Cisco Router config help! What am I missing?!

S

sykotic

Limp Gawd
Joined
Jan 2, 2003
Messages
154
Ok, I am setting up a new plant for one of my customers, I have all the cable drops done, have everything patched down and cables tied into the main switch, everything is wired and setup. The only thing I lack for completion of this job is getting their internet connection setup. They were sent a Cisco 851W router, I have never had to setup a Cisco router from scratch before. I am using the SDM manager and it looks like everything is setup.
I can ping the gateway from both the router and any computer on the network. I can not ping the ISP's DNS servers or any other IP address. Here is the funny thing though, I can plug the modem directly into the network card on the server, setup the static IP settings on the card, and it works flawlessly, so the problem is not with the internet connection.

I am stumped, I have tried countless changes yesterday and today is a freakin Saturday, been up here for 3 hours already trying to figure this out with no luck. I am hoping to get them online today so I can bill them for my time but I just can't figure this out. I have another Cisco router(not even close to the same model) that I am referencing it's config file and everything looks almost the same, I just don't get it!

Here is the network info:
192.168.0.x subnet
mask 255.255.255.0
router ip 192.168.0.251
ISP's DNS servers are 208.6.232.10 and 208.6.232.12

Here is the running-config from the router, I have blanked out the WAN IP address and encrypted passwords for obvious reason, please help!

Code: 
Building configuration...

Current configuration : 4680 bytes
!
! Last configuration change at 11:52:45 Chicago Sat Jan 27 2007 by admin
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ****
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 debugging
logging console critical
enable secret 5 ****
!
no aaa new-model
!
resource policy
!
clock timezone Chicago -6
clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1 192.168.0.159
ip dhcp excluded-address 192.168.0.171 192.168.0.254
!
ip dhcp pool sdm-pool1
   network 192.168.0.0 255.255.255.0
   dns-server 208.6.232.10 208.6.232.12 
   default-router 192.168.0.251 
!
!
ip cef
ip tcp synwait-time 10
no ip bootp server
ip name-server 208.6.232.10
ip name-server 208.6.232.12
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto ****
!
!
crypto pki certificate chain TP-self-signed-1910476874
 certificate self-signed 01
  ****
  quit
username admin privilege 15 secret 5 ****
!
! 
!
bridge irb
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description $FW_OUTSIDE$$ES_WAN$
 ip address WANIP 255.255.255.128
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 ip route-cache flow
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 !
 ssid ****
    authentication open 
 !
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
 station-role root
 bridge-group 1
 bridge-group 1 subscriber-loop-control
 bridge-group 1 spanning-disabled
 bridge-group 1 block-unknown-source
 no bridge-group 1 source-learning
 no bridge-group 1 unicast-flooding
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$$FW_INSIDE$
 no ip address
 ip tcp adjust-mss 1452
 bridge-group 1
!
interface BVI1
 description $ES_LAN$$FW_INSIDE$
 ip address 192.168.0.251 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1412
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 100 interface FastEthernet4 overload
!
logging trap debugging
access-list 100 remark SDM_ACL Category=2
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
no cdp run
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip
banner login ^CAuthorized access only!
 Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
 login local
 no modem enable
 transport output telnet
line aux 0
 login local
 transport output telnet
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler max-task-time 5000
scheduler allocate 4000 1000
scheduler interval 500
end
 
I don't suppose it matters that my LAN subnet mask is 255.255.255.0 and the WAN subnet mask is 255.255.255.128?
 
ip nat outside <------- what's this for? As far as i know it's very unusual to have this in a router config....i mean there are uses for it, but that is uncommon and could actually be your problem.
 
I have no idea, when I enabled NAT it put it in there. I went ahead and removed it but still no luck =/. I have disabled the firewall and NAT both to see if they were the cause with no success.

See anything else? Do I need to create another route? Do you think the LAN and WAN interfaces being on different subnet masks might be it? Or that I need to add anything to accomodate that bit of information?
 
Do a "show ip route" and see if you have routes. I dont see any default routes in there.
 
Code: 
fours#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.0.0/24 is directly connected, BVI1
fours#

Is this not a default route?
Code: 
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
 
Wow, i'm about to go yell at my ISP. I changed the subnet mask from 255.255.255.128 to 255.255.255.0 and it's working just fine, it doesn't make a damn bit of sense for me to use that mask because the gateway is *.*.*.1. Something that simple was the issue the whole time. Thanks for the help guys.
 
For what its worth "ip nat outside" and "ip nat inside" is a standard part of IOS NAT configurations. "ip name outside" goes on the "outside", aka "wan", interface. "ip nat inside" goes on your inside interfaces, like the switch ports. The rest of the configuration looks fine to me. However I don't see the IOS firewall configured. You might want to investigate this.

Also, what version of IOS is this router running? I see its running 12.4 something. A "show ver" from the router will show you more info about it.

Did the customer buy a SmartNet contract for this router? If not I would suggest it, a next business day service contract is under $100 for a year on a cheap router like the 851W.
 
Yea I had removed the firewall till I got things up and going. It is now configured.

show ver shows:
"fours#show ver
Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(4)T4, REL
EASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Thu 03-Aug-06 17:16 by kellythw

ROM: System Bootstrap, Version 12.3(8r)YI3, RELEASE SOFTWARE

fours uptime is 10 hours, 11 minutes
System returned to ROM by power-on
System image file is "flash:c850-advsecurityk9-mz.124-4.T4.bin""

We haven't got a service agreement, i'll look into it. Oh yea and I put back the ip nat outside earlier on after I did a little research on it. Thanks for the tips!
 
You must log in or register to reply here.
Back
Top