Question

Locked

CISCO 1811 When I enable WAN 2, I loose connection on WAN 1

By stuff ·
I have a CISCO 1811. When I enable FA1 which is my WAN 2 (DHCP from cable modem). I loose browsing capabilities. I am able to ping out and everything else but I Cannot browse from any computer using FA0 (static ip from Cable Modem). Needless to say I don't get any access on FA1. Here is my configuration, can you please review it and see if you find anything wrong, thanks. Forgot to mention I am a newbie a this.

JR

Current configuration : 5067 bytes
! Last configuration change at 22:22:14 PCTime Wed Sep 17 2008
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
logging message-counter syslog
enable password xxxxxxx
no aaa new-model
memory-size iomem 15
clock timezone PCTime -5
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
crypto pki trustpoint TP-self-signed-950502357
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-950502357
revocation-check none
rsakeypair TP-self-signed-950502357
crypto pki certificate chain TP-self-signed-950502357
certificate self-signed 01
dot11 syslog
ip source-route
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.0.1
ip dhcp pool MAIN
import all
network 192.168.1.0 255.255.255.0
dns-server aa.bb.cc.dd aa.bb.cc.dd
default-router 192.168.1.1
ip dhcp pool SECONDARY
import all
network 192.168.0.0 255.255.255.0
dns-server aa.bb.cc.dd aa.bb.cc.dd
default-router 192.168.0.1
ip cef
no ip domain lookup
ip ddns update method sdm_ddns1
HTTP
add http://XXXXX@members.dyndns.org/nic/update?system=dyndns&hostname=
<h>&myip=<a>
remove http://xxxx:xxxx@members.dyndns.org/nic/update?system=dyndns&hostna
me=<h>&myip=<a>
no ipv6 cef
multilink bundle-name authenticated
username admin privilege 15 password 0 XXXXXX
archive
log config
hidekeys
interface FastEthernet0
ip address 67.xx.17.XX 255.255.255.252
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
duplex auto
speed auto
interface FastEthernet1
ip address dhcp
ip nat outside
ip virtual-reassembly
ip tcp adjust-mss 1460
shutdown
duplex auto
speed auto
interface FastEthernet2
duplex full
speed 100
interface FastEthernet3
interface FastEthernet4
interface FastEthernet5
interface FastEthernet6
switchport access vlan 2
interface FastEthernet7
switchport access vlan 2
interface FastEthernet8
switchport access vlan 2
interface FastEthernet9
switchport access vlan 2
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1460
interface Vlan2
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1460
interface Async1
no ip address
encapsulation slip
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 67.xx.17.xx
ip route 192.168.0.0 255.255.255.0 FastEthernet1
ip route 192.168.1.0 255.255.255.0 67.xx.17.xx
ip route 0.0.0.0 0.0.0.0 dhcp
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.1.2 5001 interface FastEthernet0 5001
ip nat inside source static tcp 192.168.1.2 5002 interface FastEthernet0 5002
ip nat inside source static udp 192.168.1.2 5001 interface FastEthernet0 5001
ip nat inside source static udp 192.168.1.2 5002 interface FastEthernet0 5002
ip nat inside source static tcp 192.168.1.2 8080 interface FastEthernet0 8080
ip nat inside source static tcp 192.168.1.2 2001 interface FastEthernet0 2001
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit 192.168.0.0 0.0.0.255
access-list 104 permit gre any any
control-plane
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password xxxxxx
login
!
end

Router#
Router#
Router#
Router#
Router#

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Config not showing right,

by stuff In reply to CISCO 1811 When I enable ...
Collapse -

I see several things

by NetMan1958 In reply to CISCO 1811 When I enable ...

that are wrong but before I suggest how to correct it, can you tell me what your goal is? Are you wanting to load share the 2 internet connections or use 1 connection for VLAN 1 and the other for VLAN 2? How do you have everything connected, etc?

Collapse -

Ultimate goal

by stuff In reply to I see several things

Hi Netman,

Basically my ultimate goal is to have the router switch from one cable modem to the other if the first one goes down. Also I want to know how utilize the wan 2 whenever I need to do so, and load share. Thanks mnan

Collapse -

Well for starters

by NetMan1958 In reply to I see several things

My comments are in parentheses.

interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip access-group 100 in
(You don't have an access list 100 defined as for as I can tell. Change this to access-group 1)
!
interface Vlan2
ip address 192.168.0.1 255.255.255.0
ip access-group 100 in
(You don't have an access list 100 defined as for as I can tell. Change this to access-group 2)
!
(Remove the next 2 lines)
ip route 192.168.0.0 255.255.255.0 FastEthernet1
ip route 192.168.1.0 255.255.255.0 67.xx.17.xx
!
(Create access-list as shown below)
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
!
(Change this)
ip nat inside source list 1 interface FastEthernet0 overload
(To this for now...we will work on the load balancing/failover later)
ip nat inside source list 101 interface FastEthernet0 overload
!
Make those changes and see if you can enable both VLANs and access the internet from both. Then post back the current config and we will go from there.

Netman

Collapse -

if I enable FA1, I cannot browse

by stuff In reply to Well for starters

I did everything, and I was able to get out until I enabled FA1. when I did so I was still able to ping out (DNS server) but no browsing. I used 0x242, went back to 0x2102, router was reset, now I am able to connect fine when I enable FA1, I also enabled FA6 for vlan 2 but I cnnot connect using that port. In other words I do not have any conectivity to wan2 via FA6. I checked FA1 and I an getting an ip so we are good there. Another thig is that if I enable fa1, port forward will not work. Thanks so much for your help. Here is the new config file:
<p> </p>
<p> </p>
<p> </p>
<p>Current configuration : 4074 bytes </p>
<p>! </p>
<p>version 12.4 </p>
<p>service timestamps debug datetime msec </p>
<p>service timestamps log datetime msec </p>
<p>no service password-encryption </p>
<p>! </p>
<p>hostname Router </p>
<p>! </p>
<p>boot-start-marker </p>
<p>boot-end-marker </p>
<p>! </p>
<p>logging message-counter syslog </p>
<p>enable password xxxxxxxx </p>
<p>! </p>
<p>no aaa new-model </p>
<p>memory-size iomem 15 </p>
<p>! </p>
<p>crypto pki trustpoint TP-self-signed-950502357 </p>
<p>enrollment selfsigned </p>
<p>subject-name cn=IOS-Self-Signed-Certificate-950502357 </p>
<p>revocation-check none </p>
<p>? </p>
<p>rsakeypair TP-self-signed-950502357 </p>
<p>! </p>
<p>! </p>
<p>crypto pki certificate chain TP-self-signed-950502357 </p>
<p>certificate self-signed 01 </p>
<p>3082023C 308201A5 A0030201 02020101 300D0609 2A864886 F70D0101 04050030 </p>
<p>30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 </p>
<p>69666963 6174652D 39353035 30323335 37301E17 0D303830 39323030 37323135 </p>
<p>385A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F </p>
<p>532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3935 30353032 </p>
<p>33353730 819F300D 06092A86 4886F70D 01010105 000381 00308189 02818100 </p>
<p>D947D28A 8F206F9B 506B48C1 49B1E699 473FE8A0 DAFAC7A4 1D4D8686 91CB5345 </p>
<p>B55223BB 5D1D5570 8349DE78 CE6F25C5 102317D3 C05B0EC0 2ED4921D E31E7CC9 </p>
<p>EB83619D FE40E2EB 9D1351F5 BE201DBD 9616A9C3 1F2254FB F4A7136D 1A483062 </p>
<p>3D7EFEAE 9C80FE70 22B1A070 25C5A0C6 76F5C689 034A0D79 3D0386B0 2F1FE785 </p>
<p>02030100 01A36630 64300F06 03551D13 0101FF04 05300301 01FF3011 0603551D </p>
<p>11040A30 08820652 6F757465 72301F06 03551D23 04183016 8014E934 34E4DFD0 </p>
<p>62D4B8F6 DCE05B23 CAC521FA 4A47301D 0603551D 0E041604 14E93434 E4DFD062 </p>
<p>D4B8F6DC E05B23CA C521FA4A 47300D06 092A8648 86F70D01 01040500 03818100 </p>
<p>1FD22422 48288A31 F8DF5068 6612BF27 6AE937EC 8B80582C 1F38EA1A 38D75A4B </p>
<p>AA3DE2BA FAA496D4 2E8AE09A 65804068 95DFFCC5 43CB5EE2 20558C3A 2B25FEC0 </p>
<p>EED15498 C83695EB 416DA477 69640B38 886B836E 53C1D9EB 92F3999C D35215D8 </p>
<p>642F502D AB184080 7C1F10DD 9EE6961C D146FD7F 46F46485 0138F12B 6C01D1C9 </p>
<p>? </p>
<p>quit </p>
<p>dot11 syslog </p>
<p>ip source-route </p>
<p>! </p>
<p>! </p>
<p>no ip dhcp use vrf connected </p>
<p>ip dhcp excluded-address 192.168.1.1 </p>
<p>ip dhcp excluded-address 192.168.0.1 </p>
<p>! </p>
<p>ip dhcp pool MAIN </p>
<p>import all </p>
<p>network 192.168.1.0 255.255.255.0 </p>
<p>dns-server aa.bb.cc.dd 65.32.1.70 </p>
<p>default-router 192.168.1.1 </p>
<p>! </p>
<p>ip dhcp pool SECONDARY </p>
<p>import all </p>
<p>network 192.168.0.0 255.255.255.0 </p>
<p>dns-server aa.bb.cc.dd 65.32.1.70 </p>
<p>default-router 192.168.0.1 </p>
<p>! </p>
<p>! </p>
<p>ip cef </p>
<p>? </p>
<p>no ip domain lookup </p>
<p>! </p>
<p>no ipv6 cef </p>
<p>multilink bundle-name authenticated </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>username admin privilege 15 password 0 xxxxxxxx </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>archive </p>
<p>log config </p>
<p>hidekeys </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>interface FastEthernet0 </p>
<p>ip address aa.bb.cc.14 255.255.255.252 </p>
<p>ip nat outside </p>
<p>ip virtual-reassembly </p>
<p>? </p>
<p>ip tcp adjust-mss 1460 </p>
<p>duplex auto </p>
<p>speed auto </p>
<p>! </p>
<p>interface FastEthernet1 </p>
<p>ip address dhcp </p>
<p>ip nat outside </p>
<p>ip virtual-reassembly </p>
<p>ip tcp adjust-mss 1460 </p>
<p>duplex auto </p>
<p>speed auto </p>
<p>! </p>
<p>interface FastEthernet2 </p>
<p>duplex full </p>
<p>speed 100 </p>
<p>! </p>
<p>interface FastEthernet3 </p>
<p>! </p>
<p>interface FastEthernet4 </p>
<p>! </p>
<p>interface FastEthernet5 </p>
<p>! </p>
<p>interface FastEthernet6 </p>
<p>? </p>
<p>switchport access vlan 2 </p>
<p>! </p>
<p>interface FastEthernet7 </p>
<p>switchport access vlan 2 </p>
<p>! </p>
<p>interface FastEthernet8 </p>
<p>switchport access vlan 2 </p>
<p>! </p>
<p>interface FastEthernet9 </p>
<p>switchport access vlan 2 </p>
<p>! </p>
<p>interface Vlan1 </p>
<p>ip address 192.168.1.1 255.255.255.0 </p>
<p>ip access-group 1 in </p>
<p>ip nat inside </p>
<p>ip virtual-reassembly </p>
<p>ip tcp adjust-mss 1460 </p>
<p>! </p>
<p>interface Vlan2 </p>
<p>? </p>
<p>ip address 192.168.0.1 255.255.255.0 </p>
<p>ip access-group 2 in </p>
<p>ip nat inside </p>
<p>ip virtual-reassembly </p>
<p>ip tcp adjust-mss 1460 </p>
<p>! </p>
<p>interface Async1 </p>
<p>no ip address </p>
<p>encapsulation slip </p>
<p>! </p>
<p>ip forward-protocol nd </p>
<p>ip route 0.0.0.0 0.0.0.0 aa.bb.cc.13 </p>
<p>ip http server </p>
<p>ip http authentication local </p>
<p>ip http secure-server </p>
<p>ip http timeout-policy idle 60 life 86400 requests 10000 </p>
<p>! </p>
<p>! </p>
<p>ip nat inside source list 101 interface FastEthernet0 overload </p>
<p>! </p>
<p>access-list 1 permit 192.168.1.0 0.0.0.255 </p>
<p>access-list 2 permit 192.168.0.0 0.0.0.255 </p>
<p>access-list 101 permit ip 192.168.1.0 0.0.0.255 any </p>
<p>? </p>
<p>access-list 101 permit ip 192.168.0.0 0.0.0.255 any </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>! </p>
<p>control-plane </p>
<p>! </p>
<p>! </p>
<p>line con 0 </p>
<p>line 1 </p>
<p>modem InOut </p>
<p>stopbits 1 </p>
<p>speed 115200 </p>
<p>flowcontrol hardware </p>
<p>line aux 0 </p>
<p>line vty 0 4 </p>
<p>password xxxxxx </p>
<p>login </p>
<p>! </p>
<p>end </p>

ip nat inside source static tcp 192.168.1.2 80 interface FastEthernet0 80
ip nat inside source static udp 192.168.1.2 80 interface FastEthernet0 80
ip nat inside source static tcp 192.168.1.2 5001 interface FastEthernet0 5001
ip nat inside source static udp 192.168.1.2 5001 interface FastEthernet0 5001
ip nat inside source static tcp 192.168.1.2 5002 interface FastEthernet0 5002
ip nat inside source static udp 192.168.1.2 5002 interface FastEthernet0 5002
ip nat inside source static tcp 192.168.1.2 1048 interface FastEthernet0 1048
ip nat inside source static udp 192.168.1.2 1048 interface FastEthernet0 1048
ip nat inside source static tcp 192.168.1.2 2001 interface FastEthernet0 2001
ip nat inside source static udp 192.168.1.2 2001 interface FastEthernet0 2001
ip nat inside source static tcp 192.168.1.2 3389 interface FastEthernet0 3389
ip nat inside source static udp 192.168.1.2 3389 interface FastEthernet0 3389
ip nat inside source static tcp 192.168.1.2 8080 interface FastEthernet0 8080
ip nat inside source static udp 192.168.1.2 8080 interface FastEthernet0 8080
ip nat inside source static tcp 192.168.1.2 82 interface FastEthernet0 82
ip nat inside source static udp 192.168.1.2 82 interface FastEthernet0 82
ip nat inside source static tcp 192.168.1.2 554 interface FastEthernet0 554
ip nat inside source static udp 192.168.1.2 554 interface FastEthernet0 554
ip nat inside source static tcp 192.168.1.2 8090 interface FastEthernet0 8090
ip nat inside source static udp 192.168.1.2 8090 interface FastEthernet0 8090

Collapse -

More stuff

by NetMan1958 In reply to if I enable FA1, I cannot ...

<< I did everything, and I was able to get out until I enabled FA1. when I did so I was still able to ping out (DNS server) but no browsing. >>
Doest that mean you can ping an ip address on the internet but can't open a web page in a browser? If so, open a command prompt and ping using the URL (www.yahoo.com) and see if it resolves to an ip address.

<< I used 0x242, went back to 0x2102, router was reset,>>
I'm confused as to why you needed to change the config register, that's usually only necessary to do a password recovery. What was the reason for that?

Post back with what devices are connected to each interface including which subnets they are using and the output from the following command:
Router#sh ip route

Netman

Collapse -

here we go

by stuff In reply to More stuff

when I ping www.yahoo.com this is what I get:
Translating "www.yahoo.com"
% Unrecognized host or address, or protocol not running.
I did the ox2142 to "blank" the cisco because I had been messing with it too much and there were many commands there that did not make sense.
ALSO: My port forwarding does not work when I enable FA1 ( everythig coming in on different ports should be going to 192.168.1.2 for now).
Interfaces:
FA0:

Cable mdoem connected to it, static IP (public)

FA1: ANOTHER Cable modem connected to it, DHCP public IP

FA2 (switch port)

I have a Dlink connected using IP address 192.168.1.2 /24 vlan 1 dchp pool MAIN and that is my main router meaning: it has most of my devices connected to it. internal subnet is 10.19.15.1 /24 I have 3 laptops, 3 desktops, toshiba DVD- remote NAVI, 2 sling boxes, and a few other things connected here.

FA6 (switchport access vlan 2)
I have a Netgear wireless router connected to this port so I can test if the FA1 connection works, it is supposed to get an ip address from dhcp pool SECONDARY and it should be based of 192.168.0.1 /24 Vlan 2 but it is not getting it. The internal subnet on this router is 10.15.10.1 /24
------------------------------------------

SHOW IP ROUTE: ( I changed the IP addresses with INVALID ones for ovbious reasons but my gateway ends on 13 and my actual ip ends in 14, for some reaons I am seen one showing its last octec as a 12, anyway here we go

Router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 24.78.290.13 to network 0.0.0.0

67.0.0.0/30 is subnetted, 1 subnets
C 24.78.290.12 is directly connected, FastEthernet0
C 192.168.0.0/24 is directly connected, Vlan2
C 192.168.1.0/24 is directly connected, Vlan1
S* 0.0.0.0/0 [1/0] via 24.78.290.13

THANK YOU SO MUCH!

Collapse -

Perplexing

by NetMan1958 In reply to here we go

It appears that you are issuing the pings from the router and if that is the case you will never be able to resolve names because of this line in your config:
"no ip domain lookup"
Run these commands to correct that:
Router(config)#ip domain-lookup
Router(config)#ip name-server x.x.x.x x.x.x.x
(replace the X's with the actual IPs of your name servers with a space in between each)

You don't have to change the config register to reset the router (unless there is something special about the 1811 that I don't know). You can use this command:
Router#wr erase
Router#Erasing the nvram filesystem will remove all configuration files! Continue? [confirm] (Press Enter)
Also, that router may have a vlan.dat file. you can check for it's existence via the following:
Router#sh flash
or
Router#dir
If you have a vlan.dat file you must delete it like this:
Router#del vlan.dat
Finally you reload the router with:
Router#reload
System configuration has been modified. Save? [yes/no]: no
(be sure to type the word no)

Next, let's simply something. Since you don't have any hosts connected directly to the Cisco but instead have secondary routers connected to the ciso and those secondary routers can be DHCP servers for your hosts, why not do away with DHCP on the cisco and hard code your IP's? Run the following:
Router(config)#no ip dhcp excluded-address 192.168.1.1
Router(config)#no ip dhcp excluded-address 192.168.0.1
Router(config)#no ip dhcp pool MAIN
Router(config)#no ip dhcp pool SECONDARY
Next assign a static ip of 192.168.0.2 to the Netgear wireless router

Now for the perplexing part, it appears that the public IP you are receiving on FastEthernet1 is overwriting your static default route but pointing to the wrong interface. To be honest, this is probably going to be hard to make work. Usually, in an enterprise network, you load balance between 2 gateways by have a separate router connected to each ISP and then a third router or layer 3 switch that implements something such as GLBP(Gateway Load Balancing Protocol) connected to those routers. This 3rd router or layer 3 switch is the default gateway for you LAN.

Here is a link to an article that addresses what you are trying to do. Be sure to read all the comments after the article as they describe some of the issues involved and correct some errors in the sample cdonfig posted:
http://www.blindhog.net/cisco-dual-internet-connections-without-bgp/

Collapse -

thanks

by stuff In reply to Perplexing

Thanks Netman,

asically I still cannot connect on wan 2. With and without the DHCP configuration. The article is very interesting. Some of the stuff I do not understand ( most of it) but I am getting there, I am reading a lot. Thanks

Collapse -

I can help you understand

by NetMan1958 In reply to Perplexing

the article, it's not nearly as cryptic as it seems, but the bottom line is I don't think it's going to work as long as you're getting one of your WAN IPs via DHCP. When the DHCP address is obtained, it automatically adds a default route to the routing table and it is over-writing your static route(s). Is there any chance of getting a static IP on that second circuit?

Related Discussions

Related Forums