Re: no puedo configurar mi router cisco air-cap2602e-a-k9 - Page 3

jordan-pizarro-r · ‎10-23-2024

Buenas

Acabo de entrar a trabajar en un colegio, el cual tiene varios problemas de red que he estado solucionando de uno en uno, acabo de llegar a dos routers que no estan completamente configurados estos dos son el mismo modelo (air-cap2602e-a-k9) o están configurados como repetidores de mi red router principal. el gran problema de esto es que mi proveedor nos entrega una cantidad limitadas de IP para poder repartir internet a lo largo del establecimiento, y el problema de routers como repetidores es que me ocupan las direcciones IP hasta que se acaban y después las siguientes personas que se quieren conectar no pueden. y no puedo acceder a la configuración de estos para realizar la configuracion LAN correspondiente.

actualmente mi red principal tiene la ip 192.168.1.99 y mi router como repetidor me da exactamente la misma ip como gateway (192.168.1.99) por lo que no puedo entrar a esa conexión como ya que me redirige a la configuracion de mi router principal. tengo que destacar que este router principal es configurado y solo tiene acceso mi proveedor de internet por lo que no puedo entrar a ese router.

estoy tratando de entrar por consola a este router pero tampoco da señales de vida.

actualmente reparten internet pero una vez se llega al tope de la IP las demas personas que se conectan ya no tendran conexión me gustaria saber si alguien me puede ayudar a solucionar este problema

Flavio Miranda · ‎11-03-2024

@jordan-pizarro-r thank you

Please, do this changes and test. You need to be able to ping the ISP router, the IP 8.8.8.8, which is the google IP and you need to ping the URL www.google.com.

When this work, you will get internet on the clients

Run this:

!
no ip nat inside source list NAT interface GigabitEthernet1 overload
no ip route 0.0.0.0 0.0.0.0 Vlan10 192.168.1.99
no ip route 0.0.0.0 0.0.0.0 Vlan10 192.168.1.1
!
no ip access-list standard NAT

Then run this. Just make sure the ISP IP address is really 192.168.1.99 by pinging it.

ip nat inside source list 1 interface GigabitEthernet1 overload

ip route 0.0.0.0 0.0.0.0 192.168.1.99

access-list 1 permit 192.168.5.0 255.255.255.0

jordan-pizarro-r · ‎11-03-2024

right now with what you told me to do, the ping is working, I have no dropped packets, but I still have no internet connection.

Flavio Miranda · ‎11-03-2024

Great, you are almost there.

I believe the problem is DNS resolution.

Are you testing from the wireless network or with a PC connected to the router? I would recommend you to test with a PC connected direct to the router first.

Make sure the PC gets IP address, default gateway and DNS server

Try to ping the google url.

ping www.google.com

Once you are able to ping the url, you are done.

Then, you can test from wireless network

jordan-pizarro-r · ‎11-03-2024

i am doing it from my pc connected to the router, when i do the ping in the pc it does not work in the cmd, but in the router console if it sends the pings to google as well as the dns. what can it be?

this is the pc ip, gateway, etc

Flavio Miranda · ‎11-03-2024

Run on the Pc

ipconfig /all

jordan-pizarro-r · ‎11-03-2024

Sufijo DNS específico para la conexión. . :
Descripción . . . . . . . . . . . . . . . : Realtek USB FE Family Controller
DHCP habilitado . . . . . . . . . . . . . : sí
Configuración automática habilitada . . . : sí
Vínculo: dirección IPv6 local. . . : fe80::bcbb:6923:5c62:dd94%13(Preferido)
Dirección IPv4. . . . . . . . . . . . . . : 192.168.5.4(Preferido)
Máscara de subred . . . . . . . . . . . . : 255.255.255.0
Concesión obtenida. . . . . . . . . . . . : domingo, 3 de noviembre de 2024 22:17:13
La concesión expira . . . . . . . . . . . : lunes, 4 de noviembre de 2024 22:17:13
Puerta de enlace predeterminada . . . . . : 192.168.5.1
Servidor DHCP . . . . . . . . . . . . . . : 192.168.5.1
IAID DHCPv6 . . . . . . . . . . . . . . . : 436265034
DUID de cliente DHCPv6. . . . . . . . . . : 00-01-00-01-2C-50-74-1A-A8-A1-59-43-51-0C
Servidores DNS. . . . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS sobre TCP/IP. . . . . . . . . . . : habilitado

Flavio Miranda · ‎11-03-2024

Maybe the Google DNS could be the problem

If you connect your PC direct on the ISP link and repeat the command

ipconfig /all

Which DNS server It takes?

jordan-pizarro-r · ‎11-03-2024

Flavio Miranda · ‎11-03-2024

Ok. Lets make the PC use those DNS

!
!
ip dhcp pool internal
no dns-server 8.8.8.8 8.8.4.4
dns-server "add both server here"

Change the DHCP pool config removing the Google DNS and add those two servers you got from ISP

Repeat the tests after that

Flavio Miranda · ‎11-03-2024

Well, I am suspicious that the problem is actually NAT.

I Will drop off now but tomorrow we keep going

jordan-pizarro-r · ‎11-03-2024

I was just going to write you that the same thing keeps happening even if I change the DNS, but I will continue tomorrow.

Flavio Miranda · ‎11-04-2024

When you get the chance, send the output of "show license" please.

And share the show running-config again please. Let me see if something is skipping from my eyes.

jordan-pizarro-r · ‎11-04-2024

i can't run a "show license" probably because the router has a very old image but i show you the commands "show version"

Cisco IOS Software, C860 Software (C860VAE-ADVSECURITYK9-M), Version 15.1(4)M4, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2012 by Cisco Systems, Inc.
Compiled Wed 21-Mar-12 00:04 by prod_rel_team

ROM: System Bootstrap, Version 15.1(4r)M2, RELEASE SOFTWARE (fc1)

Router uptime is 36 minutes
System returned to ROM by power-on
System image file is "flash:c860vae-advsecurityk9-mz.151-4.M4.bin"
Last reload type: Normal Reload

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

Cisco 867VAE-K9 (BCM6368) processor (revision 0.3) with 234496K/26624K bytes of memory.
Processor board ID GMK130200VF
1 DSL controller
1 Ethernet interface
4 FastEthernet interfaces
2 Gigabit Ethernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
255K bytes of non-volatile configuration memory.
57344K bytes system flash allocated

Sh running config /

Router#sh running-config
Building configuration...

Current configuration : 1727 bytes
!
! Last configuration change at 11:14:10 UTC Mon Nov 4 2024
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
no aaa new-model
wan mode ethernet
no ipv6 cef
ip source-route
ip cef
!
ip dhcp excluded-address 192.168.5.0 192.168.5.3
!
ip dhcp pool internal
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server 200.28.4.130 200.28.4.129
!
crypto pki token default removal timeout 0
!
vtp mode transparent
!
!
controller VDSL 0
shutdown
!
vlan 10
name colegio
!
vlan 20
name ssid-local
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
description Access Point 1
switchport access vlan 10
no ip address
!
interface FastEthernet1
description Access Point 2
switchport access vlan 10
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.99
!
access-list 1 permit 0.0.0.0 255.255.255.0
!
!

Flavio Miranda · ‎11-04-2024

There is a typo on the access list

Remove this

no access-list 1 permit 0.0.0.0 255.255.255.0

add this

access-list 1 permit 192.168.5.0 255.255.255.0

jordan-pizarro-r · ‎11-04-2024

I'm sorry I was a little busy until a while ago, I just did what you indicated and when I enter the command “access-list 1 permit 192.168.5.0 255.255.255.0” it goes back to the previous command “access-list 1 permit 0.0.0.0 255.255.255.0”