Static IP, DSL Modem (Bridged Mode) and Cisco 831 Router

[nasitmgr]

I would appreciate any sort of guidance on how I could get this to work. I am unable to access the internet or ping anything on the WAN.

I have:
DSL modem in Bridged Mode
Static IP
Cisco 831 Router (10.10.1.1)

Here is my config:

!This is the running config of the router: 10.10.1.1
!----------------------------------------------------------------------------
!version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname xxxx_xxxx
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200 debugging
logging console critical
enable secret 5 $1$nmgF$A62abc2YovUWg8QixStjY0
!
no aaa new-model
!
resource policy
!
clock timezone PCTime -8
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
ip subnet-zero
no ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 10.10.1.1
!
ip dhcp pool sdm-pool1
import all
network 10.10.1.0 255.255.255.0
dns-server x.x.x.x x.x.x.x
default-router 10.10.1.1
!
!
ip tcp synwait-time 10
ip cef
ip name-server x.x.x.x
ip name-server x.x.x.x
no ip bootp server
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip ssh time-out 60
ip ssh authentication-retries 2
!
!
crypto pki trustpoint TP-self-signed-3885198115
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3885198115
revocation-check none
rsakeypair TP-self-signed-3885198115
!
!
crypto pki certificate chain TP-self-signed-3885198115
certificate self-signed 01
xxxxxxxx
quit
username Ciscoxxxxx privilege 15 secret 5 $1$Bc84$gNA3vQ2hVCOfeSxZ3EmUk1
!
!
!
!
!
!
interface Ethernet0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-Ethernet 10/100$$ES_LAN$$FW_INSIDE$
ip address 10.10.1.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
!
interface Ethernet1
description $ES_WAN$$FW_OUTSIDE$
ip address x.x.x.x x.x.x.x
ip access-group 101 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip inspect DEFAULT100 out
ip virtual-reassembly
duplex auto
!
interface Ethernet2
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
shutdown
!
interface FastEthernet1
duplex auto
speed auto
!
interface FastEthernet2
duplex auto
speed auto
!
interface FastEthernet3
duplex auto
speed auto
!
interface FastEthernet4
duplex auto
speed auto
!
ip classless
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
ip nat inside source list 1 interface Ethernet1 overload
!
logging trap debugging
access-list 1 remark INSIDE_IF=Ethernet0
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 10.10.1.0 0.0.0.255
access-list 100 remark auto-generated by Cisco SDM Express firewall configuration
access-list 100 remark SDM_ACL Category=1
access-list 100 deny ip x.x.x.x 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip any any
access-list 101 remark auto-generated by Cisco SDM Express firewall configuration
access-list 101 remark SDM_ACL Category=1
access-list 101 permit udp host x.x.x.x eq domain host x.x.x.x
access-list 101 permit udp host x.x.x.x eq domain host x.x.x.x
access-list 101 deny ip 10.10.1.0 0.0.0.255 any
access-list 101 permit icmp any host x.x.x.x echo-reply
access-list 101 permit icmp any host x.x.x.x time-exceeded
access-list 101 permit icmp any host x.x.x.x unreachable
access-list 101 deny ip 10.0.0.0 0.255.255.255 any
access-list 101 deny ip 172.16.0.0 0.15.255.255 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 any
access-list 101 deny ip 127.0.0.0 0.255.255.255 any
access-list 101 deny ip host 255.255.255.255 any
access-list 101 deny ip host 0.0.0.0 any
access-list 101 deny ip any any
no cdp run
!
control-plane
!
banner login ^CAuthorized access only!
Disconnect IMMEDIATELY if you are not an authorized user!^C
!
line con 0
login local
no modem enable
transport output telnet
line aux 0
login local
transport output telnet
line vty 0 4
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
scheduler interval 500
end

----------------

Any help would be appreciated.

Kind Regards,
MR

 

[JOAMON]

ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx (next hop router connected to E1)

 

[nasitmgr]

Thanks JOAMON... I have tried that with no luck. For my next hop router I have tried putting the gateway provided by the ISP but it does not work.

 

[JOAMON]

Take a look at the following link it may be helpful.

http://www.cisco.com/en/US/products...ucts_feature_guide09186a00800800f4.html#60241

 

[JOAMON]

Take a look at this one also.

http://www.cisco.com/en/US/products/ps5853/products_configuration_guide_chapter09186a00804582b0.html

You need to setup the router for PPPOE.

http://www.cisco.com/en/US/products/ps5853/products_configuration_guide_chapter09186a00804582b0.html

 

[JOAMON]

The 2nd one is more accurate.

 

[JOAMON]

Here is a good example of PPPOE:

! ******************************************************************
! Cisco1721.cfg - Cisco router configuration file
! Automatically created by Cisco ConfigMaker v2.6 Build 6
! Wednesday, May 10, 2006, 07:13:18 AM
!
! Hostname: Cisco1721
! Model: 1721
! ******************************************************************
!
service timestamps debug uptime
service timestamps log uptime
service password-encryption
no service tcp-small-servers
no service udp-small-servers
!
hostname Cisco1721
!
enable password 123
!
no ip name-server
!
ip subnet-zero
no ip domain-lookup
ip routing
vpdn enable
no vpdn logging
!
vpdn-group pppoe
request-dialin
protocol pppoe
!
interface Dialer 1
description connected to Internet
ip address 62.110.144.41 255.255.255.252
ip mtu 1492
ip nat outside
encapsulation ppp
dialer-group 2
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname username
ppp chap password password
ppp pap sent-username username password password
!
interface FastEthernet 0
no shutdown
description connected to Cisco1538
ip address 192.168.0.1 255.255.255.0
ip nat inside
keepalive 10
ip tcp adjust-mss 1452
!
interface Ethernet 0
no shutdown
description connected to Internet
no ip address
no keepalive
pppoe enable
pppoe-client dial-pool-number 1
!
! Access Control List 1
!
no access-list 1
access-list 1 permit 192.168.0.0 0.0.0.255
!
! Dialer Control List 2
!
no dialer-list 2
dialer-list 2 protocol ip permit
!
! Dynamic NAT
!
ip nat translation timeout 86400
ip nat translation tcp-timeout 86400
ip nat translation udp-timeout 300
ip nat translation dns-timeout 60
ip nat translation finrst-timeout 60
ip nat inside source list 1 interface Dialer 1 overload
!
router rip
version 2
network 192.168.0.0
passive-interface Dialer 1
no auto-summary
!
!
ip classless
!
! IP Static Routes
ip route 0.0.0.0 0.0.0.0 Dialer 1
no ip http server
snmp-server community public RO
no snmp-server location
no snmp-server contact
!
line console 0
exec-timeout 0 0
password 123
login
!
line vty 0 4
password 123
login
!
end

 

[nasitmgr]

JOAMAN, thanks for all the helpful information. This question may be rather amateur but, would I need to program PPPOE if I am able to access the internet WITHOUT the Cisco Router? I had a simple linksys router / Windows Home/Office network before and that worked fine. I am also able to assign my laptop with my static ip / gateway and access the internet by plugging it directly into the dsl modem. Why would PPPOE be needed just with the Cisco Router?

I truly appreciate your assistance.

 

[JOAMON]

OK....let me look at this again....

One thing that troubles me in your config is the number of interfaces.
The 831 only has one ethernet port and a built-in four port switch. Your config lists ethernet1 and ethernet2. Dont you need to create interface vlan1 and assgin the lan ip address to that? I think the problem is that interface ethernet1 and 2 are just virtual interfaces and not really active. I have an older 831 that all port are speed 10 only and that router has ethernet0 and ethernet1. ethernet1 would be the same as vlan1 on a newer 831 with the fast ethernet built in switch.

interface Vlan1
ip address 10.10.1.1 255.255.255.0
ip access-group 100 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly
ip route-cache flow
ip tcp adjust-mss 1452

Then you need to change it so your wan is connected to ethernet0. I would recommend using SDM and reloading the default configuration and start over.

 

[JOAMON]

ip nat inside source list 1 interface Ethernet1 overload"

I would also recommend changing this statement to the ip address of the next hop router. If you do not the router will try to arp everything it touches on the internet and will grow so large it will eventually crash your router.