Re: Cisco 851W with Comcast cable

sudip.acharya1 · ‎06-22-2010

Hi,

I am running into an issue configuring the 851w at my home. I have a Comcast cable modem which the 851w plugs into. Any clients connected to the 851w (lan or wireless) get the right ip's but that’s all. No client can get to the internet or even ping any outside address such as Comcast's DNS servers. I have posted the config for your help.

Also, how can I see the IP FA4 got from the cable modem?

Additionally, when I left the wifi unencrypted/open, none of my clients were able to join. As soon as I set WEP, each client joined immediately. How can I leave the wifi completely open?

Thanks in advance.

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Longport
!
boot-start-marker
boot-end-marker
!
logging console informational
enable --------------------
enable password -------
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid LongPort
vlan 1
    authentication open
    guest-mode
!
no ip routing
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool lan
    import all
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    domain-name domain
    dns-server 68.87.64.150 68.87.75.198
    lease 14
!
!
no ip cef
ip name-server 68.87.64.150 <- I got these from Comcast
ip name-server 68.87.75.198
ip dhcp-server 192.168.1.1
!
!
!
!
!
archive
log config
   hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$
ip address dhcp client-id FastEthernet4
no ip route-cache
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption vlan 1 key 1 size 40bit 0 00B53450E4 transmit-key
encryption vlan 1 mode wep mandatory
!
broadcast-key vlan 1 change 30
!
!
ssid LongPort
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
no ip route-cache
bridge-group 1
!
interface BVI1
description $ES_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
no ip http secure-server
ip nat source list Nat_allowed interface FastEthernet4 overload
!
ip access-list standard Nat_allowed
permit 192.168.1.0 0.0.0.255
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
password -------------
login
no modem enable
line aux 0
line vty 0 4
password --------------
login
!
scheduler max-task-time 5000

Jerry Ye · ‎06-22-2010

I see two problems so far. You didn't enable ip routing and there isn't ip nat outside on Fa4.

ip routing

interface fa4

ip nat outside

Regards,

jerry

sudip.acharya1 · ‎06-22-2010

Thanks, i'll try that.

Any idea how i can find out the dhcp address that int4 got?

Jerry Ye · ‎06-22-2010

show ip int brief show give you the information you need.

Regards,

jerry

sudip.acharya1 · ‎06-23-2010

I tried the commands but still no internet access.

Jerry Ye · ‎06-23-2010

Can you post the latest show run?

Regards,

jerry

sudip.acharya1 · ‎06-23-2010

Here you go.

Thanks.

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Longport
!
boot-start-marker
boot-end-marker
!
logging console informational
enable secret ---

enable password ---
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid LongPort
vlan 1
   authentication open
   guest-mode
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool lan
   import all
   network 192.168.1.0 255.255.255.0
   default-router 192.168.1.1
   domain-name domain
   dns-server 68.87.64.150 68.87.75.198
   lease 14
!
!
ip cef
ip name-server 68.87.75.198
ip name-server 68.87.64.150
ip dhcp-server 192.168.1.1
!
!
!

!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
encryption vlan 1 key 1 size 40bit 7 C02C415A939E transmit-key
encryption vlan 1 mode wep mandatory
!
broadcast-key vlan 1 change 30
!
!
ssid LongPort
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
!
interface BVI1
description $ES_LAN$
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route 0.0.0.0 0.0.0.0 FA4

no ip classless
ip forward-protocol nd
!
ip http server
no ip http secure-server
ip nat source list Nat_allowed interface FastEthernet4 overload
!
ip access-list standard Nat_allowed
permit 192.168.1.0 0.0.0.255
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
password ------ login
no modem enable
line aux 0
line vty 0 4
password ------ login
login
!
scheduler max-task-time 5000
end

Jerry Ye · ‎06-23-2010

Okay, spot more mistake, do the following trace route from your desktop to a website via their IP address and post the result.

no ip nat source list Nat_allowed interface FastEthernet4 overload
ip nat inside source list Nat_allowed interface FastEthernet4 overload
ip classless

Windows command in cmd

nslookup

tracert

Regards,

jerry

sudip.acharya1 · ‎06-27-2010

Here is the config that works perfectly.

Not sure what the issue was but i erased the config and started from scratch.

no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LongPort
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret ---------
!
no aaa new-model
!
dot11 syslog
!
dot11 ssid Longport
   vlan 1
   authentication open
   guest-mode
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
   import all
   network 10.10.10.0 255.255.255.248
   default-router 10.10.10.1
   dns-server 68.87.64.150 68.87.75.198 <----DNS server from comcast
   lease 0 2
!
!
ip cef
no ip domain lookup
ip domain name yourdomain.com
!
!
!
username admin privilege 15 secret ----------------
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ES_WAN$
ip address dhcp client-id FastEthernet4
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
no ip route-cache cef
no ip route-cache
!
ssid Longport
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no ip route-cache
no cdp enable
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ES_LAN$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
login local
length 0
transport input telnet ssh
!
scheduler max-task-time 5000

jimmysands73_2 · ‎06-27-2010

The two configs are radically different, I dont think a reboot added all the lines, maybe......the IPs first of all went from Class A to C...do a line by line fc on it...interesting!

sudip.acharya1 · ‎06-28-2010

Right, i did more than just a reboot. I redid the entire config using a different private ip range to avoid getting myself confused. I think i had misconfigured nat in the previous config.