What am I doing wrong?

[Erolu]

Hi,
Im a new to setting up Cisco routers. I have set up a 1721 to act as a dhcp server and to perform NAT. The config is as follows:



Current configuration : 1509 bytes
!
! Last configuration change at 08:22:15 UTC Tue Sep 21 2004
! NVRAM config last updated at 06:31:53 UTC Tue Sep 21 2004
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Testrouter
!
logging queue-limit 100
enable password xxxxxx
!
ip subnet-zero
!
!
ip domain name mydomain.edu (substituted for real domain name)
ip name-server 199.44.xxx.6
ip name-server 199.44.yyy.222
ip dhcp excluded-address 192.168.1.1 192.168.1.2
!
ip dhcp pool TestPool
network 192.168.1.0 255.255.255.0
domain-name mydomain.edu (substituted for real domain name)
dns-server 199.44.xxx.6 199.44.yyy.222
default-router 192.168.1.1
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
!
!
!
interface Ethernet0
description connected to EthernetWan
ip address 172.16.30.3 255.255.255.0
half-duplex
!
interface FastEthernet0
description connected to EthernetLan
ip address 192.168.1.1 255.255.255.0
speed auto
!
interface Async1
no ip address
!
router rip
version 2
network 172.16.0.0
network 192.168.1.0
no auto-summary
!
ip classless
ip route 172.16.30.0 255.255.255.0 FastEthernet0
ip route 199.44.xxx.0 255.255.255.0 FastEthernet0
ip route 199.44.yyy.0 255.255.255.0 FastEthernet0
no ip http server
no ip http secure-server
!
!
!
!
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
password xxxxxx
login
line 1
flush-at-activation
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password xxxxxx
login
!
no scheduler allocate
end

Testrouter#

My problem is this: I cannot get it to see out over the gateway. Am I using the incorrect routes? The route that says 172.16.0.0 doesnt look right to me so Im thinking that is it but I changed it to what I thought it should be and still it doesnt work. Can anyone point it out to me where I went wrong? Much thanks =)

 

[Degg]

I would take out the 172.16 route, and replace it with ip route 0.0.0.0 0.0.0.0 172.16.30.2, where 172.16.30.2 is the next hop router on your WAN. This sets your default route to go out the WAN interface, and all IP's that are not local will go out that route. You shouldnt even need your 199.x.x.x route statements.
Why are you using RIP? do you have any other routers that are using it? You shouldnt need any routing protocols if this is a standalone router that is just a gateway for your internet.


Degg
Network Administrator

 

[MTandSAV]

do you want to use this router to route to the internet?
You have configured on both the interfaces private addresses, so thats not going to work.
replace ethernet0 addresses, with public address.
add: ip nat outside
fastethernet add: ip nat inside
add:
access-list 102 192.168.1.0 0.0.0.255 any

ip nat inside source list 102 interface ethernet0 overload

add to your dhcp pool: import all

 

[Erolu]

Maybe I should have clarified my environment. I connected my router to my network at work which is a class B network and created my own class C network on the inside of that router. So really I am trying to find my way out ot the internet though the class B network. I changed the routing and took the RIP out too as was recommended and still no luck =(. Thanks for all the help =)

 

[Degg]

I bet your Netowrk Admin's love this. I would change your WAN IP to the same subnet mask that your WAN uses (the Class B), and then with NAT you should be able to get out just fine. Does all of your work network use public IP's? How did you get your WAN IP? If they use private IP's and NAT one your 'WAN' then a public IP probably wont work. Do they know you are doing this? If they do, then you should be able to ask them more detailed info on how to get the WAN side to work.

Degg
Network Administrator

 

[Erolu]

Im a layer 2 tech getting my feet wet with Cisco IOS etc...Im attempting to set this router up at my desk so I can have a hands on kind of environment to mess with. I didnt read anyhting anywhere about this kind of thing causing the network as a whole any problems. No different than a host sitting out on a network holding onto an address, right? I did read that certain routers rain chaos on VLAN'ing but as far as I read the 1721 was not one of them. Thanks for all the advise, as soon as I set the subnet the way you all said to it worked. Viola! Thanks

 

[Degg]

I dont think the router would cause any problems, I just think of some of the people I have working for us, and seeing them try this. From a security standpoint, its a bad idea (on the admin side). but other than that, it shouldnt really be noticable. What I mean by security is by putting an 'unauthorized' router/switch out on the network, 'unauthorized' users can now attach to the network, and that could be bad. I'm not bashing on you, just being sarcastic with the 'they must love you' comment. Glad you got it working!

Degg
Network Administrator