Cisco Configuration

[dictator88]

This has been going on for a year. I will try to take another crack at this. I am trying to configure a cisco 3700 with a SIMPLE route. The interface0 has a static public IP and the interface1 needs to handle 4 PUBLIC class C's.
A dozen people who said they knew what they were doing tried helping me with this but something always didn't work right. The reason seems to be since I need a simple route to act as nothing more than a gateway for the 4 class C's. Everyone keeps wanting to add in NAT commands which breaks many things. The reason - Behind this "gateway" is a couple hundred broadband customers, and many servers. Including DNS servers, mail servers, web servers, etc. NOTHING can be blocked. Reverse dns must translate, pings, everything. For some reason, no-one seems to understand the difference between a (public WAN / Private LAN) and a (public WAN / PUBLIC LAN! ) Below is the config of the last person that tried. If anyone knows what I am talking about and knows what the simple config would be for this I would LOVE to see it.


!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname mechwall
!

!
ip subnet-zero
ip cef
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 98.113.33.14 255.255.255.252
ip nat inside
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 98.113.36.1 255.255.252.0
no ip route-cache
no ip mroute-cache
speed auto
full-duplex
!
ip classless
ip http server
ip route 0.0.0.0 0.0.0.0 98.113.33.13
!
!
snmp-server community rack RO
snmp-server community public RO
snmp-server location Ashland
snmp-server contact xxxx
snmp-server enable traps tty
!
line con 0
line aux 0
line vty 0 4

Now, according to cisco, a "simple" gateway config should be something like this,

interface fastethernet0/0
ip address 98.113.33.14 255.255.255.252

interface fastethernet0/1
ip address 98.113.36.1 255.255.252.0

router rip
network 98.113.33.0
network 98.113.36.0

ip route 0.0.0.0 0.0.0.0 98.113.33.13

But it doesn't seem to work either ????????????

 

[VinceWhirlwind]

You also need a route (or 4) pointing at
interface FastEthernet0/1
ip address 98.113.36.1 255.255.252.0
for the 4 internal "public" subnets.

 

[dictator88]

Well, that's what I thought! But since then I have been told more times then I can count that the 255.255.252.0 covers all 4 of the class c's. AND, I've tried this two ways, 1) all as one sub of 252.0 AND 2) as 4 seperate class c's with subs of 255.255.255.0. Neither worked. It's something extremely simple, I just can't figure it out. Now, I use to configure cisco 2600's rather easy doing the same thing but with T1's. But the 2600's with a wan T1 interface (serial0/0) and the lan being eithernet0/0. Now that config was simple,

ip subnet-zero
!
!
!
!
interface Ethernet0/0
ip address 216.207.13.1 255.255.255.0 secondary
ip address 216.207.14.1 255.255.255.0 secondary
ip address 216.207.15.1 255.255.255.0 secondary
ip address 216.207.12.1 255.255.252.0
no ip directed-broadcast
!
interface Serial0/0
ip address 65.121.248.74 255.255.255.252
no ip directed-broadcast
no ip mroute-cache
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
no ip http server
!
snmp-server engineID local 00000009020000D0BBE14DE0
snmp-server community hacknet RO
snmp-server location Ashland, Mechcom


And that worked everytime. But if I try to do the same thing with this 3700 and use FastEthernet0/0 the wan, and FastEthernet0/1 the lan,,, it doesn't pass traffic.?

 

[VinceWhirlwind]

So all your "internal" subnets are within the range:
98.113.36.0 255.255.252.0
?

Do all the hosts on this network have a route out to 98.113.36.1?

WHy do you have nat configured on f0/0?

 

[dictator88]

Yes, MY internal subnet IS 255.255.252.0 . And yes,all my servers, customers, radios, everything, have 98.103.36.1 as gateway and 255.255.252.0 as sub.

As for the NAT thing,,, that was wasn't my doing. Someone else was trying to make this work and insisted NAT was needed. I tried to explain to them the situation but it seems most people are not used to seeing a router only be a gateway. I have offered $100 to anyone who can give me a simple solution to this. (A simple config). Believe it or not, no can seem too. I have searched all day and night online looking for someone who has posted SOMETHING along the lines of what I am doing. It would appear it's too simple for anyone to even bother posting. LOL Very frustrating.

 

[VinceWhirlwind]

Well, as long as your "internal" hosts can ping 98.113.36.1 and as long as from your router you can ping 98.113.33.13, and get rid of the NAT, it's a very simple setup.

 

[dictator88]

To simplify this, let me show you the root of the problem. Below is the most basic config I can make and it doesn't pass traffic and from what I can tell, IT SHOULD.

!
ip subnet-zero
!
!
!
!
interface FastEthernet0/0
ip address 98.113.33.14 255.255.255.252
no ip mroute-cache
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 98.113.36.1 255.255.252.0
no ip mroute-cache
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
ip http server
!

snmp-server engineID local 00000009020000070E9450A0
snmp-server community hacknet RO
snmp-server location Ashland, Mechcom
snmp-server contact Curt Mechling

 

[VinceWhirlwind]

Break it down into smaller steps.
Are the 2 router interfaces up?
Do a show interface on each one.
Can your internal hosts ping 98.113.36.1?
Can the router ping 98.113.33.14?

 

[dictator88]

Both are up,
pc behind router can ping both 36.1 and 33.14
when I do a show interfaces, there is one line that concerns me. (encapsulation ARPA, loopback not set.

Could that be the problem? From what I've read, the loopback is used as a virtual interface that can't go down.?

 

[VinceWhirlwind]

Don't worry about that.

So you seem to have connectivity, although I just realised I wrote this question wrong:
"Can the router ping 98.113.33.14?"
Should have said
"Can the router ping 98.113.33.13?"
If not, ask them why not, and if so, can the PC ping .13?

 

[TJKID]

Sounds like the problem is on the Public WAN side of things. Is there a route on the Public WAN that says the gateway for your 4 public class C's is your 3700 WAN interface?