Cisco 2611 and 2514 routing question

[Hidetherum]

Hello,
I get to the internet through a versalink 7500 (Westell) dsl modem. It has 4 cat5 ports and the dsl uplink port. It hands out dhcp addresses in the 192.168.1.15-50 range to any inside computer. The modem's address is 192.168.1.1.
I have a FREESCO firewall/router with 3 ports. It's 3 port addresses are,
Port1=192.168.1.2, Port2=10.10.8.2, Port3=172.168.8.2. Port 1 is connected to a port on the dsl modem and port 2 is connected to a switch that has my home lab computers connected. All of my computers have a 10.10.8.x address and can get to the internet with no problems.

Last weekend I got out my 2 port 2611 router and gave port 0 192.168.1.4 and port 1 172.16.1.4. I plugged port 0 into a switch and plugged the switch into the dsl modem. The switch also has 1 computer with address 192.168.1.5 connected to it. I gave a laptop 172.16.1.5 address and plugged it into port 1 on the router. The router can ping the computers on each port, the dsl modem and

http://www.yahoo.com.

The computer with the 192.168.1.5 address can also ping everything on the inside network and internet. But the computer with the 172.16.1.5 address can only ping computers on both router interfaces and the dsl modem. It can't ping internet sites or internet addresses. I removed the 2611 router and replaced it with a 2514. I setup the 2514 with the same addresses and got the same result. A computer on the 172 side can reach internal computers and the dsl modem but not the internet. I cleared the config on both routers but nothing worked.

The only reason I plugged in the cisco routers was to make a quick test for something I planned on doing at work, and have no intention of removing my FRESSCO since everything works fine the way it is. But I have spent 2 days searching the internet for a reason why I couldn't get the ciscos to work and haven't found anything. Any ideas?

Thanks

 

[silverhairb]

It might be able to ping, but how can it find the DNS server address? Does it know where to route?

Not sure what IOS you're running but this might help...

Have you tried making the 2611 port0 a DHCP client and importing the DNS info from the FRESSCO? Then make the 2611 port1 a DHCP host for the computer plugged into it, NAT inside. Add ip route 0.0.0.0 0.0.0.0 port0 (or the actual interface name) as the default route and give it a try. Set the PC as a dhcp client and to import the WINS/DNS server info.

It might work, it might need a little more config set-up.

(Burt, Uncle Rico, some other real expert(s) should confirm and add their special touches.)

[the other] Bill

 

[unclerico]

...NAT inside

I believe silver hit it on the head

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[burtsbees]

I say it missing NAT. Post a sh run.

Burt

 

[Hidetherum]

Hey guys,
When I tried to setup nat on the 2611 I started getting SegV errors and the router would go into a bootloop until I unplugged the network cables. That is when I tried the 2514. Some of the posts I read made me think it might be a nat problem but others said the dsl modem was doing the natting and the router wouldn't need to. Since nat doesn't work on my router I will try everything else.
If you get a dhcp address from the dsl modem it adds it's self as the dns (192.168.1.1). I had added,
0.0.0.00.0.0.0 192.168.1.1 and that allowed the 192 side of the router to ping

http://www.yahoo.com

but not the 172.
If I get any closer I will post a config, but I would say without nat on the router I won't get anywhere.

Thanks

 

[silverhairb]

Maybe before we go any further, it might be good to post a sh ver. Would be good to know what release and feature set you're using.



[the other] Bill

 

[silverhairb]

The modem address is 192.168.1.1. Maybe you should change the port1 network to a different range such as 192.168.2.0 255.255.255.0 and use a dhcp range on that network so that the router knows where to route to the modem (different network addy).

(FYI, I used 10.10.10.0 255.255.255.0 network and a dhcp pool range 10.10.10.100 - 10.10.10.150. DNS (DSL modem addy) of 192.168.1.254.)

At least I think that's how it should work.

[the other] Bill

 

[burtsbees]

Post a sh run

Burt

 

[Hidetherum]

version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router2600
!
enable secret 5 $1$.cTB$QHiTuZCFpa.OY3hO7prOb1
enable password XXXXX
!
!
!
!
!
ip subnet-zero
ip name-server 192.168.1.1
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.1.4 255.255.255.0
no ip directed-broadcast
ip nat outside
!
interface Ethernet0/1
ip address 172.16.1.4 255.255.255.0
no ip directed-broadcast
ip nat inside
!
ip nat pool routerpat 96.240.XXX.XXX 96.240.XXX.XXX netmask 255.255.255.0
ip nat inside source list 1 pool routerpat overload
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
!
access-list 1 permit 172.16.0.0 0.0.0.255
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
!
line con 0
transport input none
line aux 0
line vty 0 4
password XXXXX
login
!
end

Router2600#

If I take out 0.0.0.0 0.0.0.0 192.168.1.1 and replace it with 0.0.0.0 0.0.0.0 Ethernet0/0, the router can not ping

http://www.yahoo.com.

When I added nat back on the router I expected it to give me the SegV error and start rebooting, but it hasn't died yet.

 

[burtsbees]

This

ip name-server 192.168.1.1

should be what the actual dns server is. Just FYI. The modem won't tell the router where to go because the router is not set for dhcp. You could set int e0/0 for
ip add dhcp
Also, are you getting duplex mismatch messages in sh log? Any resets in sh int e0/0?
One more thing---why are you doing a NAT pool rather than a single IP pointing to an acl?

Burt

 

[Hidetherum]

If you get a dhcp address from he dsl modem it sets it's self as the DNS server. That's why I set it as the name server. I had internet dns servers in the config and it didn't help so I just put 192.168.1.1 back in.

Neither of my routers will act as a dhcp client. The 2611 gives me the Invalid input message and the 2514 doesn't give me the message but it doesn't add it either. The IOS is old on both. The 2514 is running 10.3 and the 2611 is running 12.0.

The nat pool is really just 1 address. I read that doing it that way would allow more then 1 computer on the inside to use the modem's 1 public address. I don't know what the public netmask is.

I don't think I can do anything with what I have. Having the router act as a dhcp client sounded like a good idea. If I stumble onto anything I will post it.

Thanks

 

[Torturednacho]

since when has it changed 1 ip per computer. Unless using NAT .
and if you know the pubic ip you can always figure out the netmask.

 

[burtsbees]

Take the NAT out, or do this

access-list 101 permit ip 172.16.0.0 0.0.0.255 any

ip nat inside source list 101 int e0/0 over

and put the modem in bridge mode. Take out the NAT pool statement.

Put in the name-server command with the actual DNS servers, then try and ping

http://www.google.com

from the router.

Burt

 

[Hidetherum]

I had a newer IOS on a single port 2620 so I moved it to the 2 port 2611. I am now able to set e0/0 as a dhcp client and port e0/1 as a dhcp server. Port 0 got address 192.168.1.18 from the dsl modem and Port 1 gave address 172.16.1.16 to a laptop on it's network.

172.16 still can't get to the internet or ping site names or addresses.
I had this route setup,
0.0.0.0 0.0.0.0 Ethernet0/0, but had to replace it with 0.0.0.0 0.0.0.0 192.168.1.1 to get the router to ping

http://www.yahoo.com.

Computers on the 192 side can still get to the intenet with the router as their gateway, 192.168.1.18.

I removed all NAT on the router. I don't think DNS is a problem because I can't ping internet DNS servers from 172 that I can ping from the 192 side. Like 199.45.45.14.

version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router2600
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FYXO$aygPzq/24cmUHS2rSlYjN.
enable password XXXXXX
!
no aaa new-model
ip subnet-zero
!
!
ip dhcp excluded-address 172.16.1.0 172.16.1.15
!
ip dhcp pool 172pool
network 172.16.1.0 255.255.255.0
domain-name 172cisco.inet
dns-server 192.168.1.1 199.45.45.14
default-router 172.16.1.4
lease 7
!
!
!
!
!
interface Ethernet0/0
description This is the Outside port
ip address dhcp
half-duplex
!
interface Ethernet0/1
description This is the Inside port
ip address 172.16.1.4 255.255.255.0
half-duplex
!
router rip
network 172.16.0.0
network 192.168.1.0
!
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
dialer-list 1 protocol ip permit
!
line con 0
transport preferred none
line aux 0
line vty 0 4
password XXXXXX
login
!
!
!
end

Router2600#

Remember, I was not intending on setting up the cisco to replace what I already have. I was just wondering why it didn't work when I plugged it to test an idea.

Thanks

 

[Hidetherum]

It's working now. I had to set a static nat.

version 12.3
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Router2600
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$FYXO$aygPzq/24cmUHS2rSlYjN.
enable password XXXXXX
!
no aaa new-model
ip subnet-zero
!
!
ip dhcp excluded-address 172.16.1.0 172.16.1.15
!
ip dhcp pool 172pool
network 172.16.1.0 255.255.255.0
domain-name 172cisco.inet
dns-server 192.168.1.1 199.45.45.14
default-router 172.16.1.4
lease 7
!
!
!
!
!
interface Ethernet0/0
description This is the Outside port
ip address dhcp
ip nat outside
half-duplex
!
interface Ethernet0/1
description This is the Inside port
ip address 172.16.1.4 255.255.255.0
ip nat inside
half-duplex
!
router rip
network 172.16.0.0
network 192.168.1.0
!
ip nat inside source static 172.16.1.16 192.168.1.10
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
dialer-list 1 protocol ip permit
!
line con 0
transport preferred none
line aux 0
line vty 0 4
password XXXXXX
login
!
!
!
end

Router2600#

Thanks again

 

[burtsbees]

ip nat inside on e0/0 would have done the trick, also, since the modem is NATting. Forgot that part...oops...sorry

You'll want to set e0/1 (and maybe also e0/0) as full duplex...otherwise, you'll get a lot of late collisions, and perhaps some duplex mismatch messages in the log. You can verify this by
sh logg
sh int e0/1

Burt

 

[Hidetherum]

You are right. There were errors on both interfaces. I thought 10 speed ports would only do half-duplex so I didn't think twice about it. I set them both to full-duplex and cleared the counters. Everything is looking clean now.

Thanks

 

[burtsbees]

The 2600's with the right IOS can do full---no other 10MBps routers can do full (like the 2500, etc).

Burt

 

[silverhairb]

Not meaning to split hairs, my friend, but I think the 3640 will do full duplex on a 10mbs ethernet connection with a later IOS. I also think an 831 will do full duplex on its 10mbs e1 WAN port. At least that's what I recall for the 831. Could also be that I misunderstood your statement.

[the other] Bill

 

[burtsbees]

No---I guess I meant before the 2600's...whoopsie...