cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7321
Views
20
Helpful
71
Replies

2900 router problems

sirEgGhEaD
Level 1
Level 1

howdy. i'm fairly new to cisco stuff. i have an entire collection of cisco books, but i'm not too far in them. currently i'm deployed to iraq and one of my warrant officers here is a cisco instructor. i've learned some stuff from him and learned some stuff on my own. i've presented my situation to him, but it's extremely hard to learn from him in the first place because he's a little off the wall. but besides that, i don't know enough.

i'm a systems adminstrator here in iraq and head of the helpdesk. i've been in IT for over 20 years. i have experience, just not when it comes to this.

so enough of the intro. we have the internet here in our rooms that we pay way too much for. there is one cable for my roommate and myself. we sign into a radius server with a 24 hour lease. the ip addresses are obviously assigned via dhcp. the cable from our room runs to a "dumb" switch. from the switch, a cat5 runs to a line of site radio that shoots to their office down the road. from there they host the internet via satellite obviously.

currently i have a linksys wrt300 acting as my router with the antennas disabled. i need to send this router home to my wife, so my whole grand plan for this expensive router is only to catch the outside ip address given by my isp, and run a dhcp server to host my inside lan. on this switch there are, of course, 2 built-in fastethernet interfaces, a t1/dsu port on the serial interface, and something else that says t1 on the voice interface.

i've tried a few things. i've created an access list, configured nat on the 2 fe interfaces, and semi-setup the dhcp. i have a few problems. obviously, i can't pull up a webpage. i don't receive ping from everything, even from the router console. for instance yahoo.com i cannot receive a ping from. even the default gateway for the isp i can't receive a ping from. but i've randomly pinged a few ips here from behind their radio. another problem is i don't know how to get dhcp to push itself (192.168.1.1) as the gateway down to the computer connected to it. i have to set it manually.

a few other problems that don't really regard the internet side of my problem is somehow i must have fat-fingered my password when i initially set it up, so i had to follow the recovery instructions at cisco.com. since then, the router won't hold a password when it reboots. show config shows the password, but it still doesn't hold. another thing is dir doesn't show anything other than a .bin file. i don't remember which one, but it isn't my ios.

i know this is quite a lot for one post, but i would definately appreciate some help.

thomas

71 Replies 71

Thomas, please try the following:

int fastEthernet 0/1.2

ip helper-address 172.16.1.1

If this does not work, I would suggest capturing sniffer traces from a port in VLAN 2 and see if its receiving any responses from the DHCP.

that didn't help. i configured my ip manually again while i had the machine in a vlan 2 port and i tried to ping 172.16.2.1 and i didn't get a response, however when i ping 172.16.1.1 i get a response. i will post a show vlans for you just in case i messed something up.

InSayneLAN#show vlans

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/1.1

This is configured as native Vlan for the following interface(s) :

FastEthernet0/1

Protocols Configured: Address: Received: Transmitted:

IP 172.16.1.1 807586 852937

Other 0 2751

809503 packets, 73235742 bytes input

855688 packets, 139846925 bytes output

Virtual LAN ID: 2 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/1.2

Protocols Configured: Address: Received: Transmitted:

IP 172.16.2.1 325 12

Other 0 9

325 packets, 48240 bytes input

21 packets, 1334 bytes output

InSayneLAN#

i've been looking around trying to figure out what's going on but i still can't figure it out. would it have anything to do with bridging?

Hey Thomas, sorry about the delay. I've been pretty tied up lately. I would try to recreate the issue here and would get back to you in a days time.

-Vaibhav

i think our problem might be due to the fact that the 2900 series switch is layer 2 only so we can't route between vlans. no matter how many times i type no shutdown when i'm interfacing vlan 2, i get the following in show run:

interface VLAN1

ip address 172.16.1.2 255.255.255.0

no ip directed-broadcast

no ip route-cache

!

interface VLAN2

ip address 172.16.2.2 255.255.255.0

no ip directed-broadcast

no ip route-cache

shutdown

!

is there any other way to control internet access with the ease of what we were attempting?

We are using the 2600 router to route between the VLANs becuase 2900 is layer 2 only. Also, shutting down the interfaces will not make any difference to the configuration. If I remember correctly, the only problem we are facing right now is that hosts in VLAN2 are not getting IP addresses assigned by the DHCP. However, if we assign IP addresses manually, everything works fine. Please correct me if I am wrong. Also, we already have the access-list in place to block any traffic for internet from .2 network (VLAN2).

I would hopefully have something on this later today. Irrespective of what the curreent issue is, I am aware what we want to achieve. I am going to try it and get back to you.

Thomas, I just got done with recreating your issue. The setup is working as desired and I have narrowed down to the problem.

- int fa0/0 on the router is getting IP from the DHCP.

- sub-if fa0/0.1 and sub-if fa0/0.2 are being used for inter-VLAN routing.

- Hosts in VLAN1 on the switch are getting IP address from 172.16.1.0 range (exclusions are taken care of).

- Hosts in VLAN2 on the switch are getting IP address from 172.16.2.0 range (exclusions are taken care of).

- Hosts in VLAN1 and VLAN2 can communicate with each other.

- Hosts in VLAN1 can access internet.

- Hosts in VLAN2 can NOT access internet.

Please make the following changes in your configuration:

no ip nat pool InSayne 172.16.1.1 172.16.1.255 prefix-length 24

no access-list 10 permit 172.16.2.0 0.0.0.255

no access-list 10 permit 172.16.1.0 0.0.0.255

interface FastEthernet0/1.2

no ip access-group 10 in

Here's what the config should look like :

---------

!

!

ip dhcp excluded-address 172.16.1.1

ip dhcp excluded-address 172.16.1.2 172.16.1.99

ip dhcp excluded-address 172.16.2.1

ip dhcp excluded-address 172.16.2.2 172.16.2.99

!

ip dhcp pool InSayne

network 172.16.1.0 255.255.255.0

default-router 172.16.1.1

!

ip dhcp pool InSayneX

network 172.16.2.0 255.255.255.0

default-router 172.16.2.1

!

!

interface FastEthernet0/0

ip address dhcp

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

!

interface FastEthernet0/1.1

encapsulation dot1Q 1 native

ip address 172.16.1.1 255.255.255.0

ip nat inside

!

interface FastEthernet0/1.2

encapsulation dot1Q 2

ip address 172.16.2.1 255.255.255.0

ip access-group VLAN2_NoiNet in

!

ip nat inside source list 50 interface FastEthernet0/0 overload

ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

!

!

!

ip access-list extended VLAN2_NoiNet

permit ip any 172.16.1.0 0.0.0.255

permit ip any host 172.16.2.1

permit udp any any eq bootps

access-list 50 permit 172.16.1.0 0.0.0.255

!

!

------------

No other manually configured commands should be there which may affect the working.

BTW, the problem was the access-list on int fa0/0.2 which was blocking DHCP messages from going through.

I have thoroughly tested this configuration multiple times and it works as expected.

Let me know how this goes.

-Vaibhav

sorry it's taken so long for me to get back to you. sir, this is working with a most oustanding performance. everything seems to be great. i need to figure out how to config my machine with a static ip since i am running a server, and that will be the end of the whole deal. thank you so much for all your time and dedication. i will be back within a day or two to rate these posts. it's past bed time or i would do it now. but i will be back to rate them. thank you again.

thomas

Hi Thomas,

I am glad to know that I was able to help you and the issue has been resolved.

I am not sure what you mean by - ' how to config my machine with a static ip'. Are you referring to your workstation? Please elaborate.

-Vaibhav

i meant reserving an ip address in my dhcp server for a particular nic.

rtjensen4
Level 4
Level 4

Missed the rest of the posts, my comment was already addresses. Removing for redundancy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco