cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
993
Views
10
Helpful
5
Replies

Cisco 881 trying to do simple routing.... help

mcnaught02
Level 1
Level 1

Just attempting to set a simple configuration on this router. I want a static on the WAN FE4 and a dhcp server on the VLAN for the switch ports 0-3.

I can get the DHCP working and ping the cisco from my device but I can not go any further. Originally thought it was a default route issue but after comparing with other logs mine appear to right. They probably aren't, I am new to these routers and have purely worked with mikrotik's for last 10 years. Can anyone point me in the direction on how to fix this? 

 

Here is a test setup I did to replicate the same issue with pings or traffic not passing through the box. You will see I now have the WAN port setup as DHCP to our internal router. I built everything the exact same and figured if you could help me with this one I can rebuild it with my static and good to go. Any help would be greatly appreciated.

 

Router#show run
Building configuration...

*Apr 16 20:48:13.819: %SYS-5-CONFIG_I: Configured from console by console
Current configuration : 1636 bytes
!
! Last configuration change at 20:48:13 UTC Thu Apr 16 2015
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
!
!
!
!
!
!


!
ip dhcp excluded-address 10.10.35.1 10.10.35.10
!
ip dhcp pool office
 network 10.10.35.0 255.255.255.0
 default-router 10.10.35.1
 dns-server 8.8.8.8 8.8.4.4
 lease 3
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C881-K9 sn FGL19042492
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 switchport access vlan 3
 no ip address
!
interface FastEthernet4
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 no cdp enable
!
interface Vlan1
 no ip address
!
interface Vlan3
 ip address 10.10.35.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Vlan3 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
ip route 0.0.0.0 0.0.0.0 10.10.30.1
!
!
access-list 1 permit 10.10.35.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
!
end

Router#

1 Accepted Solution

Accepted Solutions

Brendon.Ott
Level 1
Level 1

Hi mcnaught02,

You test setup has problems that may or may not translate into your real setup so here goes...

interface FastEthernet0 to FastEthernet2

Set to Vlan 1 Not Vlan 3, Vlan 1 has no IP addressing or DHCP scope

Also Have you created VLAN 3? (show vlan brief or show vlan-switch depending on platform)

Does a client attached to FE2 get an IP address within the 10.10.35.0/24 range?
 

"ip nat inside source list 1 interface Vlan3 overload"

This may be your actual source of your problem, you probably actually want

"ip nat inside source list 1 interface FastEthernet4 overload"

The difference is which IP address gets used for the Source address in the NAT.

 

Also "ip route 0.0.0.0 0.0.0.0 FastEthernet4" you should only use interface routing for dedicated point to point interfaces like Frame relay links or Tunnels, Using this config can cause problems especially if there is more than one IP address present in the network attached to Fa4.

 

I'm assuming that the second route "ip route 0.0.0.0 0.0.0.0 10.10.30.1" is the legitimate one.

 

Hope that helps.

Regards

 

View solution in original post

5 Replies 5

Brendon.Ott
Level 1
Level 1

Hi mcnaught02,

You test setup has problems that may or may not translate into your real setup so here goes...

interface FastEthernet0 to FastEthernet2

Set to Vlan 1 Not Vlan 3, Vlan 1 has no IP addressing or DHCP scope

Also Have you created VLAN 3? (show vlan brief or show vlan-switch depending on platform)

Does a client attached to FE2 get an IP address within the 10.10.35.0/24 range?
 

"ip nat inside source list 1 interface Vlan3 overload"

This may be your actual source of your problem, you probably actually want

"ip nat inside source list 1 interface FastEthernet4 overload"

The difference is which IP address gets used for the Source address in the NAT.

 

Also "ip route 0.0.0.0 0.0.0.0 FastEthernet4" you should only use interface routing for dedicated point to point interfaces like Frame relay links or Tunnels, Using this config can cause problems especially if there is more than one IP address present in the network attached to Fa4.

 

I'm assuming that the second route "ip route 0.0.0.0 0.0.0.0 10.10.30.1" is the legitimate one.

 

Hope that helps.

Regards

 

Brendon,

That was just a test setup I was using to identify if the default vlan1 was my problem I was only using Fastethernet 3 to test the connection with VLAN 3 that I created.

 

I reset the configuration and changed the overload string that you suggested and it did fix the problem. I actually got that command from watching a youtube video so I greatly appreciate your information. All up and working and the phones seem to be really happy with the new router. 

Unless you have any recommendations or settings I need to do I think I am fixed.

Have a great weekend!

 

 

Glad to be of assistance, Securing the router is the other main thing I'd recommend

place an ACL against the vty interfaces, external interface and if necessary internal vlan interface, enable aaa if you have an external auth server, enable ssh, things like that. 

Regards

I have gone back and secured the cisco, no triple aaa or anything like that. Just a simple router to work with the VOIP phones that are running because the old cisco/linksys vpn router wasn't able to handle the traffic and 9 phones on it.

 

Thanks again!

 

Andre Neethling
Level 4
Level 4

Hi. Your NAT statement is wrong. Please remove this statement by entering

no ip nat inside source list 1 interface Vlan3 overload

Then add this NAT statement

ip nat inside source list 1 interface FastEthernet4 overload

Review Cisco Networking for a $25 gift card