I am a student and next year we get the subject Cisco. So, I was allowed to take an old Cisco router from my work and use it to practise my command line skills and learn some stuff so that next year would be easier.
Because I don't have any experience with the command line, I decided to configure the router first with the Cisco Configuration Assistant and safe a back-up from the settings and then go learning the command line and practise the command line.
So, I configured the router perfectly. a couple of vlans, wifi networks, every single thing works. If I connect a computer to it, it get's an IP adress and everything works nicely. Except for one thing, I don't have internet access.
I have the following network setup:
Modem -> Sitecom Router (this one works) -> Cisco router
I hooked up one of the lan ports from the Sitecom router to the WAN port of the Cisco router, this should work, but it doesn't.
Then I tried connecting the WAN port of the Cisco router directly to the modem, as described in the Quick Start Guide, but that doesn't work either.
Yes, the WAN Port is active and configured as DHCP not Static or PPPoE.
NAT is turned off, but that should make a difference according to my collegue (if we are wrong feel free to tell).
If I look in the Sitecom router connected computers list, I don't see the Cisco router either. It looks like it doesn't have a MAC adress. But if I go to the command line and go to the interfaces bit. I see the "$FW_OUT" or something like that with an MAC address. I put that address with a static ip in my Sitecom router, but it doesn't recognize my Cisco router, so it can't give that ip.
Does anyone know how to fix this???
It should be possible to get it working right?
Solved! Go to Solution.
In your DHCP scope you are telling your PC's that they should use the router for DNS queries - this won't work. You can either change your DNS servers to public google ones, something like:
ip dhcp pool data
network 192.168.10.0 255.255.255.0
dns-server 22.214.171.124 126.96.36.199
Or you can use your ISP assigned DNS servers.
Change that and renew your IP address and you should be on the internet!
Maurice, wow you have made quite a mess
There are a few things wrong that I can see.
First, in each of your DHCP pools you have specified two DNS servers but they are in the wrong order. Anyway, to correct it do this:
#ip dhcp pool data1
#dns-server 188.8.131.52 192.168.0.1
#ip dhcp pool psp
#dns-server 184.108.40.206 192.168.0.1
#ip dhcp pool gasten
#dns-server 220.127.116.11 192.168.0.1
Also do this:
#no access-list 1 permit any
Also do this:
#no ip nat inside source list 1 interface BVI1 overload
and then type this:
#ip nat inside source list 1 interface fa0/0 overload
#ip nat inside
And let me know how you get on.
Somehow you have removed the network statement from your data dhcp scope.
#ip dhcp pool data
#network 192.168.10.0 255.255.255.0
and access-list 1 has been removed.
#access-list 1 permit 192.168.10.0 0.0.0.255
#access-list 1 permit 192.168.2.0 0.0.0.255
#access-list 1 permit 192.168.3.0 0.0.0.255
#access-list 1 permit 192.168.4.0 0.0.0.255
I am new to Cisco products and also new to the Cisco forum, so sorry for that.
Lan, switches, routers seemed to be logical, but because I'm new here I didn't know that it wasn't the right forum.
How do I export these and which ones do I need to post here?
As I said, I have no experiense whatsoever...
Just tell me what info, commands, etc you need and how I get it.
And also which forum I need to post this.
Because I really want my stuff working
Since you are a student you should have no problem starting reading some book or onlineon the subejct of "configuring Cisco IOS". That is done with CLI not GUI.
I know it's done with CLI, I can access the command line with Putty, I know how to get into layer 15 or something by the command "ena", but what are the commands to export the config and commands like you said?
Also, I am searching for that configuration thing on the internet and my colleages are looking if they have any training books for me that I can borrow. But for now, it is configured by GUI, I am going to make a back-up as soon as I figured out how ftp works on this router, and then I start messing with the command line.
But before I can do that I need to fix my internet access, because I can't get an ip on the WAN port of the Cisco router.
That's all I want to fix, but how, that's why I ask the guru's on the community. So, what are the commands for the thing you talked about with config/commands and stuff?
Log on via the CLI and capture the output of "show running-config" and post it here.
A little diagram with IP addresses would probably aid our (and your) understanding of the situation.
I've added a log with all the stuff from show-running config and a overview of all the ip addresses and how it is all connected and stuff.
Someone said something about interfaces to me, but I don't know (yet) what he ment.
Something about the WAN Interface not configured, but I don't have any clue what interface number it is, what to configure and how to configure it.
Are you using Fa0/0 as your WAN interface?
Can you do a "show interface fa0/0" and post here please?
You have "ip nat inside" on your Fa0/0 interface which is not correct, it should be "ip nat outside".
Do you have administration rights on the Sitecom router?
I don't know for sure if I use fa0/0 as WAN Interface, but I think I do.
If I do "show interfaces" it says: "FastEthernet0/0", description "$FW_OUTSIDE".
I took the mac address that it showed and added it in my router with a static ip.
And I see that interface got the ip I put as static in my Sitecom router.
But now the internet access, the Cisco router has an ip... I think... but the clients still don't have internet access.
I added the show interface fa0/0.
How do I change that ip nat thingy?
And yes, I have administration rights on the Sitecom router, I own that router, I can do everything I want with it, but keep in mind it is a simple cheap consumer router. And I has telnet, I just found out
OK, we are making progress...
You have assigned 192.168.0.200/24 to your Fa0/0 interface.
You need a static route pointing at your Sitecom router - something like:
#ip route 0.0.0.0 0.0.0.0 x.x.x.x
(where x.x.x.x is the IP address of your Sitecom router - something in the 192.168.0.x range).
You also need to change your NAT configuration as follows:
#ip nat outside
Your NAT statement references ACL 1 so only addresses in that access list will get NAT'ted. So you would need to add all of your VLAN subnets to this ACL. For the purposes of testing until we get this working you could just do:
#access-list 1 permit ip any any
Okay, NAT is now enabled and set to outside for fa0/0, I checked it in Configuration Assistant to be sure and it was.
I did that ip route thing and set it to 192.168.0.1 (default router ip for my Sitecom router).
But the access-list wouldn't work. It didn't recognize ip and when I removed ip, it had a conflict with the second any.
So, I just dit #access-list 1 permit any and that worked.
I don't know if it was correct, but it didn't give an error.
My laptop now says "internet access", but when I go to my webbrowser I still can't connect to for example google.com.
I went in the Configuration Assistant to NAT and got errors with "The following interface Vlan2 is not been configured for NAT service. To apply NAT service to un-configured interfaces, delete NAT settings and reapply NAT by selecting an Outside interface" (it does that for all vlans except the default vlan, but also with that vlan I can't reach the internet) and when I click on a vlan in the dropdown box "The following interfaces are excluded from the NAT inside configuration: FastEthernet0/0".
So, what do I have to do next?
I think it's partly NAT and partly access-list, am I right?
Can you send me an update "show run" so I can see what changes you have made? Sorry but I am not familiar with the GUI - it is all CLI for me
Also, as a quick test, can you do a "ping 18.104.22.168" from the router itself?
I added a new show run file.
Hopefully my changes were put throug as they where supposed to go.
I would love to check if the changes are correct myself, but I simply don't know where to look.
I want to learn the CLI, but because I have no experience whatsoever (I'm working on it) I use the GUI as alternative for configuring stuff.
If I ping from the console/CLI, I get this:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.214.171.124, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/20/20 ms"
That is good, right?
So, the problem is not the WAN port anymore, but internal?
That is a good sign - that means you have internet connectivity from the router - so we are nearly there.
Just to confirm - what VLAN is your laptop in?
And don't worry about not knowing the CLI - everyone starts out knowing nothing, it is the willingness to learn that is important.