05-23-2013 10:11 AM - edited 03-04-2019 07:59 PM
Hello everyone,
I have a 2611XM router that im trying to connect to the internet. Basically its set up below.
*Cable Modem plugs into my router F0/0 port.
*Router F0/1 plugs into my switch(2950G) port one and then port 2 is then plugged into my computer.
But i am not getting it to work, what am i missing? Is the configuration needing to be set up properly? Should i be checking the switch or the router? Commands i need to type in to help you give you more information?
THANK YOU!
Jeromy
Solved! Go to Solution.
05-27-2013 11:34 PM
You either need to add dns manually if you are keeping your static ip on your workstation, or change your workstation back to dhcp so you can acquire ip settings from your dhcp pool in the router.
* you beat me to it John
Sent from Cisco Technical Support iPhone App
05-28-2013 12:06 AM
Hi,
Thanks for your feedback and glad it's all good now. I did CCNA NetAcad and learned a lot (still learning though) from my job and doing practise labs.
The CSC forum is also a great resource for obtaining other networking folks' knowledge and experience. What you're doing is fine. Just keep it up and you'll get the hang of it.
Appreciate if you could mark this thread answered/resolved. Thanks and good luck!
Sent from Cisco Technical Support iPhone App
05-23-2013 02:35 PM
05-27-2013 04:20 PM
Jeromy,
Here is an example of what Edison Ortiz is directing you towards:
! Configure the ISP-facing interface, where x.x.x.x x.x.x.x is your LANs gateway IP and subnet mask
interface FastEthernet0/0
description to isp
ip address x.x.x.x x.x.x.x
! (if DHCP: ip address dhcp)
ip nat outside
no shutdown
! Configure a default route, where x.x.x.x is the static IP of your public gateway
ip route 0.0.0.0 0.0.0.0 x.x.x.x
! (if DHCP: ip route 0.0.0.0 0.0.0.0 FastEthernet0/0)
! Configure the LAN-facing interface
interface FastEthernet0/1
description to lan
ip address x.x.x.x x.x.x.x
ip nat inside
! Match your LAN traffic. Example shows the use of an ACL, where x.x.x.x x.x.x.x is your LAN subnet ID and wildcard mask
ip access-list standard INTERNET_BOUND_ACL
10 permit x.x.x.x x.x.x.x
! (example: 10 permit 192.168.1.0 0.0.0.255)
! Configure NAT/PAT for your LAN traffic
ip nat inside source list INTERNET_BOUND_ACL interface FastEthernet0/0 overload
05-27-2013 06:20 PM
Is this what you mean so far? I keep getting stuck on the command 10 permit ip 192.168.1.0 0.0.0.255 any (not allowing me to put the 10 in there, and not really sure why the 10 is there?)
For the private address(the inside local address) I can chose any private address right? Thanks so much so far!
interface FastEthernet0/0
description to ISP
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description to LAN
ip address 192.168.1.5 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
!
!
ip access-list standard INTERNET_BOUND_acl
!
line con 0
password jeromy
logging synchronous
--More--
line aux 0
line vty 0 4
login
!
end
interface FastEthernet0/0
description to ISP
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description to LAN
ip address 192.168.1.5 255.255.255.0
ip nat inside
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
no ip http server
!
!
ip access-list standard INTERNET_BOUND_acl
!
line con 0
password jeromy
logging synchronous
--More--
line aux 0
line vty 0 4
login
!
end
Jeromy
05-27-2013 06:41 PM
The command "ip access-list standard INTERNET_BOUND_ACL" will put you into standard acl configuration mode (your prompt will change from "hostname(config)#" to "hostname(config-std-nacl)#". Once you are there, you will be able to enter the command starting with 10. FYI: 10 is the sequence number. You may have multiple sequence numbers, or lines, in an ip access-list.
Go back to the CLI and enter the the first command again, then the second command directly after, like this:
ip access-list standard INTERNET_BOUND_ACL
10 permit 192.168.1.0 0.0.0.255
05-27-2013 07:53 PM
Router(config-if)#ip nat outside
Router(config-if)#no shutdown
Router(config-if)#ip route 0.0.0.0 0.0.0.0 fa0/0
Router(config)#interface fa0/1
Router(config-if)#description TO LAN
Router(config-if)#ip address 192.168.1.10 255.255.255.0
Router(config-if)#ip nat inside
Router(config-if)#exit
Router(config)#ip access
Router(config)#ip access-list standard INTERNET-BOUND-ACL
Router(config-std-nacl)#10 permit ip 192.168.1.0 0.0.0.255 any
^
% Invalid input detected at '^' marker.
Router(config-std-nacl)#
Jeromy
05-27-2013 07:54 PM
maybe my IOS? Im running 12.2.
Jeromy
05-27-2013 08:27 PM
No, it was my fault. I was typing on my iPhone during a movie...
I edited my previous post, please run the following command, then try it again:
no ip access-list standard INTERNET_BOUND_ACL
05-27-2013 08:39 PM
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip access-list standard INTERNET-BOUND_ACL
Router(config)#10 permit ip 192.168.1.0 0.0.0.255 any
^
% Invalid input detected at '^' marker.
Still a no go?
Jeromy
05-27-2013 08:47 PM
Router(config)#ip access-list standard internet-bound-acl
Router(config-std-nacl)#10 permit ip
^
% Invalid input detected at '^' marker.
Router(config-std-nacl)#?
Standard Access List configuration commands:
default Set a command to its defaults
deny Specify packets to reject
exit Exit from access-list configuration mode
no Negate a command or set its defaults
permit Specify packets to forward
remark Access list entry comment
Jeromy
05-27-2013 09:04 PM
I had typed standard as apposed to extended earlier, and had corrected the post.
Let's try removing any existing ACLs and start from scratch. Please do a show running-config. There will be a line beginning with ip access-list, copy that entire line.
example:
show running-config
...
ip access-list standard INTERNET_BOUND_ACL
now, enter paste that line with the word no in front of it
example:
no ip access-list standard INTERNET_BOUND_ACL
You should now have no ACLs (verify via show ip access-list). Now create a standard access list:
ip access-list standard INTERNET_BOUND_ACL
10 permit 192.168.1.0 0.0.0.255
05-27-2013 10:19 PM
outer#show run
Building configuration...
Current configuration : 671 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
!
ip subnet-zero
!
!
!
!
!
!
interface FastEthernet0/0
description TO ISP
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description TO LAN
ip address 192.168.1.10 255.255.255.0
ip nat inside
shutdown
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip http server
!
!
ip access-list standard INTERNET-BOUND-ACL
ip access-list standard internet-bound-acl
!
line con 0
logging synchronous
line aux 0
line vty 0 4
!
end
Router#conf term
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#no ip acc
Router(config)#no ip access
Router(config)#no ip access-list standard INTERNET-BOUND-ACL
Router(config)#no ip access
Router(config)#no ip access-list standard internet-bound-acl
Router(config)#exit
Router#show ip a
02:33:28: %SYS-5-CONFIG_I: Configured from console by console
Router#show ip access
Router#show ip access-lists
Router#show ip access-list
Router#conf term
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ip acces
Router(config)#ip access-list standard INTERNET-BOUND-ACL
Router(config-std-nacl)#10 permit 192.168.1.0 0.0.0.255
^
% Invalid input detected at '^' marker.
Jeromy
05-27-2013 08:27 PM
Hi,
You can only specify a source network address in a standard ACL. Do as below:
Router(config-std-nacl)#10 permit 192.168.1.0 0.0.0.255
Sent from Cisco Technical Support iPhone App
05-27-2013 04:27 PM
*Cable Modem plugs into my router F0/0 port.
Straight-through cable or cross-cross over?
05-27-2013 09:09 PM
Hi,
Remove the 'ip' keyword.
Or you can just copy and paste what was posted earlier.
Alternatively, just use 'numbered' ACL.
access-list 10 permit 192.168.1.0 0.0.0.255
I also don't see any NAT ACL in your config:
ip nat inside source list 10 interface f0/0
Sent from Cisco Technical Support iPhone App
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide