cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2317
Views
5
Helpful
4
Replies

Cisco ISR 1100 basic configuration

I have been trying to set up my Cisco C1111-4P for over two weeks now and I can't get it done.

I would like to do it myself, but I have already read a lots of documentation, and there is still no positive result.

 

The Cisco Router is connected with the ETH 0/0/0 port (configured as WAN) to the router of my ISP. I get an static IP address from the ISP router and I think the router has access to the internet. When I connect my computer to one of the LAN ports (ETH 0/1/0) my computer gets an IP address of the defined DHCP pool from the Cisco router. But I cannot get internet access with my computer.

 

This is my actual Cisco router configuration.

 

version 16.10
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
! Call-home is enabled by Smart-Licensing.
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname MyRouter
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa authentication login default local
!         
!         
!         
!         
!         
!         
aaa session-id common
clock timezone UTC 2 0
call-home 
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active  
  destination transport-method http
  no destination transport-method email
!         
ip name-server {ip that the provider gave to me}
ip domain name myrouter.local
ip dhcp excluded-address 192.168.1.0 192.168.1.40
!         
ip dhcp pool Computers
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1 
 dns-server 192.168.1.1 
!         
!         
!         
login on-success log
!         
!         
!         
!         
!         
!         
!         
subscriber templating
multilink bundle-name authenticated
!         
!         
!         
crypto pki trustpoint TP-self-signed-3651877715
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3651877715
 revocation-check none
 rsakeypair TP-self-signed-3651877715
!         
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!         
!         
crypto pki certificate chain TP-self-signed-3651877715
 certificate self-signed 01 nvram:IOS-Self-Sig#25.cer
crypto pki certificate chain SLA-TrustPoint
 certificate ca 01 nvram:CiscoLicensi#1CA.cer
!         
license udi pid C1111-4P sn FGL2414LT3H
!         
diagnostic bootup level minimal
!         
spanning-tree extend system-id
!         
!         
username admin privilege 15 secret 9 $9$XRztYLZO7a6oyJcBjG/1eE3iNAP.UQJvUL6s2
!         
redundancy
 mode none
!         
!         
vlan internal allocation policy ascending
!         
!         
!         
!         
!         
!         
interface GigabitEthernet0/0/0
 description Internet
 ip address {ip & mask that the provider gave to me}
 ip nat outside
 negotiation auto
!         
interface GigabitEthernet0/0/1
 no ip address
 shutdown 
 negotiation auto
!         
interface GigabitEthernet0/1/0
!         
interface GigabitEthernet0/1/1
!         
interface GigabitEthernet0/1/2
!         
interface GigabitEthernet0/1/3
!         
interface Vlan1
 description LAN
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
!         
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http secure-port 8069
ip dns server
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
!         
!         
!         
!         
!         
!         
!         
!         
control-plane
!         
!         
line con 0
 transport input none
 stopbits 1
line vty 0 4
!         
!         
!         
!         
!         
!         
end       

 Is there something wrong in my configuration Could anyone help me what is missing in my configuration to get it work?

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

you are missing the NAT ACL:

!
ip access-list extended NAT
 permit ip 192.168.1.0 0.0.0.255 any
!

...and also a default route:

!
ip route 0.0.0.0 0.0.0.0 <isp_router_ip>
!

cheers,

Seb.

View solution in original post

4 Replies 4

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

you are missing the NAT ACL:

!
ip access-list extended NAT
 permit ip 192.168.1.0 0.0.0.255 any
!

...and also a default route:

!
ip route 0.0.0.0 0.0.0.0 <isp_router_ip>
!

cheers,

Seb.


I am very grateful to you

you helped me a lot

but I still have one more unresolved question: how to close the ports to control Cisco from the outside?

balaji.bandi
Hall of Fame
Hall of Fame

High level looks ok - you need to static route for outside.

 

here is good thread already working one for you to compare :

 

https://community.cisco.com/t5/routing/cisco-isr-1100-basic-configuration/m-p/3909615

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hello,

 

in addition to the other remarks, I would also change the DNS servers in the DHCP pool:

 

ip dhcp pool Computers
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
--> dns-server 8.8.8.8 8.8.4.4

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco