cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16248
Views
10
Helpful
19
Replies

Connecting Cisco 2911 into internet through ISP's router

juhaniheino
Level 1
Level 1

Good evening

I recently got almost brand new Cisco 2911 router and Cisco 2960 switch for free from school. I've been configuring both a little bit in school so I can handle the basic stuff. I currently live in an older apartment where a coaxial cable comes into ISP's provided router. The router also happens to be a Cisco device (Cisco EPC3825). This router is wireless with four ethernet ports. Now, 2911 does not have a coaxial input so I have to put ISP's router before Cisco 2911 in my setup. This setup will be a temporary one and I am just testing how things work out. I am moving sooner to a newer apartment where there will be ethernet ports in the walls so I can move my ISP's router behind 2911.

I know my public IP address and ISP's provided gateway and DNS-servers. Currently ISP's router's LAN IP is 192.168.1.1. I connected from first ethernet port of the ISP's router into 2911's GigabitEthernet0/0 port. I gave an IP address of 192.168.1.2 to the 2911's 0/0 port. From GigabitEthernet0/1 goes ethernet cable into my 2960 switch and from there on it goes to my desktop machine and server machine. In the future I connect the ISP's router into the 2960. Currently I haven't made any changes into ISP's router's settings. They are pretty much factory defaults.

The network I have given to my LAN devices behind 2911 is 172.17.1.0/24. The 2911's 0/1 port has IP address of 172.17.1.1. The 2960 switch has IP address of 172.17.1.2. I installed a DHCP server on the 2911 router and when I connect my laptop into the switch it gives me an IP address from 172.17.1.10-172.17.1.250 area. Now I can ping from laptop the 2960 switch, 2911 router's both ports and the ISP's router. But then I cannot ping google's public DNS (8.8.8.8) nor ISP's provided gateway for example. I have desktop computer plugged straight into ISP's router, and internet works very well from there. Also if I connect my laptop via wireless into the ISP's router, internet works very well. But from either setup (desktop into ISP router or laptop via wireless into ISP router) I can only ping Cisco 2911's 0/0 port but not behind that. From the 2911 itself I cannot ping to either laptop nor desktop machine even when they have their firewalls off.

Here is the config of the 2911 router:

    Current configuration : 1528 bytes
    !
    version 15.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname Router
    !
    boot-start-marker
    boot-end-marker
    !
    !
    !
    no aaa new-model
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    !
    ip dhcp excluded-address 172.17.1.1 172.17.1.10
    !
    ip dhcp pool LAN_POOL
     network 172.17.1.0 255.255.255.0
     default-router 172.17.1.1
     dns-server 8.8.8.8 8.8.4.4
     lease 7
    !
    !
    !
    ip cef
    no ipv6 cef
    multilink bundle-name authenticated
    !
    !
    cts logging verbose
    !
    !
    !
    !
    !
    redundancy
    !
    !
    !
    !
    !
    !
    interface Embedded-Service-Engine0/0
     no ip address
     shutdown
    !
    interface GigabitEthernet0/0
     ip address 192.168.1.2 255.255.255.0
     ip nat outside
     ip virtual-reassembly in
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/1
     ip address 172.17.1.1 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
     duplex auto
     speed auto
    !
    interface GigabitEthernet0/2
     no ip address
     shutdown
     duplex auto
     speed auto
    !
    ip forward-protocol nd
    !
    no ip http server
    no ip http secure-server
    !
    ip nat inside source list 23 interface GigabitEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
    !
    !
    !
    access-list 23 permit 172.17.1.0 0.0.0.25
    !
    control-plane
    !
    !
    !
    line con 0
     password 7 091D1C5A4A11141E
     login
    line aux 0
    line 2
     no activation-character
     no exec
     transport preferred none
     transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
     stopbits 1
    line vty 0 4
     password 7 0257560858120C2D
     login
     transport input none
    !
    scheduler allocate 20000 1000
    !
    end

As you can see from the configs I have tried to add static routing and playing with the NAT, neither one giving any results. What I am trying to achieve here is to connect to internet behind 2911 router, and to connect from internet to my server machine behind 2911 router. The solution may be simple but I just can't see it. Thanks in advance.

Regards

1 Accepted Solution

Accepted Solutions

johnd2310
Level 8
Level 8

Hi,

I think the static route should be ip route 0.0.0.0 0.0.0.0 192.168.1.1 and access-list should be access-list 23 permit 172.17.1.0 0.0.0.255

From ISP router you cannot ping behind 2911 because ISP router does not know about the 172.17.1.0/24 network.

 

Thanks

John

 

 

**Please rate posts you find helpful**

View solution in original post

19 Replies 19

johnd2310
Level 8
Level 8

Hi,

I think the static route should be ip route 0.0.0.0 0.0.0.0 192.168.1.1 and access-list should be access-list 23 permit 172.17.1.0 0.0.0.255

From ISP router you cannot ping behind 2911 because ISP router does not know about the 172.17.1.0/24 network.

 

Thanks

John

 

 

**Please rate posts you find helpful**

Hello John and thanks for your answer.

 

I knew that part to get 172.17.1.0/24 network to communicate with 192.168.1.0/24 network was so easy. I have even done so much routing in school and it should have been plain simple but somehow I just couldn't see it. Thanks for opening my eyes.

So, I can now ping my desktop computer, which is plugged into ISP's router, from my laptop, which is plugged into Cisco's 2960. And laptop's wireless is off.

But I still cannot access internet from laptop nor Cisco's 2911. I guess this setup is not possible if I cannot set static routes for the ISP router. I quickly browsed through it's options and I couldn't see anything related to static routing.

Hi,

You don't need any routing on the Cable device as you are natting your LAN on the 2911.

Post output of  traceroute 8.8.8.8 from 2911  and same for your PC

 

Regards,

 

Alain

Don't forget to rate helpful posts.

Hey Alain,

 

Here is the output from both machines. First is laptop which is behind 2911 and next is the 2911.

 

C:\Users\User>tracert 8.8.8.8

Tracing route to 8.8.8.8 over a maximum of 30 hops

  1    <1 ms     1 ms     1 ms  172.17.1.1
  2  Reply from 172.17.1.1: Destination host unreachable.

Trace complete.

-----------------------------------------------------------------------------------------

Router>traceroute 8.8.8.8
Type escape sequence to abort.
Tracing the route to 8.8.8.8
VRF info: (vrf in name/id, vrf out name/id)
  1  *  *  *
  2  *  *  *
  3  *  *  *
  4  *  *  *
  5  *  *  *
  6  *  *  *
  7  *  *  *
  8  *  *  *
  9  *  *  *
 10  *  *  *
 11  *  *  *
 12  *  *  *
 13  *  *  *
 14  *  *  *
 15  *  *  *
 16  *  *  *
 17  *  *  *
 18  *  *  *
 19  *  *  *
 20  *  *  *
 21  *  *  *
 22  *  *  *
 23  *  *  *
 24  *  *  *
 25  *  *  *
 26  *  *  *
 27  *  *  *
 28  *  *  *
 29  *  *  *
 30  *  *  *
Router>

 

Regards,

Juhani

Hi,

Do this:

clear log

debug ip packet 100

conf t

logging debug buffer

logging buffer 100000

access-list 100 permit icmp any host 8.8.8.8

access-list 100 permit icmp host 8.8.8.8 any

do ping 8.8.8.8 rep 2

do sh log

And post  output of debug

Also post output of show ip route static and show arp | i 192.168.1.1

Regards,

 

Alain

 

 

Don't forget to rate helpful posts.

Hi Alain

Been a while since I have seen a post from you :-)

Hope everything is good with you.

Jon

Hi Jon,

I've started a new job as Wan engineer for a Service Provider and I've been very busy so it as difficult for me to  visit the site but I'm slowly trying to come back to it.

I hope everything is good for you too.

 

Alain

Don't forget to rate helpful posts.

Hey Alain and thanks for your reply.

 

I first tested this with static route as John told me earlier. But when I noticed I can ping my other devices in the network, I removed the static route and added rip instead. I thought rip just would work better.

What I did was:

router rip
version 2
no auto-summary
network 172.17.1.0
network 192.168.1.0

I couldn't access internet then. I had ping 8.8.8.8 -t running on background and  now when I removed the rip and added the static route back, I noticed that my laptop actually pinged it. And kept pinging and pinging.

Then I tried to access some basic sites on browser, like Google and Facebook. I can tell you it is now working as intended to. I have to give John the correct answer but you will receive 5 stars.

Thank you both for helping me out.

 

Regards,
Juhani
 

Hi,

So your ping to 8.8.8.8 is working so the routing and NAT is working correctly.

Try changing the DNS in your DHCP leases to the cable modem IP.

Release/renew on client and then ping a web site by name and see if it succeeds.

 

Regards,

 

Alain

Don't forget to rate helpful posts.

Hey Alain

With Google's DNS servers I was able to ping google.com for example. I now changed the DNS settings to my ISP's provided DNS servers and also I added the Google's DNS servers, if for some reason my ISP's servers would go down. I renewed new IP address on laptop and I can still successfully ping any website by its name and also access them on browser.

But I still cannot ping devices behind Cisco 2911 from my desktop machine for example, which was connected into the ISP's router.

 

Regards,

Juhani

Hi,

Windows Firewall should be turned off on the devices you are trying to communicate with because by default Windows machines won't reply to pings from another subnet.

 

Regards,

 

Alain

Don't forget to rate helpful posts.

Hey Alain

I think I had it covered in my topic that they don't have firewalls enabled. But quite odd though, I have currently enabled Windows Firewall on desktop machine and I can ping it from my laptop, but not the other way around. Not even if both firewalls are disabled.

EDIT: I can't either ping 2911 from desktop

 

Regards,
Juhani

Hey Alain

Could you check out this problem out?
I can't ping from desktop machine (which is connected straight to ISP's router) nor from laptop, if it is connected to ISP's router via wireless, to Cisco's 2911 router nor devices behind it. Also if laptop is connected to the switch behind 2911, I can't ping it from desktop machine either, but I can ping vice versa (from laptop to desktop machine). I am aiming to get wireless devices to communicate with devices behind 2911.

Also do you know why I couldn't access internet with using rip protocol instead of static route? What was my mistake there?

Thanks in advance.


Regards,
Juhani
 

Hey I have the same setup as the original poster but different issue. I have an ISP modem <---> (WAN) Netgear r6100 (LAN4) <---> (GI0/0) 2921 router (GI0/1 & 0/2) <---> (GI1/0/47 & 48) 2960x switch <---> devices.  After some configurations I can ping 4.2.2.2 from the 2921 router and looks like this 2921rtr(config)#:do ping 4.2.2.2 results !!!! successful.  My issue is the devices connected to the 2960x switch cannot ping 4.2.2.2.

tracert from pc show:

1 <1 ms 1 ms <1 ms 10.10.30.254

2   *       *         *        request timed out.

3   *       *         *        request timed out.

 

Before this error and configuration, I had the ISP modem connected directly 2921 router(gi0/0) to 2960x switch to devices and personal router, static route set to ip route 0.0.0.0 0.0.0.0 gi0/0 overload and all worked OK.  I changed the physical config of the equipment to depicted above and changed the static route to ip route 0.0.0.0 0.0.0.0 gi0/0 192.168.1.10 (gateway of netgear router).  I don't think changing the physical config and settings of the devices should effect any other settings but I might be wrong.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: