cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Community Live
1115
Views
0
Helpful
27
Replies
thepauper
Beginner

Cisco 881 Router

I am having an issue getting this router configured properly.  It is a VERY basic setup for our end-users.   WAN is DHCP and LAN is DHCP.  I am getting address from ISP and my PC's are getting addresses from the router.  I can PING outside (google, etc) from the router but not from the LAN.  There is no traffic flowing past the router at all.  i can even ping the outside facing address of the WAN link but that is as far as it goes.  The config is below.  Any help would be great as I am sure it is something very simple.

Thanks ahead of time.

-------------------------------------------------------------CONFIG--------------------------------------------------------------------------------------------

Current configuration : 3707 bytes

!

! Last configuration change at 18:01:27 UTC Thu Feb 6 2014 by radmin

! NVRAM config last updated at 18:01:29 UTC Thu Feb 6 2014 by radmin

! NVRAM config last updated at 18:01:29 UTC Thu Feb 6 2014 by radmin

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FREEWEB

!

boot-start-marker

warm-reboot

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 5 --------------------------------------

enable password -----------------

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-372594648

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-372594648

revocation-check none

rsakeypair TP-self-signed-372594648

!

!

crypto pki certificate chain TP-self-signed-372594648

certificate self-signed 01

  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530

  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934

  36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7

  A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838

  6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53

  CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655

  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

  23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355

  1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86

  4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98

  C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8

  7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891

  7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF

  844F8CCC 7C301E40 38D45639 40

        quit

ip source-route

no ip routing

!

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.10.5

ip dhcp excluded-address 10.10.10.2

!

ip dhcp pool ccp-pool

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 24.226.10.193 24.226.1.94

lease 5

!

!

no ip cef

ip domain name ls.local

ip name-server 24.226.10.193

ip name-server 24.226.1.94

no ipv6 cef

!

!

license udi pid CISCO881-K9 sn FGL174720UZ

!

!

username ------- privilege 15 secret 4------------------

6

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

shutdown

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

!

interface Vlan1

description $ETH_LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 FastEthernet4

!

access-list 10 permit 10.10.10.0 0.0.0.255

no cdp run

!

!

!

!

banner login Welcome to the new FREEWEB Router

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password -----------

login local

transport input telnet ssh

!

end

----------------------------------------------------------------------------------END OF CONFIG--------------------------------------------------------

27 REPLIES 27
Jon Marshall
VIP Community Legend

Paul

You need to NAT your 10.10.10.x addresses eg.

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

ip nat inside source list 101 interface fa4 overload

Jon

I had that in there at one point but removed it thinking the access-list could be the culprit.  Anyways I put it back in and still not luck.

Can you repost with the nat config in?

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Current configuration : 3821 bytes

!

! Last configuration change at 18:31:35 UTC Thu Feb 6 2014 by radmin

! NVRAM config last updated at 18:31:39 UTC Thu Feb 6 2014 by radmin

! NVRAM config last updated at 18:31:39 UTC Thu Feb 6 2014 by radmin

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FREEWEB

!

boot-start-marker

warm-reboot

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 5 -------------------

enable password ------------------

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-372594648

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-372594648

revocation-check none

rsakeypair TP-self-signed-372594648

!

!

crypto pki certificate chain TP-self-signed-372594648

certificate self-signed 01

  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530

  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934

  36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7

  A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838

  6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53

  CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655

  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

  23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355

  1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86

  4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98

  C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8

  7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891

  7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF

  844F8CCC 7C301E40 38D45639 40

        quit

ip source-route

no ip routing

!

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.10.5

ip dhcp excluded-address 10.10.10.2

!

ip dhcp pool ccp-pool

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 24.226.10.193 24.226.1.94

lease 5

!

!

no ip cef

ip domain name ls.local

ip name-server 24.226.10.193

ip name-server 24.226.1.94

no ipv6 cef

!

!

license udi pid CISCO881-K9 sn FGL174720UZ

!

!

username -------------- privilege 15 secret 4 ----------------------------

6

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

shutdown

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

!

interface Vlan1

description $ETH_LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 101 interface FastEthernet4 overload

ip route 0.0.0.0 0.0.0.0 FastEthernet4

!

access-list 10 permit 10.10.10.0 0.0.0.255

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

no cdp run

!

!

!

!

banner login Welcome to the new FREEWEB Router

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password -------------------

login local

transport input telnet ssh

!

end

The config looks ok. If you're in the router, can you try a couple of things:

1. ping 4.2.2.1 - if successful, go to 2.

2. ping 4.2.2.1 source vlan 1

Why do you have routing disabled? I'd enable it and try again as well:

ip routing

Please post your findings...

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

FREEWEB#ping 4.2.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/28/36 ms

FREEWEB#ping 4.2.2.1 source vlan 1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:

Packet sent with a source address of 10.10.10.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms

Jon Marshall
VIP Community Legend

Paul

Assuming none of the clients are working can you -

1) do a "clear ip nat translations"

2) from a client try a ping to the same address you just used

3) post the output of "sh ip nat translations"

Jon

I'm still wondering why routing is disabled.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

John

That is a very good point

Jon

No response on the client for the PING test

FREEWEB#clear ip nat translation *

FREEWEB#sh ip nat translation

FREEWEB#

Jon Marshall
VIP Community Legend

Paul

As per John's suggestion, try enabling ip routing.

Jon

I turned the routing on and now I cannot ping by name or IP on the router or the client.

here is the config

Current configuration : 3604 bytes

!

! No configuration change since last restart

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FREEWEB

!

boot-start-marker

warm-reboot

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 5 ---------------------

enable password ------------------------

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-372594648

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-372594648

revocation-check none

rsakeypair TP-self-signed-372594648

!

!

crypto pki certificate chain TP-self-signed-372594648

certificate self-signed 01

  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530

  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934

  36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7

  A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838

  6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53

  CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655

  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

  23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355

  1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86

  4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98

  C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8

  7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891

  7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF

  844F8CCC 7C301E40 38D45639 40

        quit

ip source-route

!

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.10.5

ip dhcp excluded-address 10.10.10.2

!

ip dhcp pool ccp-pool

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 24.226.10.193 24.226.1.94

lease 5

!

!

ip cef

ip domain name ls.local

ip name-server 24.226.10.193

ip name-server 24.226.1.94

no ipv6 cef

!

!

license udi pid CISCO881-K9 sn FGL174720UZ

!

!

username ----------- privilege 15 secret 4 -------------------------

6

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

shutdown

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Vlan1

description $ETH_LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 101 interface FastEthernet4 overload

ip route 0.0.0.0 0.0.0.0 FastEthernet4

!

access-list 10 permit 10.10.10.0 0.0.0.255

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

no cdp run

!

!

!

!

banner login Welcome to the new FREEWEB Router

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password -------------------

login local

transport input telnet ssh

!

end

Jon Marshall
VIP Community Legend

Paul

Can you -

1) "no ip source-route"

2) post the output of "sh ip int brief" and "sh ip route"

do you know what the IP address of the next hop is meant to be ?

Jon

It is dynamic from our ISP so I dont know the next hop

here is the posting

FREEWEB#sh ip int br

Interface                  IP-Address      OK? Method Status                Prot

ocol

FastEthernet0              unassigned      YES unset  administratively down down

FastEthernet1              unassigned      YES unset  administratively down down

FastEthernet2              unassigned      YES unset  up                    up

FastEthernet3              unassigned      YES unset  down                  down

FastEthernet4              216.221.84.16   YES DHCP   up                    up

NVI0                       unassigned      YES unset  administratively down down

Vlan1                      10.10.10.1      YES NVRAM  up                    up

FREEWEB#sh ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, FastEthernet4

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.10.10.0/24 is directly connected, Vlan1

L        10.10.10.1/32 is directly connected, Vlan1

      24.0.0.0/32 is subnetted, 1 subnets

S        24.226.1.122 [254/0] via 216.221.84.1, FastEthernet4

      216.221.84.0/24 is variably subnetted, 2 subnets, 2 masks

C        216.221.84.0/25 is directly connected, FastEthernet4

L        216.221.84.16/32 is directly connected, FastEthernet4

FREEWEB#