clarify that I'm a newby so please, be patient: I'm learning.

I need to create this connection:

ISP Router -> 2811 -> PoE Switch

The ISR Router will still be the one providing WiFi connection to the rest of my office.
The PoE switch will be in charge of granting connection to other PoE devices.

I was reading this post: https://community.cisco.com/t5/routing/help-with-configuring-a-2811-cisco-router-for-use-with-isp/td-p/3037698 but It's still not working for me.

Here I'll report the current configuration:

! Last configuration change at 10:02:58 UTC Tue Feb 6 2024
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO-Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 ##################
enable password ##################
!
no aaa new-model
!
ip source-route
no ip routing
!
!
no ip cef
!
ip dhcp pool LAN
default-router 192.168.1.3
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO2811 sn FCZ1431704E
!
!
!
!
!
!
interface FastEthernet0/0
description *** INTERNET ***
ip address 192.168.1.3 255.255.255.0
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1

description *** LAN ***
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/0
no ip address
no ip route-cache
shutdown
clock rate 2000000
no cdp enable
!
interface Serial0/3/0
no ip address
no ip route-cache
shutdown
clock rate 2000000
no cdp enable
!
ip forward-protocol nd
!
!
no ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip nat inside source route-map ISP interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 192.168.1.1
!
route-map ISP permit 10
match ip address 1
match interface FastEthernet0/0
!
!
snmp-server community test RO
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password ##################
login
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end

The WiFi network is in the 192.168.1.0/24 network.

At the moment, from a WiFi-connected device I can ping both FastEthernet interfaces, so I can reach 192.168.1.2 and 192.168.1.3.

Unfortunately, none of the devices connected to the PoE switch can navigate and they don't get the IP address.

For the sake of clarity, let me specify that the PoE switch I'm using is a NETGEAR GS316PP.

Could you please help me?

Thank you very much for your kind reply.

PieroBoccadoro · ‎02-08-2024

Thank you very much @Giuseppe Larosa for your clues.
Tomorrow morning I'll try this out and let you know if it worked or not by editing this post.

[EDIT] Step a) works just fine. Step b) doesn't.
I checked one of the devices and noticed that the IP address it receives has not changed to

For the sake of completeness, let me post here the current configuration:

Current configuration : 1758 bytes
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO-Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 ################
enable password ################
!
no aaa new-model
!
ip source-route
no ip routing
!
!
no ip cef
ip dhcp excluded-address 192.168.2.1
ip dhcp ping packets 5
ip dhcp ping timeout 2000
!
ip dhcp pool LAN
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1 
dns-server 8.8.8.8 
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO2811 sn FCZ1431704E
!
!
!
!
!
!
interface FastEthernet0/0
description *** INTERNET ***
ip address 192.168.1.3 255.255.255.0
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1
description *** LAN ***
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
no ip address
no ip route-cache
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/0
no ip address
no ip route-cache
shutdown
clock rate 2000000
no cdp enable
!
interface Serial0/3/0
no ip address
no ip route-cache
shutdown
clock rate 2000000
no cdp enable
!
ip forward-protocol nd
!
!
no ip http server
ip nat inside source list 1 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 1 permit 192.168.2.0 0.0.0.255
!
snmp-server community test RO
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password ################
login
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end

Best.

View solution in original post

PieroBoccadoro · ‎02-09-2024

Dear all,

first, let me thank you once again by heart for your precious support. You've been eye-opening to me.

Second, I just fixed the problem by using the first LAN port of the PoE Switch to connect the 2811. Perhaps I underestimated the the first LAN port is used to pick the network to which the devices are connected.

All the best.

Piero.

View solution in original post

Georg Pauwen · ‎02-06-2024

Hello,

first of all, you need to enable ip routing:

CISCO-Router(config)#ip routing

Then you need to assign a different subnet to the LAN interface, such as 192.168.2.1/24. Also, create this access list:

access-list 1 permit 192.168.2.0 0.0.0.255

Then create a corresponding DHCP pool:

ip dhcp pool LAN

network 192.168.2.0 255.255.255.0

default-router 192.168.2.1

PieroBoccadoro · ‎02-06-2024

Hi,

first of all, thank you very much for your time and your kind reply.

I did what you suggested and now, the running configuration is:

!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO-Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 #############
enable password #############
!
no aaa new-model
!
ip source-route
!
!
ip cef
!
ip dhcp pool LAN
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO2811 sn FCZ1431704E
!
!
!
!
!
!
interface FastEthernet0/0
description *** INTERNET ***
ip address 192.168.1.3 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1
description *** LAN ***
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
no cdp enable
!
interface Serial0/3/0
no ip address
shutdown
clock rate 2000000
no cdp enable
!
ip forward-protocol nd
!
!
no ip http server
!
access-list 1 permit 192.168.2.0 0.0.0.255
!
snmp-server community test RO
!
control-plane
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password #############
login
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end

One of the devices attached to the Switch is exposing me a private Wi-Fi network for management only and I could see that the device has an IP address in the 192.168.2.0 /24 network. But, it is not navigating yet because it is missing the router IP.

I think we're so close now, aren't we?!

Thank you very much for your time.

Georg Pauwen · ‎02-06-2024

Hello,

add the lines marked in bold. Then try and ping 8.8.8.8 from the router:

version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CISCO-Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 #############
enable password #############
!
no aaa new-model
!
ip source-route
!
ip cef
!
--> ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool LAN
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
multilink bundle-name authenticated
!
license udi pid CISCO2811 sn FCZ1431704E
!
interface FastEthernet0/0
description *** INTERNET ***
ip address 192.168.1.3 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1
description *** LAN ***
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/0
no ip address
shutdown
clock rate 2000000
no cdp enable
!
interface Serial0/3/0
no ip address
shutdown
clock rate 2000000
no cdp enable
!
ip forward-protocol nd
!
no ip http server
!
--> ip nat inside source list 1 interface FastEthernet0/0 overload
access-list 1 permit 192.168.2.0 0.0.0.255
!
--> ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
snmp-server community test RO
!
control-plane
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
password #############
login
!
scheduler allocate 20000 1000
no process cpu extended
no process cpu autoprofile hog
end

PieroBoccadoro · ‎02-06-2024

Hi again,

I fixed the configuration by adding the bold lines that you reported.

Now, I can see the router IP in the control panel I mentioned you before:

Unfortunately, the devices are not able to navigate. What are the next steps?

Giuseppe Larosa · ‎02-06-2024

Hello @PieroBoccadoro ,

from the router shell test if you can ping 8.8.8.8

if this works it means the ISP router has proxy ARP enabled

if this does not work you need to find out what is the IP address of the ISP router for example by using wireshark on a PC connected to the ISP router.

Hope to help

Giuseppe

PieroBoccadoro · ‎02-07-2024

Hi @Giuseppe Larosa,

and thank you for your kind reply.

I tried what you suggested and couldn't ping 8.8.8.8 from the router shell (which is good news, since there's no option there to enable proxy ARP!).
I was able to find the ISP router address and, not surprisingly, it is 192.168.1.1.

What can I do now?

Giuseppe Larosa · ‎02-07-2024