Solved: 2900 router problems

sirEgGhEaD · ‎09-12-2007

howdy. i'm fairly new to cisco stuff. i have an entire collection of cisco books, but i'm not too far in them. currently i'm deployed to iraq and one of my warrant officers here is a cisco instructor. i've learned some stuff from him and learned some stuff on my own. i've presented my situation to him, but it's extremely hard to learn from him in the first place because he's a little off the wall. but besides that, i don't know enough.

i'm a systems adminstrator here in iraq and head of the helpdesk. i've been in IT for over 20 years. i have experience, just not when it comes to this.

so enough of the intro. we have the internet here in our rooms that we pay way too much for. there is one cable for my roommate and myself. we sign into a radius server with a 24 hour lease. the ip addresses are obviously assigned via dhcp. the cable from our room runs to a "dumb" switch. from the switch, a cat5 runs to a line of site radio that shoots to their office down the road. from there they host the internet via satellite obviously.

currently i have a linksys wrt300 acting as my router with the antennas disabled. i need to send this router home to my wife, so my whole grand plan for this expensive router is only to catch the outside ip address given by my isp, and run a dhcp server to host my inside lan. on this switch there are, of course, 2 built-in fastethernet interfaces, a t1/dsu port on the serial interface, and something else that says t1 on the voice interface.

i've tried a few things. i've created an access list, configured nat on the 2 fe interfaces, and semi-setup the dhcp. i have a few problems. obviously, i can't pull up a webpage. i don't receive ping from everything, even from the router console. for instance yahoo.com i cannot receive a ping from. even the default gateway for the isp i can't receive a ping from. but i've randomly pinged a few ips here from behind their radio. another problem is i don't know how to get dhcp to push itself (192.168.1.1) as the gateway down to the computer connected to it. i have to set it manually.

a few other problems that don't really regard the internet side of my problem is somehow i must have fat-fingered my password when i initially set it up, so i had to follow the recovery instructions at cisco.com. since then, the router won't hold a password when it reboots. show config shows the password, but it still doesn't hold. another thing is dir doesn't show anything other than a .bin file. i don't remember which one, but it isn't my ios.

i know this is quite a lot for one post, but i would definately appreciate some help.

thomas

vaisharm · ‎09-20-2007

RIP or any other dynamic routing protocol is certainly not needed in this setup. Also, if it was, you won't have been able to go online by connecting your computer directly.

Anyways, I would suggest some very basic stuff here. First off, we need to determine if the fa0/0 interface on the router is good. It's weird that we are unable ping anything from the router (with just the IP address and the default route configured), however, the same works when we plug in the computer directly. I don't suspect it could be an access-list as we have already erased the config. So, lets just follow the steps below in the same order and see what we infer.

1. Erase the config on the router. (I know we have done it before but, just don't want to take any chance here and miss on something). Reload the router and do NOT save the changes.

2. Assign static IPs on fa0/0 (10.1.1.1/24) and on fa0/1 (10.1.2.1/24).

3.Connect the router fa0/0 to the computer (use cross-over cable if connecting directly or a straight through if using a switch).

4. Assign static IP (10.1.1.2/24) on the computer and ping the router fa0/0 and vice versa.

Next, unplug the ethernet cable from fa0/0 and plug it in fa0/1. Assign static IP (10.1.2.2/24) on the computer and ping the router fa0/1 and reverse.

If you face any problem pinging the computer check for any firewall software running in the background.

If all the ping tests are successfull, we know the interfaces are good.

5. Connect the computer to the ISP directly (without any router) and configure it to obtain IP from DHCP. Now, ping 4.2.2.2 or any other public IP. Also try your default gateway. If you are able to ping a public IP move to the next step.

6. Unconfigure the IP address on fa0/0 and fa0/1. Set fa0/0 to receive the IP from DHCP.

7. Connect the cable from the ISP to fa0/0. Wait until fa0/0 receives the IP.

8. Configure a default route:

ip route 0.0.0.0 0.0.0.0 fa0/0

9. Check fa0/0 status using - 'show ip int brief'. It should have an IP address assigned from the DHCP and should be up/up.

Check the routing table for the default route - 'show ip route'.

10. If fa0/0 is good and the default route is there, ping the same public IP address which you were able to reach from the computer when it was connected directly.

Ping the IP from the router console.

To summarize, we have made just 2 changes to the default configuration on the router:

- Configured fa0/0 to obtain an IP from the DHCP (which is our ISP).

- Added a default route pointing to fa0/0

Now, this is same as connecting the computer directly to the ISP and logically should work.

Please follow the exact sequence and post the results (not necessarily outputs) for all the steps.

I would be travelling this weekend but may respond if you can post the results today.

-Vaibhav

View solution in original post

vaisharm · ‎09-21-2007

This looks good. I forgot to ask if you are able to ping the radius server from the router? Lets try this now:

- Assign static IP on fa0/1

int fa0/1

ip address 10.1.2.1 255.255.255.0

no shut

Connect this interface to the computer and assign 10.1.2.2 255.255.255.0 on the computer. Also, configure 10.1.2.1 as the default gateway on the computer.

Now try pinging the radius server or connecting to the radius server from the computer. If successfull, see if you can get on to the internet.

Looking forward to your response.

View solution in original post

vaisharm · ‎09-21-2007

Sounds great. For the DNS as a temporary workaround configure 4.2.2.2 as your DNS on the coumpter(s). I'll check how we can push the DNS onto the clients and will get back to you.

Let me know if the workaround works for you.

Please do remember to rate the posts, if these were helpful.

-Vaibhav

View solution in original post

vaisharm · ‎09-21-2007

Thomas,

Here's the DHCP configuration:

Router(config)# ip dhcp excluded-address 192.168.1.1

ip dhcp pool InSayne

Router(dhcp-config)#network 192.168.1.1 255.255.255.0

default-router 192.168.1.1

dns-server 208.67.222.222 208.67.220.220

exit

Router(config)# no ip dhcp conflict logging

-----------

Configure static IP 192.168.1.1 255.255.255.0 on fa0/1.

Now, the client computers should be able to receive the IP address, default gateway as well as the DNS server IP from the router. You may remove the static DNS 4.2.2.2 assigned on the computer.

Let us know how it goes.

-Vaibhav

View solution in original post

vaisharm · ‎10-16-2007

Thomas, I just got done with recreating your issue. The setup is working as desired and I have narrowed down to the problem.

- int fa0/0 on the router is getting IP from the DHCP.

- sub-if fa0/0.1 and sub-if fa0/0.2 are being used for inter-VLAN routing.

- Hosts in VLAN1 on the switch are getting IP address from 172.16.1.0 range (exclusions are taken care of).

- Hosts in VLAN2 on the switch are getting IP address from 172.16.2.0 range (exclusions are taken care of).

- Hosts in VLAN1 and VLAN2 can communicate with each other.

- Hosts in VLAN1 can access internet.

- Hosts in VLAN2 can NOT access internet.

Please make the following changes in your configuration:

no ip nat pool InSayne 172.16.1.1 172.16.1.255 prefix-length 24

no access-list 10 permit 172.16.2.0 0.0.0.255

no access-list 10 permit 172.16.1.0 0.0.0.255

interface FastEthernet0/1.2

no ip access-group 10 in

Here's what the config should look like :

---------

!

ip dhcp excluded-address 172.16.1.1

ip dhcp excluded-address 172.16.1.2 172.16.1.99

ip dhcp excluded-address 172.16.2.1

ip dhcp excluded-address 172.16.2.2 172.16.2.99

!

ip dhcp pool InSayne

network 172.16.1.0 255.255.255.0

default-router 172.16.1.1

!

ip dhcp pool InSayneX

network 172.16.2.0 255.255.255.0

default-router 172.16.2.1

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 172.16.1.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1.2

encapsulation dot1Q 2

ip address 172.16.2.1 255.255.255.0

ip access-group VLAN2_NoiNet in

!

ip nat inside source list 50 interface FastEthernet0/0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

ip access-list extended VLAN2_NoiNet

permit ip any 172.16.1.0 0.0.0.255

permit ip any host 172.16.2.1

permit udp any any eq bootps

access-list 50 permit 172.16.1.0 0.0.0.255

!

------------

No other manually configured commands should be there which may affect the working.

BTW, the problem was the access-list on int fa0/0.2 which was blocking DHCP messages from going through.

I have thoroughly tested this configuration multiple times and it works as expected.

Let me know how this goes.

-Vaibhav

View solution in original post

spremkumar · ‎09-13-2007

Hi

Regarding password issue do check out the config-register values.i think its still in the same recovery mode because of which its going back in loop.

You can verify the same using show version command and can find whether your register values are 0x2142.

Ideally it should be 0x2102 so that it doesnt go back to recovery mode again and again.

You can change the same using config-register 0x2102 and save the config.

To check out whether you have a valid ios code in your router you can check out using show flash.

Inline to your DHCP issues do post out the show version taken out from your box here so that it can be verified whether it can support the dhcp functionality.

Also Cisco 2900 boxes belongs to the switching products.

http://www.cisco.com/en/US/products/index.html

regds

sirEgGhEaD · ‎09-13-2007

2900 was a typo. It's a 2600 series router. I have 2 2900 switches in there too, but i'm ok on the switches.

spremkumar · ‎09-13-2007

hi

did u try to set the password mechanism rite ?

also are you trying to configure this router as dhcp server as well as to recieved ip address on one interface from the radio link ?

regds

sirEgGhEaD · ‎09-13-2007

yeah i'm sure i set it correctly. it asks me for a password until the router reboots. and this router doesn't have a radio. but yes, i want to configure a dhcp server for my internal lan off of one interface, and have another interface catch my outside ip. read my first post for full details.

spremkumar · ‎09-13-2007

For dhcp services do find this link ...

http://www.cisco.com/en/US/docs/ios/12_1/iproute/configuration/guide/1cddhcp.html

And for making an interface to recieve an ip address from the external dhcp server do use ip address dhcp command under the interface which u want to do so ..

regds

sirEgGhEaD · ‎09-13-2007

i've already done all that. the problem i stated in the first post wasn't that i was having problems getting the ip, nor was it pushing ips to my machines. it just won't push 192.168.1.1 as the default gateway. all the details are in my original post. there are approximately 3 more problems listed in that post also.

spremkumar · ‎09-13-2007

hi

do post show run/show version taken from your router

regds

sirEgGhEaD · ‎09-13-2007

sure no problem. i'll be home in like an hour and a half and will post it.

sirEgGhEaD · ‎09-13-2007

Router#show run

Building configuration...

Current configuration : 816 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

no network-clock-participate slot 1

no network-clock-participate wic 0

voice-card 1

!

ip subnet-zero

--More-- ip cef

!

no ip dhcp use vrf connected

!

no ftp-server write-enable

!

controller T1 1/0

framing sf

--More-- linecode ami

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

no dce-terminal-timing-enable

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

ip classless

!

--More-- no ip http server

!

control-plane

!

line con 0

line aux 0

line vty 0 4

!

end

Router#show config

Using 1677 out of 29688 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

enable password *********

!

no aaa new-model

!

resource policy

!

no network-clock-participate slot 1

no network-clock-participate wic 0

voice-card 1

!

ip subnet-zero

--More-- ip cef

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool InSayne

host 192.168.1.100 255.255.255.0

client-identifier 0100.1a92.835c.22

dns-server 192.168.1.1

client-name insayne

!

ip domain name insaynelan.net

frame-relay switching

no ftp-server write-enable

!

--More-- !

!

controller T1 1/0

framing sf

linecode ami

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

shutdown

duplex auto

speed auto

!

interface Serial0/0

ip address 192.168.1.1 255.255.255.0

shutdown

--More-- no dce-terminal-timing-enable

!

interface FastEthernet0/1

ip address 192.168.1.10 255.255.255.0

ip nat inside

duplex auto

speed auto

!

ip default-gateway 192.168.1.1

ip classless

!

no ip http server

ip nat pool ovrld 192.168.1.1 192.168.1.200 prefix-length 24

ip nat pool InSayne 192.168.1.96 192.168.1.127 prefix-length 24

ip nat inside source list 15 interface FastEthernet0/1 overload

ip nat outside source list 15 interface FastEthernet0/0

!

access-list 15 permit 192.168.1.96 0.0.0.31

!

control-plane

!

--More-- !

!

gateway

timer receive-rtp 1200

!

banner motd ^C

Welcome to InSayne LAN!

Obey the rules or pay the price!

Enjoy!

^C

!

line con 0

exec-timeout 0 0

password *********

logging synchronous

login

line aux 0

line vty 0 4

password *********

login

--More-- !

!

end

Router#

sirEgGhEaD · ‎09-14-2007

got any ideas?

Marcus.Tomlinson · ‎09-16-2007

inside of your dhcp pool you don't have a default gateway designated. maybe you don't need one, but i have always put it in mine.

syntax is; default-gateway 192.168.1.1

what fob are you at?

sirEgGhEaD · ‎09-17-2007

i've tried that command, but 192.168.1.1 still doesn't get pushed out to my machines as the default gateway.

i am in camp warrior(old chuville) on al asad.

sirEgGhEaD · ‎09-19-2007

any idea why my config doesn't save when i reboot? i'm showing all my configs in show config, but not show run

Kevin Dorrell · ‎09-19-2007

copy run start

But I am guessing you can see your changes in show run but not in show conf

Kevin Dorrell

Luxembourg