CCNA Beginner - Help Required Please

Curiosityx

Curiosityx

Curiosityx

Soldato
Joined
17 Oct 2002
Posts
3,941
Location
West Midlands
Afternoon, i have just started to get my teeth into Cisco as ive completed my relevant MS certifications, as such ive recently bougth a Cisco 4000M router Running 12.1 IP Plus and Security IOS.

It has the following interfaces:

2 x RJ45 Ethernet Interfaces (2 x 10baseT + 2 x AUI)
4 x DB60 Serial Interfaces
4 x ISDN BRI Interfaces

At present im only interested in the ethernet 10BaseT portion of the router as i want to get to grips with console commands and basic routing between two lans.

To start i ran through the System setup menu, assigned the router a hostname, created an "Enable secret" password and a logon password for terminal access and via virtual connection.

I have assigned ethernet0 and addess and mask of 192.168.1.0/24 and ethernet1 an address and mask of 192.168.255.0/24.

I have also enabled IGRP with an ID of 1.

Now i have setup two routes as follows.

192.168.1.0 255.255.255.0 192.168.255.0
192.168.255.0 255.255.255.0 192.168.1.0

This allows me to ping each interface once hooked upto two seperate switches via cross-over cables.

What i would like to achieve is to have all pcs/server on the 192.168.1.0/24 network and infrastructure devices such as my firewall on the 192.168.255.2 network.

The only problem is for far is that i cannot make a connection to the internet from the 192.168.1.0/24 network.

For the record i have also specified a default-gateway under the menu:

Router>enable>Config term>



Could anyone be of assistance how i might go about enabling internet access from the 192.168.1.0/24 network through a firewall on the 192.168.255.0/24 network.

Help would be most appreciated.
 
ok I will try my best with the info you have given...

Firstly you say you have connected each Ethernet interface to a switch but with a cross over cable, they should be straight through cables (unless your going to the uplink port on the switch)

the 2 routes you have added will cause the router to have issues as traffic from 192.168.1.0/24 lan going to the 192.168.255.0/24 lan is told to go out 192.168.255.0 this should be the IP address of the interface (.1 maybe), but then the next route tells it to get to the 192.168.255.0/24 it goes out the interface it just came in through.

Seeing as both of these network are directly connected to the router you do not need to add any statics for them, what you do need to do is configure a default network 0.0.0.0 that points to your firewall, hopefully your firewall will then have a defualt route to your internet provider.

I would also suggest removing IGRP until you have the very basic working first :)

Let me know if this doesnt make any sense to you :)

Mr. Man
 
Mr Man said:
ok I will try my best with the info you have given...

Firstly you say you have connected each Ethernet interface to a switch but with a cross over cable, they should be straight through cables (unless your going to the uplink port on the switch)

the 2 routes you have added will cause the router to have issues as traffic from 192.168.1.0/24 lan going to the 192.168.255.0/24 lan is told to go out 192.168.255.0 this should be the IP address of the interface (.1 maybe), but then the next route tells it to get to the 192.168.255.0/24 it goes out the interface it just came in through.

Seeing as both of these network are directly connected to the router you do not need to add any statics for them, what you do need to do is configure a default network 0.0.0.0 that points to your firewall, hopefully your firewall will then have a defualt route to your internet provider.

I would also suggest removing IGRP until you have the very basic working first :)

Let me know if this doesnt make any sense to you :)

Mr. Man
Click to expand...

Ill give it a go, cheers
 
[IGNORE] Ok ive hooked up each interface using a patch cable to each switch, unfortuantly each interface now shows as administrativley up by line protocol is down.[IGNORE]


Ok both interfaces are up, have specified both a media-type 10BaseT and can ping both from either side, going to give it a go at routing now.
 
Last edited:
Update:

Ok, ive reset the router and re-assigned the settings as above without IGRP.

The firewall is on 192.168.255.2, i have set a staic route on it being the following.

192.168.1.0 255.255.255.0 192.168.255.1

This allows me to access the web-based interface from the 192.168.1.0/24 network.

I have included the current config

Code: 
User Access Verification

Password:
Cisco4000>enable
Password:
Password:
Cisco4000#show running-config
Building configuration...

Current configuration : 1046 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco4000
!
enable secret 5 ************************
enable password *************************
!
!
!
!
!
ip subnet-zero
!
!
!
!
!
!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 media-type 10BaseT
!
interface Ethernet1
 ip address 192.168.255.1 255.255.255.0
 media-type 10BaseT
!
interface Serial0
 no ip address
 shutdown
!
interface Serial1
 no ip address
 shutdown
!
interface Serial2
 no ip address
 shutdown
!
interface Serial3
 no ip address
 shutdown
!
interface BRI0
 no ip address
 shutdown
 isdn x25 static-tei 0
!
interface BRI1
 no ip address
 shutdown
 isdn x25 static-tei 0
!
interface BRI2
 no ip address
 shutdown
 isdn x25 static-tei 0
!
interface BRI3
 no ip address
 shutdown
 isdn x25 static-tei 0
!
ip classless
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community ******* RO
!
line con 0
line aux 0
line vty 0 4
 password **********
 login
!
end

Cisco4000#

And the routes setup on the firewall

Code: 
	Destination	Gateway		Genmask		Iface
	xx.xx.216.0	xx.xx.222.38	255.255.248.0	eth0 (external)
	192.168.255.0	192.168.255.2	255.255.255.0	eth1 (trusted)
	192.168.255.1	192.168.255.1	255.255.255.255	eth1 (trusted)
	192.168.1.0	192.168.255.1	255.255.255.0	eth1 (trusted)
	0.0.0.0		xx.xx.216.1	0.0.0.0		eth0 (external)


As mentioned above i need to include a default route in the form of

ip route 0.0.0.0 255.255.255.0 192.168.1.1 10 ????

Apart from that it just doesnt seem to able to resolve DNS even though i have forwarders setup on my dns server on the 192.168.1.0/24 network to point to my ISP's name servers.
 
yes you need to add the default route in, also what can not resolve DNS do you mean the router or a host sat the other side of the router from your firewall? If its the router not doing DNS this is because you need to set the router up with the name servers to use.

ip name-server xxx.xxx.xxx.xxx

with the x's being the IP of your ISP DNS servers.

Edit: Just noticed you mentioned about resolvers on your network, they wont work until the default route is in place.

Mr. Man
 
Mr Man said:
yes you need to add the default route in, also what can not resolve DNS do you mean the router or a host sat the other side of the router from your firewall? If its the router not doing DNS this is because you need to set the router up with the name servers to use.

ip name-server xxx.xxx.xxx.xxx

with the x's being the IP of your ISP DNS servers.

Edit: Just noticed you mentioned about resolvers on your network, they wont work until the default route is in place.

Mr. Man
Click to expand...

Ok starting to make sense now, yes its the host on the 192.168.1.0 network that cant resolve names, ill add the route specified above and setup a name server shall report my findings.
 
Ok revisions in place

Code: 
User Access Verification

Password:
Cisco4000>enable
Password:
Cisco4000#show running-config
Building configuration...

Current configuration : 1177 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco4000
!
enable secret 5 ***************
enable password ***************
!
!
!
!
!
ip subnet-zero
ip name-server 62.31.176.39
ip name-server 194.117.134.19
ip name-server 192.168.1.10
!
!
!
!
!
!
interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 media-type 10BaseT
!
interface Ethernet1
 ip address 192.168.255.1 255.255.255.0
 media-type 10BaseT
!
interface Serial0
 no ip address
 shutdown
!
interface Serial1
 no ip address
 shutdown
!
interface Serial2
 no ip address
 shutdown
!
interface Serial3
 no ip address
 shutdown
!
interface BRI0
 no ip address
 shutdown
 isdn x25 static-tei 0
!
interface BRI1
 no ip address
 shutdown
 isdn x25 static-tei 0
!
interface BRI2
 no ip address
 shutdown
 isdn x25 static-tei 0
!
interface BRI3
 no ip address
 shutdown
 isdn x25 static-tei 0
!
ip classless
ip route 0.0.0.0 255.255.255.0 192.168.255.2
no ip http server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
snmp-server community *************** RO
!
line con 0
line aux 0
line vty 0 4
 password ***************
 login
!
end

Cisco4000#

Unfortuantly though still no luck, thanks for your continuing support though.

:)
 
Mr Man said:
default route should be....

ip route 0.0.0.0 0.0.0.0 192.168.255.2


:)
Click to expand...

Ok will edit that now, just a side note with the present config and setting the forwarder on the dns server to point to the firewall i can now perform dns lookups.

:)


EDIT: Oh you beautiful *********!!! Thank you, all working now, think ill leave it as is for at least a couple of hours!
 
Last edited:
Mr Man said:
Glad I could help, any more 'issues' just let me know and I will see what I can do :)
Click to expand...

I may come back to you on that, just going to get my head arround IOS and general commands, ive got a couple more boxes on order so i can work with routing protolols like igrp and rip.

Thanks once again.
 
You must log in or register to reply here.
Back
Top Bottom