01-26-2012 07:54 AM - edited 03-07-2019 04:33 AM
Hi all,
Just wanted to get a little help here. I am a bit green on routing and setting up routers. I have never really had to do it in my career, but I find myself needing to re-educate myself. With that, I have a Cisco 867VAE-K9 router. I am connecting it to a cable modem set in bridge mode with static ip info from the ISP. To that router, I am connecting a AP1262N. It will provide wireless to a building and eventually, as soon as I get the antenna up, public access Internet connection for a park. I don't need a lot of security as far as prohibiting certain websites. I am going to acheive this through openDNS. So, with all of that, I was hoping someone could take a look at my current config and tell me what I am missing. I know I am missing something...Thanks in advance for your help. Also, if you see, the year is 1912, I can't for the life of me get it changed. I am guessing that once I connect it to the provided modem, it will update with the correct year.....hopefully?
! Last configuration change at 09:31:36 gmt Fri Jan 26 1912
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ParksRouter
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$vyTL$64bjmGFLqg/MLyex6SUIR1
!
no aaa new-model
wan mode ethernet
clock timezone gmt -6 0
no ipv6 cef
ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1 10.10.10.20
!
ip dhcp pool ParksPool
import all
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 68.113.206.10 24.217.0.5 <-- these are DNS given to me by ISP
domain-name duncanville.com
!
!
no ip domain lookup
ip domain name duncanville.com
ip name-server 68.113.206.10
ip name-server 24.217.0.5
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
!
!
controller VDSL 0
shutdown
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
description Internet Out - Charter
ip address x.x.x.x 255.255.255.252
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface Vlan1
description Internal LAN
ip address 10.10.10.1 255.255.255.0
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1
!
!
!
!
!
!
line con 0
exec-timeout 5 30
password
login
no modem enable
line aux 0
line vty 0 4
password
login
transport input all
!
scheduler allocate 60000 1000
end
Solved! Go to Solution.
01-26-2012 09:28 AM
Tracy,
The config is incomplete, unless I am missing something where is the source list 1.
01-26-2012 09:28 AM
Tracy,
The config is incomplete, unless I am missing something where is the source list 1.
01-26-2012 01:36 PM
Edgar,
Thanks....you weren't missing anything....so, all I need at this point is to add a line in the config as follows
access-list 1 permit 10.10.10.0 0.0.0.255
Should that be followed by "any" to permit all traffic or is that implied in the statement iteself?
Thanks,
Tracy
01-26-2012 09:49 PM
Is this router connected to a switch? If yes what interface is connected to the switch?
01-27-2012 06:08 AM
Eugen,
Thanks for the response, and no, it is not. There will be a WAP attached providing WiFi service. No need to call out a specific int on this device, they are all part of the default VLAN.
01-27-2012 06:16 AM
Hi,
a standard ACL like the one proided is enough:
access-list 1 permit 10.10.10.0 0.0.0.255
But you should also do this on your interfaces: ip route-cache cef
and change your static default route to point to next-hop ip instead of outgoing interface
also if you want to communicate via name for router traffic you should reenable ip domain lookup.
Regards.
Alain
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide