Solved: Re: Help with Cisco 871-K9

martinsajon · ‎09-09-2009

Hi everyone! I'm having trouble with my 871 router.

My problem is the next one.

It's starts like this:

My ISP give me an address by DHCP, it is connected to a 1841 (Fe 0/1), on Fe0/0 I assign 10.22.1.1 and by DHCP on my 871, I gather the IP the router gives me.

Now, in the 871, as you can see on the attach everything's configured, I can make pings to everything unless to my computer, with the IP 10.22.2.3 and Gateway 10.22.2.1 (Vlan1). Therefore, I ping from my computer to the vlan1 (inside) and the Fe4 port (outside) -works- but I dont have access to the web. Neither I can ping 10.22.1.2 that is 1841 router.

Any ideas of what I'm doing wrong?

1841 is working perfect and it's natting the public ip into private.

Jerry Ye · ‎09-09-2009

I see the problem on your 1841, you need to add the following to your NAT ACL. The 10.22.2.0/29 network is not catching by that ACL for NAT to the internet.

access-list 10 permit 10.22.2.0 0.0.0.7

So, the end result of access-list 10 should look like this on the 1841

access-list 10 permit 10.22.1.0 0.0.0.255

access-list 10 permit 10.22.2.0 0.0.0.7

HTH,

jerry

View solution in original post

Jerry Ye · ‎09-09-2009

Glad that fix the problem.

Do you want to connect the C2960 to the 871 or 1841? If you are connecting that to the 871's VLAN 1, you only have 5 addresses (- the default GW on the 871) for the C2960. You can try to put one of the port on the 871 to VLAN X and put a different subnet for VLAN X, but remember to add a route on the 1841 to point back to the 871 and change ACL 10 to include that with NAT.

Here is an example

interface f3

switchport access vlan 2

interface vlan X

no shut

ip address 10.22.100.1 255.255.255.0

Regards,

jerry

View solution in original post

Jerry Ye · ‎09-09-2009

Are you saying the 1841 assigns an IP address to the 871 via DHCP? And can you confirm your topology is the follow:

Internet <->(F0/1) 1841 (F0/0)<->(F4) 871 (VL1)<-> PC

If this is what you have, the default route on the 871 is incorrect, it should look like the follow:

ip route 0.0.0.0 0.0.0.0 10.22.1.1

or

ip route 0.0.0.0 0.0.0.0 f4

HTH,

jerry

martinsajon · ‎09-09-2009

Jerry, The topology is correct, now I'm correcting the IP route, and I'll let you know.

martinsajon · ‎09-09-2009

Jerry, I'm still having the same problem, I cant access to the internet and, from the router (871) when I ping the computer 10.22.2.3 I have no answer but the computer can ping F4 and Vl1, but cant ping 10.22.1.2 that is the 1841

Jerry Ye · ‎09-09-2009

Okay, does the 1841 has a return route back to the 871's network (10.22.2.0/29)? BTW, why are you doing DHCP on the 871's F4 interface? There might be a small issue on configuring static route on the 1841.

If you configure static IP address on the 871, you can configure something like this in the 1841

ip route 10.22.2.0 255.255.255.248 10.22.1.x

where 10.22.1.x is the IP address of the 871's F4 interface.

HTH,

jerry

martinsajon · ‎09-09-2009

I've changed the config into static, every ping works unless, the one to the computer, I'm in the same situation. I cant ping the computer from the router and I cant access the internet.

Jerry Ye · ‎09-09-2009

Okay, if the PC cannot ping the 871, can you post the output of ipconfig /all on CMD and the show run of the 871? If you don't mind, the show run of the 1841 will be great also.

I also want to know if you have the Windows FW turned on. Turning that off would help troubleshooting.

Regards,

jerry

martinsajon · ‎09-09-2009

No, the 871 cant ping the pc, now with the ip route you gave me, the pc pings all, the cablemodem, the 1841, the 871.

871 is still not pinging the pc and I'm still without internet access.

I dont have the firewall on.

Thanks in advance for you patience.

Jerry Ye · ‎09-09-2009

Okay, can you post the output of ping x.x.x.x source vlan 1, where x.x.x.x is the IP of the PC. And I would like to see the output of show ip arp also.

Regards,

jerry

martinsajon · ‎09-09-2009

Here it is

martinsajon · ‎09-09-2009

Here is the ipconfig and pings.

Next, the 1841 runn

Jerry Ye · ‎09-09-2009

I see the problem on your 1841, you need to add the following to your NAT ACL. The 10.22.2.0/29 network is not catching by that ACL for NAT to the internet.

access-list 10 permit 10.22.2.0 0.0.0.7

So, the end result of access-list 10 should look like this on the 1841

access-list 10 permit 10.22.1.0 0.0.0.255

access-list 10 permit 10.22.2.0 0.0.0.7

HTH,

jerry

martinsajon · ‎09-09-2009

Jerry !!! YES AWESOME it works, thank you very much for your help and patience, and I need to review my ccna books again! hehe

A final question, sorry to bother, I have a 2960 switch already configured, so I would connect it to the 871, how I have to do? because I cant make Subints on L2, I'd need to do them on the 1841?

Jerry Ye · ‎09-09-2009

Glad that fix the problem.

Do you want to connect the C2960 to the 871 or 1841? If you are connecting that to the 871's VLAN 1, you only have 5 addresses (- the default GW on the 871) for the C2960. You can try to put one of the port on the 871 to VLAN X and put a different subnet for VLAN X, but remember to add a route on the 1841 to point back to the 871 and change ACL 10 to include that with NAT.

Here is an example

interface f3

switchport access vlan 2

interface vlan X

no shut

ip address 10.22.100.1 255.255.255.0

Regards,

jerry

martinsajon · ‎09-09-2009

I want to connect it to the 871, as you said, I will put one port (F3) on a new vlan (vlan2) and I'll put a new subnet.

One more thing, do I need to put in port F3 Trunk mode?