Thread replies: 26
Thread images: 2
Thread images: 2
Anonymous
NAT config on Cisco Router 2017-02-20 02:28:37 Post No. 59025627
[Report] Image search: [Google]
NAT config on Cisco Router 2017-02-20 02:28:37 Post No. 59025627
[Report] Image search: [Google]
File: bLTesvH.jpg (38KB, 750x500px) Image search:
[Google]
38KB, 750x500px
Hey /g/.
Last night I had a few questions about configuring my networking equiptment for my new business.
>>59011249
Anyways, thanks to the anon(s) who helped me configure my Cisco Router. However the thread expired before I could answer any questions.
I followed this anon and used portions of his running-config
http://pastebin.com/CsKGxaDi
tldr;
I got a DHCP address from Spectrum, however I still cannot ping 8.8.8.8 (google.com). Is this something that they will setup when they come to install my service plan? I have a few guys coming to my apartment to install my service. Any help is appreciated
>pic not related
>>
>>59025627
Looking at my equipment, I have a Cisco2611 which has a modem plugged into Ethernet0/0 and my LAN is setup on a Catalyst 2948G switch, connected to the Ethernet0/1 of my Cisco2611. I believe in my older post I incorrectly thought I had a Cisco2900. I have verified that it is a Cisco2611.
>>
>>59025658
Here is my current running-config
http://pastebin.com/hgUDYC9j
>>
>>59025627
you probably need to authenticate with pppoe or someshit. ask your isp
>>
Bamp
>>
can you ping outside if you connect directly to your modem?
>>
>>59025683
>half-duplex
What is gods cock. Why not full duplex?
>>
>>59026961
I dunno. I get error messages over minicom when I leave it as full-duplex. Probably cuz my switch is old.
>>
Bamp
>>
FreeVMS wouldn't had this problem.
>>
File: 1475157201510.jpg (494KB, 1024x768px) Image search:
[Google]
494KB, 1024x768px
Your router is playing DHCP server for your internal network. The DHCP option for DNS server is set to your routers interface.
Because your router is not a DNS server, DNS is broken. Instead, use Google's public DNS (8.8.8.8) or any DNS that you know of, for example your ISP one.
The line will first be activated once your service plan is installed. Until then, no internet.
DON'T do half-duplex. It sucks. I told you to do autoneg, which is what happens when you leave any duplex statement out.
Remove it withint e0/0
no half-duplex
int e0/1
no half-duplex
Also, try if you can get a static 0.0.0.0/0 route via DHCP, like the other anon in the other thread said. It will be good for performance. Your performance will still be shit because of Double Nat.
Also, since you said this is a business, you will probably have a static IP. Please please please put a login.
>>59025697
His "Modem" is probably not in bridge mode, which is why he gets an IP address from it. It's a router itself that does the PPPoE part. OP will probably not get the credentials to do PPPoE himself.
>>59027019
The Duplex settings of both ends must match.
The modem will probably be autonegotiating, which is why I told you to do autoneg too.
If they don't match, an autoneg interface will autmatically go into half duplex mode, which means you get less than half the wire speed and a fuckton collisions.
>>
>>59027711
>Also, try if you can get a static 0.0.0.0/0 route via DHCP, like the other anon in the other thread said. It will be good for performance. Your performance will still be shit because of Double Nat.
What do you mean by this?
>>
You need to change your default route to the route learned via DHCP. With your current config, your router is sending ARP requests for 8.8.8.8 out of Eth0/0 instead of ARPing for the next hop. This could work if proxy arp was enabled on the ISP's side, but it isn't (and shouldn't be).
no ip route 0.0.0.0 0.0.0.0 Ethernet0/0
ip route 0.0.0.0 0.0.0.0 dhcp
>>
>>59027907
Okay I have changed this in my config. However running the no half-duplex does not remove the line.
>>
Maybe changing no ip domain lookup will allow me to ping Google?
>>
>>59027957
Try this
interface Ethernet0/1
duplex auto
>>59027973
That's just going to prevent the router itself from doing dns lookups. It won't affect devices behind it.
>>
>>59027711
Here is the switch config behind the router.
http://pastebin.com/uQnbucVh
>>
>>59028011
Here's the output. Can't change for some reason.
http://pastebin.com/5LpPWg4P
>>
>>59028021
Not him, but your switch config should be simple. Just put all your interfaces in vlan1. This is for home use right?
>CatOS
holy shit anon, get a new switch.
try
set vlan 1 2/1-48
>>59028057
can you post sh ver and sh int eth0/1 output?
The problem with hard setting the interface to full or half is that it disables negotiation on that port, so the other end will default to half. If you can hard set both sides to full it will work fine, but if you set your end to full and the ISPs end comes up at half then you're going to have a bad time.
>>
>>59028121
sh ver output
http://pastebin.com/BeTV3RHf
sh int eth0/1 output
http://pastebin.com/AXpi4SYL
>>
>>59028121
I actually have two vlans. I need the 192.168.4.0 network to hold my NAS. The 192.168.1.0 network is directly connected to the modem.
I knew a guy who knew a guy that got me the switch, had no idea it was that outdated. I have a Catalyst 2950 if thats any better? I use CatOS switch as it has 48 ports versus the 24 for the Catalyst 2950.
To clarify the switch holds both vlans. However, they are not physically connected. I need it this way for security reasons. However, I can access the 192.168.4.0 LAN through my rack servers which have multiple NICs. And they are connected to both LANs.
>>
Shameless bamp
>>
>>59028219
>2611
Ok, that explains a lot. I should've realized by the interface names that your router is just 10Mb ethernet. Autonegotiation isn't an option on 10Mb. You'll need to leave it at half unless you can get the modem hard set to full.
>>59028242
In that case your config is probably fine. Just hard set the speed and duplex on the switch port that you are using as an uplink to your router.
On your router:
int Eth0/1
duplex full
On your switch
set port speed 2/x 10
set port duplex 2/x full
where x is the port that is connected to your router.
The 2950 runs IOS so it'll be easier to get config help, but it will only have two gigabit ports at most. So your speed will suffer. I'd probably stick with the catos switch. You could probably get a gigabit 2960x or 2960plus for pretty cheap if you really want a cisco switch. I'll also add that there is no use in learning catos in 2017. Any cisco gear still in production will be running IOS or NX-OS.
Your power bill is going to suck anon. I'd get something else for your home network and put together a cisco lab that stays powered off when not in use.
>>
>>59028403
I've been thinking about moving my switch operations to the 2950 as it uses less electricity and is quieter
>>
>>59028403
Or am I better off with an unmanaged switch from frays?
>>
>>59028468
If you really want vlans, tp link sells a cheap gigabit "smart" switch that works great for home networks. I use mine with a mikrotik router/ap. They do everything I could care to do with my home network. I have a pretty complex home network too.
My cisco gear is all kept in a separate rack and only powered on when I need to lab something up at home. If I wasn't a network admin I wouldn't bother with cisco gear at home. The enterprise gear is loud and power hungry and their soho gear sucks.
I'm going to bed anon. Happy networking.
Thread posts: 26
Thread images: 2
Thread images: 2