cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
932
Views
5
Helpful
12
Replies
Highlighted
Beginner

Configuration Not working 861w

Hello All:

If this is the wrong forum to post this please forgive me and point me to the right one.

I have bought a 861w to replace my 877w. We switched from telco(ADSL) to Cable due to faster speeds for up and down. My current physical setup is as such. Cable modem is a straight trough with 4 lan port in the back. Al lan ports are configured by the cable company for my assigned public ip’s. (24.x.x.2 through .6  – 255.255.255.x) I also have my assigned gateway as 24.x.x.1

My goal is to setup the new router same as the old one so all interfaces (e0 to e3) use a Vlan1 and Bridge Bvi1 to get the traffic go through e4 which is my WAN port on 861. I am not even concerned abt the wireless because I can’t get this to work. I am attaching the running config on the old 877 and 861 so you all can see what it was and what I am trying to do. As of now I am so confused that my head is spinning……any help is appreciated. I am able to ping out and ping e4 from outside but I am not able to connect any pc’s or node and connect to net from inside on any of e0 to e3.

Regards

Ardy

Two Attach files:

877w-adsl.txt - this is the old configuration on a 877 that I am trying to copy into 861 without the adsl stuff......

861w-V1.log - this is current ru config on the 861w.

12 REPLIES 12
Highlighted
Advisor

Hi,

ip nat inside source list 23 pool NATPOOL overload

access-list 30 permit 192.168.1.0 0.0.0.255

As you see the ACL referenced in the nat statement is not configured but I suppose this is ACL 30 so just change 23 by 30 in the nat statement.

You can also get rid of irb config as you're using SVI instead of BVI here because you are using switch ports in the router for LAN.

Regards.

Alain.

Don't forget to rate helpful posts.
Highlighted

Thanks for the reply........

Changed the 23 to 30 and got rid of irb.  Still not working.......couple of question that might help me undrestand this.

Looking at this from the pc side when i connect the pc the dhcp server dose good it assignes the ip it also assignes the defult gate way as 192.168.1.2.  which is what i told it in the cisco.  now in cisco I guess it reoutes it to vlan1.  the part i don't undrestand is that how vlan1 gets rounted to e4(wan) becuse all traffic should go throught it........

Attached the latest config file.....

Ardy

Highlighted

Hi,

I had missed this one : you must enable nat on interface FastEthernet4 with ip nat enable command.

And also you must replace 23 by 30 in  ip http access-class 23  otherwise you won't have http access to your router.

You should also remove this from line vty 0 4:

line vty 0 4

privilege level 15

Otherwise any one with telnet/ssh access will be put immediately into privileged mode without typing any command.

Regards.

Alain.

Don't forget to rate helpful posts.
Highlighted

Hi....

I really appriciate your help on this......OK.. I did the changes you asked me to + added couple of port translation that I need for later,  I still don't have access to internet when i connect E0 to a pc.  This really baffeles me. I still think that Vlan is not routing traffic through E4,  but can't figure out why or how.

As for as vty 0 4, all accounts on this router have peivilage 15 so if they login that would be OK becuse they are at 15 any ways....

I have attached the latest version on sh ru.

once again thank you.

Highlighted

Hi,

1) if you are disabling domain-lookup, what's the use of putting name-servers as they won't be used by your router

as you are giving them out to your clients via dhcp then your router is not a proxy-dns so

you can get rid of these 2 lines without any problem:

no ip name-server 68.116.46.115

no ip name-server 24.205.192.61

2)ip nat pool NATPOOL 24.x.x.2 24.x.x.3 netmask 255.255.255.x

ip nat source list 100 interface Vlan1 overload

ip nat source static tcp 192.168.1.3 80 24.180.0.2 80 extendable

ip nat source static udp 192.168.1.3 80 24.180.0.2 80 extendable

ip nat inside source list 30 pool NATPOOL overload

change to this:

no ip nat pool NATPOOL 24.x.x.2 24.x.x.3 netmask 255.255.255.x

ip nat pool NATPOOL 24.x.x.3 24.x.x.3 netmask 255.255.255.x

ip nat inside source list 30 pool NATPOOL overload

no ip nat source list 100 interface Vlan1 overload

ip nat source static tcp 192.168.1.3 80 24.180.0.2 80

ip nat source static udp 192.168.1.3 80 24.180.0.2 80

What is udp port 80 ? and extendable is only needed if an inside address is statically  natted to 2 different addresses which is not the case here so no need for this keyword.

4)  access-list 100 permit ip any any

access-list 100 permit icmp any any

if you permit everything in first statement then no need for second one and anyway this ACL

is not needed so you can get rid of it

5)ip access-list extended ardy

permit tcp any host 24.x.x.3 eq 1723

permit gre any host 24.x.x.3

permit ip any any

this ACL isn't used anywhere and why permit specific traffic then at the end permit all ?

then the specific enties are not needed in this case.

6)  Can you change ip nat enable command by ip nat inside on vlan1 and ip nat outside on f4: no ip nat enable then ip nat inside or ip nat outside

then if it still is not working:

Post following:after pinging 8.8.8.8 from a machine on your LAN

-sh ip int br

-sh ip nat translation

-sh arp

-sh run int f0

Regards.

Alain.

Don't forget to rate helpful posts.
Highlighted

Sorry for the late reply,  Had to take care of bunch of stuff.......

Done number 1.  now there is something strange in regards to port translations in number two.  I take out the

no ip nat source static tcp 192.168.1.3 80 24.180.0.2 80 extendable

no ip nat source static udp 192.168.1.3 80 24.180.0.2 80 extendable

Then when I place the following per your suggestion....

ip nat source static tcp 192.168.1.3 80 24.180.0.2 80

ip nat source static udp 192.168.1.3 80 24.180.0.2 80


it takes it all ok but when i run the sh ru to see the chnages are taking effect i see them back with extendable at the end.

ip nat source static tcp 192.168.1.3 80 24.180.0.2 80 extendable

ip nat source static udp 192.168.1.3 80 24.180.0.2 80 extendable

it is as the os is turning it back to the original for some reason......so I did take them out again made sure they are not ther copy the ru to st and did a reload and did a sh ru and then put them back to your suggestion but the os still turned them back with extendable at the end.........so I stoped

What do you think abt that........

Ardy

Highlighted

Hi,

don't worry about that it will still work ok.if the device is adding the keyword then it is for some good reasons but afaik the extendable was only necessary for mapping same private ip to different public ones.

taken from cisco doc:

Extendable" static translations :

The  extendable keyword allows the user to configure several ambiguous  static translations, where an ambiguous translations are translations  with the same local or global address.
But here I don't think these are ambiguous anyway so why is it adding it, I don't know.
Ok it seems this has to be done for static nat with same local  ip address which is the case here
Sorry for misunderstanding this feature as it seems.
Regards.
Alain.
Don't forget to rate helpful posts.
Highlighted

Done with all but have question on number 6.......

This is clear

Can you change ip nat enable command by ip nat inside on vlan1 and ip nat outside on f4

Can you explain this one "no ip nat enable then ip nat inside or ip nat outside".  is this on Vlan1 or E4. and do you want to ad both   ip nat inside or ip nat outside or just one of them......

Ardy

Highlighted

Hi,

on int vlan1:

no ip nat enable

ip nat inside

on f4:

ip nat outside

IT's easier for me with the old way of doing NAT because I don't remember the syntax for show commands when using newer way with the NVI( ip nat enable). Otherwise you can do ip nat enable on both interfaces( vlan 1 and f4) if you prefer.

Alain.

Don't forget to rate helpful posts.
Highlighted

Alian

It works,,,,,,,,,,,

Hay I really need you to explain to me the relation ship in Cisco's world between Vlan1 and e4.  All my internal pc's have the dhcp server gives them what they need in terms of IP, Gateway and DNS.  I undrestand that. The DHCP has the Vlan1 as defult route which I think is the gateway 192.168.1.2.  now Vlan1 is handeling the traffic,  I get lost as to how Vlan1 is routing the traffic to e4.  and what is the reason for

ip nat pool NATPOOL 24.180.0.3 24.180.0.3 netmask 255.255.255.248

Can you in general terms pointing to config lines explain this please.  as you can tell I am not an expert but am trying to undrestand the basics.......

Ardy

Highlighted

Hi,

VLAN1 is a logical port that all members of VLAN1(all hosts on the switch ports by default) will use for L3.So you've got 2 L3 interfaces now int VLAN1(logical) and f4(routed physical port) and the router is doing what it always does when routing: look at destination IP and find the subnet then look in its routing table for a longest match.once it has a longest match it must find how to get there( next-hop) an then how to get to next-hop( outgoing interface).Then it does a L2 rewrite and send the packet to the next-hop.

Concerning the NAT POOL: you basically tell the router that you have a pool of outside addresses, here only one address in the pool( the one assigned to outside interface) and then in your nat statement you tell him to use that pool when natting inside addresses referenced by your ACL.

Regards.

Alain.

Don't forget to rate helpful posts.
Highlighted

Alain:

Thank you very much for your help.......I really do Appriciate it.  My lan connection is up and running.

Ardy