Hi

La1Impala · ‎08-30-2016

I first created a running config/startup config from an example on youtube that enabled a DHCP server on the 2821 router. It worked great , connected a laptop to the router was able to ping and surf the internet. So I disabled the DHCP in the router and connected up the router to my network that has AD, DHCP and DNS. I can ping the world just cant open any web pages, I think when I disabled the DHCP service it also disabled the DNS service in the router or is it my networks DNS server ? update: I just checked another post I had created a few weeks ago and basically in that post this was answered , so just for checking you can still reply about the DNS issue , if you see anything off or a better way in my config let me know.

here is my running config

Router>en
Router#show config
Using 1446 out of 245752 bytes
!
! Last configuration change at 01:48:46 UTC Tue Aug 30 2016
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service dhcp
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
ip dhcp excluded-address 192.168.99.1 192.168.99.30
!
ip dhcp pool LAN
   network 192.168.99.0 255.255.255.0
   default-router 192.168.99.1
   dns-server 8.8.8.8
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX1323A06Y
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description W A N
ip address 192.168.1.45 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.10.10.1 255.0.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
logging esm config
access-list 1 permit 192.168.99.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Router#

Terence Payet · ‎08-30-2016

Hi,

This is related to your network DNS server.

If you don't have your own public dns, then configure your forwarder towards 8.8.8.8 on your network DNS.

Have a look at the URL for more info: https://technet.microsoft.com/en-us/library/cc754941(v=ws.11).aspx

HTH.

Regards,

Terence

La1Impala · ‎09-13-2016

Could you please let me know when you try to ping with website name, are you getting reply? I can ping from the console any ip address or .com and I get a reply. I have modified my running config no dhcp/dns on the router just ip route 10.10.10.0 255.255.255.0 192.168.1.1 which is I think they call it the next hop its the Verizon router, have a different subnet for the 10.10.10.0 network.

If it's 10.10.10.0 network then you need to modify your ACL 1 and allow 10.10.10.0 network instead of 192.168.99.0 network. ACL where?

This is related to your network DNS server

I was starting to think it was something on my network since all worked when I was using the dhcp and dns on the router with a single computer attached

If you don't have your own public dns, then configure your forwarder towards 8.8.8.8 on your network DNS

for public DNS I have the forwarder in DNS pointing to google 8.8.8.8 and my Verizon's public dsn, configured my dns forwarder as described in the article

Edit. I was wondering, do i need to crrate an ACL or will traffic pass back and forth without an ACL

La1Impala · ‎09-23-2016

Hello everyone

well this is the config that worked for me and my LAN ( dhcp, dns, and AD servers)

now to configure a firewall

Router#show running-config
Building configuration...

Current configuration : 1492 bytes
!
! Last configuration change at 01:35:07 UTC Fri Sep 23 2016
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$Aecb$dCY9fp.Tc9BmRfCN16w720
enable password Cisco101
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!

!

!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2821 sn FTX1323A06Y
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description W A N
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description L A N
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
logging esm config
access-list 1 permit 10.10.10.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Router#

ahmedshoaib · ‎08-31-2016

Hi;

After see the configuration, I found the following question:

Q- What is you LAN address (its 192.168.99.0 or 10.10.10.0 network).

If it's 192.168.99.0 then your router don't have any information of 192.168.99.0 network either assign subnet on G0/1 as a secondary or you need to configure the routing (static route) for 192.168.99.0 network.

If it's 10.10.10.0 network then you need to modify your ACL 1 and allow 10.10.10.0 network instead of 192.168.99.0 network.

Remaining configuration seems to be OK.

Thanks & Best regards;

sarathpa · ‎08-31-2016

Hi,

Could you please let me know when you try to ping with website name, are you getting reply?

Eg: "ping google.com".

mshiraj_pk1 · ‎09-24-2016

Hi

Check with your NAT configuration

can ping through the 2821 router from my network to the internet can not open a web page