Cisco Newbie -- 4500M NAT config help 1

[emmiliooooo]

I have a cisco 4500M with 12.2(29) on it with 2 FE interfaces - FE0 is internet with x.x.x.38 255.255.255.224 and FE1 is LAN with 172.16.1.1 255.255.255.0

For now all i need assistance with is setting up so i can get a dhcp nat'd IP from 172.16.1.x and route out to the internet - I am totally new at cisco and was thrown into this last minute -- i have copied my config below and if anyone would be so helpful as to provide me on how to config this it would be greatly appreciated as I've done as much as I know how -- shown in the config file below:

show config
Using 1255 out of 129016 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 4500M
!
no logging console
enable secret 5 $1$LEgh$v5NUooGv2bLheGqf7.TGz.
!
ip subnet-zero
ip name-server x.x.3.65
ip dhcp excluded-address 172.16.1.151 172.16.1.250
!
ip dhcp pool 1
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server x.x.3.65
!
ip dhcp-server 172.16.1.1

interface FastEthernet0
description connected to Internet
ip address x.x.x.38 255.255.255.224
ip nat outside
no ip mroute-cache
half-duplex
!
interface FastEthernet1
description connected to EthernetLAN
ip address 172.16.1.1 255.255.255.0
ip nat inside
no ip mroute-cache
half-duplex
!
router rip
version 2
passive-interface FastEthernet0
network 172.16.0.0
no auto-summary
!
ip default-gateway 172.16.1.1
ip nat inside source list 10 interface FastEthernet0 overload

ip route 0.0.0.0 0.0.0.0 FastEthernet0
no ip http server
!
access-list 10 permit 172.16.1.0 0.0.0.255
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
password admin
login
line aux 0
line vty 0 4
!
end

FastEthernet0 is up, line protocol is up
Hardware is DEC21140, address is 0060.3e11.7bb0 (bia 0060.3e11.7bb0)
Description: connected to Internet
Internet address is x.x.x.38/27
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:02, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
149 packets input, 13555 bytes
Received 149 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
74 packets output, 7762 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out


FastEthernet1 is up, line protocol is down
Hardware is DEC21140, address is 0060.3e11.7bb1 (bia 0060.3e11.7bb1)
Description: connected to EthernetLAN
Internet address is 172.16.1.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 156/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
65 packets output, 3906 bytes, 0 underruns
65 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
65 lost carrier

Any help as I'm trying but getting lost and don't want to mess it up anymore than I may have.

Thanks!

 

[lambent]

some enhancement:

!
no ip dhcp-server 172.16.1.1
!
no ip default-gateway 172.16.1.1
!
no ip route 0.0.0.0 0.0.0.0 FastEthernet0
ip route 0.0.0.0 0.0.0.0 x.x.x.x
!

Ask your ISP about the IP address of your next hop. It's better to use IP address rather than a ethernet interface due to ARP issues.

Also your interface f1 is showing "up down"...check the cabling (straight/cross/bad cables) and check the duplexing. If the other end is also fastethernet then you better hard code the speed and duplex to 100Full. Same for the ISP side.

 

[emmiliooooo]

Lambent -- Thanks I'll give that a try. Also, is there anything that I am missing here?

Like I said, I'm very new at this and kinda been thrown to the lions here at work.

Thank you for all your help thus far.
tom

 

[emmiliooooo]

Ok, I got a LOT further..but still I think I have "routing" issues on the Cisco...

Any help would be GREATLY appreciated (thanks for the help so far)

show interfaces
FastEthernet0 is up, line protocol is up
Hardware is DEC21140, address is 0060.3e11.7bb0 (bia 0060.3e11.7bb0)
Description: connected to Internet
Internet address is x.x.x.38/27
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:07, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
105 packets input, 6306 bytes
Received 99 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
34 packets output, 2040 bytes, 0 underruns
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

FastEthernet1 is up, line protocol is up
Hardware is DEC21140, address is 0060.3e11.7bb1 (bia 0060.3e11.7bb1)
Description: connected to EthernetLAN
Internet address is 172.16.1.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 222/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:04:20, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
2 packets input, 120 bytes
Received 2 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
35 packets output, 2112 bytes, 0 underruns
18 output errors, 18 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
18 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

4500M#show config
Using 1772 out of 129016 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 4500M
!
no logging console
enable secret 5 $1$LEgh$v5NUooGv2bLheGqf7.TGz.
!
ip subnet-zero
no ip source-route
ip domain-name qwest.com
ip name-server x.x.x.65
no ip dhcp conflict logging
ip dhcp excluded-address 172.16.1.101 172.16.1.200
!
ip dhcp pool 1
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 205.171.3.65
!
ip dhcp pool internal_lan
!
!
!
!
interface FastEthernet0
description connected to Internet
ip address x.x.x.38 255.255.255.224
ip broadcast-address x.x.x.0
ip access-group 100 in
ip access-group 101 out
no ip redirects
ip nat outside
no ip route-cache
full-duplex
no cdp enable
!
interface FastEthernet1
description connected to EthernetLAN
ip address 172.16.1.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
full-duplex
no cdp enable
!
router rip
version 2
passive-interface FastEthernet0
network 172.16.0.0
no auto-summary
!
ip nat inside source list 1 interface FastEthernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.x.33 (this is my ISP gateway IP)
no ip http server
!

Thanks to all -
tom

 

[lambent]

Where are your access-lists 1, 100 and 101? It'll be good if you can also post them.

Also on int f0/0, any reason to use "ip broadcast-address x.x.x.0"? And I see you're running process switching on f0/0 by "no ip route-cache". If there's no special reasons or it's not suggested by your ISP, then I suggest you to:

!
ip cef
!
int f0/0
no ip broadcast-address x.x.x.0
!


Also can you ping your ISP gateway? If yes, then can you further ping the following IP addresses which are some of the servers for

http://www.yahoo.com:

68.142.226.36, 68.142.226.42, 68.142.226.32, 68.142.226.39

If yes, then try to ping the URL

http://www.yahoo.com

on your router as I can see that you've configured the router to use your ISP DNS to resolve names.

 

[emmiliooooo]

lambent -- Thanks, sorry I forgot to list my access lists -- I'll add those --

Also, so should I be using my default router 172.16.1.1 for DNS to NAT out to my isp's DNS servers?

thanks,
tom

 

[emmiliooooo]

4500M#show config
Using 1725 out of 129016 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 4500M
!
no logging console
enable secret 5 $1$LEgh$v5NUooGv2bLheGqf7.TGz.
!
ip subnet-zero
no ip source-route
ip cef
ip name-server x.x.x.65
no ip dhcp conflict logging
ip dhcp excluded-address 172.16.1.101 172.16.1.200
!
ip dhcp pool internal_lan
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 205.171.3.65 ---- should this be my default router?
!
interface FastEthernet0
description connected to Internet
ip address x.x.x.38 255.255.255.224
ip access-group 102 in
ip access-group 101 out
no ip redirects
no ip proxy-arp
ip nat outside
no ip mroute-cache
full-duplex
no cdp enable
!
interface FastEthernet1
description connected to EthernetLAN
ip address 172.16.1.1 255.255.255.0
ip access-group 103 in
ip access-group 103 out
no ip redirects
no ip proxy-arp
ip nat inside
no ip mroute-cache
full-duplex
no cdp enable
!
router rip
version 2
passive-interface FastEthernet0
network 172.16.0.0
no auto-summary
!
ip nat inside source list 1 interface FastEthernet0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 63.238.239.33
no ip http server
!
access-list 1 permit 172.16.0.0 0.0.0.255
access-list 101 permit tcp any any
access-list 101 permit icmp any any echo
access-list 102 permit tcp 172.16.1.0 0.0.0.255 any established
access-list 102 permit icmp any any echo
access-list 103 permit ip any any
access-list 104 permit ip any any
no cdp run
snmp-server community public RO
snmp-server enable traps tty
!
line con 0
exec-timeout 0 0
password admin
login
line aux 0
line vty 0 4
password admin
login
!
end

4500M#show interfaces

FastEthernet0 is up, line protocol is up
Hardware is DEC21140, address is 0060.3e11.7bb0 (bia 0060.3e11.7bb0)
Description: connected to Internet
Internet address is x.x.x.38/27
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:04, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
26 packets input, 1560 bytes
Received 25 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
25 packets output, 1500 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

FastEthernet1 is up, line protocol is up
Hardware is DEC21140, address is 0060.3e11.7bb1 (bia 0060.3e11.7bb1)
Description: connected to EthernetLAN
Internet address is 172.16.1.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
199 packets input, 14773 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
125 packets output, 8496 bytes, 0 underruns
0 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out

4500M#show access0-  -list
Standard IP access list 1
permit 172.16.0.0, wildcard bits 0.0.0.255
Extended IP access list 101
permit tcp any any
permit icmp any any echo
Extended IP access list 102
permit tcp 172.16.1.0 0.0.0.255 any established
permit icmp any any echo
Extended IP access list 103
permit ip any any
Extended IP access list 104
permit ip any any

I'm able to get DHCP ip's from my cisco to the pc and ping all the way to the FE0 (internet connection) but can't ping the isp's default gateway -- i think my access lists are still messed up

Thanks!