Solved: Can't Connect Cisco 1841 router to Internet ( ISP )

USL4054 · ‎01-07-2012

I have the following devices for our IT Test LAB

1. Cisco 1841 with 2 Fast Ethernet interfaces fa0/0 & fa0/1

2. Cisco 2960-S

3. Speedstream 6200 DSL Modem ( PPOE Connection with Static IP address)

I want to connect to the internet using the current DSL connection we currently have .

LAPTOP --> SWITCH 2960 --> ROUTER 1841 ---> DSL Modem ---> ISP

Troubleshooting 1:

Currently from the LAPTOP i am able to ping

1. Switch 2960 Vlan interfaces

2. Router 1841 fa0/0 & fa0/1

BUT can not Ping the DSL Modem LAN interface IP 192.168.2.1 and can not get out to the INTERNET

Troubleshooting 2:

currently from the Switch 2960 i can ping

1. All the Vlan interfaces on the Switch 2960

2. Router 1841 fa0/0 & fa0/1 interfaces

3. Laptop A & B

But can NOT ping the DSL modem LAN interface IP 192.168.2.1 and can not get out to the internet

Troubleshooting 3:

Currently from the Cisco 1841 router i can ping

1. All the Vlan interfaces on the Switch 2960

2. Router 1841 fa0/0 & fa0/1

3. Laptop A & Laptop B

4. Can Get out to the internet. I am able to ping any internet destinations without any problem

I really need help. Can someone please help me identify what i am missing as per the configurations and diagram attached. Please make any suggestion that can help

Thank you very much

Jernej Vodopivec · ‎01-08-2012

Where is interface GigabitEthernet1/0/2 connected to?

Can you confirm that the modem is acting as a router also? The PPPoE session terminates on modem?

Or you just haven't send that part of configuration - so your 1841 terminates PPPoE on dialer interface?

You should set all interfaces connected to laptops to access port instead of trunk port (switchport mode access). Configure the vlan membership for each port by running "switchport access vlan 100" and "switchport access vlan 200".

You should set interface GigabitEthernet1/0/1 (in case this is the only interface connected to router) to have native vlan something else than 100 and 200)

In case modem is acting as a router you should change

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

to

ip route 0.0.0.0 0.0.0.0 192.168.2.1

You must add "ip nat inside" to

interface FastEthernet0/0.100 and to

interface FastEthernet0/0.200

You must add "ip nat outside" to

interface FastEthernet0/1

You must create two access lists for NAT:

ip access-list extended VENUS

permit ip 10.10.10.0 0.0.0.255 any

ip access-list extended JUPITER

permit ip 172.21.200 0.0.0.255 any

You must create two NAT rules

ip nat inside source list VENUS interface FastEthernet 0/1 overload

ip nat inside source list JUPITER interface FastEthernet 0/1 overload

Let me know if that helped you.

View solution in original post

Jernej Vodopivec · ‎01-08-2012

Where is interface GigabitEthernet1/0/2 connected to?

Can you confirm that the modem is acting as a router also? The PPPoE session terminates on modem?

Or you just haven't send that part of configuration - so your 1841 terminates PPPoE on dialer interface?

You should set all interfaces connected to laptops to access port instead of trunk port (switchport mode access). Configure the vlan membership for each port by running "switchport access vlan 100" and "switchport access vlan 200".

You should set interface GigabitEthernet1/0/1 (in case this is the only interface connected to router) to have native vlan something else than 100 and 200)

In case modem is acting as a router you should change

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

to

ip route 0.0.0.0 0.0.0.0 192.168.2.1

You must add "ip nat inside" to

interface FastEthernet0/0.100 and to

interface FastEthernet0/0.200

You must add "ip nat outside" to

interface FastEthernet0/1

You must create two access lists for NAT:

ip access-list extended VENUS

permit ip 10.10.10.0 0.0.0.255 any

ip access-list extended JUPITER

permit ip 172.21.200 0.0.0.255 any

You must create two NAT rules

ip nat inside source list VENUS interface FastEthernet 0/1 overload

ip nat inside source list JUPITER interface FastEthernet 0/1 overload

Let me know if that helped you.

USL4054 · ‎01-08-2012

Hi Jernej & cadel alain

PPPOE is being terminated at the Speedstream Modem NOT on the cisco 1841

Cisco 2960 does only inter-VLAN routing and forwards all traffic to Cisco 1841 through a TRUNK .

Gi1/0/1 on Switch 2960 is the TRUNK connecting to cisco 1841 fa0/0 and the Fa0/1 connects to Speedstream modem ( which has PPOE Terminated on it )

I have modified the configuration as per the suggestion above but i am still getting the same results > No success

=======================================================================

ip subnet-zero
no ip source-route
ip cef
!
ip name-server 192.168.2.1
!

interface FastEthernet0/0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/0.100
description JUPITER-VLAN
encapsulation dot1Q 100
ip address 172.21.200.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!
!
interface FastEthernet0/0.200
description VENUS-VLAN
encapsulation dot1Q 20
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no snmp trap link-status
!

!
interface FastEthernet0/1
ip address 192.168.2.20 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
ip nat inside source list JUPITER interface FastEthernet0/1 overload
!
ip nat inside source list VENUS interface FastEthernet0/1 overload
!
ip access-list extended JUPITER
permit ip 172.21.202.0 0.0.0.255 any
!
!
ip access-list extended VENUS
permit ip 10.10.10.0 0.0.0.255 any
!
!
===================================Catalyst 2960-S===================

!
ip routing
!
interface GigabitEthernet1/0/1
switchport trunk native vlan 920
switchport mode trunk
!
interface GigabitEthernet1/0/2
switchport access vlan 100
switchport mode access
!
the rest is truncated
!
interface Vlan100
description JUPITER-VLAN
ip address 172.21.200.2 255.255.255.0
!
interface Vlan200
description VENUS-VLAN
ip address 10.10.10.2 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 172.21.200.1
!
!
the rest is truncated

------------------------------------------------------------

johnlloyd_13 · ‎01-08-2012

Hi,

As per initial post by Jernej, you should put the "ip nat outside" command on F0/1.

int f0/1

ip nat out

Also, I would consider Alain's advice if the Speedstream has a route towards the 1841 (192.168.2.20). In Cisco, it would look like as below:

ip route 0.0.0.0 0.0.0.0 192.168.2.20

Sent from Cisco Technical Support iPhone App

nebiyuawassa · ‎11-11-2015

How did you solve the problem in case you have got the solution as I have almost identical problem occured in my company?

Cheers !!

imamadou17 · ‎01-30-2012

Well this configuration works so fine !!!

Thanks for your posting!!!

Ismael

cadet alain · ‎01-08-2012

Hi,

You need a route back to both VLANs on the modem because IP communication is bidirectional and that would solve the

communication between machines and the modem

For communication between machines and internet you should either also do nat on the 1841 like proposed or just have the route back to the VLANs if the modem supports natting from other subnet than directly connected one.

And as already stated you should change the static route pointing to interface for one pointing to next-hop for performance issues.

Regards.

Alain

Don't forget to rate helpful posts.

USL4054 · ‎01-08-2012

The DSL modem is a speedstream 4200 series and does not have any routing features apart from the connection settings

Modem LAN IP : 192.168.2.1

Modem LAN Network : 192.168.2.0

Subnet Mask: 255.255.255.0

Connection Type is PPPOE and is terminated on the Modem itself NOT on cisco 1841

WAN IP : 70.30.65.80

Jernej Vodopivec · ‎01-08-2012

hi!

interface fastethernet 0/1 must have "ip nat outside" instead of "ip nat INSIDE"

please double check ip addresses and vlan numbers across switch, router and laptops. it looks like there are some typo errors.

one of the laptops is connected to gigabit 1/0/2 switch interface - am I right? what aout the other one?

Sent from Cisco Technical Support iPad App

viswamin · ‎01-31-2012

Just trying to understand.

who is performing the NAT Translations.

I see that both the inside and the outside interfaces on whih NAT is configured have the private addressing scheme....

-Vijay

imamadou17 · ‎01-31-2012

Hum, I think you are correct! Usually, the router's f 0/1( on drawing )should have the ip address that the isp has assigned, then the router will perform nat right there. This could be accomplished if we bridge the modem( so that dsl will become transparent ) and assign the public address to router's interface f 0/1 then nat will be applied by the router.

The way I can interpret the drawing is that if the user can change the configuration of the modem, the modem lan interface ip address could be changed also to talk to the lan router then traffic going from router to the modem will be also nat when going outside.

Thanks

Ismael

ebarticel · ‎01-31-2012

What settings you have on laptops? Does it have the router's subinterface IP as the default for respective Vlans?

Also you have the wrong statement for subinterface 200

"encapsulation do1q 20" should be "encapsulation dot1q 200"

Reconfigure the trunk ports to belong to Vlan 1 as native vlan and do a "no shutdown" on vlan 1 interface.

Hope this helps

Eugen