Basic Router Setup for 2611 (Just want outbound access to internet)

[KRS]

I have been trying to setup a 2600 router for basic access out to the internet. I can ping SOME external addresses through the router but that is basically it. Much of the documentation that I come across tells me some basic configuration information but beyond that, that is it. I have only one address from the @home folks and I can ping the downstream gateway, however that is pretty much it. I wanted to setup the router for outbounod access to the internet for starters. Forgive me, I am a novice and I am preparing of the CCNA exam. I was hoping for an example of what a basic configuration would have to entail given:


- internal clients are on 192.168.0.x network
- internet gateway is 24.115.114.193
- Nat on external interface using the "overload" command (Not sure here but I believe it is correct)

desires:
- full outbound access on 192.168.0.x network
- I will eventually configure acl's etc for inbound access

****Again I am using a cable modem with this, however it works fine with my NetGear 311 router.*****

(Basically a configuration that will allow my clients through the router and to the internet would be sweet.)

Below is a copy of the configuration file from my 2611 router running IOS 12.1.5
Building configuration...


Current configuration : 1235 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router
!
enable secret 5 xxxxxxxxxxxx
enable password xxxxxxxxx
!
!
!
!
!
ip subnet-zero
no ip finger
ip domain-name secure.ca
ip name-server 24.2.10.34
ip name-server 24.2.10.33
ip name-server x.x.x.x
!
ip audit notify log
ip audit po max-events 100
!
!
!
interface Ethernet0/0
description Inside
ip address 192.168.0.x 255.255.255.0
ip nat inside
no ip mroute-cache
!
interface Serial0/0
no ip address
no ip mroute-cache
shutdown
!
interface BRI0/0
no ip address
no ip mroute-cache
shutdown
!
interface Ethernet0/1
description Outside
ip address 24.115.114.x 255.255.255.192
ip nat outside
ip rip send version 2
no ip mroute-cache
half-duplex
!
router rip
network 192.168.0.0
!
ip default-gateway 24.115.114.193
ip nat inside source list 1 interface Ethernet0/1 overload
ip classless
ip route 0.0.0.0 0.0.0.0 24.115.114.193
no ip http server
!
access-list 1 permit 192.168.0.0 0.0.0.255
!
line con 0
exec-timeout 0 0
password password
logging synchronous
login
transport input none
line aux 0
password password
login
line vty 0 4
password password
login
!
end

Router#

 

[KRS]

UPDATE!!! Ok, I moved the internet connection from my external router interface back to the netgear router, added a hub and now the client that runs through the hub to the cisco2611 to the Netgear....seems to work. (Whew!)
(see below)

Original Setup:
Client -> Switch -> Netgear Router -> Cable-Modem -> Internet

Desireable:
Client/s -> Switch -> cisco 2611 -> Cable Modem -> internet

Only known workable solution:
subnet 1:
clients -> switch-> Netgear Router -> Cable modem-> Internet


subnet 2:
clients -> hub -> cisco2611 -> Netgear -> Cable Modem


***summary****
I basically want to replace the netgear in front of the cable modem, with a cisco router and take advantage of the firewall feature set, etc on the 2600, but I cannot plug again, the cable modem into the external interface of the router. I can plug the cable modem directly into a NiC in my machine, or into the Netgear 311 router, but when I plug it into the 2600, I can ping outside addresses from a client but I don't get outbound access via the internet until I put the host behind a hub and plug the router into the hub. A dmz of sorts. (well I have beat this to death, but I sure could use some help folks and would be very appreciative of any help.


Has anyone else tried to put a router behind a cable modem to act as a firewall for a home network?

 

[wybnormal]

I run a DSL circuit to a VLAN on a Cisco 1900 so I can have 1 port for sniffing raw data hitting my network. There is a second VLAN which is the "real" network on my side. This connection works with or without the VLAN, in other words, I can feed it from the "modem" to the router without issue. I run OSPF on my home office LAN ( 3 routers) BUT I turn off CDP on my *outside* port and I made sure that that port is *passive* for OSPF. I also have NO IP DIRECTED-BROADCAST enabled on it. I also have an access-list which dumps any ICMP "echo" broadcast.

Why RIP? there is not any reason to broadcast your network out to the world via RIP or any other router protocol unless you have other routers talking to this one?

Mike S

 

[jeter]

It sounds like it would be easier to get your internet over a frame-relay circuit using
a T1 csu/dsu wic card !!! It is easy to set up and it would eliminate some other equipment issues . We have a setup here in the lab similar to what Wybenormal had mention and this applications works great . There are several choices here go with the best and run with it ( haha) . Good Luck !!!

 

[Guest_imported]

Be it a frame relay or an ethernet connection(Cable/DSL) to the internet the ip protocal setup is the same. As previously stated the Router RIP command is not needed. You may need to change your static route. You want all traffic to the internet routed via interface Ethernet0/1 or the outside interface. To do this use ip route 0.0.0.0 0.0.0.0 E0.1

Security wise once the router is operational your inside network isn't visible insted it is represneted by the routers outside address or a assigned addresses via the nat configuration. You may however consider stoping ICMP, TELNET and othe small services connections to the router.

The CCNA doesn't cover the most common configuration, which is a single ip address on the router and using NAT to hide the interior gateway.

 

[Guest_imported]

Also you may want to try ip classless command. This way the router will foward unknown subnets. Internet ip address are considered unknown subnets.

 

[mlien]

Hi KRS, I am glad you ask this question. Because I am having trouble setting up my Cisco 2514 router behind Cable modem. I just want to know if you have already reslove the problems. As you know, Cisco 2514 come with two AUI(Ethernet)ports. Ethernet 0 port connect to Cable modem, and Ethernet 1 connect to my switch. Serial0 connect to 2501 router. My configuration is similar to yours. I can ping some of outside address from 2514 only. I have limited experience with Cisco router, and I am preparing for CCNA exam on the end of Jan. The following is my configuration:

Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
!
ip subnet-zero
ip nat inside source list 1 interface Ethernet0 overload
ip name-server 206.75.216.***
ip name-server 206.75.216.***
!
interface Ethernet0
ip address 24.108.**.** 255.255.255.0
ip nat outside
!(CONNECT TO CABLE MODEM)
interface Ethernet1
ip address 192.168.1.65 255.255.255.240
ip nat inside
!(CONNECT TO SWITCH)
interface Serial0
ip address 192.168.1.17 255.255.255.240
ip nat inside
no fair-queue
clockrate 64000
!(CONNECT TO 2501)
interface Serial1
no ip address
shutdown
!
router rip
network 192.168.1.0
network 24.0.0.0!
ip default-gateway 24.108.33.1
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
line con 0
line aux 0
line vty 0 4
login
!
end

Please help me to resolve this situation. I am really appreciate.

 

[KRS]

Why yes, the only way I found to resolve this was to install a hub and run the router to the hub instead of directly to the Cable Modem. I tried a cross over cable and that did not work either. I was preparing for the CCNA exam also. This will be good practice for you. Access list will be something among the hundered or so other things you want to be intimately familiar with.

 

[mlien]

KRS, I have 2514 router. It has two ethernet port like your 2611 router. My router has successfuly connecting to Cable Modem right now. You can read the messages I posted earlier. Here is my current configuration:Current configuration:
!
version 11.2
no service password-encryption
no service udp-small-servers
no service tcp-small-servers
!
hostname Router
!
!
ip nat inside source list 1 interface Ethernet0 overload
!
interface Ethernet0
description Direction connection to Cable modem
ip address 24.108.**.** 255.255.255.0
no ip directed-broadcast
ip nat outside
no cdp enable
!
interface Ethernet1
description Direct connection to Catalyst Switch 1912
ip address 192.168.1.65 255.255.255.240
ip nat inside
!
interface Serial0
description Direction connection to Router 2501
ip address 192.168.1.17 255.255.255.240
ip nat inside
no fair-queue
clockrate 56000
!
interface Serial1
no ip address
shutdown
!
router rip
network 24.0.0.0
network 192.168.1.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 24.108.33.1(This is IP default-gateway address)
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
line con 0
line aux 0
line vty 0 4
login
!
end

See some of my previous posted for reference. All hearder start with Connect 2514 to Cable modem. Again, I won't be successfuly running my network without eveyone, espically Wybnormal.

 

[UNIX72]

KRS and malien did you directly plug your cable modem and router to different ports on a hub? Trying to do the same thing. Have 2621 router. Did you use a crossover from modem to hub? Thanks

 

[wybnormal]

Unix72

cable network-----routerE0/E1----hub or switch

You run a crossover cable or flip the switch on the cable "modem" for the cable to router connection. The router to hub should be a normal drop cable. ( I hate the word straight here.. due to you still have twists)

You may need to reboot the cable modem after the connections are made to clear the old mac address out so the cable modem can use the new router mac address.

Mike S

 

[UNIX72]

Thanks wybnormal