Setting up a cisco 1720...

[launcehaught]

Ok, I purchased a used 1720, and popped the t1 wic out of it, upgraded IOS, and installed a pair of ethernet wics.

The goal is to set my system to route outbound traffic for VOIP out of ethernet1 and all other traffic out of ethernet 2.

I however can not even get the unit to route traffic.

my config is:


Current configuration : 821 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
!
hostname netgate
!
boot-start-marker
boot-end-marker
!
enable secret
enable password
!
memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
!
!
interface Ethernet0
ip address 64.81.27.100 255.255.255.0
half-duplex
!
interface Ethernet1
no ip address
shutdown
half-duplex
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0
speed auto
half-duplex
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
no ip http server
!
!
dialer-list 1 protocol ip permit
snmp-server community BroadlineSFOffice RO
snmp-server enable traps tty
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
end

What am I doing wrong, and how can I port specify outbound pathing for Skype?

Thanks!

--L

 

[avilov]

can you ping from the router anything on 64.81.27.0/24 and 192.168.0.0/24 networks?

just curious, why did you set both interfaces to half-duplex?

 

[Zen37]

192.168.0.0 will not route behond the interface of what is at the other end of your Ethernet0. The router at the other end will see the packet look at the source and once it sees it comes from 192.168.0.0, it will drop the packet, for that segment is not routable on the internet.

You will need to set up NAT for this to work.

 

[JOAMON]

Access-list 102 permit ip 192.168.0.0 0.0.0.255 any

interface ethernet0
ip nat outside

interface fastethernet0
ip nat inside

ip nat inside source list 102 interface ethernet0 overload

Also change your default route..

no ip route 0.0.0.0 0.0.0.0 ethernet0
ip route 0.0.0.0 0.0.0.0 64.81.27.XXX (next hop ip address)

Also might be a good idea to set the duplex on fastethernet interface to auto

interface fastethernet0
duplex auto

Curious about the public IP your using.....is that your static from your ISP? Usually IP addresses are assigned in blocks and not entire subnets.

Also for added security you may wnat to eliminate telnet access from the internet.

access-list 1 permit 192.168.0.0 0.0.0.255

line vty 0 4
access-class 12 in

BTW.....what is ethernet0 connecting to??

 

[launcehaught]

Eth0 is a 6mb down 1.5 up dsl
eth1 is a 1.5/256 dsl

With no-route to eth0 that would place all my outbound traffic to eth1 yes?

I am trying to route a block of addresses out eth1 specifically 64.94.136.x

with the remainder of the routed traffic headed out the faster eth0 connection.

In any case, so far the config is looking like this.

And thanks for the help folks, I am a lot of things but I stagger through the cisco interface like a german tourist in downtown seattle...

memory-size iomem 25
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
!
!
!
!
interface Ethernet0
ip address 192.168.1.1 255.255.255.0
duplex auto
ip nat outside
!
interface Ethernet1
ip address 64.81.27.100 255.255.255.224
duplex auto
ip route 0.0.0.0 0.0.0.0 64.81.27.99
!
interface FastEthernet0
ip address 192.168.0.1 255.255.255.0
speed auto
duplex auto
ip nat inside
ip nat inside source list 102
interface ethernet0 overload
!
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet0
ip route 64.94.136.1 255.255.255.224 Ethernet1
no ip http server
!
Access-list 102 permit ip 192.168.0.0 0.0.0.255 any
!
snmp-server community BroadlineSFOffice RO
snmp-server enable traps tty
!
control-plane
!
!
access-list 1 permit 192.168.0.0 0.0.0.255
line con 0
line aux 0
line vty 0 4
access-class 12 in
password Broad1Media
login
!

 

[JOAMON]

If you use an ethernet interface number as the default route your arp-cache will grom so huge it could cause performance problems with your router. Always set default route on an ethernet port to the next hop ip address.
Example:
ip route 0.0.0.0 0.0.0.0 64.81.27.XXX (next hop ip address)
If you want to parse out traffic on different interfaces you will probably need to setup policy based routing.

 

[JOAMON]

BTW....

service password-encryption
will encrypt your service passwords

 

[launcehaught]

Hey folks, you have been tonnes of help, I have my cisco box up and running with a single outbound connection.

So my current config works but I am trying to set port-specific traffic to run out a different gateway.

On ETH1 I have a second DSL which is dedicated to my colo, and I want to route destination specific traffic over that connection.

In addition, I want to set the server to fail over to that connection if the primary DSL fails.

So far, if i set up routes I get about 30% packet loss and it is just fubar.

Any advice?

--L