01-24-2022 03:46 AM - edited 01-24-2022 03:47 AM
Hi Everyone,
As part of my homelab I purchased a number of older Cisco Routers and Switches. I've managed to learn a great deal about getting these setup and running. Now that I've finally been moved across to FTTP I want to replace my consumer router by using the C2851 instead. More of a just because you can, rather than any technical need.
Although I have managed to get the PPPoE connection in place and can route directly from the C2851 I can't route from any device connected to the router. In addition I have been allocated a small (/29) subnet of public IP's. The configuration details below get's me to the point where I can route traffic from the C2851 out to the Internet. But I'm not able to route traffic from my internal networks.
My firewall has been configured to use the IP address I've assigned below to interface GigabitEthernet0/0 as it's default gateway. Again the firewall can see this and doing basic checks it seem to be able to route out to the Internet as well. But I'm not able to see any of my additional IP's.
I've made no change to my firewall, only switching over from the consumer router to the C2851. The setup works fine with the consumer router.
interface GigabitEthernet0/0 ip address x.x.x.x 255.255.255.248 duplex full speed 1000 pppoe enable group global pppoe-client dial-pool-number 10 !
interface Dialer1 ip address negotiated ip mtu 1492 encapsulation ppp dialer pool 10 no cdp enable ppp authentication chap callin ppp chap hostname username@internet.net ppp chap password 0 Strong_Password ppp ipcp route default ! ip route 0.0.0.0 0.0.0.0 Dialer1
Interface GigabitEthernet0/1 has a number VLANS setup to cover various network configurations. I know this I need to be able to direct all of my internal traffic towards my firewall's internal IP address and this is where I think my problem lies. Without the Dialer1 configuration my default route is indeed the firewall as below.
ip route 0.0.0.0 0.0.0.0 192.168.50.1
I hope I've explained my setup well enough for someone to point me in the right direction. But if not I'm open to any questions you have.
Thanks for looking.
Regards,
Garry
01-24-2022 09:40 AM - edited 01-24-2022 09:41 AM
Thanks,
Here you go, I've changed my router IP for reference
bba-group pppoe global ! ! interface GigabitEthernet0/0 ip address 192.168.99.73 255.255.255.248 <IP Changed> duplex full speed 1000 pppoe enable group global pppoe-client dial-pool-number 10 ! interface GigabitEthernet0/1 no ip address duplex full speed 1000 ! interface GigabitEthernet0/1.2 encapsulation dot1Q 2 ip address 192.168.2.30 255.255.255.224 ip helper-address 192.168.10.1 ! interface GigabitEthernet0/1.3 encapsulation dot1Q 3 ip address 192.168.3.250 255.255.255.0 ip helper-address 192.168.10.1 ! interface GigabitEthernet0/1.4 encapsulation dot1Q 4 ip address 192.168.4.14 255.255.255.240 ip helper-address 192.168.10.1 ! interface GigabitEthernet0/1.5 encapsulation dot1Q 5 ip address 192.168.5.6 255.255.255.248 ip helper-address 192.168.10.1 ! interface GigabitEthernet0/1.6 encapsulation dot1Q 6 ip address 192.168.6.6 255.255.255.248 ip helper-address 192.168.10.1 ! interface GigabitEthernet0/1.10 encapsulation dot1Q 10 ip address 192.168.10.250 255.255.255.0 ! interface GigabitEthernet0/1.20 encapsulation dot1Q 20 ip address 192.168.20.254 255.255.255.0 ip helper-address 192.168.10.1 ! interface GigabitEthernet0/1.50 encapsulation dot1Q 50 ip address 192.168.50.6 255.255.255.0 ip helper-address 192.168.10.1 ! interface GigabitEthernet0/1.99 description Build Network encapsulation dot1Q 99 ip address 192.168.99.6 255.255.255.240 ! interface GigabitEthernet0/1.100 description Storage Network encapsulation dot1Q 100 ip address 192.168.100.6 255.255.255.248 ip helper-address 192.168.10.1 ! interface FastEthernet0/0/0 description Link to SW03 switchport mode trunk duplex full speed 100 ! interface FastEthernet0/0/1 description RackPDU02 duplex full speed 100 ! interface FastEthernet0/0/2 description iLO Host01 duplex full speed 100 ! interface FastEthernet0/0/3 shutdown ! interface Vlan1 ip address 192.168.1.254 255.255.255.0 ! interface Dialer1 ip address negotiated ip mtu 1492 encapsulation ppp dialer pool 10 no cdp enable ppp authentication chap callin ppp chap hostname <username here> ppp chap password 0 <password here> ppp ipcp dns request ppp ipcp route default ppp ipcp address accept ! ip route 0.0.0.0 0.0.0.0 Dialer1 ! ! no ip http server no ip http secure-server
01-24-2022 10:36 AM
Building configuration...
Current configuration : 4162 bytes
!
! Last configuration change at 17:51:14 GMT Mon Jan 24 2022
! NVRAM config last updated at 17:51:15 GMT Mon Jan 24 2022
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname gw01
!
boot-start-marker
boot-end-marker
!
no logging console
enable password <password here>
!
no aaa new-model
clock timezone GMT 0
clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
ip cef
!
!
ip ftp username <username here>
ip ftp password <password here>
ip name-server 192.168.10.1
vpdn enable
!
!
voice-card 0
no dspfarm
!
!
!
!
bba-group pppoe global
!
!
interface GigabitEthernet0/0
ip address 192.168.99.73 255.255.255.248
duplex full
speed 1000
pppoe enable
pppoe-client dial-pool-number 10
!
interface GigabitEthernet0/1
no ip address
duplex full
speed 1000
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 192.168.2.30 255.255.255.224
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 192.168.3.250 255.255.255.0
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.4
encapsulation dot1Q 4
ip address 192.168.4.14 255.255.255.240
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.5
encapsulation dot1Q 5
ip address 192.168.5.6 255.255.255.248
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.6
encapsulation dot1Q 6
ip address 192.168.6.6 255.255.255.248
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 192.168.10.250 255.255.255.0
!
interface GigabitEthernet0/1.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.50
encapsulation dot1Q 50
ip address 192.168.50.6 255.255.255.0
ip helper-address 192.168.10.1
!
interface GigabitEthernet0/1.99
description Build Network
encapsulation dot1Q 99
ip address 192.168.99.6 255.255.255.240
!
interface GigabitEthernet0/1.100
description Storage Network
encapsulation dot1Q 100
ip address 192.168.100.6 255.255.255.248
ip helper-address 192.168.10.1
!
interface FastEthernet0/0/0
description Link to SW03
switchport mode trunk
duplex full
speed 100
!
interface FastEthernet0/0/1
description RackPDU02
duplex full
speed 100
!
interface FastEthernet0/0/2
description iLO Host01
duplex full
speed 100
!
interface FastEthernet0/0/3
shutdown
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
!
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 10
no cdp enable
ppp authentication chap callin
ppp chap hostname <username here>
ppp chap password 0 <password here>
ppp ipcp dns request
ppp ipcp route default
ppp ipcp address accept
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
no ip http server
no ip http secure-server
!
kron occurrence Backup at 23:00 Fri recurring
policy-list Backup
!
kron policy-list Backup
cli show run | redirect ftp://ftp.mycyberspace.net/gw02-backup.cfg
!
logging host 192.168.6.2 transport tcp port 1514
snmp-server community public RO
!
!
!
control-plane
!
!
!
!
!
!
!
!
banner login ^CC
UNAUTHORIZED ACCESS TO THIS DEVICE IS PROHIBITED.
You must have explicit permission to access or configure this device. All activities performed on this device may be logged.
Violations of this policy may result in disciplinary action and may be reported to the relevant law enforcement agencies. There is no right to privacy on this device
^C
privilege exec level 1 ping
!
line con 0
line aux 0
line vty 0 4
password <password here>
login
transport input telnet
!
scheduler allocate 20000 1000
ntp clock-period 17180204
ntp server 192.168.50.1
!
end
04-01-2022 06:12 AM
As I wasn't getting anywhere I decided to take a step back and to reassess my problem.
I have now found a working solution, but it's by no means perfect and I need to find something better. My issue wasn't related to NAT as suggested a few times, it was a routing issue.
What I have done to getting me working is to build a new VM which has Linux (CentOS
My original aim for using the C2851 was to only have one router in my network and to replace my ISP's consumer router. I was hoping that the data throughput of the C2851 would massively out perform my consumer router. I'm sure there is a way to achieve this, but I've now reached the limits of my Cisco/Networking knowledge.
I'd like to thank all of those who have contributed to my post as far.
04-02-2022 09:45 AM
Garry
Thanks for the update. Glad to know that you have a work around. I find your explanation of the work around a bit puzzling. You have the 2851 connected to the ISP and to the new VM/internal router, and the VM/internal router connects to the firewall. Am I correct in assuming that all of the internal networks/subnets are connected to the firewall? And am I correct in assuming that the firewall is doing the inter vlan routing and doing the address translation for the inside networks? If not correct please provide clarification.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide