Solved: Re: ISR1k to internet

lynxnebi · ‎02-26-2021

I am setting up a test lab and I am a little lost on how to setup my ISR 1100 to connect to the internet. I very new to all this and have already read some guides. Often times the guides don't cover DHCP use on the wan port. I have spectrum internet and using the provided modem which has no web interface. The WAN Ip assigned by the service provider is dynamic. Can someone please assist me? This router has 8 LAN ports that I plan on using to connect different machines to.

The setup is: Internet>ISP modem>ISR 1100

Georg Pauwen · ‎02-26-2021

Hello,

here is a sample config (important parts marked in bold):

service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ISR1100
!
boot-start-marker
boot-end-marker
!
no aaa new-model
subscriber templating
!
multilink bundle-name authenticated
!
--> ip dhcp excluded-address 192.168.1.1
!
--> ip dhcp pool LAN
--> network 192.168.1.0 255.255.255.0
--> default-router 192.168.1.1
--> dns-server 8.8.8.8 8.8.4.4
!
crypto pki trustpoint TP-self-signed-4175586959
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4175586959
revocation-check none
rsakeypair TP-self-signed-4175586959
!
crypto pki certificate chain TP-self-signed-4175586959
!
license udi pid C1111-8PLTELA sn FGL212694ML
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
redundancy
mode none
!
controller Cellular 0/2/0
lte modem link-recovery disable
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
--> description Uplink to ISP
--> ip address dhcp
--> ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Cellular0/2/0
ip address negotiated
ipv6 enable
!
interface Cellular0/2/1
no ip address
shutdown
!
interface Vlan1
--> ip address 192.168.1.1 255.255.255
--> ip nat inside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
!
--> ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0/0 dhcp
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
end

View solution in original post

Georg Pauwen · ‎02-27-2021

Hello,

interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto

I think GigabitEthernet0/0/1 is a layer 3 port only. Which means you can assign an IP address to that interface, and connect a single PC, which uses the IP address of that interface as default gateway:

interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0

PC:

IP address 192.168.10.2 255.255.255.0

Default Gateway 192.168.10.1

Or you could connect a switch to that interface, and also use subinterfaces:

interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0

!

interface GigabitEthernet0/0/1.20

encapsulation dot1q 20
ip address 192.168.20.1 255.255.255.0

!

interface GigabitEthernet0/0/1.30

encapsulation dot1q 30
ip address 192.168.30.1 255.255.255.0

Switch

interface GigabitEthernet0/1

description Uplink to Router

switchport mode trunk

View solution in original post

Joseph W. Doherty · ‎02-26-2021

See if your WAN interface will accept "ip address dhcp".

BTW, sometimes cable modems will "lock" to the last host MAC address. Often than can be reset by power cycling the modem.

lynxnebi · ‎02-26-2021

I have noticed the mac block, as you said simply power cycling gets it working.

Joseph W. Doherty · ‎02-26-2021

Oh, that's good. The other solution would be to assign the MAC used by your prior device to your replacement device.

Georg Pauwen · ‎02-26-2021

Hello,

here is a sample config (important parts marked in bold):

service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname ISR1100
!
boot-start-marker
boot-end-marker
!
no aaa new-model
subscriber templating
!
multilink bundle-name authenticated
!
--> ip dhcp excluded-address 192.168.1.1
!
--> ip dhcp pool LAN
--> network 192.168.1.0 255.255.255.0
--> default-router 192.168.1.1
--> dns-server 8.8.8.8 8.8.4.4
!
crypto pki trustpoint TP-self-signed-4175586959
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4175586959
revocation-check none
rsakeypair TP-self-signed-4175586959
!
crypto pki certificate chain TP-self-signed-4175586959
!
license udi pid C1111-8PLTELA sn FGL212694ML
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
redundancy
mode none
!
controller Cellular 0/2/0
lte modem link-recovery disable
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
--> description Uplink to ISP
--> ip address dhcp
--> ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Cellular0/2/0
ip address negotiated
ipv6 enable
!
interface Cellular0/2/1
no ip address
shutdown
!
interface Vlan1
--> ip address 192.168.1.1 255.255.255
--> ip nat inside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
!
--> ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0/0 dhcp
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
end

lynxnebi · ‎02-26-2021

Thank you so much! On the many guides I read I saw most of this setup, but I did not see a method of calling a DHCP address. This here "GigabitEthernet0/0/0/0 dhcp" is golden to me. I will test this in about an hour! Thank you.

lynxnebi · ‎02-26-2021

One more question! If I wanted to use int g0/0/1 to connect to a switch (or a single computer) how would the config look like?

Georg Pauwen · ‎02-27-2021

Hello,

interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto

I think GigabitEthernet0/0/1 is a layer 3 port only. Which means you can assign an IP address to that interface, and connect a single PC, which uses the IP address of that interface as default gateway:

interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0

PC:

IP address 192.168.10.2 255.255.255.0

Default Gateway 192.168.10.1

Or you could connect a switch to that interface, and also use subinterfaces:

interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0

!

interface GigabitEthernet0/0/1.20

encapsulation dot1q 20
ip address 192.168.20.1 255.255.255.0

!

interface GigabitEthernet0/0/1.30

encapsulation dot1q 30
ip address 192.168.30.1 255.255.255.0

Switch

interface GigabitEthernet0/1

description Uplink to Router

switchport mode trunk

lynxnebi · ‎02-27-2021

You are correct. G0/0/1 is a layer 3. This is my current config and for some reason my computer isn't getting an IP address when connected to G0/0/1.

Current configuration : 6409 bytes
!
! Last configuration change at 12:53:25 UTC Sat Feb 27 2021
!
version 17.2
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname LynxISR
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
license udi pid C1121X-8PLTEPWB sn FGL2506L9MM
memory free low-watermark processor 73234
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Uplink to ISP
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Wlan-GigabitEthernet0/1/8
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp
!
!
!
ip access-list standard 1
10 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
login
transport input ssh
!

Georg Pauwen · ‎02-27-2021

Hello,

you need to make the changes/additions marked in bold:

Current configuration : 6409 bytes
!
! Last configuration change at 12:53:25 UTC Sat Feb 27 2021
!
version 17.2
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname LynxISR
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip dhcp excluded-address 192.168.1.1
--> ip dhcp excluded-address 192.168.10.1
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4
!
--> ip dhcp pool LAN2
--> network 192.168.10.0 255.255.255.0
--> default-router 192.168.10.1
--> dns-server 8.8.8.8 8.8.4.4
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
license udi pid C1121X-8PLTEPWB sn FGL2506L9MM
memory free low-watermark processor 73234
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
description Uplink to ISP
ip address dhcp
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.10.1 255.255.255.0

--> ip nat inside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Wlan-GigabitEthernet0/1/8
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp
!
ip access-list standard 1
10 permit 192.168.1.0 0.0.0.255
--> ip access-list standard 1
--> 20 permit 192.168.10.0 0.0.0.255
!
control-plane
!
line con 0
stopbits 1
line vty 0 4
login
transport input ssh

lynxnebi · ‎02-28-2021

Thank you so much for your help and patience. During testing almost everything was a success. I can hop online via the ethernet ports or the wan port. The issue now is DNS related. Most websites don't load, very few do and if they do, they do so very slow. Inside the router I am able to ping both ip addresses and DNS names just fine, like ping google.com. Inside the computer it is having a hard time connecting to the DNS server for some reason. I don't suppose you or anyone has some advice on this?

Joseph W. Doherty · ‎03-01-2021

Possibly the DNS server your hosts are using is "slow". Likely, the DHCP information obtained by your router also includes a DNS server IP (different from the DNS server used by your hosts). If so, are you using that DNS server for your other host devices?

If you find that one also "slow", you might try different "public" DNS servers.

Lastly, although likely a bit much for a small network, you could consider installing your own DNS server.

Joseph W. Doherty · ‎02-27-2021

BTW, although Geog shows how to use your "WAN" port, for connecting other device, generally you would want to use you additional LAN ports. Any configured to use DHCP should pull an IP from DHCP that Georg defined in his sample config, or they might use a hard coded IP within that DHCP address block.

I'm not 100% sure your ISR1k supports multiple VLANs, but likely it does. If so, you could also have multiple networks off the LAN ports.

The usual difference between a small router's WAN and LAN ports, the former often supports features not provided for the latter (like advanced QoS).

lynxnebi · ‎02-28-2021

For this part it would be something like this right?

int G0/1/0

switchport mode access

switchport access vlan 1

Joseph W. Doherty · ‎02-28-2021

Yes, although VLAN 1 should be the default, i.e. you would only need to specify a VLAN other than VLAN 1.

Also, not 100% positive, but "switchport mode access" might also be the default for those ports.