08-17-2011 04:49 AM - edited 03-07-2019 01:44 AM
Hi there,
Well I guess I got in way over my head buying this Cisco router. The configuration process is like no other router I've dealt with. I hope you can help.
All I really want to do for now is get one computer on the internet. I have managed to get it so that it is somewhat connected (skype connects) but then I think it is not using dns servers. Again, any help would be greatly appreciated!
My ISP provides me with:
IP: 120.28.56.102
Subnet Mask: 255.255.255.252
Gateway: 120.28.56.101
DNS 203.177.255.10 203.177.255.11
I have mostly used Cisco configuration professional and a bit of SDM to mess around with the router. This is my configuration file so far:
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
clock timezone PCTime 8
ip subnet-zero
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 120.28.0.1 120.28.56.69
ip dhcp excluded-address 120.28.57.100 120.28.255.254
!
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool ccp-pool1
network 120.28.0.0 255.255.0.0
dns-server 203.177.255.10 203.177.255.11
default-router 120.28.56.66
!
!
no ip ftp passive
ip domain name yourdomain.com
ip name-server 203.177.255.10
ip name-server 203.177.255.11
!
!
crypto pki trustpoint TP-self-signed-3701369981
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3701369981
revocation-check none
rsakeypair TP-self-signed-3701369981
!
!
crypto pki certificate chain TP-self-signed-3701369981
certificate self-signed 01
3082024F 308201B8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373031 33363939 3831301E 170D3032 30333031 30303036
34385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37303133
36393938 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BA23 64291775 55A31863 4D4DD9DB 335EC076 A53DDA66 3DBE7FAD 1B3FE845
96409763 FD57E849 251DBBAC 1FE920A2 C93EE390 EEDE8AE6 5B7F8EB0 BF6BCA8B
BFD473A8 C0AB2B3E 5D48982D 1B3E98E4 07956320 EEFBA847 CC30AF35 B71E86C6
DE1E89E0 B4C35332 F59239A4 C52E59BB 6976BB18 DBCD157E A9DE2CDF D3BA974E
E5650203 010001A3 77307530 0F060355 1D130101 FF040530 030101FF 30220603
551D1104 1B301982 17796F75 726E616D 652E796F 7572646F 6D61696E 2E636F6D
301F0603 551D2304 18301680 145DABA3 29D787B4 88CD7C95 513FA0F7 17CE27F9
47301D06 03551D0E 04160414 5DABA329 D787B488 CD7C9551 3FA0F717 CE27F947
300D0609 2A864886 F70D0101 04050003 81810055 8DDF9D38 2696DD8A 79A1C8B2
D8DA523D 8150284F 8849AFD2 F7CC1157 3F38CCC7 49EB6971 3B12961F 2DCDD671
A8AA16C5 77604069 F0DBAE79 EE868011 A65A3C51 F3FAAB2D 9615424F C34D95F9
80CEF7DC 447A628F 5D5F3976 8F891311 A894DC69 80980F84 28FBE854 76D0C896
12CE5B68 3E4973F3 679F809F 1E13C506 F3CEFB
quit
username mbg privilege 15 secret 5
!
!
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description $ETH-WAN$
ip address 120.28.56.102 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
!
ssid test
vlan 1
authentication open
guest-mode
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
no snmp trap link-status
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
no ip address
ip virtual-reassembly
ip tcp adjust-mss 1452
bridge-group 1
!
interface BVI1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
ip classless
ip route 0.0.0.0 0.0.0.0 120.28.56.101
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet4 overload
ip dns server
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.10.0 0.0.0.7
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco". The default username and password have a privilege level of 15.
Please change these publicly known initial credentials using SDM or the IOS CLI.
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want to use.
For more information about SDM please follow the instructions in the QUICK START
GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
Solved! Go to Solution.
08-17-2011 11:58 PM
Hi,
you can get rid of pool ccp-pool1: no ip dhcp pool ccp-pool1
Same for excluded addresses for this pool:
no ip dhcp excluded-address 120.28.0.1 120.28.56.69
no ip dhcp excluded-address 120.28.57.100 120.28.255.254
in your dhcp pool configure dns server to be 10.10.10.1:
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 10.10.10.1
lease 0 2
you configured your router to act as proxy dns but if you've got few machines it is not mandatory so you could do like this:
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 203.177.255.10 203.177.255.11
lease 0 2
disable dns: no ip dns server
get rid of the name-servers:
no ip name-server 203.177.255.10
no ip name-server 203.177.255.11
Regards.
Alain.
08-17-2011 08:13 PM
Sorry for originally posting in wrong forum.
Anyone here have any help they could offer?
08-17-2011 11:58 PM
Hi,
you can get rid of pool ccp-pool1: no ip dhcp pool ccp-pool1
Same for excluded addresses for this pool:
no ip dhcp excluded-address 120.28.0.1 120.28.56.69
no ip dhcp excluded-address 120.28.57.100 120.28.255.254
in your dhcp pool configure dns server to be 10.10.10.1:
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 10.10.10.1
lease 0 2
you configured your router to act as proxy dns but if you've got few machines it is not mandatory so you could do like this:
ip dhcp pool sdm-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server 203.177.255.10 203.177.255.11
lease 0 2
disable dns: no ip dns server
get rid of the name-servers:
no ip name-server 203.177.255.10
no ip name-server 203.177.255.11
Regards.
Alain.
08-24-2011 12:53 AM
Thank you so very much. This solved my problem.
08-24-2011 01:44 AM
I have about 40 machines on the network. The DHCP Pool Range is from 10.10.10.1 to 10.10.10.6
How can I get more IPs?
Also, with this many machines should I use the router as a dns proxy?
Thanks!
08-24-2011 02:01 AM
Hi,
you can use the router as proxy dns if you want to but Windows machine already have a dns cache included so it won't save internal bandwidth.
Change your pool to a /24 but you'll have to change your NAT ACL.
Regards.
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide