The Cisco Short Questions Thread v12.4.9(WTF)

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›431 »

falz: Jan 29, 2005; 01100110 01100001 01101100 01111010

Martytoof posted:

Is 3min 10sec an acceptable reload time for a 2620xm 128D/32F with no startup config? It seems a little slow compared to my 3640s but maybe I'm just being extremely picky.

Seems normal to me. I was reloading a 2620xm today with 12.4 adventerprise and I sear it took 10 minutes when watching the #'s go past (not joking). 5 minute seems about average for x600's.

# ? Jun 15, 2010 22:57

Adbot: ADBOT LOVES YOU

# ? May 13, 2024 00:15

some kinda jackal: Feb 25, 2003; �
�

Interesting. OK thanks for the info. Guess I'm just impatient :3:

# ? Jun 15, 2010 23:45

brent78: Jun 23, 2004; I killed your cat, you druggie bitch.

I thought this would be appropriate for the thread. Configuring some switches for our new datacenter that will be all 10GbE. In this pic: 6509-V-E, Nexus 5010, ASR 1002, everything is redundant with VSS. Using the 5010's for top of rack aggregation back to the core. I have all this stuff running in the back of my office, no extra A/C. Get's about 82 degrees in there.

brent78 fucked around with this message at 23:55 on Jun 15, 2010

# ? Jun 15, 2010 23:53

some kinda jackal: Feb 25, 2003; �
�

I hope you have hearing protection. That stack looks louder than it is hot.

# ? Jun 16, 2010 00:00

Peanutmonger: Dec 6, 2002

Pussy Noise posted:

I don't think it's an xlate issue, or at least clearing the relevant xlates doesn't change the situation. So why does my FWSM eat my DHCP packets? Why is there nothing at all in logs about any of this?

We had problems with FWSMs dropping packets with option-82 information that was fixed in 4.x with the "dhcprelay information trust-all" command. Wouldn't be surprised if they have "features" that cause other DHCP packets to get dropped as well.

# ? Jun 16, 2010 06:09

H.R. Paperstacks: May 1, 2006; This is America
My president is black
and my Lambo is blue

brent78 posted:

I thought this would be appropriate for the thread. Configuring some switches for our new datacenter that will be all 10GbE. In this pic: 6509-V-E, Nexus 5010, ASR 1002, everything is redundant with VSS. Using the 5010's for top of rack aggregation back to the core. I have all this stuff running in the back of my office, no extra A/C. Get's about 82 degrees in there.

I remember the days when I could post pictures of the poo poo I was working on

# ? Jun 16, 2010 13:32

ate shit on live tv: Feb 15, 2004; by Azathoth

^^^
Go back to the private sector, government work is soul crushing.

brent78 posted:

I thought this would be appropriate for the thread. Configuring some switches for our new datacenter that will be all 10GbE. In this pic: 6509-V-E, Nexus 5010, ASR 1002, everything is redundant with VSS. Using the 5010's for top of rack aggregation back to the core. I have all this stuff running in the back of my office, no extra A/C. Get's about 82 degrees in there.

That looks extremely similar to what we might do for our data center. But we were planning on just keeping everything layer2 with cross chassis port channels between Nexus 5020s and the servers. What kind of topology are you going to use?

# ? Jun 16, 2010 16:44

brent78: Jun 23, 2004; I killed your cat, you druggie bitch.

Powercrazy posted:

That looks extremely similar to what we might do for our data center. But we were planning on just keeping everything layer2 with cross chassis port channels between Nexus 5020s and the servers. What kind of topology are you going to use?

That's exactly what we're doing. Everything is layer2 between the blades using the nexus 2050 switches as an aggregation layer. 10 GbE down to each blade chassis (Flex10) and 20 Gbps up to the core using VSS. The only traffic going up to the 6509's is out to the Internet. The ASR 1002's are used for VPN traffic between data centers. I can't really go in to much more detail than that.

brent78 fucked around with this message at 16:58 on Jun 16, 2010

# ? Jun 16, 2010 16:54

ate shit on live tv: Feb 15, 2004; by Azathoth

Must be nice have blade chassis with 10G uplinks, lots of ours have individual 1G links which makes it a pain especially since Dell and Cisco went separate ways.

# ? Jun 16, 2010 17:43

jwh: Jun 12, 2002

Powercrazy posted:

Must be nice have blade chassis with 10G uplinks, lots of ours have individual 1G links which makes it a pain especially since Dell and Cisco went separate ways.

M6220s are HORRIBLE HORRIBLE HORRIBLE and I feel your pain.

# ? Jun 16, 2010 19:44

ate shit on live tv: Feb 15, 2004; by Azathoth

Imagine replacing all your Cisco/Dell 3032's with 3560s and what a mess of poo poo that is....

# ? Jun 16, 2010 19:59

H.R. Paperstacks: May 1, 2006; This is America
My president is black
and my Lambo is blue

Powercrazy posted:

^^^
Go back to the private sector, government work is soul crushing.

Money is too good

# ? Jun 16, 2010 20:14

brent78: Jun 23, 2004; I killed your cat, you druggie bitch.

Powercrazy posted:

Must be nice have blade chassis with 10G uplinks, lots of ours have individual 1G links which makes it a pain especially since Dell and Cisco went separate ways.

We have 10G all the way down to the blade. I could team to get 20 Gbps, but that's just ridiculous. I wish Cisco made 10GbE switches for the blade chassis so I could run VSS, but now that HP purchased 3COM... well lets just say HP and Cisco won't be working on much together anymore.
http://h18000.www1.hp.com/products/blades/components/ethernet/10-10gb-f/index.html

# ? Jun 16, 2010 22:29

Pussy Noise: Aug 1, 2003

Peanutmonger posted:

We had problems with FWSMs dropping packets with option-82 information that was fixed in 4.x with the "dhcprelay information trust-all" command. Wouldn't be surprised if they have "features" that cause other DHCP packets to get dropped as well.

Thanks for the response. I hate all these features on the FWSM that you can't loving disable or enable or do anything about. In any case, I finally managed to find a consistent log message that correlates with the dropped DHCPOFFER, and it's:

code:

DHCPRA: dhcp_relay_agent_receiver:can't find binding

ok great but why does it work for the three other VLANs and not for this one where the configuration and packet captures are identical?!

I so do not trust this box anymore and am really happy with the way the SRX deployment is panning out, but it looks like the FWSM is not about to let go of its customers without a fight..

# ? Jun 16, 2010 22:45

Pussy Noise: Aug 1, 2003

Haha, our SCCM server suddenly stopped being able to connect to any hosts on a certain network segment this morning, and literally nothing helped short of reloading the FWSM. Die.

# ? Jun 17, 2010 04:00

Richard Noggin: Jun 6, 2005; Redneck By Default

Not exactly Cisco related (although they'll be terminating in an 1841): is it kosher to wire up a second smart jack using the two unused pairs on an existing cable? I have a customer who is switching from a single T1 to a pair of bonded T1s. The demarc is at the opposite end of the building from the data closet and I'd rather not have to pull another cable through their tiny crawlspace attic.

# ? Jun 17, 2010 16:03

ragzilla: Sep 9, 2005; don't ask me, i only work here

Richard Noggin posted:

Not exactly Cisco related (although they'll be terminating in an 1841): is it kosher to wire up a second smart jack using the two unused pairs on an existing cable? I have a customer who is switching from a single T1 to a pair of bonded T1s. The demarc is at the opposite end of the building from the data closet and I'd rather not have to pull another cable through their tiny crawlspace attic.

T1 only uses 2 pairs (Blue/Orange) so it'll work just fine.

# ? Jun 17, 2010 16:21

Syano: Jul 13, 2005

Richard Noggin posted:

Not exactly Cisco related (although they'll be terminating in an 1841): is it kosher to wire up a second smart jack using the two unused pairs on an existing cable? I have a customer who is switching from a single T1 to a pair of bonded T1s. The demarc is at the opposite end of the building from the data closet and I'd rather not have to pull another cable through their tiny crawlspace attic.

Technically speaking no you shouldnt do this due to danger of crosstalk. Practically speaking though it should be fine.

# ? Jun 17, 2010 16:30

CrazyLittle: Sep 11, 2001; Clapping Larry

Syano posted:

Technically speaking no you shouldnt do this due to danger of crosstalk. Practically speaking though it should be fine.

Eh, T1 crosstalk would be rare considering that lots of T1s are installed on 25-50pair riser cable. Two T1 circuits in a single cat5 would be trivial. Crosstalk would be a much bigger problem if they were trying to put two ethernet connections in a single cat5.

# ? Jun 17, 2010 16:49

ragzilla: Sep 9, 2005; don't ask me, i only work here

Syano posted:

Technically speaking no you shouldnt do this due to danger of crosstalk. Practically speaking though it should be fine.

When your T1 comes from the CO it's bundled into 100+ pair F1 and F2 cables, sitting in the same binder as other T1s, ISDN, Voice and xDSL circuits. Crosstalk isn't an issue.

# ? Jun 17, 2010 16:49

CrazyLittle: Sep 11, 2001; Clapping Larry

ragzilla posted:

When your T1 comes from the CO it's bundled into 100+ pair F1 and F2 cables, sitting in the same binder as other T1s, ISDN, Voice and xDSL circuits. Crosstalk isn't an issue.

I haven't ever seen a CO-based T1. In San Francisco they're always running DSL/HDSL to the MPOE, and then using a smart jack to convert it to T1. But yeah, it's coming in over 100+ pair cables from the street, and then 25-50pair cables in the riser closets

# ? Jun 17, 2010 16:51

Syano: Jul 13, 2005

I understand that. Thats why I said practically speaking it wasnt an issue. However, from the early days of T1s the standard practice was to use shielded cable from from the CPE to CSU because of danger of crosstalk. I used to be a cable jockey for a firm back in the 90s and shielded is all we ever used.

quote:

When your T1 comes from the CO it's bundled into 100+ pair F1 and F2 cables, sitting in the same binder as other T1s, ISDN, Voice and xDSL circuits. Crosstalk isn't an issue.

I have 12 T1s being delivered over a fiber ring. Sometimes even electricity isnt an issue.

Syano fucked around with this message at 16:57 on Jun 17, 2010

# ? Jun 17, 2010 16:54

ragzilla: Sep 9, 2005; don't ask me, i only work here

CrazyLittle posted:

I haven't ever seen a CO-based T1. In San Francisco they're always running DSL/HDSL to the MPOE, and then using a smart jack to convert it to T1. But yeah, it's coming in over 100+ pair cables from the street, and then 25-50pair cables in the riser closets

We're copper rich out here in the midwest so HDSL to SJ T1s are the exception rather than the rule. We even have AT&T sometimes try to bring in new T1s that way instead of dropping it off their OC12 shelf.

# ? Jun 17, 2010 16:57

ate shit on live tv: Feb 15, 2004; by Azathoth

So I'm pondering something. You can put a Loopback interface on a Layer 2 switch, like a 2960 or whatever. My question is why? If you configure the ip address to overlap with a vlan on the switch it throws an error, and if you have a non-overlapping IP Address then I assume you can't actually get to it with out setting a static route from a router, and even then would the switch respond? What vlan would this Loopback interface be in?

# ? Jun 17, 2010 17:00

some kinda jackal: Feb 25, 2003; �
�

I can't think of a good reason for a loopback on a L2 switch. Probably just an IOS holdover.

# ? Jun 17, 2010 17:26

inignot: Sep 1, 2003; WWBCD?

I think on layer 2 only switches you can only have one layer 3 interface.

# ? Jun 17, 2010 17:53

some kinda jackal: Feb 25, 2003; �
�

Powercrazy posted:

So I'm pondering something. You can put a Loopback interface on a Layer 2 switch, like a 2960 or whatever.

Yeah I just booted my 2950 lab stack out of curiosity and it won't let me add a loopback interface so only one L3 interface like inignot said

By which I mean, loopback is in the int help list, but it returns a syntax error.

# ? Jun 17, 2010 18:09

ate shit on live tv: Feb 15, 2004; by Azathoth

Martytoof posted:

Yeah I just booted my 2950 lab stack out of curiosity and it won't let me add a loopback interface so only one L3 interface like inignot said

By which I mean, loopback is in the int help list, but it returns a syntax error.

depending on what version of code you have 2950s won't let you create them, however a 2960 will.

pre:

_{Switch   Ports  Model              SW Version              SW Image            
------   -----  -----              ----------              ----------          
*    1   24     WS-C2960G-24TC-L   12.2(35)SE1             C2960-LANBASEK9-M   


Configuration register is 0xF

la2960a-f10-0503#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
la2960a-f10-0503(config)#int lo0
la2960a-f10-0503(config-if)#ip address 1.1.1.1 255.255.255.255
la2960a-f10-0503(config-if)#
la2960a-f10-0503#sh ip int bri
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES NVRAM  administratively down down    
Vlan69                 10.30.248.201   YES NVRAM  up                    up      
~snip~    
Loopback0              1.1.1.1         YES manual up                    up      
la2960a-f10-0503#}

# ? Jun 17, 2010 20:04

Bardlebee: Feb 24, 2009; Im Blind.

I am very new to the cisco IOS: I got my CCENT 6 months ago, so a lot of the information has come and gone out of my head from non-use. I am simply trying to setup NAT so that my router can get information from the internet and share it with its users via DHCP. Very basic.

I got DHCP to work, but I am having a hell of a time finding tutorials on setting up NAT.

It is a static business IP address that I have, this router will be replacing another router so I have some information from the one implemented currently:

code:

Network Address: 192.168.2.1
IP Address: 111.111.111.111 (As seen outside)<---business IP
subnet: 255.255.255.240
Default Gateway: 111.111.111.112 
Primary DNS: (DNS IP)
Secondary DNS: (DNS 2 IP)

This is on what is known as a RouteFinder RF820, a retail router worth 150 dollars. I am replacing it with an 1811 Cisco, here is my show run:

code:



Current configuration : 3427 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WG-STSC
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3872896560
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3872896560
 revocation-check none
 rsakeypair TP-self-signed-3872896560
!
!
crypto pki certificate chain TP-self-signed-3872896560
 certificate self-signed 01
  30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33383732 38393635 3630301E 170D3130 30363136 31343536
  32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38373238
  39363536 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BE8A B5790460 A9253C5A 38A1933A 19925684 71E3593E F352827B CA66CCC1
  024EEC73 63C2FB7E DE069B52 F335D5EA A1A0839F A9E6104E EC45ABFA 8DA03006
  BD0FE01F 35D15726 8D8E23E5 21BCD930 D220CE65 4528F3DC BA15C82F 4720549B
  5EA44127 8DA7E630 EC359BC4 502C5E31 9DC8DA5E FF3D0393 DE10ED8D BC0013F5
  2FD30203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
  551D1104 15301382 1157472D 53545343 2E496E64 69612E63 6F6D301F 0603551D
  23041830 16801417 6C5BC22E 35E8A602 309904DA 180631A7 7880D930 1D060355
  1D0E0416 0414176C 5BC22E35 E8A60230 9904DA18 0631A778 80D9300D 06092A86
  4886F70D 01010405 00038181 0041C145 0FFDC369 72DA107F 0FF5AC48 A2723BF3
  744FAB5F F373DCBE 116F73C8 B6D4B5B2 28DEE4E3 03AC2005 3E11F790 9792445F
  8DB5EAFF 3C40B97F B72DCDD5 974CF177 65E982F4 697D5997 1C557D70 DB419674
  EEF1F0CA CDE6C097 9E6C0089 13DA6D1B 59EE723B 3F35FCDE 48DB12FA EEF1ABC9
  7F4AFB66 8A0840E4 1CA28ACF B4
        quit
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool 192.168.2.0/24
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
!
!
ip domain name WGSTSC
!
multilink bundle-name authenticated
!
!
username admin privilege 15 secret 5 $1$okPG$sSaKRYxgE8z7A/oZYTN9k0
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 no ip address
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
 speed 100
!
interface Vlan1
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Vlan1 overload
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input telnet ssh
line vty 16
 privilege level 15
 login local
 transport input all
!
end

sh ip int brief:

code:

Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES manual up                    down
FastEthernet1              unassigned      YES NVRAM  up                    down
FastEthernet2              unassigned      YES unset  up                    down
FastEthernet3              unassigned      YES unset  up                    down
FastEthernet4              unassigned      YES unset  up                    down
FastEthernet5              unassigned      YES unset  up                    down
FastEthernet6              unassigned      YES unset  up                    down
FastEthernet7              unassigned      YES unset  up                    down
FastEthernet8              unassigned      YES unset  up                    down
FastEthernet9              unassigned      YES unset  up                    up  
Vlan1                      192.168.2.1     YES manual up                    up  
Async1                     unassigned      YES NVRAM  down                  down
NVI0                       unassigned      YES unset  administratively down down

I have done a lot since attempting to enact NAT, so it may looked pretty messed up in that attempt. I do however have DHCP running fine. Not expecting a magical answer, if any of you have a solid link I can use as well, that would work too...

# ? Jun 18, 2010 17:41

ate shit on live tv: Feb 15, 2004; by Azathoth

Basic nat looks like this:

ip nat inside source list 102 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.7 6113 interface FastEthernet4 6113
ip nat inside source static udp 10.10.10.7 6113 interface FastEthernet4 6113
ip nat inside source static tcp 10.10.10.7 6115 interface FastEthernet4 6115
ip nat inside source static tcp 10.10.10.9 6116 interface FastEthernet4 6116
access-list 102 permit ip 10.10.10.0 0.0.0.255 any

Obviously you'll want to remove the static bindings if you have a lot of users connecting to the outside and of coruse change the itnerface to whatever your outisde interface is. But using the context help and/or the online cisco documentation should help you.

Are you currently connected to the outside world? I don't see a public facing IP address anywhere.
http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Also if you are using SSH, disable telnet as telnet is inherently unsecure.

So change:
line vty 5 15
transport input telnet ssh

to:
line vty 5 15
privilege level 15
transport input ssh

ate shit on live tv fucked around with this message at 18:07 on Jun 18, 2010

# ? Jun 18, 2010 18:04

Bardlebee: Feb 24, 2009; Im Blind.

Powercrazy posted:

Basic nat looks like this:

ip nat inside source list 102 interface FastEthernet4 overload
ip nat inside source static tcp 10.10.10.7 6113 interface FastEthernet4 6113
ip nat inside source static udp 10.10.10.7 6113 interface FastEthernet4 6113
ip nat inside source static tcp 10.10.10.7 6115 interface FastEthernet4 6115
ip nat inside source static tcp 10.10.10.9 6116 interface FastEthernet4 6116
access-list 102 permit ip 10.10.10.0 0.0.0.255 any

Obviously you'll want to remove the static bindings if you have a lot of users connecting to the outside and of coruse change the itnerface to whatever your outisde interface is. But using the context help and/or the online cisco documentation should help you.

Are you currently connected to the outside world? I don't see a public facing IP address anywhere.
http://www.cisco.com/en/US/technologies/tk648/tk361/tk438/technologies_white_paper09186a0080091cb9.html

Also if you are using SSH, disable telnet as telnet is inherently unsecure.

So change:
line vty 5 15
transport input telnet ssh

to:
line vty 5 15
privilege level 15
transport input ssh

See thats the thing, I don't know how to setup the public IP address

I will be connecting to the internet via my faste0, which for these purposes my outside address is 111.111.111.111. When you state public address you are talking about my static IP given to me by my ISP correct?

Did I do right by making my inside lan on my VLAN1? The 192.168.2.0, so would it look like this?

ip nat inside source list 102 interface Vlan1 overload
ip nat inside source static tcp 192.168.2.1 6113 interface Vlan1 6113
access-list 102 permit ip 192.168.2.0 0.0.0.255 any

# ? Jun 18, 2010 20:36

some kinda jackal: Feb 25, 2003; �
�

Just throw your public address on the fast0 interface.

int fast0
ip address 111.111.111.111 255.255.255.xxx

# ? Jun 18, 2010 21:26

Harry Totterbottom: Dec 19, 2008

Martytoof posted:

Just throw your public address on the fast0 interface.

int fast0
ip address 111.111.111.111 255.255.255.xxx

This works as long as you don't have to use any other type of authentication with your ISP (ie PPPoE).

# ? Jun 18, 2010 21:29

some kinda jackal: Feb 25, 2003; �
�

Harry Totterbottom posted:

This works as long as you don't have to use any other type of authentication with your ISP (ie PPPoE).

Oh right. I just assumed for lack of information he wasn't authenticating.

Also you'll probably need this to get packets out to your ISP:

ip route 0.0.0.0 0.0.0.0 111.111.111.112

# ? Jun 18, 2010 21:34

ate shit on live tv: Feb 15, 2004; by Azathoth

Bardlebee posted:

See thats the thing, I don't know how to setup the public IP address

I will be connecting to the internet via my faste0, which for these purposes my outside address is 111.111.111.111. When you state public address you are talking about my static IP given to me by my ISP correct?

Did I do right by making my inside lan on my VLAN1? The 192.168.2.0, so would it look like this?

ip nat inside source list 102 interface Vlan1 overload
ip nat inside source static tcp 192.168.2.1 6113 interface Vlan1 6113
access-list 102 permit ip 192.168.2.0 0.0.0.255 any

ip nat inside (source) access-list (outside interface).

So your inside source is the network described by your access-list in this case 192.168.2.0/24. The interface is your outside interface Fa0. Then when you add the static route that martytoof described you should be ready to go. Ping 8.8.8.8 or whatever so that you can verify connectivity then add your nat commands.

You don't need static nat unless you are doing port forwarding. So just the one "ip nat inside source list..." should suffice.

http://powercrazy.fishmech.net/stuff/Router.txt

That is a complete router config for a Cisco 851W. Obviously it won't all apply to you, but you can see some context for my Nat statements etc.

# ? Jun 18, 2010 21:46

Bardlebee: Feb 24, 2009; Im Blind.

First time I attempted NAT I did it in the SDM, which obviously did not work very well... now that I changed these settings in any case my newly created NVI0 port is administratively down. Should I be concerned with this?

Going to test this baby out tonight.

Thank you guys ill let you know how it goes.

My sh run, in case I missed something... By the way I don't think ill need statics just yet as its basically everyone just sharing internet in my office...

111.111.111.111 = outside
111.111.111.112 = default gateway

code:


!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname WG-STSC
!
boot-start-marker
boot-end-marker
!
no logging buffered
!
no aaa new-model
!
crypto pki trustpoint TP-self-signed-3872896560
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3872896560
 revocation-check none
 rsakeypair TP-self-signed-3872896560
!
!
crypto pki certificate chain TP-self-signed-3872896560
 certificate self-signed 01
  30820249 308201B2 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33383732 38393635 3630301E 170D3130 30363136 31343536
  32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 38373238
  39363536 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BE8A B5790460 A9253C5A 38A1933A 19925684 71E3593E F352827B CA66CCC1
  024EEC73 63C2FB7E DE069B52 F335D5EA A1A0839F A9E6104E EC45ABFA 8DA03006
  BD0FE01F 35D15726 8D8E23E5 21BCD930 D220CE65 4528F3DC BA15C82F 4720549B
  5EA44127 8DA7E630 EC359BC4 502C5E31 9DC8DA5E FF3D0393 DE10ED8D BC0013F5
  2FD30203 010001A3 71306F30 0F060355 1D130101 FF040530 030101FF 301C0603
  551D1104 15301382 1157472D 53545343 2E496E64 69612E63 6F6D301F 0603551D
  23041830 16801417 6C5BC22E 35E8A602 309904DA 180631A7 7880D930 1D060355
  1D0E0416 0414176C 5BC22E35 E8A60230 9904DA18 0631A778 80D9300D 06092A86
  4886F70D 01010405 00038181 0041C145 0FFDC369 72DA107F 0FF5AC48 A2723BF3
  744FAB5F F373DCBE 116F73C8 B6D4B5B2 28DEE4E3 03AC2005 3E11F790 9792445F
  8DB5EAFF 3C40B97F B72DCDD5 974CF177 65E982F4 697D5997 1C557D70 DB419674
  EEF1F0CA CDE6C097 9E6C0089 13DA6D1B 59EE723B 3F35FCDE 48DB12FA EEF1ABC9
  7F4AFB66 8A0840E4 1CA28ACF B4
        quit
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool 192.168.2.0/24
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
!
!
ip domain name WGSTSC
!
multilink bundle-name authenticated
!
!
username admin privilege 15 secret 5 $1$okPG$sSaKRYxgE8z7A/oZYTN9k0
!
!
archive
 log config
  hidekeys
!
!
!
!
!
interface FastEthernet0
 ip address 111.111.111.111 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
 speed 100
!
interface Vlan1
 ip address 192.168.2.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Async1
 no ip address
 encapsulation slip
!
ip forward-protocol nd
ip route 192.168.2.0 255.255.255.0 111.111.111.112
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source list 1 interface Vlan1 overload
ip nat inside source list 102 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.2.1 6113 interface FastEthernet0 6113
!
access-list 1 remark SDM_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 102 permit ip 192.168.2.0 0.0.0.255 any
!
!
!
!
!
!
control-plane
!
!
line con 0
line 1
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
line vty 0 4
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 privilege level 15
 login local
 transport input ssh
line vty 16
 privilege level 15
 login local
 transport input all
!
end

# ? Jun 21, 2010 14:58

n0tqu1tesane: May 7, 2003; She was rubbing her ass all over my hands. They don't just do that for everyone.; Grimey Drawer

Your ip route command is wrong. Unless, of course, you want to send all requests which are intended for inside the network to outside the network.

should be:

ip route 0.0.0.0 0.0.0.0 111.111.111.112

That way it will send requests for anything not locally connected to the outside network.

EDIT:

Also, you don't have any DNS servers set in your DHCP pool. Not really a problem, but unless you've manually set DNS servers on each of your clients you could possibly run into issues.

n0tqu1tesane fucked around with this message at 15:12 on Jun 21, 2010

# ? Jun 21, 2010 15:08

some kinda jackal: Feb 25, 2003; �
�

ip route is to add routes to remote networks, so unless you are trying to route all traffic destined for 192.168.2.0/24 to 111.111.111.112 I think you want something like this instead:

ip route 0.0.0.0 0.0.0.0 111.111.111.112

e: drat it n0tqu1tesane _{_{I went to make some tea before I hit submit}}

some kinda jackal fucked around with this message at 15:12 on Jun 21, 2010

# ? Jun 21, 2010 15:10

Bardlebee: Feb 24, 2009; Im Blind.

n0tqu1tesane posted:

Your ip route command is wrong. Unless, of course, you want to send all requests which are intended for inside the network to outside the network.

should be:

ip route 0.0.0.0 0.0.0.0 111.111.111.112

That way it will send requests for anything not locally connected to the outside network.

EDIT:

Also, you don't have any DNS servers set in your DHCP pool. Not really a problem, but unless you've manually set DNS servers on each of your clients you could possibly run into issues.

Would the DNS be my internal DNS server or the default gateway of the ISP? For example, my DNS Server is also my DC, which is 192.168.2.113.

dns-server 192.168.2.113

# ? Jun 21, 2010 15:42

Adbot: ADBOT LOVES YOU

# ? May 13, 2024 00:15

n0tqu1tesane: May 7, 2003; She was rubbing her ass all over my hands. They don't just do that for everyone.; Grimey Drawer

Bardlebee posted:

Would the DNS be my internal DNS server or the default gateway of the ISP? For example, my DNS Server is also my DC, which is 192.168.2.113.

dns-server 192.168.2.113

If you've got an internal DNS server, use that. Otherwise your ISP generally provides some, but it's generally not your default gateway. Google and OpenDNS provide free DNS services as well.

# ? Jun 21, 2010 15:51

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cisco Short Questions Thread v12.4.9(WTF)

«‹›431 »