05-07-2015 12:03 PM - edited 03-05-2019 01:25 AM
Good evening
I recently got almost brand new Cisco 2911 router and Cisco 2960 switch for free from school. I've been configuring both a little bit in school so I can handle the basic stuff. I currently live in an older apartment where a coaxial cable comes into ISP's provided router. The router also happens to be a Cisco device (Cisco EPC3825). This router is wireless with four ethernet ports. Now, 2911 does not have a coaxial input so I have to put ISP's router before Cisco 2911 in my setup. This setup will be a temporary one and I am just testing how things work out. I am moving sooner to a newer apartment where there will be ethernet ports in the walls so I can move my ISP's router behind 2911.
I know my public IP address and ISP's provided gateway and DNS-servers. Currently ISP's router's LAN IP is 192.168.1.1. I connected from first ethernet port of the ISP's router into 2911's GigabitEthernet0/0 port. I gave an IP address of 192.168.1.2 to the 2911's 0/0 port. From GigabitEthernet0/1 goes ethernet cable into my 2960 switch and from there on it goes to my desktop machine and server machine. In the future I connect the ISP's router into the 2960. Currently I haven't made any changes into ISP's router's settings. They are pretty much factory defaults.
The network I have given to my LAN devices behind 2911 is 172.17.1.0/24. The 2911's 0/1 port has IP address of 172.17.1.1. The 2960 switch has IP address of 172.17.1.2. I installed a DHCP server on the 2911 router and when I connect my laptop into the switch it gives me an IP address from 172.17.1.10-172.17.1.250 area. Now I can ping from laptop the 2960 switch, 2911 router's both ports and the ISP's router. But then I cannot ping google's public DNS (8.8.8.8) nor ISP's provided gateway for example. I have desktop computer plugged straight into ISP's router, and internet works very well from there. Also if I connect my laptop via wireless into the ISP's router, internet works very well. But from either setup (desktop into ISP router or laptop via wireless into ISP router) I can only ping Cisco 2911's 0/0 port but not behind that. From the 2911 itself I cannot ping to either laptop nor desktop machine even when they have their firewalls off.
Here is the config of the 2911 router:
Current configuration : 1528 bytes ! version 15.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! ! no aaa new-model ! ! ! ! ! ! ! ! ! ! ! ip dhcp excluded-address 172.17.1.1 172.17.1.10 ! ip dhcp pool LAN_POOL network 172.17.1.0 255.255.255.0 default-router 172.17.1.1 dns-server 8.8.8.8 8.8.4.4 lease 7 ! ! ! ip cef no ipv6 cef multilink bundle-name authenticated ! ! cts logging verbose ! ! ! ! ! redundancy ! ! ! ! ! ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 ip address 192.168.1.2 255.255.255.0 ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 ip address 172.17.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/2 no ip address shutdown duplex auto speed auto ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list 23 interface GigabitEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 ! ! ! access-list 23 permit 172.17.1.0 0.0.0.25 ! control-plane ! ! ! line con 0 password 7 091D1C5A4A11141E login line aux 0 line 2 no activation-character no exec transport preferred none transport output pad telnet rlogin lapb-ta mop udptn v120 ssh stopbits 1 line vty 0 4 password 7 0257560858120C2D login transport input none ! scheduler allocate 20000 1000 ! end
As you can see from the configs I have tried to add static routing and playing with the NAT, neither one giving any results. What I am trying to achieve here is to connect to internet behind 2911 router, and to connect from internet to my server machine behind 2911 router. The solution may be simple but I just can't see it. Thanks in advance.
Regards
Solved! Go to Solution.
05-07-2015 06:55 PM
Hi,
I think the static route should be ip route 0.0.0.0 0.0.0.0 192.168.1.1 and access-list should be access-list 23 permit 172.17.1.0 0.0.0.255
From ISP router you cannot ping behind 2911 because ISP router does not know about the 172.17.1.0/24 network.
Thanks
John
05-07-2015 06:55 PM
Hi,
I think the static route should be ip route 0.0.0.0 0.0.0.0 192.168.1.1 and access-list should be access-list 23 permit 172.17.1.0 0.0.0.255
From ISP router you cannot ping behind 2911 because ISP router does not know about the 172.17.1.0/24 network.
Thanks
John
05-08-2015 06:26 AM
Hello John and thanks for your answer.
I knew that part to get 172.17.1.0/24 network to communicate with 192.168.1.0/24 network was so easy. I have even done so much routing in school and it should have been plain simple but somehow I just couldn't see it. Thanks for opening my eyes.
So, I can now ping my desktop computer, which is plugged into ISP's router, from my laptop, which is plugged into Cisco's 2960. And laptop's wireless is off.
But I still cannot access internet from laptop nor Cisco's 2911. I guess this setup is not possible if I cannot set static routes for the ISP router. I quickly browsed through it's options and I couldn't see anything related to static routing.
05-10-2015 01:10 PM
Hi,
You don't need any routing on the Cable device as you are natting your LAN on the 2911.
Post output of traceroute 8.8.8.8 from 2911 and same for your PC
Regards,
Alain
05-11-2015 07:24 AM
Hey Alain,
Here is the output from both machines. First is laptop which is behind 2911 and next is the 2911.
C:\Users\User>tracert 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms 1 ms 1 ms 172.17.1.1
2 Reply from 172.17.1.1: Destination host unreachable.
Trace complete.
-----------------------------------------------------------------------------------------
Router>traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Router>
Regards,
Juhani
05-11-2015 08:11 AM
Hi,
Do this:
clear log
debug ip packet 100
conf t
logging debug buffer
logging buffer 100000
access-list 100 permit icmp any host 8.8.8.8
access-list 100 permit icmp host 8.8.8.8 any
do ping 8.8.8.8 rep 2
do sh log
And post output of debug
Also post output of show ip route static and show arp | i 192.168.1.1
Regards,
Alain
05-11-2015 08:51 AM
Hi Alain
Been a while since I have seen a post from you :-)
Hope everything is good with you.
Jon
05-11-2015 11:31 AM
Hi Jon,
I've started a new job as Wan engineer for a Service Provider and I've been very busy so it as difficult for me to visit the site but I'm slowly trying to come back to it.
I hope everything is good for you too.
Alain
05-11-2015 10:29 AM
Hey Alain and thanks for your reply.
I first tested this with static route as John told me earlier. But when I noticed I can ping my other devices in the network, I removed the static route and added rip instead. I thought rip just would work better.
What I did was:
router rip
version 2
no auto-summary
network 172.17.1.0
network 192.168.1.0
I couldn't access internet then. I had ping 8.8.8.8 -t running on background and now when I removed the rip and added the static route back, I noticed that my laptop actually pinged it. And kept pinging and pinging.
Then I tried to access some basic sites on browser, like Google and Facebook. I can tell you it is now working as intended to. I have to give John the correct answer but you will receive 5 stars.
Thank you both for helping me out.
Regards,
Juhani
05-11-2015 11:40 AM
Hi,
So your ping to 8.8.8.8 is working so the routing and NAT is working correctly.
Try changing the DNS in your DHCP leases to the cable modem IP.
Release/renew on client and then ping a web site by name and see if it succeeds.
Regards,
Alain
05-11-2015 11:53 AM
Hey Alain
With Google's DNS servers I was able to ping google.com for example. I now changed the DNS settings to my ISP's provided DNS servers and also I added the Google's DNS servers, if for some reason my ISP's servers would go down. I renewed new IP address on laptop and I can still successfully ping any website by its name and also access them on browser.
But I still cannot ping devices behind Cisco 2911 from my desktop machine for example, which was connected into the ISP's router.
Regards,
Juhani
05-11-2015 12:25 PM
Hi,
Windows Firewall should be turned off on the devices you are trying to communicate with because by default Windows machines won't reply to pings from another subnet.
Regards,
Alain
05-12-2015 06:24 AM
Hey Alain
I think I had it covered in my topic that they don't have firewalls enabled. But quite odd though, I have currently enabled Windows Firewall on desktop machine and I can ping it from my laptop, but not the other way around. Not even if both firewalls are disabled.
EDIT: I can't either ping 2911 from desktop
Regards,
Juhani
05-14-2015 11:13 AM
Hey Alain
Could you check out this problem out?
I can't ping from desktop machine (which is connected straight to ISP's router) nor from laptop, if it is connected to ISP's router via wireless, to Cisco's 2911 router nor devices behind it. Also if laptop is connected to the switch behind 2911, I can't ping it from desktop machine either, but I can ping vice versa (from laptop to desktop machine). I am aiming to get wireless devices to communicate with devices behind 2911.
Also do you know why I couldn't access internet with using rip protocol instead of static route? What was my mistake there?
Thanks in advance.
Regards,
Juhani
11-01-2017 08:40 PM
Hey I have the same setup as the original poster but different issue. I have an ISP modem <---> (WAN) Netgear r6100 (LAN4) <---> (GI0/0) 2921 router (GI0/1 & 0/2) <---> (GI1/0/47 & 48) 2960x switch <---> devices. After some configurations I can ping 4.2.2.2 from the 2921 router and looks like this 2921rtr(config)#:do ping 4.2.2.2 results !!!! successful. My issue is the devices connected to the 2960x switch cannot ping 4.2.2.2.
tracert from pc show:
1 <1 ms 1 ms <1 ms 10.10.30.254
2 * * * request timed out.
3 * * * request timed out.
Before this error and configuration, I had the ISP modem connected directly 2921 router(gi0/0) to 2960x switch to devices and personal router, static route set to ip route 0.0.0.0 0.0.0.0 gi0/0 overload and all worked OK. I changed the physical config of the equipment to depicted above and changed the static route to ip route 0.0.0.0 0.0.0.0 gi0/0 192.168.1.10 (gateway of netgear router). I don't think changing the physical config and settings of the devices should effect any other settings but I might be wrong.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: