Solved: I actually changed my access

Aerone803 · ‎11-13-2015

I'd like to thank everyone in advance from the start, however I was wondering about something:

I have a Cisco 2821 router waiting to be configured, but my first issue with that is the fact that, I'm not totally sure how I would go about configuring the interface that will connect right to the DSL modem. My ISP provides a dynamic IP that my other end user wifi routers pick up automatically but the Cisco router I'm sure won't be that easy. I see both giving it an IP address and NAT being potentially an issue. What would I need to do in this situation?

Masoud Pourshabanian · ‎11-13-2015

Hello,

You will not have any problem. NAT can be done dynamically based on your interface IP address coming from your modem. I will give you a sample configuration for NAT. Feel free to ask more questions.

Connect Fa0/1 to the modem. Connect Fa0/0 to the LAN

conf t

Interface fa0/1

ip address dhcp

Ip nat outside

interface fa0/0

Ip nat inside

ip address 192.168.1.1 255.255.255.0 [ you can change this ip]

ip route 0.0.0.0 0.0.0.0 fa0/0

access-list 50 permit 192.168.1.0 0.0.0.255

ip nat inside source list 50 interface fa0/1 overload [ Translate your Lan IP to DHCP IP dynamically]

Masoud

View solution in original post

Masoud Pourshabanian · ‎11-13-2015

Hello,

You will not have any problem. NAT can be done dynamically based on your interface IP address coming from your modem. I will give you a sample configuration for NAT. Feel free to ask more questions.

Connect Fa0/1 to the modem. Connect Fa0/0 to the LAN

conf t

Interface fa0/1

ip address dhcp

Ip nat outside

interface fa0/0

Ip nat inside

ip address 192.168.1.1 255.255.255.0 [ you can change this ip]

ip route 0.0.0.0 0.0.0.0 fa0/0

access-list 50 permit 192.168.1.0 0.0.0.255

ip nat inside source list 50 interface fa0/1 overload [ Translate your Lan IP to DHCP IP dynamically]

Masoud

Aerone803 · ‎11-13-2015

Thanks. I actually found out some stuff as well, however I do have a problem. None of my local devices can reach the Internet, but the router itself CAN ping the Internet.

Here's my setup:

I have the Cisco router with two gigabit interfaces. Gi0/0 is connected to the modem and receive the dhcp from my ISP, and I can contact the outside world, at least the ip address of google.com. I also have nat outside performed on this interface. Then I have my end user wifi router connected to gi0/1 with NAT inside performed on it. For some reason the devices on the wifi router can ping all the way up until the gi0/1 interface and then the packets fail. I have ip route 0.0.0.0 0.0.0.0 onto the gi0/0. Any help?

Masoud Pourshabanian · ‎11-13-2015

Can you share your router config?

If you are doing NAT on 2821, you do not need to do NAT on your Wireless router. What is the result if you connect a PC directly to 2821?

Masoud

Aerone803 · ‎11-13-2015

interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
ip default-gateway 67.xxx.xxx.xxx
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 101 interface GigabitEthernet0/0 overload
!
access-list 101 permit ip 0.0.0.0 255.0.0.0 any

And the result is that the laptop will fail immediately, no routes to show.

Masoud Pourshabanian · ‎11-13-2015

your access-list is wrong

try this

no access-list 101 permit ip 0.0.0.0 255.0.0.0 any

access-list 101 permit ip 10.0.1.0 0.0.0.255 any

or try this,

access-list 50 permit 10.0.1.0 0.0.0.255

ip nat inside source list 50 GigabitEthernet0/0 overload

Please get back with the result.

Masoud

Aerone803 · ‎11-13-2015

I actually changed my access list to the 10.0.1.1 version and my computer can now tracert outside of the router now but I'm still not able to connect to websites.

Masoud Pourshabanian · ‎11-13-2015

Please still work with the laptop directly connected to the router.

Please share the output of

Show access-list 101

Do you see any result with the command Show iP nat translation?

Do you have ping? ping 8.8.8.8

Did you set DNS on your laptop? Set DNS 8.8.8.8

Is this your new access-list?

access-list 101 permit ip 10.0.1.0 0.0.0.255 any

Aerone803 · ‎11-13-2015

My new access list is that now, however, when I connect using my laptop only, it fails to even ping the routers interfaces.

Masoud Pourshabanian · ‎11-13-2015

Try with your access point again if it works.

Add this command on your router.

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dHCP.

Your access point is in bridge mode or router mode?

Aerone803 · ‎11-13-2015

I have the router in bridge mode, however, I got everything working. Considering that I could ping but not visit a web page made me think of DNS, so I simply did ip dhcp pool and then turned on DNS.

Masoud Pourshabanian · ‎11-14-2015

Everything is working now? Do you any more questions?

Masoud

Masoud Pourshabanian · ‎11-13-2015

Try also this

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dHCP

Masoud Pourshabanian · ‎11-13-2015

Did you set default gateway 10.0.1.1 on your laptop?

Aerone803 · ‎11-13-2015

The default gateway is 10.0.1.1 on the end user wifi router.

Configure Router with Dynamic IP from ISP