1605 close but no cigar

[bendjo]

Hello
I have been playing with this 1605 for a long time now and finally have made some progress. I have the router bridged "I think" to my CM which was provided by comacst. I am able to ping the internet from the router and obtain a lease on one of the interfaces. The frustrating part is that I am not able to connect to the internet from my desktop or even ping the interfaces. The thing is teasing me now. I have attached my running config and a sh dhcp lease & sh route. Thanks in advance for any help!!

Current configuration : 1152 bytes
!
version 12.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
logging queue-limit 100
enable secret 5 $1$o7Zq$ZTNMS2Ie4xdkpVP839Szw1
enable password 7 111E1C09141D0609
!
ip subnet-zero
ip name-server 204.127.204.8
ip name-server 216.148.227.204
no ip dhcp conflict logging
ip dhcp excluded-address 10.1.1.1 10.1.1.9
!
ip dhcp pool DHCP-Pool
network 10.1.1.0 255.255.255.0
domain-name comcast.net
dns-server 204.127.204.8 216.148.227.204
default-router 10.1.1.1
!
ip dhcp pool CLIENT
import all
!
!
!
!
interface Ethernet0
description Outside int. to Comcast/BB -- address via DHCP
mac-address xxxx.xxxx.xxxx
ip address dhcp
ip nat outside
no ip route-cache
no cdp enable
!
interface Ethernet1
description Inside interface
ip address 10.1.1.1 255.255.255.0
ip nat inside
no ip route-cache
no cdp enable
!
ip nat inside source list 100 interface Ethernet0 overload
ip classless
ip http server
!
access-list 100 permit ip any any
no cdp run
!
line con 0
password 7 105D0C0B00191B1F15
login
line vty 0 4
password 7 105D0C0B00191B1F15
login
!
end

router#sh dhcp lease
Temp IP addr: xx.xxx.xxx.xx for peer on Interface: Ethernet0
Temp sub net mask: 255.255.248.0
DHCP Lease server: 24.34.242.34, state: 3 Bound
DHCP transaction id: 1F12
Lease: 345599 secs, Renewal: 172799 secs, Rebind: 302399 secs
Temp default-gateway addr: 24.118.168.1
Next timer fires after: 1d23h
Retry count: 0 Client-ID: cisco-xxxx.xxxx.xxxx-Et0
Hostname: router

router#sh ip route
Gateway of last resort is 24.118.168.1 to network 0.0.0.0

24.0.0.0/21 is subnetted, 1 subnets
C 24.118.168.0 is directly connected, Ethernet0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Ethernet1
S* 0.0.0.0/0 [254/0] via 24.118.168.1

 

[IPKONFIG]

Cisco highly recommends that you do not configure access lists referenced by NAT commands with permit any. Using permit any can result in NAT consuming too many router resources which can cause network problems.

Try it this way.

access-list 10 permit 10.1.1.0 0.0.0.255
ip nat inside source list 10 interface ethernet0 overload

I don't see an IP NAT pool either.....



"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[bendjo]

Thank you for the reply IPKONFIG. You are correct I have not defined a nat pool. I have looked over some config examples and one question comes to mind. How do I define the globally unique address if it is dynamically assigned by dhcp?

 

[Syty]

don't worry about the dhcp, reference IPKONFIG's access list statement

access-list 10 permit 10.1.1.0 0.0.0.255
ip nat inside source list 10 interface ethernet0 overload

you can assign dhcp to both sides of your outer router, meaning, 10.1.1.0 0.0.0.255 includes all 254 hosts on that inner subnet. The "pronoun" if you will, 'ethernet 0' in the ip nat inside source statement, allows for globally changing addresses on the outer router's outer interface. In this case Ethernet Zero. Add this to it and set up your routing protocols, passive interfaces, etc...


conf t
int e0
ip address dhcp
ip nat outside
no cdp enable
end

 

[bendjo]

Thanks for your help Syty. My second question was in reference to the creation of a nat pool. How do I translate from my inside hosts addressed 10.1.1.0 to globally unique dynamic ip. What address do I plug into the commands below?
Thanks again.

ip nat pool <name> <start-ip> <end-ip> { netmask <netmask>

| prefix-length <prefix-length> } [ type { rotary } ]

 

[bendjo]

I got it running. The issue was the mac address I had assigned to eth0 which was the same as the mac of my nic. I had done this avoid any provisioning issues comcast might have with me adding the router.

 

[Syty]

draw an address from the dhcp server and then

sh ip int e0

the overload statement will assign port numbers to traffic to remember which client sent it

then use that IP address as both the starting and the ending addresses. Chances of it changing are slim, but could happen, just modify that statment as necessary or get a static global address, ISP may offer for like six bucks a month.

if you are running back to back routers, use the inner router as a dhcp server to the &quot;NATted&quot; inner network, if your not you could add tht scope to the outer router, but I don't suggest it. You should have a DMZ anway, just don't add the serial subnet to your NAT access-list and it won't be a problem.

What about OSPF and unnumbered interfaces? Just random thoughts...

Glad you got it worked out.