Need help Configuring 1941 w/ csu/dsu module

morales0056434 · ‎11-15-2010

I am still very new to configuring Cisco equpment and am need of some help configuring a 1941 router with a csu/dsu module. I am directly connected to the T1 jack and verified a connection with the hardware loopback button.

i've gathered code from various Cisco/Online resources and cannot figure out what I need to do.

My goal is simply to be able to go out to the internet from an internal network.

any help would be most apreciated, thanks in advance

Below is the info I recieved from the ISP:

ROUTER IP INFO:

IP Address: xxx.xxx.xxx.xxx

Subnet: 255.255.255.252

Gateway: xxx.xxx.xxx.xxx

Primary DNS: xxx.xx.xxx.xxx

Secondary DNS: xxx.xx.xxx.xxx

DLCI#: xxxIETF

VERIZON INFORMATION:

Network Range: xxx.xxx.xxx.xxx/x0

IP Address: xxx.xxx.xxx.xxx

Circuit# (ID): xxxxxxxxxxxxxxxx

Circuit#: xx/xxxx/xxxxxx/xx

And my current config:

version 15.0

service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname Cisco1
!
boot-start-marker
boot-end-marker
!
enable password admin1
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp pool mainip
   import all
   network x.x.0.0 255.255.255.0
   dns-server x.x.x.x
   default-router x.x.x.x
   lease 5
!
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941/K9 sn xxxxxxxxxxxxx
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address x.x.x.x 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address x.x.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation frame-relay IETF
no clock rate 2000000
service-module t1 timeslots 1-24
frame-relay map ip x.x.x.x. xxx broadcast IETF
!
router eigrp 1000
network x.x.0.0
network x.x.0.0
network x.x.x.0
network x.x.x.x.0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Richard Burts · ‎11-15-2010

Israel

You are off to a good start. The biggest issue that I see in this config is that while you have specified ip nat inside and ip nat outside on appropriate interfaces that there is no statement to invoke address translation. It might look something like this:

ip nat inside source list 15 interface Serial0/0/0 overload

access-list 15 permit x.x.x.x 0.0.0.255

I would also think that there is some value in configuring a serial interface subinterface and moving the IP address and the DLCI from the physical interface (where it is essentially a multipoint interface) to the serial subinterface where it will be a true point to point interface.

HTH

Rick

[edit] I notice that you have configured EIGRP as a dynamic routing protocol. This may be a good thing. I also notice that there are multiple network statements under router EIGRP. But the way that you have masked "sensitive" information makes it difficult to know what networks you intend to put under EIGRP. And having multiple network statemets when there are only 2 networks configured on the router (and one of them is to outside where you probeably do not want to run your internal routing protocol) seems pretty strange. Perhaps you can clarify what you are trying to do with EIGRP?

HTH

Rick

morales0056434 · ‎11-16-2010

Thank you for the response Rick,

I will add the NAT statements and also I have added the and subinterface, see below:

interface Serial0/0/0
no ip address

encapsulation frame-relay
ip virtual-reassembly
no clock rate 2000000

interface Serial0/0/0.1
ip address x.x.x.x 255.255.255.252
ip nat outside
ip virtual-reassembly
encapsulation frame-relay interface-dlci xxx IETF
service-module t1 timeslots 1-24
frame-relay map ip x.x.x.x. xxx broadcast IETF

would I then change the Ip route to point to the sub interface?:

ip route 0.0.0.0 0.0.0.0 Serial0/0/0.1

As for the EIGRP, it was an attempt to get some sort of reply from a neighbor router and I would like to remove it entirely if it isnt 100% required to get internet access.

thanks again for your help

Richard Burts · ‎11-16-2010

Israel

Yes you would change the static route to point to the subinterface.

Where is the neighbor router? (on what interface is it connected?) If it is on the inside interface then it might make sense to run EIGRP (assuming that the neighbor is also running EIGRP and is using the same AS# in its EIGRP config). The serial interface goes to your service provider and generally you would not want to run a protocol like EIGRP with your provider.

One other important thing to understand about configuring EIGRP is that you use network statements to identify networks on local interfaces that you want to be running EIGRP. Since it looks like you have only one interface where you might want to run EIGRP I would expect only one network statement under router eigrp.

HTH

Rick

HTH

Rick

morales0056434 · ‎11-16-2010

Rick,

You were correct, I was trying to set up EIGRP with the porvider and realized it wasnt what i need to do, i removed it rom my config completely.

So I have finally have a way to the internet from the router, I can ping google from the console. But it seems my NAT is not functioning properly.

Any ideas?

Building configuration...

Current configuration : 1419 bytes

!

! Last configuration change at 17:51:09 UTC Tue Nov 16 2010

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

service udp-small-servers

service tcp-small-servers

!

hostname Cisco1

!

boot-start-marker

boot-end-marker

!

enable password admin1

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

ip dhcp pool internal

network 1.1.0.0 255.255.255.0

default-router 2.2.2.2

domain-name name.server

lease 7

!

ip name-server 3.3.3.1 --------Primary DNS

ip name-server 3.3.3.2 --------Secondary DNS

multilink bundle-name authenticated

!

license udi pid CISCO1941/K9 sn FTX143802RG

!

interface GigabitEthernet0/0

ip address 1.1.0.1 255.255.255.0

ip access-group 1 in

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0

mtu 4470

ip address 4.4.4.2 255.255.255.252

ip access-group 1 out

ip nat outside

ip virtual-reassembly

encapsulation frame-relay IETF

no clock rate 2000000

traffic-shape rate 1024000 25600 25600 1000

frame-relay interface-dlci xxx

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 4.4.4.1 ----------Gateway

!

ip nat inside source list 1 interface Serial0/0/0 overload

!

access-list 1 permit any

!

control-plane

!

line con 0

line aux 0

line vty 0 4

login

!

scheduler allocate 20000 1000

end

Richard Burts · ‎11-16-2010

Israel

I am not sure that the problem is NAT. I believe that the problem is in the way that you configured the router to act as a DHCP server. Here is what I see in the config:

ip dhcp pool internal

network 1.1.0.0 255.255.255.0

default-router 2.2.2.2

You are telling the client PCs to use addresses in network 1.1.0.x and that their default gateway is in an entirely different network. The default gateway in the DHCP pool should be the address of the router interface (in this case 1.1.0.1).

While I am responding let me comment on a few other things. I am surprised that you are using network 1.1.0 as the network on your LAN interface. Is there a reason for doing this? The more common approach is to configure your LAN with private addresses (such as 192.168.x.x, or 172.16.y.y, or even 10.z.z.z).

I would also suggest that it might be better if you use access list 1 differently. As currently configured access list 1 is used as an inbound filter on the LAN interface, used as an outbound filter on the WAN interface, and is used for NAT. It will constrain what you can do as your router config needs to adapt to changes that may take place in your network.

I would also comment that if the access list is going to permit any that there is very little reason to use it as an inbound filter on the LAN or an outbound filter on the WAN. If you are going to permit everything there is little reason to configure the access-group on those interfaces.

I would also suggest that you configure the access list differently. I have seen some unexpected behaviors when access lists used for NAT are configured with permit any. I would suggest that it would be better if the access list permitted the subnet of the LAN interface. In your current config that would be access-list 1 permit 1.1.0.0 0.0.0.255

HTH

Rick

[edit] I just re-read your post and see one other issue. In your NAT statement you are using the physical interface for the overload. You should be specifying the subinterface as the overload.

HTH

Rick