- Posts: 1700
- Thank you received: 0
Cisco 2620 to Comcast trouble.
20 years 6 months ago #3581
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Cisco 2620 to Comcast trouble.
Now this is an oddity !! I cant isolate what it could be, though your impression about the NATing seems to be correct. I would say just run with it for a bit and if it keeps working then leave it alone
You might want to keep debug all on for a bit even when its working just to make sure everything is peachy behind the scenes.
You might want to keep debug all on for a bit even when its working just to make sure everything is peachy behind the scenes.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
15 years 2 months ago #31855
by Kenjo56
Replied by Kenjo56 on topic Cisco and Comcast
I had the same problem, I reset the Comcast modem. My Fa0/1 interface which was configured like yours, ip address dhcp was immediately assigned an ip address from comcast. Great!!! I can ping the comcast gateway from my router, and other devices can ping the routers Fa0/1 interface which recieved it address from comcast dhcp, but I still can't ping past the the Fa0/1 interface from any other device. So I got this far by resesting the modem, but now I'm stuck. Hope I made sense.
- MatthewUHS
- Offline
- Junior Member
Less
More
- Posts: 39
- Thank you received: 0
15 years 2 months ago #31898
by MatthewUHS
Wires and fires has become wireless and tireless.
Replied by MatthewUHS on topic Re: Cisco 2620 to Comcast trouble.
Speedy,
ip nat inside source list 1 interface FastEthernet0/0 overload
This line tells the router to NAT all incoming traffic on Fa0/0 to overload on one IP, PAT actually, not NAT
when you switched it around you PAT all traffic to one IP outbound on Fa0/1 (as it should be, whereby you only present one IP to the outside, not one IP from the inside as before.)
I still see no dynamic routing protocol on the router so you would need statics.
You only added one, the gateway of last resort.
BOTH of you could easily assign a static private (to match your LAN) to Fa0/0 allow Fa0/1 to pick up on DHCP from the publics of your ISP and route between the two as in LAN---Fa0/0----Fa0/1
cable modem.
If you use DHCP on the inside too, you better be serving it from somewhere, or configure a pool on this router (I see none.) Be sure to assign a static from the pool to Fa0/0 and reserve it from the pool)
Has anyone given thought to the debug lines that stated "wrong cable"? What could be possible there?
Truly you want your LAN IPs separate from your WAN IPs pvt on the inside, public shared with your ISP as a /30 and PAT or as a /29.
Hope this helps clear things up about why you had to do "x"
and what could be wrong with the second party's config here.
This was an interesting one and I feel it isn't over yet:-)
ip nat inside source list 1 interface FastEthernet0/0 overload
This line tells the router to NAT all incoming traffic on Fa0/0 to overload on one IP, PAT actually, not NAT
when you switched it around you PAT all traffic to one IP outbound on Fa0/1 (as it should be, whereby you only present one IP to the outside, not one IP from the inside as before.)
I still see no dynamic routing protocol on the router so you would need statics.
You only added one, the gateway of last resort.
BOTH of you could easily assign a static private (to match your LAN) to Fa0/0 allow Fa0/1 to pick up on DHCP from the publics of your ISP and route between the two as in LAN---Fa0/0----Fa0/1
cable modem.
If you use DHCP on the inside too, you better be serving it from somewhere, or configure a pool on this router (I see none.) Be sure to assign a static from the pool to Fa0/0 and reserve it from the pool)
Has anyone given thought to the debug lines that stated "wrong cable"? What could be possible there?
Truly you want your LAN IPs separate from your WAN IPs pvt on the inside, public shared with your ISP as a /30 and PAT or as a /29.
Hope this helps clear things up about why you had to do "x"
and what could be wrong with the second party's config here.
This was an interesting one and I feel it isn't over yet:-)
Wires and fires has become wireless and tireless.
15 years 2 months ago #31899
by ZiPPy
ZiPPy
Replied by ZiPPy on topic Re: Cisco 2620 to Comcast trouble.
You guys are aware that this thread is over 5 years old right? Some great names reside in this thread, good old Sahir. He was one of our senior main guys. Great member!! I wish Sahir would come back, where did he go?
But by all means, lets fire this thread back up kids!!!! :lol:
ZiPPy
But by all means, lets fire this thread back up kids!!!! :lol:
ZiPPy
ZiPPy
- lazypengu1n
- Offline
- New Member
Less
More
- Posts: 1
- Thank you received: 0
14 years 9 months ago #33403
by lazypengu1n
Replied by lazypengu1n on topic Re: Cisco 2620 to Comcast trouble.
Hello All.
I am new to the Cisco world but I have been doing networking for some time. Below is the CONFIG for my CISCO 2621.
FastEthernet0/0 is set to get a DHCP address from the Comcast ISP.
Fast ethernet0/1 is setup with a static 192.168.2.1 255.255.255.0 IP
The router is set to be have DHCP server on FastEthernet0/1 192.168.2.1 which is now the INTERNAL network Gateway of the private lan serving address 192.168.2.100 - 192.168.2.150.
I have excluded IP RANGE 192.168.2.1 - 192.168.2.99 for static assignments for my servers / other cisco gear.
You will need to change the DNS entries so that the DHCP server sends the CLIENT based on your location.
That information can be found here.
dns.comcast.net/dns-ip-addresses.php
You will also need the default gateway of the PUBLIC IP that COMCAST assigns you IP sp when someone looks for something that isn't on your 192.168.2.0 network, it will look at the default-gateway which in my case it is 96.128.16.1 and find the address.
All this information can be found if you plug in a computer directly to the modem and doing IPCONFIG /ALL to pull the information.
If comcast has locked your MAC address you will need to add this like "mac-address = 0000.0000.0000" and change the the 0's to your computer's MAC address in that format so FastEthernet0/0 will get an IP from the ISP.
Basically I can see that your original setup was ok. I don't think nat was included but the most important part I saw was that FastEthernet0/1 was not acting as a gateway and passing the information to the CLIENT machines. Reason why you were able to ping from the router but not from any machine.
I hope this helps, feel free to post and I'll check it out.
I know the paswwords are in clear text, those are NOT my passwords but if you copy and paste this entire config, you will be able to telnet to the router through FastEthernet0/1 at 192.168.2.1 and log in with the first password network and use the enable password cisco
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CableRouter
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool insideDHCP
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 68.87.71.230 68.87.73.246
lease 0 8
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description External Interface to the Internet
ip address dhcp
ip nat outside
no ip route-cache cef
no ip route-cache
no ip mroute-cache
speed 100
full-duplex
!
interface FastEthernet0/1
description Internal Ethernet Interface for Private Clients
ip address 192.168.2.1 255.255.255.0
ip nat inside
no ip route-cache cef
no ip route-cache
no ip mroute-cache
speed 100
full-duplex
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.2.107 29601 interface FastEthernet0/0 29601
ip nat inside source static udp 192.168.2.107 29601 interface FastEthernet0/0 29601
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 96.128.16.1
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 1 in
password network
login
!
!
end
I am new to the Cisco world but I have been doing networking for some time. Below is the CONFIG for my CISCO 2621.
FastEthernet0/0 is set to get a DHCP address from the Comcast ISP.
Fast ethernet0/1 is setup with a static 192.168.2.1 255.255.255.0 IP
The router is set to be have DHCP server on FastEthernet0/1 192.168.2.1 which is now the INTERNAL network Gateway of the private lan serving address 192.168.2.100 - 192.168.2.150.
I have excluded IP RANGE 192.168.2.1 - 192.168.2.99 for static assignments for my servers / other cisco gear.
You will need to change the DNS entries so that the DHCP server sends the CLIENT based on your location.
That information can be found here.
dns.comcast.net/dns-ip-addresses.php
You will also need the default gateway of the PUBLIC IP that COMCAST assigns you IP sp when someone looks for something that isn't on your 192.168.2.0 network, it will look at the default-gateway which in my case it is 96.128.16.1 and find the address.
All this information can be found if you plug in a computer directly to the modem and doing IPCONFIG /ALL to pull the information.
If comcast has locked your MAC address you will need to add this like "mac-address = 0000.0000.0000" and change the the 0's to your computer's MAC address in that format so FastEthernet0/0 will get an IP from the ISP.
Basically I can see that your original setup was ok. I don't think nat was included but the most important part I saw was that FastEthernet0/1 was not acting as a gateway and passing the information to the CLIENT machines. Reason why you were able to ping from the router but not from any machine.
I hope this helps, feel free to post and I'll check it out.
I know the paswwords are in clear text, those are NOT my passwords but if you copy and paste this entire config, you will be able to telnet to the router through FastEthernet0/1 at 192.168.2.1 and log in with the first password network and use the enable password cisco
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CableRouter
!
boot-start-marker
boot-end-marker
!
enable password cisco
!
no aaa new-model
ip subnet-zero
ip cef
!
!
ip dhcp excluded-address 192.168.2.1 192.168.2.99
!
ip dhcp pool insideDHCP
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 68.87.71.230 68.87.73.246
lease 0 8
!
ip audit po max-events 100
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description External Interface to the Internet
ip address dhcp
ip nat outside
no ip route-cache cef
no ip route-cache
no ip mroute-cache
speed 100
full-duplex
!
interface FastEthernet0/1
description Internal Ethernet Interface for Private Clients
ip address 192.168.2.1 255.255.255.0
ip nat inside
no ip route-cache cef
no ip route-cache
no ip mroute-cache
speed 100
full-duplex
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip nat inside source static tcp 192.168.2.107 29601 interface FastEthernet0/0 29601
ip nat inside source static udp 192.168.2.107 29601 interface FastEthernet0/0 29601
ip http server
no ip http secure-server
ip classless
ip route 0.0.0.0 0.0.0.0 96.128.16.1
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 101 permit ip 192.168.2.0 0.0.0.255 any
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 1 in
password network
login
!
!
end
Time to create page: 0.135 seconds