cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1221
Views
15
Helpful
8
Replies

Help- 2821 Router direct setup to ISP

mikemendo
Level 1
Level 1

Hello,

Im trying to configure my Cisco 2821 router with a direct connection to Comcast. I use my own modem= Cisco DPC3008. So far, I have configured the basics. From the 2821 router, I cannot successfully resolve websites or internal hosts by name, but I can ping websites and internal hosts using IP addresses. I also do not have internet connectivity on any of my computers, but they can ping each other by IP. Im very new at working with Cisco equipment, so thanks in advance for any help :)

 

 

-----------------------------------------------------

RT1#show conf
Using 1925 out of 245752 bytes
!
! Last configuration change at 21:50:39 UTC Wed Mar 11 2020
! NVRAM config last updated at 16:50:23 UTC Wed Mar 11 2020
! NVRAM config last updated at 16:50:23 UTC Wed Mar 11 2020
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RT1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$PNF7$ocic6M4TKThoDtYu2S0tj/
enable password 
!
no aaa new-model
no network-clock-participate wic 0
!
dot11 syslog
ip source-route
no ip routing
!
!
no ip cef
!
ip dhcp excluded-address 10.0.1.1 10.0.1.10
!
ip dhcp pool "mendopool"
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 10.0.1.5
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX1119A0NR
!
!
controller T1 0/0/0
!
controller T1 0/0/1
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet1/0
no ip address
no ip route-cache
shutdown
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
!
ip nat inside source list MendoNat interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list standard MendoNat
permit 10.0.1.0 0.0.0.255

2 Accepted Solutions

Accepted Solutions

I see several issues in the posted config. First and most important is this configuration for address translation

ip nat inside source list mendonat interface GigabitEthernet0/1 overload

it specifies the inside interface Gig0/1 but should specify the outside interface Gig0/0. Also it specifies an access list mendonat but I do not find any such access list in the configuration. So address translation is not working.

 

Beyond that there are issues with the specified static default routes. Two static default routes are given

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 dhcp

Having 2 static default routes adds complexity to the configuration and I do not see any benefit from having the two static default routes. There are several issues with the first static route. When a static route specifies the outbound interface, which is an Ethernet interface, without specifying a next hop there are several challenges. For one thing it will require the router to arp for every destination address for which it wants to forward packets. This can work if the next hop router has enabled proxy arp. But many provider routers are disabling proxy arp because of the security concerns related to it. So if the next hop does not enable proxy arp then any packet forwarded using this static route will fail. And even if proxy arp is enabled and the packet will be forwarded then it makes the router work much harder than if it were using the static route which specifies the next hop. So I suggest removing the first static route.

 

Please make the changes that I suggest and let us know what are the results.

HTH

Rick

View solution in original post

Thats good news that using Public DNS works, if you like to use your own DNS Server, that DNS Server should also should have parent DNS Root Server from Public IP, that can be comcast or DNS.

 

regarding config @Richard Burts  pointed some suggestion, since i would like you to test before we can do fine tune the config.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

8 Replies 8

mikemendo
Level 1
Level 1

Sorry, here is my full configuration

RT1#show conf
Using 1925 out of 245752 bytes
!
! Last configuration change at 21:50:39 UTC Wed Mar 11 2020
! NVRAM config last updated at 16:50:23 UTC Wed Mar 11 2020
! NVRAM config last updated at 16:50:23 UTC Wed Mar 11 2020
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RT1
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$PNF7$ocic6M4TKThoDtYu2S0tj/
enable password 
!
no aaa new-model
no network-clock-participate wic 0
!
dot11 syslog
ip source-route
no ip routing
!
!
no ip cef
!
ip dhcp excluded-address 10.0.1.1 10.0.1.10
!
ip dhcp pool "mendopool"
network 10.0.1.0 255.255.255.0
default-router 10.0.1.1
dns-server 10.0.1.5
!
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX1119A0NR
!
!
controller T1 0/0/0
!
controller T1 0/0/1
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet1/0
no ip address
no ip route-cache
shutdown
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
!
ip nat inside source list MendoNat interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list standard MendoNat
permit 10.0.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
line con 0
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
password 
login
transport input all
!
scheduler allocate 20000 1000
end

To test, try change DNS to google DNS on your PC and see you able to access internet - if that works.

 

change your DNS in the config to google DNS and try

 

dns-server 10.0.1.5   to  8.8.8.8  ( not sure you have 10.0.1.5 DNS Server able to resolve DNS Queries).

 

let us know how it goes ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi Balaji,

Thank you so much for the quick response! I tested with Google DNS server. Since that worked, I added both Comcast DNS servers (75.75.75.75,  75.75.76.76). Now I can ping websites by hostname from the Cisco router, but I can ping from the router to my laptop only by IP address. (Laptop is connected directly to G0/1 for testing) *** (See Screenshots). I forgot to mention that all internal nodes are connected to the router via a Cisco 2960 switch with default settings. 

I still cannot ping websites by hostname or IP from my laptop. I'm guessing I now have to add an internal DNS server, correct?? My initial plan was to use my Microsoft Server 2016 as the DHCP/DNS server for my internal network. The Server IP address is 10.0.1.5. How do I finish the configuration to the router now so I can resolve internal hostnames and reach the internet from my computers? Many thanks in advance!!

****Below is my updated running config

MendoRouter#show config
Using 1613 out of 245752 bytes
!
! Last configuration change at 16:04:29 UTC Fri Mar 13 2020
! NVRAM config last updated at 16:30:11 UTC Fri Mar 13 2020
! NVRAM config last updated at 16:30:11 UTC Fri Mar 13 2020
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MendoRouter
!
boot-start-marker
boot-end-marker
!
!
enable password ------------
!
no aaa new-model
no network-clock-participate wic 0
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
ip name-server 75.75.75.75
ip name-server 75.75.76.76
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX1119A0NR
!
!
controller T1 0/0/0
!
controller T1 0/0/1
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet1/0
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
ip http secure-server
!
!
ip nat inside source list mendonat interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
line con 0
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

I see several issues in the posted config. First and most important is this configuration for address translation

ip nat inside source list mendonat interface GigabitEthernet0/1 overload

it specifies the inside interface Gig0/1 but should specify the outside interface Gig0/0. Also it specifies an access list mendonat but I do not find any such access list in the configuration. So address translation is not working.

 

Beyond that there are issues with the specified static default routes. Two static default routes are given

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 dhcp

Having 2 static default routes adds complexity to the configuration and I do not see any benefit from having the two static default routes. There are several issues with the first static route. When a static route specifies the outbound interface, which is an Ethernet interface, without specifying a next hop there are several challenges. For one thing it will require the router to arp for every destination address for which it wants to forward packets. This can work if the next hop router has enabled proxy arp. But many provider routers are disabling proxy arp because of the security concerns related to it. So if the next hop does not enable proxy arp then any packet forwarded using this static route will fail. And even if proxy arp is enabled and the packet will be forwarded then it makes the router work much harder than if it were using the static route which specifies the next hop. So I suggest removing the first static route.

 

Please make the changes that I suggest and let us know what are the results.

HTH

Rick

Thats good news that using Public DNS works, if you like to use your own DNS Server, that DNS Server should also should have parent DNS Root Server from Public IP, that can be comcast or DNS.

 

regarding config @Richard Burts  pointed some suggestion, since i would like you to test before we can do fine tune the config.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

@balaji.bandi @Richard Burts 
Hey guys, I really want to thank you both for taking the time to respond to me. I got everything running perfectly thanks to you.

***I removed the unnecessary static route, added the missing MendoNat access list and specified the correct interface to use. I then finished everything off by configuring my 2016 DNS Server with Comcast's DNS server as a forwarder. I can now reach the internet on all my devices and the Router is working like a charm. You guys are awesome. 

Warm regards,
Mike M. 

Mike

 

Thanks for the update. Glad to know that you have it working now and that our suggestions pointed you in the right direction. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

Good to know all working as expected changing the route and DNS, Thanks to  @Richard Burts point that route one..it was missing my high level screening. 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Review Cisco Networking for a $25 gift card