Announcement

Collapse
No announcement yet.

My Cisco 2611 don't wanna work...

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • My Cisco 2611 don't wanna work...

    Hi,
    I've got a CISCO 2611 router.

    My WAN is on input FastEthernet 0/0, my LAN on 0/1 .
    I want my computers on LAN access the WAN .
    The CISCO can ping towards Internet (DNS and route OK)
    My LAN can ping the CISCO.
    My LAN cannot ping an Internet address.
    For me my config is fine, but not working. I spent many hours on that, no success.
    Any help would be apreciated.
    Thank you.
    Marc

    My config
    cisco#
    Building configuration...

    Current configuration : 1263 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname cisco
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 xxx
    enable password xxx
    !
    no aaa new-model
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    no ip routing
    no ip cef
    !
    !
    --More--
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.1.253
    !
    ip dhcp pool CLIENTS
    import all
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.253
    !
    !
    multilink bundle-name authenticated
    !
    !
    !
    !
    !
    archive
    log config
    hidekeys
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    ip address dhcp
    ip nat outside
    ip virtual-reassembly
    no ip route-cache
    speed auto
    half-duplex
    no mop enabled
    !
    interface FastEthernet0/1
    description $ETH-LAN$
    ip address 192.168.1.253 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    no ip route-cache
    speed auto
    half-duplex
    no mop enabled
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
    !
    ip http server
    no ip http secure-server
    ip nat inside source list 101 interface FastEthernet0/0 overload
    !
    access-list 101 permit ip any any
    !
    !
    control-plane
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password xxx
    login
    !
    !
    end

    cisco#

  • #2
    Re: My Cisco 2611 don't wanna work...

    Your config looks okay, but I'm wondering: you say-


    My LAN can ping the CISCO.
    My LAN cannot ping an Internet address.


    -Check that your F0/1 is definitely picking up a registered public address
    -Check that your clients are picking up an IP, a mask, a gateway, and DNS
    -I notice that you aren't setting DNS via the router's DHCP scope. Make sure the clients are getting DNS from somewhere, and make sure this isn't broken- try pinging some known, working devices by IP address rather than name.

    gd

    Comment


    • #3
      Re: My Cisco 2611 don't wanna work...

      Thanks for your reply.

      On F0/0 connected to WAN, the cisco gets a correct IP address from the DHCP server, no problem for that (I had traces with wireshark for that).
      On F0/1, the clients get all informations (import all does its job), IP, mask, DNS, GW are correct.
      As I thought there could be DNS problem, I also ping IP's, but no success !

      Any other hints ?

      Marc

      Comment


      • #4
        Re: My Cisco 2611 don't wanna work...

        Hi tybreizh29,

        Looking at your config and I am curious... why do you have the no ip routing command enabled? By enabling this you have essentially disabled routing.

        Ryan

        Comment


        • #5
          Re: My Cisco 2611 don't wanna work...

          Hi Ryan,
          Thank you for the hint.
          ip routing is disabled because it's worse when it's enabled.
          When enabled, from the cisco, I cannot ping the Internet, and my LAN
          does not work better.
          Marc

          Comment


          • #6
            Re: My Cisco 2611 don't wanna work...

            Looking more closely at your configuration you have your interface speed set to auto but you are manully setting the duplex to half. Try the following and see if it helps

            1. set the interfaces to automatically negotiate the duplex
            2. If there is a specific reason to have this feature turned on disable ip virtual-reassembly on your interfaces.

            I have to admit that I am confused with the "no ip routing" command because since it disables the routing functions of the router rendering it to nothing more than a bridge.
            Last edited by ryansmitty; 10th June 2009, 03:16.

            Comment


            • #7
              Re: My Cisco 2611 don't wanna work...

              Hi Ryan,
              I tried your settings modifcations, without success.
              Here is the new config file.
              Marc

              Current configuration : 1378 bytes
              !
              version 12.4
              service timestamps debug datetime msec
              service timestamps log datetime msec
              no service password-encryption
              !
              hostname cisco
              !
              boot-start-marker
              boot-end-marker
              !
              enable secret 5 xx
              enable password xx
              !
              no aaa new-model
              no network-clock-participate slot 1
              no network-clock-participate wic 0
              no ip routing
              no ip cef
              !
              !
              no ip dhcp use vrf connected
              ip dhcp excluded-address 192.168.0.253
              !
              ip dhcp pool CLIENTS
              import all
              network 192.168.1.0 255.255.255.0
              default-router 192.168.1.253
              !
              !
              ip name-server 212.27.40.240
              ip name-server 212.27.40.241
              multilink bundle-name authenticated
              !
              !
              !
              !
              !
              archive
              log config
              hidekeys
              !
              !
              !

              !
              interface FastEthernet0/0
              ip address dhcp
              ip nat outside
              no ip virtual-reassembly
              no ip route-cache
              duplex auto
              speed auto
              no mop enabled
              !
              interface FastEthernet0/1
              description $ETH-LAN$
              ip address 192.168.1.253 255.255.255.0
              ip nat inside
              no ip virtual-reassembly
              no ip route-cache
              duplex auto
              speed auto
              no mop enabled
              !
              ip default-gateway 192.168.0.254
              ip forward-protocol nd
              ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
              !
              ip http server
              no ip http secure-server
              ip nat inside source list 101 interface FastEthernet0/0 overload
              !
              access-list 101 permit ip 192.168.0.0 0.0.0.255 any
              !
              !
              control-plane
              !
              !
              line con 0
              line aux 0
              line vty 0 4
              password xx
              login
              !
              !
              end

              cisco#

              Comment


              • #8
                Re: My Cisco 2611 don't wanna work...

                Originally posted by tybreizh29 View Post
                Hi Ryan,
                I tried your settings modifcations, without success.
                Here is the new config file.
                Marc
                Current configuration : 1378 bytes
                !
                version 12.4
                service timestamps debug datetime msec
                service timestamps log datetime msec
                no service password-encryption
                !
                hostname cisco
                !
                boot-start-marker
                boot-end-marker
                !
                enable secret 5 xx
                enable password xx
                !
                no aaa new-model
                no network-clock-participate slot 1
                no network-clock-participate wic 0
                no ip routing
                no ip cef
                !
                !
                no ip dhcp use vrf connected
                ip dhcp excluded-address 192.168.0.253
                !
                ip dhcp pool CLIENTS
                import all
                network 192.168.1.0 255.255.255.0
                default-router 192.168.1.253
                !
                !
                ip name-server 212.27.40.240
                ip name-server 212.27.40.241
                multilink bundle-name authenticated
                !
                !
                !
                !
                !
                archive
                log config
                hidekeys
                !
                !
                !

                !
                interface FastEthernet0/0
                ip address dhcp
                ip nat outside
                no ip virtual-reassembly
                no ip route-cache
                duplex auto
                speed auto
                no mop enabled
                !
                interface FastEthernet0/1
                description $ETH-LAN$
                ip address 192.168.1.253 255.255.255.0
                ip nat inside
                no ip virtual-reassembly
                no ip route-cache
                duplex auto
                speed auto
                no mop enabled
                !
                ip default-gateway 192.168.0.254
                ip forward-protocol nd
                ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
                !
                ip http server
                no ip http secure-server
                ip nat inside source list 101 interface FastEthernet0/0 overload
                !
                access-list 101 permit ip 192.168.0.0 0.0.0.255 any
                !
                !
                control-plane
                !
                !
                line con 0
                line aux 0
                line vty 0 4
                password xx
                login
                !
                !
                end

                cisco#
                Do you have an upstream device (i.e one that is place before your router)? Can you provide an basic diagram and any type of traceroute and ping samples?

                Comment


                • #9
                  Re: My Cisco 2611 don't wanna work...

                  INTERNET +
                  PC outside ----------------------| cisco |---------------------------- pc inside
                  192.168.0.103
                  --------- 192.168.0.250 -- 192.168.1.253 ------------- 192.168.1.1
                  GW 0.250 ------------------------------------------------------------GW 1.253

                  On the cisco I did:
                  cisco#ping free.fr
                  cisco#sh ip nat translations
                  Pro Inside global Inside local Outside local Outside global
                  icmp 192.168.0.250:0 192.168.0.250:0 212.27.48.10:0 212.27.48.10:0
                  udp 192.168.0.250:63595 192.168.0.250:63595 212.27.40.240:53 212.27.40.240:53

                  On my inside PC I did:
                  pc inside 192.168.1.1 ping 192.168.0.250 OK (sh ip nat translations shown nothing)
                  pc inside 192.168.1.1 ping 192.168.0.103 NOK

                  On my outside PC I did:
                  pc outside 192.168.0.103 ping 192.168.1.1 NOK
                  pc outside ping 192.168.0.103 ping 192.168.1.253 OK ( sh ip nat translations shows below)
                  ================================================== =
                  cisco#sh ip nat translations
                  Pro Inside global Inside local Outside local Outside global
                  icmp 192.168.0.250:512 192.168.0.250:512 192.168.0.103:512 192.168.0.103:512


                  Comment


                  • #10
                    Re: My Cisco 2611 don't wanna work...

                    Originally posted by tybreizh29 View Post
                    INTERNET +
                    PC outside ----------------------| cisco |---------------------------- pc inside
                    192.168.0.103 --------- 192.168.0.250 -- 192.168.1.253 ------------- 192.168.1.1
                    GW 0.250 ------------------------------------------------------------GW 1.253

                    On the cisco I did:
                    cisco#ping free.fr
                    cisco#sh ip nat translations
                    Pro Inside global Inside local Outside local Outside global
                    icmp 192.168.0.250:0 192.168.0.250:0 212.27.48.10:0 212.27.48.10:0
                    udp 192.168.0.250:63595 192.168.0.250:63595 212.27.40.240:53 212.27.40.240:53

                    On my inside PC I did:
                    pc inside 192.168.1.1 ping 192.168.0.250 OK (sh ip nat translations shown nothing)
                    pc inside 192.168.1.1 ping 192.168.0.103 NOK

                    On my outside PC I did:
                    pc outside 192.168.0.103 ping 192.168.1.1 NOK
                    pc outside ping 192.168.0.103 ping 192.168.1.253 OK ( sh ip nat translations shows below)
                    ================================================== =
                    cisco#sh ip nat translations
                    Pro Inside global Inside local Outside local Outside global
                    icmp 192.168.0.250:512 192.168.0.250:512 192.168.0.103:512 192.168.0.103:512

                    Your cisco router interface f0/0 is set to get an address from dhcp. What device is providing that address to that interface? I don't think it is the router it self that is having problems, we have a configuration problem both with your routing and natting. Instead of using ascii drawings if you can put together a more detailed drawing that includes all devices that are part of the routed path. It will help with the troubleshooting much faster.

                    I really want to help you but there are details that are missing.

                    Comment


                    • #11
                      Re: My Cisco 2611 don't wanna work...

                      Hi Ryan,
                      Thank you for your help.
                      Here is an image of my network. I hope there is no missing item.
                      That's my current config.
                      Each network can ping the other side of the CISCO but not further.
                      Network 192.168.0.0 can ping FastEthernet 0/1 interface.
                      Network 192.168.1.0 can ping FastEthernet 0/0 interface.
                      Marc

                      Comment


                      • #12
                        Re: My Cisco 2611 don't wanna work...

                        Thank you for the diagram this helps out tremendously! The router that connects to the internet... Do you control that? If so I would try the following:

                        1. remove the ip default-gateway statement on the cisco device. This should only be used when you have ip routing disabled.

                        2. enable ip routing

                        3. Keep the default route on the cisco as it is (0.0.0.0 0.0.0.0 f0/0)


                        4. At the upstream router (the one connected to the internet) make sure that it has a route for the 192.168.1.0/24 subnet to point to the IP address of the cisco router f0/0 interface or specify the exit interface to get back to the 192.168.1.0/24 subnet.


                        5. Remove your nat statement on the cisco device. You should not need to nat at the cisco router. Instead allow the upstream router do the natting for you. That should work as long as it knows how to get back to 192.168.0.0/24 subnet.


                        Let me know if that works or not. If it doesn't work detail exactly what happens. Best thing I would suggest is after making the changes do a couple of basic traceroutes. Do a traceroute from your 192.168.1.1 to 192.168.0.103. Then do another traceroute to your DNS server IP address from your 192.168.1.103. Send me the output of each in the event that routing is still not working properly.

                        Comment


                        • #13
                          Re: My Cisco 2611 don't wanna work...

                          Hi Ryan,
                          I can't change anything on my provider's router. It's useless ( acts like a DHCP server and NAT) and I want get rid of it.
                          The CISCO will replace it when the settings will be fine.

                          With your settings 1 to 3, I made some tests.

                          ==============================================
                          pc outside 192.168.0.103 ping 192.168.1.1 OK
                          1 1 ms 1 ms 1 ms 192.168.0.250
                          2 <1 ms 1 ms <1 ms 192.168.1.1

                          ==============================================
                          pc outside 192.168.0.103 ping "my public IP" OK
                          1 1 ms 1 ms 1 ms 192.168.0.250
                          2 1 ms 1 ms <1 ms "my public IP"


                          ==============================================
                          pc inside 192.168.1.1 ping 192.168.0.103 OK
                          1 1 ms 1 ms 1 ms 192.168.1.253
                          2 <1 ms 1 ms 1 ms 192.168.0.103

                          ==============================================
                          pc inside 192.168.1.1 ping "my public IP" NOK
                          1 1 ms 1 ms 1 ms 192.168.1.253
                          2 * * * Timeout
                          3 * * * Timeout

                          ==============================================
                          CISCO ping "my public IP" OK
                          cisco#sh ip nat translations
                          Pro Inside global Inside local Outside local Outside global
                          icmp 192.168.0.250:6 192.168.0.250:6 "my public IP":6 "my public IP":6

                          CISCO ping "Internet IP" NOK

                          Marc

                          Comment


                          • #14
                            Re: My Cisco 2611 don't wanna work...

                            Originally posted by tybreizh29 View Post
                            Hi Ryan,
                            I can't change anything on my provider's router. It's useless ( acts like a DHCP server and NAT) and I want get rid of it.
                            The CISCO will replace it when the settings will be fine.

                            With your settings 1 to 3, I made some tests.

                            ==============================================
                            pc outside 192.168.0.103 ping 192.168.1.1 OK
                            1 1 ms 1 ms 1 ms 192.168.0.250
                            2 <1 ms 1 ms <1 ms 192.168.1.1

                            ==============================================
                            pc outside 192.168.0.103 ping "my public IP" OK
                            1 1 ms 1 ms 1 ms 192.168.0.250
                            2 1 ms 1 ms <1 ms "my public IP"


                            ==============================================
                            pc inside 192.168.1.1 ping 192.168.0.103 OK
                            1 1 ms 1 ms 1 ms 192.168.1.253
                            2 <1 ms 1 ms 1 ms 192.168.0.103

                            ==============================================
                            pc inside 192.168.1.1 ping "my public IP" NOK
                            1 1 ms 1 ms 1 ms 192.168.1.253
                            2 * * * Timeout
                            3 * * * Timeout

                            ==============================================
                            CISCO ping "my public IP" OK
                            cisco#sh ip nat translations
                            Pro Inside global Inside local Outside local Outside global
                            icmp 192.168.0.250:6 192.168.0.250:6 "my public IP":6 "my public IP":6

                            CISCO ping "Internet IP" NOK

                            Marc
                            Based on your output it looks like your ISP router doesn't have a route back to the 192.168.1.0/24 subnet. If you are going to replace the ISP router with the cisco device, will you keep the same routeable CIDR block that was assigned to you? Are you going to only have one router instead of two (based on your diagram)? If you are only going to use the cisco router then your configuration for it is 90% complete (assuming that you are only going to use one private LAN subnet... either the 192.168.1 or 192.168.0 subnet).
                            Last edited by ryansmitty; 11th June 2009, 23:19.

                            Comment


                            • #15
                              Re: My Cisco 2611 don't wanna work...

                              Hi Ryan,
                              My final target is the following diagram. Only the Cisco for the internet.
                              My provider has DHCP servers, that's why my Cisco Eth0/0 was set to DHCP client.
                              I did some tests like that, IP's DNS, GW where correct on the Eth0/0.


                              Comment

                              Working...
                              X