CCNA Lab - Help with routing to internet

[beatdown]

My lab consists of 3 routers, 3 switches, and a host PC connected to each switch.

One of the 3 routers, is connected to the internet via DSL, and I can surf the web from PC's on the LAN connected to this router.

My question is this; how do I set up routing so PC's on the LAN's connected to my other two routers can also surf the web?

Thanks

 

[IPKONFIG]

Turn on a routing protocol such as RIP. Then your routers will share information on the routes they know of and you'll be able to get out to the internet.

config t
router rip
network A.B.C.D



"I can picture a world without war. A world without hate. A world without fear. And I can picture us attacking that world, because they'd never expect it."
- Jack Handey, Deep Thoughts

 

[beatdown]

Do I need to "advertise" the route to the internet (on the ethernet 0 interface), the same way I advertise the networks on the Fast EThernet and Serial interfaces with the typical RIP commands:

router(config)# router rip
router(config-router)# network 192.168.20.0
router(config-router)# network 192.168.10.0

If so, what would be the command to advertise the default route to the internet?

Also, how would I do this if I use static routing?

Thanks for your help

 

[Lundah]

I think the easiest way would just be to set up a default route pointing to the interface your DSL modem is connected to.

 

[schofs]

The RIP Protocol is like a sign post so you must tell RIP which interfaces you want to display so yes you do need to advertise the DSL network.
You can make the DSL intrface passive so it does not advertise onto your Internet connection
router(config)# router rip
router(config-router)# network 192.168.20.0
router(config-router)# network 192.168.10.0
router(config-router)# network <internet interface>
router(config-router)# passive-interface <internet interface>

Default routes also work but you can only specify interface or next hop

hope this helps

 

[beatdown]

I've played around with this quite a bit, but still can't get it to work.

RIP wouldn't work...I'm assuming this is because it's a classfull routing protocol, and my Internet IP/interface has a 26 bit mask, while all the other interfaces on the routers have a 24 bit mask?

If I advertise the network that my Internet IP is on, with OSPF or EIGRP, it shows up in the routing tables of my other routers, and I can ping my Internet IP address on the Ethernet interface that my DSL modem is hooked up to...but I still can't surf the web or ping anything beyond that interface.

Also, even through the network that my Internet interface is on, is now shared and advertised to my other routers...how would the other routers know to route traffic to the internet to this interface? I can understand how they would know to route traffic addressed to other IP's on the subnet that my internet IP is part of, to this interface...but how would they know how to route traffic to some random IP address, as would be the case when surfing the web? Do I need to set up a Gateway of last resort, or something like that?

Thanks for your help.

 

[ReadRight]

You need to set up NAT on the router connected to the Internet. Your ISP and any other ISP on the Internet will not route your private 192.168.xxx.xxx addresses.

http://www.cisco.com/warp/public/556/12.html

 

[beatdown]

NAT has been set up on the internet router all along. This is how I am able to surf the net from PC's on the LAN connected to the internet router.

My trouble is in getting the other two routers to connect to the internet.

 

[ChrisAC]

Is NAT set up for all three networks or just the one?

Chris.

**********************
Chris A.C, CCNA, CCSA
**********************

 

[beatdown]

I have NAT set up on my internet router, for all the networks on all 3 routers. The networks are as follows:

192.168.1.0
192.168.20.0
192.168.30.0
192.168.40.0
192.162.50.0

See the config below of my internet router to see how I set up NAT...


1720#sh run
Building configuration...

Current configuration : 1209 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 1720
!
enable secret 5 $1$5wd0$Y0RB
!
memory-size iomem 15
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
no ip source-route
!
!
!
ip audit notify log
ip audit po max-events 100
!
!
!
!
interface Loopback0
ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0
ip address dhcp
ip nat outside
no ip route-cache
no ip mroute-cache
half-duplex
no cdp enable
!
interface FastEthernet0
ip address 192.168.1.75 255.255.255.0
ip nat inside
speed auto
!
interface Serial0
ip address 192.168.20.1 255.255.255.0
no fair-queue
!
ip nat inside source list 100 interface Ethernet0 overload
ip nat inside source static tcp 192.168.1.100 3389 interface Ethernet0 3389
ip classless
no ip http server
ip pim bidir-enable
!
!
access-list 1 permit 1.2.3.4
access-list 1 permit 1.2.3.5
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 100 permit ip 192.168.0.0 0.0.255.255 any
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
access-class 1 in
exec-timeout 0 0
password 7 08364341021000
login
!
end

1720#

-------------------------------------------

This is "Show IP Route" on the internet router:

Gateway of last resort is 6.71.21.193 to network 0.0.0.0

S 192.168.30.0/24 [1/0] via 192.168.20.2
6.0.0.0/26 is subnetted, 1 subnets
C 6.71.21.192 is directly connected, Ethernet0
C 192.168.20.0/24 is directly connected, Serial0
C 192.168.1.0/24 is directly connected, FastEthernet0
S* 0.0.0.0/0 [254/0] via 6.71.21.193

----------------------------------------------

This is the config from the 2nd router:


2520#sh run
Building configuration...

Current configuration : 1450 bytes
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname 2520
!
logging rate-limit console 10 except errors
enable secret 5 $1$knz9$OcAVuo/h4
enable password 7 14141B180F0B
!
ip subnet-zero
no ip finger
ip name-server 6.71.1.2
!
no ip dhcp-client network-discovery
!
!
!
!
interface Ethernet0
description LAN link to 1924 switch
ip address 192.168.30.1 255.255.255.0
!
interface Serial0
description WAN link to 1720 router
ip address 192.168.20.2 255.255.255.0
no fair-queue
clockrate 64000
!
interface Serial1
description WAN link to 2524 router
ip address 192.168.40.1 255.255.255.0
encapsulation lapb
invert txclock
!
interface Serial2
no ip address
shutdown
clockrate 64000
!
ip kerberos source-interface any
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.20.1
ip http server
!
!
banner motd ^C
welcome to the 2520 router
^C
!
line con 0
password 7 15011F09122F
logging synchronous
login
transport input none
line aux 0
line vty 0 4
exec-timeout 0 0
password 7 010012014D0E
login
!
end

2520#

-------------------------------------------------

This is the "Show IP Route" from the 2nd router:

Gateway of last resort is 192.168.20.1 to network 0.0.0.0

C 192.168.30.0/24 is directly connected, Ethernet0
C 192.168.20.0/24 is directly connected, Serial0
S* 0.0.0.0/0 [1/0] via 192.168.20.1

--------------------------------------------------

From a PC on the 192.168.30.0 LAN (the LAN connected to the 2nd router), I can ping the internet interface, Ethernet 0 (which has the IP assigned by my ISP via DHCP: 6.71.21.209). But I can't ping anything beyond this interface, or surf the web. If I try to ping a website by name from the 2nd router, it can't resolve the name...even though I have my ISP's DNS server set up in the "IP Name-Server" command. However, I can ping by name from the internet router.

 

[plshlpme]

you can use rip or ospf or anything you want for your lan networks.. but you have to give all the routers a default route to your router thats connected to the internet... and then the internet router as well should have a default route that goes out its dsl interface....

this way they will use the learned routes to communicate on the lan.. and when the route is not known they will know to go out your internet router to get to the net.

 

[ReadRight]

I tried replicating you situation, the only difference being I have a USR 8054 leading to the outside world. I set things up as close as I could to the way you described and it worked fine. I used the 8054 as the ip name-server for the downstream routers, which would be about the equivalent as you using your 6.71.21.192 I would think. The only other difference is I used a standard ACL but that shouldn't matter.

Maybe put an IP NAT INSIDE on SERIAL0 of your 1720 <shrug> other than that I'm stumped.

 

[ReadRight]

Oh yeah and if all else fails try a RELOAD

As I was playing around I had directly connected interfaces that couldn't ping each other. I tested cables, swapped transceivers etc etc everything I could think of. In the end a simple reload fixed it. Go figure.