cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1108
Views
0
Helpful
27
Replies
thepauper
Beginner

Cisco 881 Router

I am having an issue getting this router configured properly.  It is a VERY basic setup for our end-users.   WAN is DHCP and LAN is DHCP.  I am getting address from ISP and my PC's are getting addresses from the router.  I can PING outside (google, etc) from the router but not from the LAN.  There is no traffic flowing past the router at all.  i can even ping the outside facing address of the WAN link but that is as far as it goes.  The config is below.  Any help would be great as I am sure it is something very simple.

Thanks ahead of time.

-------------------------------------------------------------CONFIG--------------------------------------------------------------------------------------------

Current configuration : 3707 bytes

!

! Last configuration change at 18:01:27 UTC Thu Feb 6 2014 by radmin

! NVRAM config last updated at 18:01:29 UTC Thu Feb 6 2014 by radmin

! NVRAM config last updated at 18:01:29 UTC Thu Feb 6 2014 by radmin

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FREEWEB

!

boot-start-marker

warm-reboot

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 5 --------------------------------------

enable password -----------------

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-372594648

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-372594648

revocation-check none

rsakeypair TP-self-signed-372594648

!

!

crypto pki certificate chain TP-self-signed-372594648

certificate self-signed 01

  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530

  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934

  36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7

  A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838

  6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53

  CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655

  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

  23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355

  1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86

  4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98

  C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8

  7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891

  7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF

  844F8CCC 7C301E40 38D45639 40

        quit

ip source-route

no ip routing

!

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.10.5

ip dhcp excluded-address 10.10.10.2

!

ip dhcp pool ccp-pool

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 24.226.10.193 24.226.1.94

lease 5

!

!

no ip cef

ip domain name ls.local

ip name-server 24.226.10.193

ip name-server 24.226.1.94

no ipv6 cef

!

!

license udi pid CISCO881-K9 sn FGL174720UZ

!

!

username ------- privilege 15 secret 4------------------

6

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

shutdown

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly in

no ip route-cache

duplex auto

speed auto

!

interface Vlan1

description $ETH_LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

no ip route-cache

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip route 0.0.0.0 0.0.0.0 FastEthernet4

!

access-list 10 permit 10.10.10.0 0.0.0.255

no cdp run

!

!

!

!

banner login Welcome to the new FREEWEB Router

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password -----------

login local

transport input telnet ssh

!

end

----------------------------------------------------------------------------------END OF CONFIG--------------------------------------------------------

27 REPLIES 27

Paul,

Can you try changing the default route to:

ip route 0.0.0.0 0.0.0.0 fa4 dhcp

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Hi Paul,

I would recommend replace FastEthernet4 with IP of next hop from ISP. I saw simillar discusion today and it helped.

ip route 0.0.0.0 0.0.0.0 FastEthernet4 <---- replace with next hop IP.

HTH

Jan

Jon Marshall
VIP Community Legend

Paul

Can you -

1) make sure you remove the "ip source-route"

2) save the configuration

3) from a client -

traceroute to the WAN IP of the router ?

traceroute to an internet IP

I suspect none of the above will work but i cannot see how enabling "ip routing" should stop everything working. You need this device to route or your clients will never be able to get to the internet.

How is the client you are testing from connected to the router is it on one of the switch ports on the router ?

Jon

ip source-route gone

The trace route from the client to the WAN IP was successful

Traceroute to the 4.2.2.1 was not.  It went as far at 10.10.10.1 (Vlan 1)

I have tried ethernet connection and AP to the ports.  Neither has been successful.

I know it must be a routing issue but I cant see it.

Hi Paul,

I would recommend replace FastEthernet4 with IP of next hop from ISP. I saw simillar discusion today and it helped.

ip route 0.0.0.0 0.0.0.0 FastEthernet4 <---- replace with next hop IP.

HTH

Jan

Jon Marshall
VIP Community Legend

Paul

I was in that discussion with Jan and that's why i asked about the next hop.

If John's latest suggestion doesn't work then i think you should try this. If you can't ping from the router anymore to the internet then -

1) temporarily disable ip routing

2) hopefully you should then from the router be able to ping an internet IP

3) do a traceroute from the router to the internet IP and make a note of the first hop which should be the ISP router

4) enable ip routing again

5) change the default route to use that the ISP next hop and retest

Jon

My ISP only provides dynamic addresses.  My next hop could change as well for all I know.  I could try it temporarily but I am not sure this is a stable solution.

Jon Marshall
VIP Community Legend

Paul

One other suggestion you may want to try. Can you -

1) leave ip routing enabled

2) remove the defalut route and don't put anything in it's place

3) shut and unshut the WAN interface

4) check the routing table with "sh ip route" and see if you have a default route.

Jon

OK no luck on changing the IP to next hop

I was able to retrieve the next hop by disabling the IP ROUTE though as suggested by jon.  This is very bizarre.

I will try the option Jon provided by removing the route and enabling the IP ROUTE option again.

I cannot ping from the router to the Internet with IP ROUTING enabled and no route.

Building configuration...

Current configuration : 3730 bytes

!

! Last configuration change at 20:02:18 UTC Thu Feb 6 2014 by radmin

! NVRAM config last updated at 20:02:19 UTC Thu Feb 6 2014 by radmin

! NVRAM config last updated at 20:02:19 UTC Thu Feb 6 2014 by radmin

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname FREEWEB

!

boot-start-marker

warm-reboot

boot-end-marker

!

!

logging buffered 51200 warnings

enable secret 5 ------------------------------------------------------

enable password -----------------------

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-372594648

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-372594648

revocation-check none

rsakeypair TP-self-signed-372594648

!

!

crypto pki certificate chain TP-self-signed-372594648

certificate self-signed 01

  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530

  365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934

  36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

  A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7

  A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838

  6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53

  CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655

  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D

  23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355

  1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86

  4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98

  C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8

  7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891

  7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF

  844F8CCC 7C301E40 38D45639 40

        quit

no ip source-route

!

!

!

ip dhcp excluded-address 10.10.10.1

ip dhcp excluded-address 10.10.10.5

ip dhcp excluded-address 10.10.10.2

!

ip dhcp pool ccp-pool

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 24.226.10.193 24.226.1.94

lease 5

!

!

ip cef

ip domain name ls.local

ip name-server 24.226.10.193

ip name-server 24.226.1.94

no ipv6 cef

!

!

license udi pid CISCO881-K9 sn FGL174720UZ

!

!

username -------------------- privilege 15 secret 4 -----------------------------------------------------

6

!

!

!

!

!

!

!

!

!

!

!

interface FastEthernet0

no ip address

shutdown

!

interface FastEthernet1

no ip address

shutdown

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface Vlan1

description $ETH_LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1452

!

ip forward-protocol nd

ip http server

ip http access-class 23

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 101 interface FastEthernet4 overload

!

access-list 10 permit 10.10.10.0 0.0.0.255

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

no cdp run

!

!

!

!

banner login Welcome to the new FREEWEB Router

!

line con 0

login local

no modem enable

line aux 0

line vty 0 4

access-class 23 in

privilege level 15

password --------------------

login local

transport input telnet ssh

!

end

restarted router and config is working!!!!!

Jon Marshall
VIP Community Legend

Paul

Good news although to be honest i have lost track of which config

Is it the one with ip routing enabled but no default route configured ? If so what does your routing table look like ?

Believe it or not I was half way through a post a while back where i was going to suggest rebooting but i just couldn't bring myself to do it. Coming from a Unix background rebooting always seemed to be a sign you couldn't fix the problem. 

So apologies for that.

If it is the config without a default route i suspect rebooting cleared all the DHCP info and then it was a clean start.

Would be interesed to know which config you are working with in case we get other users with the same issue ?

Jon

"Coming from a Unix background rebooting always seemed to be a sign you couldn't fix the problem."

Hehe...That's what Roy from the IT Crowd likes to say - "Have you tried turning it off and on again?"

Glad to hear it's working Paul

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***