Solved: connecting cisco 2811 to ISP

AbdulmajeedAlmaweri4471 · ‎04-15-2020

Hello,

I have a problem connecting the cisco router to my Xfinity ISP router. I can ping all devices in my network but cannot go outside or ping my default route.

here is my configuration:

hostname R12

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

ip cef

!

ip domain name aalmaweri.net

multilink bundle-name authenticated

!

archive

log config

hidekeys

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.10.10.1 255.255.255.0

ip nat outside

duplex auto

speed auto

!

ip default-gateway 10.0.0.1

ip route 0.0.0.0 0.0.0.0 10.0.0.1

!

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 10.10.10.0 0.0.0.255

!

control-plane

!

line con 0

Password cisco

Login

line aux 0

line vty 0 4

Password cisco

login

!

Thank you;

Georg Pauwen · ‎04-16-2020

Hello,

your XFinity needs a route back to the 10.10.10.0/24 network. In addition, make sure your configuration looks like below (important parts marked in bold):

hostname R12
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
!
ip domain name aalmaweri.net
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
--> ip nat inside
duplex auto
speed auto
!
--> ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
control-plane
!
line con 0
Password cisco
Login
line aux 0
line vty 0 4
Password cisco
login

View solution in original post

Muhammad Awais Khan · ‎04-15-2020

Hi,

can you check the status of interface fa0/0 by "show ip interface bri" ? See what IP it got. Will it get IP 10.0.0.x ?

You can also change the below static Routes

no ip default-gateway 10.0.0.1

no ip route 0.0.0.0 0.0.0.0 10.0.0.1

ip route 0.0.0.0 0.0.0.0 DHCP

AbdulmajeedAlmaweri4471 · ‎04-15-2020

I did everything and still can’t communicate

Martin L · ‎04-15-2020

replace current statid/default settings with

ip route 0.0.0.0 0.0.0.0 DHCP

Georg Pauwen · ‎04-16-2020

Hello,

your XFinity needs a route back to the 10.10.10.0/24 network. In addition, make sure your configuration looks like below (important parts marked in bold):

hostname R12
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
ip cef
!
ip domain name aalmaweri.net
multilink bundle-name authenticated
!
archive
log config
hidekeys
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.10.10.1 255.255.255.0
--> ip nat inside
duplex auto
speed auto
!
--> ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
control-plane
!
line con 0
Password cisco
Login
line aux 0
line vty 0 4
Password cisco
login

TriAngel · ‎04-16-2020

Georg Peacocks的回答是正确的。
接口的配置解释：
FastEthernet0/0是连接ISP的接口，应该配置成：ip nat outside
FastEthernet0/0接口会通过ISP获取到一个公网IP地址。
FastEthernet0/1是连接内部的网络，应该配置成： ip nat inside
默认路由配置解释：
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
默认路由的下一跳你应该询问ISP的工程师。假设ISP的工程师告诉你，你的默认路由下一跳地址是：100.100.100.100
那么你应该配置：ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 100.100.100.100
NAT配置解释：
access-list 1 permit 10.10.10.0 0.0.0.255
ip nat inside source list 1 interface FastEthernet0/0 overload
你允许10.10.10.0/24私网地址通过NAT转换成一个公网地址进行上网。

Georg Peacocks' answer is correct.
Interface configuration explanation:
FastEthernet0 / 0 is the interface to the ISP, and should be configured as: ip nat outside
The FastEthernet0 / 0 interface will obtain a public IP address through the ISP.
FastEthernet0 / 1 is connected to the internal network and should be configured as: ip nat inside
Explanation of the default routing configuration:
ip route 0.0.0.0 0.0.0.0 FastEthernet0 / 0 dhcp
You should ask your ISP ’s engineer for the next hop of the default route. Suppose the ISP engineer tells you that your default route next hop address is: 100.100.100.100
Then you should configure: ip route 0.0.0.0 0.0.0.0 FastEthernet0 / 0 100.100.100.100
Explanation of NAT configuration:
access-list 1 permit 10.10.10.0 0.0.0.255
ip nat inside source list 1 interface FastEthernet0 / 0 overload
You allow 10.10.10.0/24 private network addresses to be converted to a public network address via NAT for Internet access.

CCIE #62933

AbdulmajeedAlmaweri4471 · ‎04-16-2020

Thank you