Any Cisco Guys Willing to Help with Basic Router Config?

[Lurick]

Just for giggles, I don't think this will make a difference but can you try the following:

no access-list 10

access-list 10 permit 192.168.1.0 0.0.0.255

 

Then you'll need to do the following from outside of config mode:

dir

(you should see 'flash:' or 'bootflash:' or something along those lines)

Then do the following:

 

ip dhcp database flash:/dhcp

*Replace flash: with whatever the directory is called on that router, flash1: or bootflash:

 

Finally issue a clear ip dhcp conflict *

[ShadowWolf810]

43 minutes ago, Lurick said:

 

I also redid the configuration a second time before I tried what you had asked because I noticed that the router got assigned a hostname when it was turned on from a blank config so I figured maybe the rest of the network had some rules in place to where only a router with that hostname would work so I left it as atls221-148-dhcp, incase you were wondering why that changed

[ShadowWolf810]

@Lurick

So I tried what you said, command went through, but still no internet access and we're getting more address conflicts 

 

*Feb 25 00:32:25.715: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.31.
*Feb 25 00:32:27.215: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.32.
 

[ShadowWolf810]

@Lurick

@LAwLz

 

So in that revised config that Lawlz posted, I basically just followed through without changing permisions, i.e just going from conf t into interface mode, etc as needed. 

I guess the question is can the commands only be done when in the correct permission level or is it possible to do a command from the wrong config mode but still have the command go through and not get any errors? 

[Lurick]

12 hours ago, ShadowWolf810 said:

@Lurick

So I tried what you said, command went through, but still no internet access and we're getting more address conflicts 

 

*Feb 25 00:32:25.715: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.31.
*Feb 25 00:32:27.215: %DHCPD-4-PING_CONFLICT: DHCP address conflict:  server pinged 192.168.1.32.
 

Alright, so what's happening with the DHCP side of things is that it's trying to assign addresses to clients who's lease is expiring when other clients have that IP address. The box originally stored DHCP leases in memory and when you reboot it forgets who got what. The good news is though, the commands SHOULD prevent that from happening going forward.

 

For the internet access portion let's try something. If you can do a show ip interface Gi8 and paste the output, let's try and figure out the gateway for the address that's being assigned to GI8. Also, if you have access and time, can you hook a PC directly up to one of the ports on the router and see what happens with internet access?

[ShadowWolf810]

On 2/25/2017 at 5:59 AM, Lurick said:

Alright, so what's happening with the DHCP side of things is that it's trying to assign addresses to clients who's lease is expiring when other clients have that IP address. The box originally stored DHCP leases in memory and when you reboot it forgets who got what. The good news is though, the commands SHOULD prevent that from happening going forward.

 

For the internet access portion let's try something. If you can do a show ip interface Gi8 and paste the output, let's try and figure out the gateway for the address that's being assigned to GI8. Also, if you have access and time, can you hook a PC directly up to one of the ports on the router and see what happens with internet access?

I will give that a try, I'm going to try to get back in there tomorrow afternoon, if not I'll definitely be there this coming Friday the same time I was last week. 

 

Can you help me set up the Web UI so that I can access the router settings from one of the computers in the LAN rather than having to get the backroom unlocked, that'll make it possible to make changes every day rather than once a week. 

[ShadowWolf810]

@Lurick @LAwLz @leadeater So I plugged it in to get working, came up with this, not sure if it means anything: 
%Error opening tftp://255.255.255.255/network-confg (Timed out)
*Mar  2 20:08:18.971: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (t  ftp://255.255.255.255/network-confg) failed
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
*Mar  2 20:08:43.127: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (t  ftp://255.255.255.255/cisconet.cfg) failed
%Error opening tftp://255.255.255.255/atls221-148-dhcp-confg (Timed out)
*Mar  2 20:09:07.535: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/atls221-148-dhcp-confg) failed

This is what show int Gi8 returned: 
atls221-148-dhcp#show ip int Gi8
GigabitEthernet8 is up, line protocol is up
  Internet address is 128.138.221.148/24
  Broadcast address is 255.255.255.255
  Address determined by DHCP
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  BGP Policy Mapping is disabled
  Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
  Output features: Post-routing NAT Outside, Common Flow Table, Stateful Inspection, NAT ALG proxy
  IPv4 WCCP Redirect outbound is disabled
  IPv4 WCCP Redirect inbound is disabled
  IPv4 WCCP Redirect exclude is disabled

 

[LAwLz]

1 minute ago, ShadowWolf810 said:

%Error opening tftp://255.255.255.255/network-confg (Timed out)
*Mar  2 20:08:18.971: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (t  ftp://255.255.255.255/network-confg) failed
%Error opening tftp://255.255.255.255/cisconet.cfg (Timed out)
*Mar  2 20:08:43.127: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (t  ftp://255.255.255.255/cisconet.cfg) failed
%Error opening tftp://255.255.255.255/atls221-148-dhcp-confg (Timed out)
*Mar  2 20:09:07.535: %SYS-4-CONFIG_RESOLVE_FAILURE: System config parse from (tftp://255.255.255.255/atls221-148-dhcp-confg) failed

That's just normal errors you will get. The router appears to be set to fetch a config file from a tftp server, but since it doesn't have an address set it fails. You can just ignore those errors. It's a feature you won't use.

 

Everything seems right from that Gi8 output. My guess is that the problem lies with the NAT configuration.

[ShadowWolf810]

Just now, LAwLz said:

Everything seems right from that Gi8 output. My guess is that the problem lies with the NAT configuration.

Hmm yeah its just strange because it never used to do that constantly. 

 

I do agree that it has something to do with the NAT config. I watched some videos and some people were doing the 

ip route 0.0.0.0 0.0.0.0 command except they were also putting an ip address at the end of it to specify where the internet was I believe. 

So for example theirs was ip 0.0.0.0 0.0.0.0 192.168.1.1 or something like that. 

 

Doing the command 'show ip nat translations' doesn't return anything. 

This is 'show ip nat statistics' 

Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 1, occurred 00:16:33 ago
Outside interfaces:
  GigabitEthernet8
Inside interfaces:
  Vlan1
Hits: 35  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 10 interface GigabitEthernet8 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
 

 

[ShadowWolf810]

Also @Lurick I tried connecting another computer to the router directly like you suggested, it assigns it an IP but still no internet access. 

[LAwLz]

43 minutes ago, ShadowWolf810 said:

ip route 0.0.0.0 0.0.0.0 command except they were also putting an ip address at the end of it to specify where the internet was I believe. 

So for example theirs was ip 0.0.0.0 0.0.0.0 192.168.1.1 or something like that.

You don't want to do that. That's if you know the IP if the other gateway, which you don't do since you will use DHCP.

 

43 minutes ago, ShadowWolf810 said:

Doing the command 'show ip nat translations' doesn't return anything. 

It will only show something when it is actively translating something (such as during a file transfer).

 

What you could do is run this command on one client:

ping 8.8.8.8 -t

 

That will ping Google for as long as you want. That will ensure that you have an active NAT running for as long as you want.

You stop the command with ctrl + C.

[ShadowWolf810]

Just now, LAwLz said:

You don't want to do that. That's if you know the IP if the other gateway, which you don't do since you will use DHCP.

 

It will only show something when it is actively translating something (such as during a file transfer).

 

What you could do is run this command on one client:

ping 8.8.8.8 -t

 

That will ping Google for as long as you want. That will ensure that you have an active NAT running for as long as you want.

You stop the command with ctrl + C.

Ok so with the current config we have ip route 0.0.0.0 0.0.0.0 GigabitEthernet8, is that not correct? 

[LAwLz]

22 minutes ago, ShadowWolf810 said:

Ok so with the current config we have ip route 0.0.0.0 0.0.0.0 GigabitEthernet8, is that not correct? 

Yes.

What that says is "all traffic you don't know where it belongs, send it out on GigabitEthernet8".

[ShadowWolf810]

9 minutes ago, LAwLz said:

Yes.

What that says is "all traffic you don't know where it belongs, send it out on GigabitEthernet8".

So we're not getting going out GigabitEthernet8, we tried pinging 8.8.8.8 and then did the 'show ip nat translations' command but there is still no return from the command. Its like nothing at all is going out GigabitEthernet8

 

From both the computers and from the router we can't ping google.com

[LAwLz]

3 minutes ago, ShadowWolf810 said:

So we're not getting going out GigabitEthernet8, we tried pinging 8.8.8.8 and then did the 'show ip nat translations' command but there is still no return from the command. Its like nothing at all is going out GigabitEthernet8

 

From both the computers and from the router we can't ping google.com

Chances are that's because NAT isn't working.

Sorry but I don't know how to help you.

[ShadowWolf810]

1 minute ago, LAwLz said:

Chances are that's because NAT isn't working.

Sorry but I don't know how to help you.

Yeah thats what I'm thinking too. Alright well I appreciate the help. I'll just keep trying, I'd go to the tech support people on campus but it'd likely be months before they could get anyone here to fix it. 

[ShadowWolf810]

@Lurick I'm here again, any thoughts?