Jump to content

Any Cisco Guys Willing to Help with Basic Router Config?

ShadowWolf810

 

6 hours ago, leadeater said:

That is how DHCP works, only have 1 DHCP on a network segment. Disable DHCP server on the Apple router for now so you don't cause yourself to have issues.

But what about my Active/Passive or Active/Active cluster?

 

/s. I know what you mean.

Link to comment
Share on other sites

Link to post
Share on other sites

Link to comment
Share on other sites

Link to post
Share on other sites

Could you please copy/paste the running config in text and not pictures?

 

Actually, are you at the router right now? I got some time if you want help. Hopefully I will be able to fix it for you.

Link to comment
Share on other sites

Link to post
Share on other sites

@LAwLz  

@leadeater

 

So I just realized that one of my access lists was typed using the wrong IP For my university, must have been done a long time ago and never gotten changed. I removed those access lists and now the router is assigning DCHP address to all the computers in the lab, on the correct network that it should be. the internet connection seems to be working intermittently and is going extremely slow.

 

Earlier I was getting an error that said "default route without gateway, if not a point to point interface, may impact performance." But im not sure why I'm getting that error because I've set a default gateway with the default-router command 

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, LAwLz said:

Could you please copy/paste the running config in text and not pictures?

 

Actually, are you at the router right now? I got some time if you want help. Hopefully I will be able to fix it for you.

I am at the router currently. Will be here for another hour, then after that I will be back an hour later for the rest of the afternoon

 

AtlasLab#show running-config
Building configuration...

Current configuration : 2330 bytes
!
! Last configuration change at 18:21:45 UTC Fri Feb 24 2017
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AtlasLab
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
enable secret 5 $1$a0KS$upv8JsWVqUTYRDDcNwQDI0
enable password [redacted lol]
!
no aaa new-model
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.1.250 192.168.1.254
ip dhcp excluded-address 192.168.1.200 192.168.1.254
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool AtlasLabPool
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 dns-server 128.138.129.76
 domain-name AtlasLab
!
!
!
ip domain name AtlasLab
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C892FSP-K9 sn FJC2023L2X5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 no ip address
!
interface GigabitEthernet2
 no ip address
!
interface GigabitEthernet3
 no ip address
!
interface GigabitEthernet4
 no ip address
!
interface GigabitEthernet5
 no ip address
!
interface GigabitEthernet6
 no ip address
!
interface GigabitEthernet7
 no ip address
!
interface GigabitEthernet8
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
 bridge-group 1
!
interface GigabitEthernet9
 no ip address
 duplex auto
 speed auto
 bridge-group 1
!
interface Vlan1
 ip address 192.168.1.2 255.255.255.0
 bridge-group 1
!
router rip
 redistribute connected
 network 192.168.1.0
!
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet8 overload
ip nat inside source list 100 interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!
dialer-list 1 protocol ip permit
!
snmp-server community public RO
access-list 1 permit 192.0.0.0 0.0.0.255
!
control-plane
!
bridge 1 protocol dec
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password Atlas2
 login
 transport input all
!
scheduler allocate 20000 1000
!
end
 

Link to comment
Share on other sites

Link to post
Share on other sites

You have quite a lot of commands you don't really need in there, but I can't see anything that would reduce performance.

You can ignore the warning about default gateway. Since you only have a single connection going out it won't impact performance.

 

So is the network working right now? If it's slow then it might just be that the connection you got is slow. Try a speedtest.

Link to comment
Share on other sites

Link to post
Share on other sites

11 minutes ago, LAwLz said:

You have quite a lot of commands you don't really need in there, but I can't see anything that would reduce performance.

You can ignore the warning about default gateway. Since you only have a single connection going out it won't impact performance.

 

So is the network working right now? If it's slow then it might just be that the connection you got is slow. Try a speedtest.

I'm not sure thats true. The cable connected to the WAN port isn't a dedicated line directly from the ISP, its coming through other routers etc. But it is just one connection. 

 

It seemed like the internet was working for a bit, but I haven't seen anything definitive. I've tried restarting all the switches and router to see if it worked but looks like no internet connection whatsoever. Connection is the same connection we've been using for months so there should be no reason for it to be slow, assuming we do get it working. But for now it seems like there's actually just no connection. 

 

I think the problem is that I could assign 'ip nat outside' to the Gi8 interface which is the WAN port, but it wouldn't let me assign 'ip nat inside' to the other LAN interfaces

Link to comment
Share on other sites

Link to post
Share on other sites

38 minutes ago, LAwLz said:

 

Something else interesting is that not all computers are able to talk to each other. The switch set up hasn't changed at all, and we could always talk to which ever computer we wanted, i.e mount their hard drives or screen share or whatever, and now only a select few computers are able to do that even though they're all being assigned their IP addresses by DHCP. Even using a manual IP some computers aren't able to connect to each other. 

Link to comment
Share on other sites

Link to post
Share on other sites

37 minutes ago, ShadowWolf810 said:

I'm not sure thats true. The cable connected to the WAN port isn't a dedicated line directly from the ISP, its coming through other routers etc. But it is just one connection. 

That shouldn't matter. If the traffic only has 1 way out then ip route 0.0.0.0 0.0.0.0 gigabitethernet8 won't slow anything down.

 

11 minutes ago, ShadowWolf810 said:

Something else interesting is that not all computers are able to talk to each other. The switch set up hasn't changed at all, and we could always talk to which ever computer we wanted, i.e mount their hard drives or screen share or whatever, and now only a select few computers are able to do that even though they're all being assigned their IP addresses by DHCP. Even using a manual IP some computers aren't able to connect to each other. 

Try running:
 

int range gig0-7
switchport
exit

Right now they are saying they don't have an IP, which might indicate that they are in layer 3 mode (assuming this router has layer 3 modes on the switch ports).

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, LAwLz said:

That shouldn't matter. If the traffic only has 1 way out then ip route 0.0.0.0 0.0.0.0 gigabitethernet8 won't slow anything down.

 

Try running:
 


int range gig0-7
switchport
exit

Right now they are saying they don't have an IP, which might indicate that they are in layer 3 mode (assuming this router has layer 3 modes on the switch ports).

Tried running it, says incomplete command, did '?' which one should i do? just access? 

 


AtlasLab(config-if-range)#
AtlasLab(config-if-range)#
AtlasLab(config-if-range)#
AtlasLab(config-if-range)#switchport ?
  access     Set access mode characteristics of the interface
  mode       Set trunking mode of the interface
  priority   Set 802.1p priorities
  protected  Configure an interface to be a protected port
  trunk      Set trunking characteristics of the interface
  voice      Voice appliance attributes

AtlasLab(config-if-range)#switchport
 

Link to comment
Share on other sites

Link to post
Share on other sites

@LAwLz

 

I tried "switchport access vlan 1" in the mean time but doesn't seem to have done anything useful. show ip interface brief still shows all of them as unassigned. 

 

I do know that it has layer 3 mode on the switches because when i try applying an IP address directly to Gi0-7 it says that they cannot be configured on L2 Links. Someone in this forum post said that meant layer 3. Could be wrong though. 

 

I have to leave for about an hour, but I'll be back after that, hopefully you'll still be around or can suggest some other things for me to try

Link to comment
Share on other sites

Link to post
Share on other sites

Well damn.

I've never done NAT overload with DHCP on the WAN interface so I am not sure how to do that.

 

You could try this:

hostname AtlasLab
!
ip dhcp excluded-address 192.168.1.250 192.168.1.254
ip dhcp excluded-address 192.168.1.200 192.168.1.254
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool AtlasLabPool
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 dns-server 128.138.129.76
!
ip domain name AtlasLab
!
interface range GigabitEthernet0-7
 switchport access vlan 1
 switchport mode access
 ip nat inside
 no shutdown
!
interface GigabitEthernet8
 ip address dhcp
 ip nat outside
 no shutdown
!
interface Vlan1
 ip address 192.168.1.2 255.255.255.0
!
access-list 10 permit any
!
ip nat inside source list 10 interface GigabitEthernet8 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8

That is the entire config. So clear the router and load that. Save the config to a text document on your computer if you want then use this the command:

AtlasLab#erase startup-config

and then restart the router using the reload command without saving the running config.

 

Then when it's back up, load the config I linked above.

That should work.

 

I just tried that on a router and it does translate addresses just fine for me. What I think was missing before was the access-list which specifies which addresses should be translated. That's what the access-list 10 permit any is for. But it is best to remove all the other config you got because quite a lot of it, such as rip, is completely unnecessary.

Link to comment
Share on other sites

Link to post
Share on other sites

1 hour ago, LAwLz said:

 

Ok so I started trying your config before I deleted mine and loaded it as a text file or just went through the set up again. but this happened. this is the same problem I've been having with the NAT settings but this is how all the tutorials I've found say to do it. 

 

AtlasLab(config)#ip dhcp pool AtlasLabPool
AtlasLab(dhcp-config)#default-router 192.168.1.1 255.255.255.0
AtlasLab(dhcp-config)#dns-server 128.138.129.76
AtlasLab(dhcp-config)#ip domain name AtlasLab
AtlasLab(config)#interface range GigabitEthernet0-7
AtlasLab(config-if-range)#switchport access vlan 1
AtlasLab(config-if-range)#switchport mode access
AtlasLab(config-if-range)#ip nat inside
                                             ^
% Invalid input detected at '^' marker.
 

Link to comment
Share on other sites

Link to post
Share on other sites

@LAwLz

I just found this set of commands on cisco website, going to give it a try. it says this is used for "Configuring Dynamic Translation of Inside Source Addresses"

 

1.    enable 

2.    configure terminal 

3.    ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length

4.    access-list access-list-number permit source [source-wildcard

5.    ip nat inside source list access-list-number pool name 

6.    interface type number 

7.    ip address ip-address mask 

8.    ip nat inside 

9.    exit 

10.    interface type number 

11.    ip address ip-address mask 

12.    ip nat outside 

13.    end 

Link to comment
Share on other sites

Link to post
Share on other sites

@LAwLz

I just found this set of commands on cisco website, going to give it a try. it says this is used for "Configuring Dynamic Translation of Inside Source Addresses"

 

1.    enable 

2.    configure terminal 

3.    ip nat pool name start-ip end-ip {netmask netmask | prefix-length prefix-length

4.    access-list access-list-number permit source [source-wildcard

5.    ip nat inside source list access-list-number pool name 

6.    interface type number 

7.    ip address ip-address mask 

8.    ip nat inside 

9.    exit 

10.    interface type number 

11.    ip address ip-address mask 

12.    ip nat outside 

13.    end 

Link to comment
Share on other sites

Link to post
Share on other sites

25 minutes ago, ShadowWolf810 said:

Ok so I started trying your config before I deleted mine and loaded it as a text file or just went through the set up again. but this happened. this is the same problem I've been having with the NAT settings but this is how all the tutorials I've found say to do it. 

 

AtlasLab(config)#ip dhcp pool AtlasLabPool
AtlasLab(dhcp-config)#default-router 192.168.1.1 255.255.255.0
AtlasLab(dhcp-config)#dns-server 128.138.129.76
AtlasLab(dhcp-config)#ip domain name AtlasLab
AtlasLab(config)#interface range GigabitEthernet0-7
AtlasLab(config-if-range)#switchport access vlan 1
AtlasLab(config-if-range)#switchport mode access
AtlasLab(config-if-range)#ip nat inside
                                             ^
% Invalid input detected at '^' marker.

OK I am out of ideas. It seems like the router you got is not configured the same way Cisco's routers typically are. It's probably because it is a router/switch combo. Chances are it has some really easy way to configure it, but I can't figure out how.

Sorry.

 

The way I wrote, and the way the guides you find tells you to do, is how you typically do it.

 

 

17 minutes ago, ShadowWolf810 said:

I just found this set of commands on cisco website, going to give it a try. it says this is used for "Configuring Dynamic Translation of Inside Source Addresses"

Sadly that won't work either, because it uses the ip nat inside command too.

 

 

Does it work if type:

int range gig0-3

instead of 0-7?

How about 1-3?

 

It might be that just one interface doesn't support it.

Because I just looked at the guide for the 800 series switches and they use that command.

 

 

 

NO WAIT!

 

Type this:

int vlan 1
ip nat inside
exit

That might fix it.

Don't apply the ip nat inside command on the physical interfaces. Apply it to the vlan 1 interface.

Link to comment
Share on other sites

Link to post
Share on other sites

@LAwLz

 

Ok I will give those things a try as well. Unfortunately another class has come into the room and I don't have a way to test to see if its working because we've currently just got the ISP line going into a series of switches so that the lab computers have internet without going through this router we're configuring. I might be able to take the internet down for them in a bit, but might have to wait another 40 min or so before I can take the internet down and actually test it. 

 

While we way maybe we could work on getting the http server set up so that the router can be logged into from a Web UI? Have followed the basic instructions i've found but have yet to be able to connect to it that way, am stuck with a console cable

Link to comment
Share on other sites

Link to post
Share on other sites

3 minutes ago, ShadowWolf810 said:

@LAwLz

 

Ok I will give those things a try as well. Unfortunately another class has come into the room and I don't have a way to test to see if its working because we've currently just got the ISP line going into a series of switches so that the lab computers have internet without going through this router we're configuring. I might be able to take the internet down for them in a bit, but might have to wait another 40 min or so before I can take the internet down and actually test it. 

 

While we way maybe we could work on getting the http server set up so that the router can be logged into from a Web UI? Have followed the basic instructions i've found but have yet to be able to connect to it that way, am stuck with a console cable

OK.

 

This is the revised config I think will work:

hostname AtlasLab
!
ip dhcp excluded-address 192.168.1.250 192.168.1.254
ip dhcp excluded-address 192.168.1.200 192.168.1.254
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool AtlasLabPool
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 dns-server 128.138.129.76
!
ip domain name AtlasLab
!
interface range GigabitEthernet0-7
 switchport access vlan 1
 switchport mode access
 no shutdown
!
interface GigabitEthernet8
 ip address dhcp
 ip nat outside
 no shutdown
!
interface Vlan1
 ip address 192.168.1.2 255.255.255.0
 ip nat inside
 no shutdown
!
access-list 10 permit any
!
ip nat inside source list 10 interface GigabitEthernet8 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!
end

 

Link to comment
Share on other sites

Link to post
Share on other sites

@LAwLz

 

I tried the different interface ranges like you said, did 0-3, 1-3, 4-6 and 4-7 but none of those commands went through either. 

 

Doing 

int vlan 1 

ip nat inside 

exit

 

did however go through as a legit command

Link to comment
Share on other sites

Link to post
Share on other sites

@LAwLz

So I tried the revised config that you posted, didn't get any errors or anything but I still don't have internet access. I even shut down the router and all the switches, then turned on the router and let it fully boot, then plugged all the switches back in. All the computers are getting IPs served to them through DHCP but they can't connect to the internet. 

Link to comment
Share on other sites

Link to post
Share on other sites

Try and change the IP address under Vlan 1 to 192.168.1.1

You have the hosts getting the default gateway of 192.168.1.1 from the DHCP config but you don't have that IP address set anywhere.

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

5 minutes ago, Lurick said:

Try and change the IP address under Vlan 1 to 192.168.1.1

You have the hosts getting the default gateway of 192.168.1.1 from the DHCP config but you don't have that IP address set anywhere.

Ok I tried that, still no luck. This is the current config from that

Current configuration : 1818 bytes
!
! Last configuration change at 23:09:11 UTC Fri Feb 24 2017
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname AtlasLab
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.1.1 192.168.1.10
!
ip dhcp pool AtlasLabPool
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.1
 dns-server 8.8.8.8
!
!
!
ip domain name AtlasLab
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C892FSP-K9 sn FJC2023L2X5
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0
 no ip address
!
interface GigabitEthernet1
 no ip address
!
interface GigabitEthernet2
 no ip address
!
interface GigabitEthernet3
 no ip address
!
interface GigabitEthernet4
 no ip address
!
interface GigabitEthernet5
 no ip address
!
interface GigabitEthernet6
 no ip address
!
interface GigabitEthernet7
 no ip address
!
interface GigabitEthernet8
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet9
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 10 interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!
!
access-list 10 permit any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
!
end
 

Link to comment
Share on other sites

Link to post
Share on other sites

Alright, can you ping 8.8.8.8 from one of the computers? Or, if you do a 'show ip int brief' can you ping the IP address assigned to GI8 from the computers?

 

What shows up with a show ip nat translation?

Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to comment
Share on other sites

Link to post
Share on other sites

1 minute ago, Lurick said:

Alright, can you ping 8.8.8.8 from one of the computers? Or, if you do a 'show ip int brief' can you ping the IP address assigned to GI8 from the computers?

 

What shows up with a show ip nat translation?

I tried pinging 8.8.8.8 first and thats where the errors came through in what I paste below. 

 

When I pinged 128.138.221.148 nothing happened. 'show ip nat translation' didn't work so I did 'show ip nat statistic' instead. When I did translations the command went through but it doesn't do anything.

 

atls221-148-dhcp#
*Feb 24 23:31:14.267: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.11.
*Feb 24 23:31:15.767: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.12.
*Feb 24 23:31:17.267: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.13.
*Feb 24 23:31:17.267: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.14.
*Feb 24 23:31:18.767: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.15.
*Feb 24 23:31:18.767: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.16.
*Feb 24 23:31:18.771: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.17.
*Feb 24 23:31:23.335: %DHCPD-4-DECLINE_CONFLICT: DHCP address conflict:  client 01a8.60b6.18b5.da declined 192.168.1.18.
atls221-148-dhcp#show ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0           unassigned      YES unset  up                    up   
GigabitEthernet1           unassigned      YES unset  down                  down 
GigabitEthernet2           unassigned      YES unset  down                  down 
GigabitEthernet3           unassigned      YES unset  up                    up   
GigabitEthernet4           unassigned      YES unset  up                    up   
GigabitEthernet5           unassigned      YES unset  down                  down 
GigabitEthernet6           unassigned      YES unset  down                  down 
GigabitEthernet7           unassigned      YES unset  up                    up   
GigabitEthernet8           128.138.221.148 YES DHCP   up                    up   
GigabitEthernet9           unassigned      YES unset  administratively down down 
NVI0                       128.138.221.148 YES unset  up                    up   
Vlan1                      192.168.1.1     YES manual up                    up   
atls221-148-dhcp#show ip nat translation
atls221-148-dhcp#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
atls221-148-dhcp(config)#show ip nat translation
                           ^
% Invalid input detected at '^' marker.

atls221-148-dhcp(config)#exit
atls221-148-dhcp#
*Feb 24 23:35:14.167: %SYS-5-CONFIG_I: Configured from console by console
atls221-148-dhcp#show ip nat statistic
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 9, occurred 00:09:20 ago
Outside interfaces:
  GigabitEthernet8
Inside interfaces:
  Vlan1
Hits: 48  Misses: 0
CEF Translated packets: 11, CEF Punted packets: 20
Expired translations: 8
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 10 interface GigabitEthernet8 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
atls221-148-dhcp#
 

 

Link to comment
Share on other sites

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×