Is it possible??

[wannaciscobe]

Hi all,
I'm still trying to connect my 2501 to my cable modem in this fashion...

cable-modem----E0/2501/S0......S1/2501/E0....PC

Is this possible? I'm not having any luck in getting connectivity to the internet at all except thru the closest 2501 to the cable modem...

Thanks,
Bob

 

[rburke]

Let me play with it with my lab, and I will let you know what I find. Give me about a day.

Burke

 

[wannaciscobe]

rburke,
Thanks for your previous help and for checking this out also....this is driving me nuts....

It seems there should be no reason it couldnt work...

thanks again,
bob

 

[CCIEWANNABE]

How to Configure a Cisco Router Behind a Non-Cisco Cable Modem at Link:

http://www.cisco.com/warp/public/109/router_behind_cm_19268.shtml#hw

Route once; switch many

 

[wybnormal]

cablemodem----router1-----WAN---router2---LAN

First.. can you ping from the LAN to router2? router1, someplace on the internet?

Default routes configured? 0.0.0.0 0.0.0.0 <next hop>
Router2 needs to point to router1
Router1 needs to point to ISP's router

Classless IP addressing enabled?

trick1

Run NAT on router1 to place your network behind something to help protect the LAN. Do NOT rely on the ISPs firewalls.. if any.

MikeS
Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu

 

[wannaciscobe]

cciewannabe and wybenormal...
Thanks, but I config'd it like the link that you mentioned and that didn't change anything.... and I have all the commands in place that you mentioned wybe.....

I can ping from the farthest back lan all the way to the DHCP ip address that my isp is giving my EO on router 1 successfully... but no farther.... except I can ping any internet address from router 1..(the one attached to the cable modem..)
Im using static IPs to keep it simple....

bob

 

[wybnormal]

So you can ping from the LAN to router1's ethernet interface but no further?

Do you have the static route entries you need to point BACK to the lan? Router1 and 2 need to either have a routing protocol like RIP running OR static routes with each subnet listed..

router1: needs route to internet (0.0.0.0 0.0.0.0) also needs route BACK to LAN via serial interface

router2: needs route to internet (0.0.0.0 0.0.0.0) Doesnt really anything else since the lan is directly connected as is the serial subnet. Anything else will use the default route to get to router1 and router1 then will direct the packet.

If you use RIP or RIP2, then advertise both interfaces on Router2, advertise serial on Router1 but make e0 passive since nobody on the internet needs your RIP advertisements.


MikeS

Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu

 

[rburke]

&quot;ip route 0.0.0.0 0.0.0.0 24.210.112.1 (next hop)
ip route 169.254.0.0 255.255.255.0 10.10.10.2 (Ethernet connected to other router)&quot;

Like MikeS was saying, I think that part of your problem, at least from the past config you put up, was that R1 was sending all unknown networks to your ISP router. That is fine if you know that R1 is connected, or knows of all the networks or subents in the local network, but since there is no routing protocl running (RIP, IGRP) then you need to add static routes. The problem, from your last config was that packets were getting to the sources but didn't have a way back so they were discarded, making it look like they weren't going anywhere. The default route (0.0.0.0 0.0.0.0) should always be the last route since once it looks at it it will send it to the default route. So your statments should have been the other way:

ip route 169.254.0.0 255.255.255.0 Serial0
ip route 0.0.0.0 0.0.0.0 24.210.112.1

Try using this, and if it doesn't work, post your config for both routers.

Burke

 

[wannaciscobe]

rburke:
You guys might be onto something...I didn't realize that static routes behaved like ACL's....first match then out?????


I will fix that then get back to you...
and thanks again for all your help...I hope that one day I'm good enough to do the same for someone else...


bob

 

[rburke]

Well, I wrote this post prior to the last post, but put it in the wrong forum, hopefully it will help out a bit more:

&quot;
Sorry I didn't get to try the setup at home last night, I was out pretty late....

But from your previous post of your config, it looked like you weren't NATing your inside IP's to the one DHCP address you get from your ISP. This is just what I have come up with this morning....

cable-modem---E0/2501/S0...........S1/2501/E0-------------PC
(192.168.1.0/24) (10.1.1.0/24)

For R1(connected to cable modem):

int e0:
mac ......(whatever the MAC you need to put)
ip address dhcp
ip nat outside

int s0:
ip address 192.168.1.1 255.255.255.0
(whatever WAN connection setup you want to make)


ip nat inside source list 1 int e0 overload

access-list 1 10.1.1.0 255.255.255.0

ip classless

ip route 10.1.1.0 255.255.255.0 192.168.1.1(S0)
ip route 0.0.0.0 0.0.0.0 24.210.112.1(E0)

then your other router, the one the PC is connected to needs just a basic setup with the WAN connection on S1 and subnet 10.1.1.0 255.255.255.0 on interface E0.

Try that, and see if it works, if not then post the configs of both routers. Hope this helps.

Burke &quot;

 

[rburke]

Acutally, I tihnk I am wrong about the static route statments. Since the static route statmemts add the route to the routing table, then when deciding to forward a packet, it searches the routing table, and if no route is found, then it uses the default route. I'd love to check it on cisco's website, but it is firewalled were I work(security hazard)... But someone let me know...

Persoanlly, I treat static routes like ACL, just for personal comfort, but in actuality I don't think it matters on the order....

 

[rburke]

Ok, well first off, I belive that I was right about the static routes(the second time around), they can be in any order since they add entries to the routing table.

Second, I did simulate the same setup you are using and got it to work here's the setup:

cable modem
|
|
(int E0)(DHCP)
Router R1
(DCE)(int S0)(FR)(192.168.1.1)
+
+(network 192.168.1.0/24)
+
(DTE)(int S1)(FR)(192.168.1.2)
Router R2
(int E0)(10.1.1.1)
|
|
PC(static IP in 10.1.1.0/24)

R1:
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1
!
logging rate-limit console 10 except errors
!
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
!
!
!
interface Ethernet0
ip address dhcp
ip nat outside
!
interface Serial0
ip address 192.168.1.1 255.255.255.0
ip nat inside
encapsulation frame-relay
no keepalive
no fair-queue
clockrate 56000
frame-relay interface-dlci 50
!
interface Serial1
no ip address
shutdown
!
ip kerberos source-interface any
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 10.1.1.0 255.255.255.0 Serial0
no ip http server
!
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
line con 0
exec-timeout 60 0
logging synchronous
transport input none
line aux 0
line vty 0 4
login
!
end


R2:
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2
!
logging rate-limit console 10 except errors
!
ip subnet-zero
no ip finger
!
ip dhcp pool Testit
network 10.1.1.0 255.255.255.0
!
no ip dhcp-client network-discovery
!
!
!
!
interface Ethernet0
ip address 10.1.1.1 255.255.255.0
!
interface Serial0
no ip address
shutdown
no fair-queue
!
interface Serial1
ip address 192.168.1.2 255.255.255.0
encapsulation frame-relay
no keepalive
frame-relay interface-dlci 50
!
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no ip http server
!
!
!
line con 0
transport input none
line aux 0
line vty 0 4
login
!
end

I was able to get ping responses all the way outside the R1, int E0 port, which was my &quot;ISP&quot; router. So it should be good. The only thing I found that was a little wierd was that if you ping R1 S0 ip address from R1, or R2 S1 ip address from R2, then it will give you &quot;encapsulation failed&quot;. I'm sure it has to do with the NATing, but it works if it is going to other IP's. So, let me know if this works, if not I'll see what I can do. Let us know...

Burke

 

[wannaciscobe]

rburke,
Thanks a bunch for this...I'll get on it right away. Just a couple of questions...
1.) No keepalives? What is the reason for that?

2.) Does internal DHCP have anything to do with my problem or is it just the way you decided to config it?

Just trying to learn....
Thanks again in advance...

bob

 

[rburke]

The no keepalives are for making a back to back frame relay connection. That is just how I have always done, it, and there is a cisco link somewhere that gives an example of a frame realy back to back link with the no keepalives. So if Cisco says do it, I did it and it works. Someone else can probaly answer that better than me.

The internal DHCP was just something I did, because I didn't want to put static stuff in my test PC, it was only 2 lines, as aopposed to having to click through windows and set the IP,Gateway,and DNS. So it was a lazines thing. Remove these lines nad use static routes in your config:

R2:
ip dhcp pool Testit
network 10.1.1.0 255.255.255.0

It should work just fine with static routes.

Let me know how it goes.

Burke

 

[rburke]

The no keepalives are for making a back to back frame relay connection. That is just how I have always done, it, and there is a cisco link somewhere that gives an example of a frame realy back to back link with the no keepalives. So if Cisco says do it, I did it and it works. Someone else can probaly answer that better than me.

But if I had a guess it would be this. Frame realy links are supposed to go through a frame realy cloud(alot of frame realy switches, etc) and not supposed to go directly between the two CPE(end) routers. The LMI(keepalives) are not routed in a real frame realy cloud, it only goes from the end router to the first frame relay switch, so there must be some kind of problem in the back to back configuration, because the end routers are both DTE instead of a FR switch which is DCE, where the end routers cannot process the LMI from each other, since in reality they are never supposed to get the LMI from each other. Disclaimer: (That was a total shot in the dark with some truths to it. I am not for certain on the reason for no keepalive, but that was my reasoning. If someone who knows the answer could fill me in I'd appreciate it.)

The internal DHCP was just something I did, because I didn't want to put static stuff in my test PC, it was only 2 lines, as as opposed to having to click through windows and set the IP,Gateway,and DNS. So it was a lazines thing. Remove these lines and use static routes in your config, if you want to:

R2:
ip dhcp pool Testit
network 10.1.1.0 255.255.255.0

It should work just fine with static routes.

Let me know how it goes.

Burke

 

[wybnormal]

There is no reason to do *no keep alives* unless you know that the port will be going down and you want to force it up.

This is the trick used in All in ONe CCIE Study Guide lab book to keep the ethernet interfaces up even though they are not connected to anything.

PPP back to back

http://www.cisco.com/warp/public/116/ppp_back.html

Master and Slave Relationships on a T1 Back-to-Back Connection

http://www.cisco.com/warp/public/116/t1_back_to_back.html

HDLC back to back

http://www.cisco.com/warp/public/116/hdlc_back.html

In none of these is no keepalives recommended and in the real world, it's a bad habit. The reason that Cisco shows it:
!
interface Serial0
no ip address
encapsulation frame-relay
no keepalive
!--- This command disables LMI
!--- processing.

is when you have a frame relay connection without the frame switch(router) between the two end points. As you can see from the comments in the code snipet, it's disabling the LMI processing that normally goes with Frame Relay connection. As long as your clocking stays up, the link will be up. In a normal connection, it would be down as the LMI messages (keepalives)would give an error.

MikeS

Find me at

http://www.packetattack.com

&quot;Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.&quot;
Sun Tzu

 

[wannaciscobe]

Thanks for your help guys....
Mburke...are you saying that you can ping all the way to EO of R1? I can do that...but no farther; not to anything on the internet except from R1. It's getting to the internet from R2 and beyond that is happening...
bob

 

[wannaciscobe]

To all who are helping me....
Here is my config for both routers.
I CAN PING ALL THE WAY TO EO ON R1 FROM THE LAN.
I CAN PING ANY INTERNET ADDRESS FROM R1.

Thanks I hope this helps.
bob

--------------------


-------------------------------------------------

Building configuration...

Current configuration : 1057 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R1 (ROUTER CONNECTED TO THE CABLE MODEM)
!
logging rate-limit console 10 except errors
enable secret 5 $1$UNd/$USitPV.qsM83QpBEWxQQE0
!
clock timezone eastern -3
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
!
!
!!
interface Ethernet0
description Outside interface to Cable Modem
mac-address 0080.c6ea.fa3e
ip address dhcp
ip nat outside
no cdp enable
!
interface Serial0
ip address 10.10.10.1 255.255.255.0
no fair-queue
clockrate 56000
!
interface Serial1
no ip address
shutdown
!
ip kerberos source-interface any
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip route 192.168.0.0 255.255.255.0 10.10.10.2
ip route 0.0.0.0 0.0.0.0 Ethernet 0
ip http server
!
access-list 1 permit 192.168.0.0
ip kerberos source-interface any
ip nat inside source list 1 interface Ethernet0 overload
ip classless
ip route 192.168.0.0 255.255.255.0 10.10.10.2
ip http server
!
access-list 1 permit 192.168.0.0
!

!
line con 0
transport input none
line aux 0
line vty 0 4
password cisco
login
!
end

GATEWAY#

-----------------------------------------


Current configuration : 757 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R2 (ROUTER BEHIND SERIAL LINK CONNECTED TO LAN.)
!
logging rate-limit console 10 except errors
enable secret 5 XXXXXXXXXXXXXXXXXXX
!
ip subnet-zero
no ip finger
!
no ip dhcp-client network-discovery
!
!
!
!
!
interface Ethernet0
ip address 192.168.0.1 255.255.255.0
!
interface Serial0
no ip address
encapsulation x25
shutdown
!
interface Serial1
ip address 10.10.10.2 255.255.255.0
!
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip http server
!
!
!
line con 0
transport input none
line aux 0
line vty 0 4
!

!
end

Router#

 

[rburke]

Well, it might have just been a mistake, but it looks like your Serial 0 interface on R1 is missing the &quot;ip nat inside&quot; command. Was that a mistake or was it really missing?

Burke

 

[wannaciscobe]

rburke,
Sorry, that was a &quot;copying-to-the-clipboard&quot; accident not the way my config is...it's in the config for s0
bob