Solved: Home lab setup

shannondhamilton · ‎11-02-2017

Working on setting up home lab, so this is not a production environment. :)

Running into a few issues; been reviewing forums, and feeling overwhelmed.

Equipment:

1x Cisco 3750 10/100 switch

1x 2951 Router

1x 5510 ASA firewall (not in scope yet)

1x VMWare Server (not in scope yet)

Overall objective: Setup home lab to utilize Cisco equipment for existing home fiber internet connection.

Task #1

ISP Modem -> 2951 router-> 3750 switch w/ internet access via switch from plans.

Obstacle1:

Unable to set outside interface of router to use static IP address of 10.40.0.1. At one time had interface set with static IP. Set interface to use DHCP thinking ill just make this work. When I try to change back to test, I get message: "IP address conflicts with gateway ip address in static routing table". So, I unplugged cable connecting ISP modem to Cisco 2951 router and get same message... What did I break?

Obstacle2:

Unable to ping 8.8.8.8 from Cisco router. Is it possible to do this without putting ISP modem in bridge mode?

Here is my router config:

Router#show run
Building configuration...

Current configuration : 1107 bytes
!
! Last configuration change at 06:27:19 UTC Fri Nov 3 2017
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn FTX1225A52J
archive
log config
hidekeys
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN
ip address 10.40.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed 100
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.30.0.1
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Outside interface IP: 10.30.0.1

Inside Interface IP: 10.40.0.1

Seb Rupik · ‎11-03-2017

Hi there,

1) You already have the IP address 10.40.0.1 assigned to your 'LAN' gi0/1 interface. You will need to give Gi0/1 a different IP address.

2) Assuming 10.40.0.0 /24 is the LAN subnet configured on your ISP modem, then you should be able to ping 8.8.8.8 from the router as it will be sourced from its gi0/0 interface.

When you set the WAN interface to DHCP what is its IP address?

sh ip int br

It is worth keeping in mind that your ISP modem will probably have very unsophisticated NAT and will only be configured to NAT the subnet it had configured as its LAN subnet. Therefore you will probably need to configured NAT on your Cisco router to NAT the LAN G0/1 subnet before the traffic reaches the ISP modem.

cheers,

Seb.

View solution in original post

Seb Rupik · ‎11-03-2017

Hi there,

1) You already have the IP address 10.40.0.1 assigned to your 'LAN' gi0/1 interface. You will need to give Gi0/1 a different IP address.

2) Assuming 10.40.0.0 /24 is the LAN subnet configured on your ISP modem, then you should be able to ping 8.8.8.8 from the router as it will be sourced from its gi0/0 interface.

When you set the WAN interface to DHCP what is its IP address?

sh ip int br

It is worth keeping in mind that your ISP modem will probably have very unsophisticated NAT and will only be configured to NAT the subnet it had configured as its LAN subnet. Therefore you will probably need to configured NAT on your Cisco router to NAT the LAN G0/1 subnet before the traffic reaches the ISP modem.

cheers,

Seb.

paul driver · ‎11-03-2017

Hello

Your rtr is using dhcp to obtain addressing from your isp so I would stick with this, trying to staticly apply addressing can lead to mistake like you have mentioned so just let the isp assin you the wan ip Anyway from the information from your post it suggests the address range is10.30.0.x with a default gateway of 10.30.0.1

You can verify this by:
sh ip route

Your internal lan is 10.40.1.0 /24.

Now as you receiving a not routable ip address from your isp so it will mean that they are performing Network Translation for your however NOT for your internal lan so you need to apply some NAT yourself, which I see you have already started to do

Basic setup to get you up and running would be just to tweak a few things and you should be good to go! -

Try this:
no ip route 0.0.0.0 0.0.0.0 10.30.0.1
ip route 0.0.0.0 0.0.0.0 gig0/0 dhcp 1

access-list 10 permit 10.40.1.0 0.0.0.255
ip nat inside source list 10 interface GigabitEthernet0/0 overload

You should then be able to ping the outside world!

Let me know how you get on?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

shannondhamilton · ‎11-03-2017

Still unable to ping 8.8.8.8. Because the lab equipment is in my closet, it made sense to add a wireless router to the mix so that I can access easier. When I RDP to a workstation connected directly to the wireless router, I am able to get online. No reply when I ping 8.8.8.8 from the router using putty.

Now network is configured like so:

ISP Modem -> WIFI Router -> 2851 Router -> 3750 Switch -> Workstation

The modem is not bridged.

ISP Router LAN: 192.168.200.0/24.

Wifi Router network is 10.20.0.0/24

Cisco 2851: Gi0/0 = 10.20.0.2/24; Go0/1 = 10.40.0.1/24.

When I run sh ip route, I get message stating the gateway of last resort not set. I thought that was resolved when you add "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp".

Here is the config for the router:

Current configuration : 1249 bytes
!
! Last configuration change at 02:58:16 UTC Sat Nov 4 2017
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn FTX1225A52J
archive
log config
hidekeys
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description WAN
ip address 10.20.0.2 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed 1000
!
interface GigabitEthernet0/1
description LAN
ip address 10.40.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed 100
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
access-list 10 permit 10.40.0.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Meheretab Mengistu · ‎11-03-2017

Hi,

Since you have assigned static IP address to inteface Gi0/0, run the following commands:

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

Following that, you will need to check if you have route in routing table. Please post the output of 'sh ip route', and 'traceroute 8.8.8.8 source 10.40.0.1' if ping to 8.8.8.8 still fails.

HTH,

Meheretab

HTH,
Meheretab

shannondhamilton · ‎11-03-2017

Thanks Meheretab,

Still unable to ping 8.8.8.8. Got below message when adding the new route:

Router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

%Default route without gateway, if not a point-to-point interface, may impact performance

Router(config)#

SH IP ROUTE results:

Router#sh ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is not set

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.40.0.0/24 is directly connected, GigabitEthernet0/1

L        10.40.0.1/32 is directly connected, GigabitEthernet0/1

Router#

Meheretab Mengistu · ‎11-03-2017

Thank you for testing and reply back.

Router(config)#ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
%Default route without gateway, if not a point-to-point interface, may impact performance
Router(config)#

Since you have a broadcast network (not a point-to-point) connected to Gi0/0, you have received the above message. Whenever you are using the outgoing interface as a default gateway, for each address it will send ARP request; it causes a large number of ARP entry as it resolves for each address you are attempting to reach (if "proxy-arp" is enabled). To make it more efficient, it is highly recommended to use the next-hop address instead of the interface name.

Please add the following commands and test again:

no ip route 0.0.0.0 0.0.0.0 Gi0/0

ip route 0.0.0.0 0.0.0.0 10.20.0.1

!

You should see a route to 10.20.0.0 network in routing table. If not, please post 'sh int status', and/or 'sh ip int bri'.

HTH,

Meheretab

HTH,
Meheretab

shannondhamilton · ‎11-03-2017

Changes made as requested. Still unable to ping 8.8.8.8 from the router, but the 10.20.0.0 network is now in the routing table and the gateway of last resort is now set to the wifi router.

Router#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is 10.20.0.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.20.0.1

      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks

C        10.20.0.0/24 is directly connected, GigabitEthernet0/0

L        10.20.0.2/32 is directly connected, GigabitEthernet0/0

C        10.40.0.0/24 is directly connected, GigabitEthernet0/1

L        10.40.0.1/32 is directly connected, GigabitEthernet0/1

Router#

Working on enabling ssh now so I don’t have to keep moving cables and changing iP addresses on my management workstation.

Meheretab Mengistu · ‎11-03-2017

It is a good progress. The next step should be to know where the problem is. Please post the output of the following:

ping 10.20.0.1 source 10.40.0.1
If it works, please continue:
traceroute 8.8.8.8 source 10.40.0.1

Did you configure the WiFi router to perform NAT? Could you access internet from the WiFi router?

HTH,
Meheretab

HTH,
Meheretab

shannondhamilton · ‎11-03-2017

R1#ping 10.20.0.1 source 10.40.0.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.20.0.1, timeout is 2 seconds:

Packet sent with a source address of 10.40.0.1

.....

Success rate is 0 percent (0/5)

R1#

I did not configure the WiFi router to perform NAT, but it appears to be working out of the box, as when I connect to the WiFI network provided by the WiFi router, I am online.

One thing to note is that the WiFi router connects to the ISP router.

ISP router IP: 192.168.200.1

WiFi Router IP: 192.168.200.2

When I try to ping the WIFi router from the Cisco router, no reply.

Would it make more sense to make the ISP router the gateway of last resort? If so, don’t I need a route rule to ensure I can get traffic to that device?

Meheretab Mengistu · ‎11-03-2017

How about 'ping 10.20.0.1'?

Since you are not getting reply when you ping from source interface gi0/1, it could be routing issue or NAT related.

HTH,
Meheretab

HTH,
Meheretab

shannondhamilton · ‎11-03-2017

No reply when I ping 10.20.0.1 (wifi router), but do get replies when ping to 10.20.0.2 (cisco router).

Meheretab Mengistu · ‎11-04-2017

Even if there is a default route, the wifi router is not responding to ping. It indicates that either icmp echo reply is disabled on the wifi router, or the cisco router is not sending the request at all.

Check your physical connection. Also, post 'sh int status'.

HTH,
Meheretab

HTH,
Meheretab

shannondhamilton · ‎11-04-2017

R1#sh int stat

GigabitEthernet0/0

          Switching path    Pkts In   Chars In   Pkts Out Chars Out

               Processor        393      63876       2443     194476

             Route cache          0          0          0          0

                   Total        393      63876       2443     194476

GigabitEthernet0/1

          Switching path    Pkts In   Chars In   Pkts Out Chars Out

               Processor        404      35869       2551     268529

             Route cache         45       4500          0          0

                   Total        449      40369       2551     268529

NVI0

          Switching path    Pkts In   Chars In   Pkts Out Chars Out

               Processor          0          0          0          0

             Route cache          0          0          0          0

                   Total          0          0          0          0

R1#

Checking wifi router settings now…

paul driver · ‎11-04-2017

Hello

Can you please remove the wifi router if applicable and keep the same config I posted and test?

once we verify you get connectivity then we can focues on the wifi addition

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul