Using Private IP to Simulate ISP - unable to ping WAN IP`s - frustrated :*(
I had a question as I was following some instructions from video in CCNA where they discuss sestting up Router 2 being able to get to the LAN. I have kids and they groan and moan alot about their xbox (sigh). So I tried to plug my main router into my linksys router and simulate a WAN.
Maybe what I am doing is not possible and that is why its not working. However I followed the videos step by step. I didnt want to bother anyone so I posted on the Cisco site but nobody seems to be touching the post and since I dont really have any mentors, and nobody to really help me. I figure out most things on my own but Im kind of stuck here. I dont know if I am wating my time trying to do this or not. I was basically trying to get it running so I can practice all my CCNA stuff.
Anyway I dont expect any professionals to try to spend alot of time trying to go over my problem in depth, I realise everyone is busy, and I dont want to take up valuable time but if someone could maybe just take a breif glance I would really be appreciative.
Below is the link of my posting:
https://supportforums.cisco.com/thread/2156142
======BELOW is the info I posted on that site===============
"
Hi I have a home lab network that is connected to my internet. I basically have a linksys router connected to cable modem and in order for my families internet to not go down while testing and learning my CCNA I am trying to treat the Linksys as the ISP.
1. Plugged my 891W router via FASTETHERNET 8 (192.168.1.10) into LAN Switch port 1 of my Linksys E4200 home router(192.168.1.1).
2. I plugged my 891W Gigabit 0 (10.10.10.1) LAN side into my 2950 Catalyst Switch (10.10.10.5 - VLAN 1)
3. my 2950 Catalyst switch (10.10.10.5 - Vlan 1) is plugged into my 2600 series router via the routers FE port (10.10.10.2).
There is a few more routers connected behind r2 but I am not dealing with them right now and there is also a switch connected into s1 but its not being used for this.
891w is labled r1
2950 is labled s1
2600 is labeled r2
I am running RIP Verison 2 for my network protocol.
r1 information below
----------------------------
r1#show ip protocols
*** IP Routing is NSF aware ***
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 24 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
GigabitEthernet0 2 2
Vlan4 2 2
wlan-ap0 2 2
Automatic network summarization is in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
10.10.10.2 120 00:00:02
Distance: (default is 120)
r1#
----------------------------
r1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.0.0/24 is directly connected, Vlan4
L 10.0.0.1/32 is directly connected, Vlan4
C 10.10.10.0/24 is directly connected, GigabitEthernet0
L 10.10.10.1/32 is directly connected, GigabitEthernet0
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/24 is directly connected, Vlan1
L 172.16.0.1/32 is directly connected, Vlan1
172.168.0.0/29 is subnetted, 1 subnets
R 172.168.0.0 [120/2] via 10.10.10.2, 00:00:19, GigabitEthernet0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, FastEthernet8
L 192.168.1.10/32 is directly connected, FastEthernet8
192.168.2.0/30 is subnetted, 1 subnets
R 192.168.2.0 [120/1] via 10.10.10.2, 00:00:06, GigabitEthernet0
r1#
------------------------------------
r1#ping 10.10.10.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r2#
-------------------------------------
===========================================================================================================
===================================================r1 configuration==========================================
show run br
Building configuration...
Current configuration : 3569 bytes
!
! Last configuration change at 16:50:46 UTC Fri Jun 22 2012
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname r1
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 ENCRYPTED STUFF
!
no aaa new-model
!
!
!
service-module wlan-ap 0 bootimage autonomous
!
crypto pki trustpoint "STUFF REMOVED"
!
ip source-route
!
!
ip dhcp excluded-address 10.0.0.1
ip dhcp excluded-address 172.16.0.1
!
ip dhcp pool Wireless
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 192.168.1.2
!
ip dhcp pool WIREDLAN
network 172.16.0.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.2
!
!
no ip cef
ip domain name MYDOMAINNAME
ip name-server 192.168.1.2
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891W-AGN-A-K9 sn XXXXXXXXX
!
!
archive
log config
hidekeys
username USERNAME privilege 15 secret 5 ENCRYPTEDSTUFF
!
!
!
!
!
bridge irb
!
!
!
!
interface FastEthernet0
spanning-tree portfast
!
!
interface FastEthernet1
spanning-tree portfast
!
!
interface FastEthernet2
spanning-tree portfast
!
!
interface FastEthernet3
spanning-tree portfast
!
!
interface FastEthernet4
shutdown
spanning-tree portfast
!
!
interface FastEthernet5
spanning-tree portfast
!
!
interface FastEthernet6
spanning-tree portfast
!
!
interface FastEthernet7
shutdown
spanning-tree portfast
!
!
interface FastEthernet8
description $ES_WAN$$FW_OUTSIDE$
ip address 192.168.1.10 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface GigabitEthernet0
description $ES_WAN$$FW_OUTSIDE$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface wlan-ap0
description Service module interface to manage the embedded AP
ip unnumbered Vlan4
arp timeout 0
!
!
interface Wlan-GigabitEthernet0
description Internal switch interface connecting to the embedded AP
switchport trunk native vlan 4
switchport mode trunk
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-HWIC 4ESW$CVO$$FW_INSIDE$
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan4
description $FW_INSIDE$
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
!
interface Async1
no ip address
encapsulation slip
!
!
router rip
version 2
network 10.0.0.0
network 192.168.2.0
!
no ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet8 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 1 permit any
!
!
!
!
!
!
control-plane
!
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
logging synchronous
login local
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin udptn ssh
line aux 0
line vty 0 4
privilege level 15
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
end
r1#
=======================================================================================================
=======================================================================================================
r2 information:
r2#show ip protocols
Routing Protocol is "rip"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Sending updates every 30 seconds, next due in 23 seconds
Invalid after 180 seconds, hold down 180, flushed after 240
Redistributing: rip
Default version control: send version 2, receive version 2
Interface Send Recv Triggered RIP Key-chain
FastEthernet0/0 2 2
Serial0/0 2 2
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
10.0.0.0
192.168.1.0
192.168.2.0
Routing Information Sources:
Gateway Distance Last Update
10.10.10.1 120 00:00:05
192.168.1.35 120 3d15h
192.168.1.1 120 4d13h
192.168.2.2 120 00:00:16
Distance: (default is 120)
-----------------------------------------
r2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
172.168.0.0/29 is subnetted, 1 subnets
R 172.168.0.0 [120/1] via 192.168.2.2, 00:00:25, Serial0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.10.10.0 is directly connected, FastEthernet0/0
R 10.0.0.0 [120/1] via 10.10.10.1, 00:00:14, FastEthernet0/0
192.168.2.0/30 is subnetted, 1 subnets
C 192.168.2.0 is directly connected, Serial0/0
---------------------------------
r2#ping 10.10.10.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
r2#
------------------------------------
2#ping 192.169.1.10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.169.1.10, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r2#
-------------------------------------
I can ping all over my homelab everything I can reach as long as I have a protocol up but I cannot reach the WAN IPs. I watched video by Jeremy Ciorara and I tried to follow the wan and nat part from a website
http://www.networkstraining.com/basic-cisco-800-router-configuration-for-internet-access/
And none of its working. I am not sure if this is a case where a private IP cannot function as a ISP and I am breaking some rule thats not mentioned in CCNA studies or if its something else.
I tried these commands from Jeremy Video:
r1(config)#ip access-list standard "NAT_ADDRESSES"
r1(config-std-nacl)#permit any
r1(config)ip nat inside source list NAT_ADDRESSES interface fastEthernet 8 overload
However they did not work it was pretty close to whats in the basic website up there I listed as well.
I think I went back to the basic configuration in the config file post above. Its really frustrating as I follow directions and they do not seem to work. I understand I am using my private 192.168.1.0 subnet as an ISP and maybe that has something to do with it but when yoru first learning and things dont work its kind of overwelming as you have problems seeing the big picture and dont yet trust in things you have learned as they are unfamiliar so its easy to get lost.
Anyway any asistance would be great. I will also keep trying to figure this out but so far I have only came up with non working ideas.
Thanks,
Brian
"
Thanks in advance for any help.
Respectfully,
Brian W Catlin
Brian,
I would be happy to help you with this configuration, it looks like fun. We might not get it working immediately, but I think what you are attempting to do is possible.
First, I need to understand the design clearly. If I'm reading your post correctly, this is what I got:
You have an internet connection going into a Linksys 4200. You then have a home network off some of the Linksys ports and a Lab network connected to one port on the Linksys, as depicted below:
Internet connection -> Linksys 4200
Linksys 4200 -> home network
Linksys 4200 -> Lab router (891)
There appears to be a lot of extra stuff in the configuration you posted. Unless you are planning on using the same network address space on your home network as in your lab, there shouldn't be a need for the NAT.
Here are a few things I've noticed that might help:
First thing that caught my eye, the default router is on a different network than the network identified in this dhcp pool. If the 4200 is acting as a DHCP server, you shouldn't need this in the 891. If the 891 is the DHCP server, you'll want to change the network to 192.168.1.0.
ip dhcp pool WIREDLAN network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.2
Second thing that caught my eye is the ping results posted are for the incorrect network. Shouldn't this be 192.168.1.10
2#ping 192.168.1.10
Third, ditch the NAT unless you know you need it. It's only going to complicate things; and unless you need to "hide" your lab devices from your kid's xbox, it's just going to be another thing that keeps this from working.
Finally, is the RIP just for your lab or is the RIP between the 891 and 4200? You might want to disable auto summarization to make things more specific. Do this with the "no auto-summary" command under router rip. And if you do disable auto summary, do it on all the routers running RIP.
Let me know if this helps and feel free to post more questions. Thanks!
If having your lab network share your Internet connection with your home network is what you are trying to achieve, then that is totally possible.
To your first question, I would urge you to use RFC 1918 compliant addresses because you could inadvertently deny yourself from getting to the real 184 network or whichever one you use. It doesn't make a difference if you use a public address space or private, it will all work the same (they are all networks). What matters is that if you have two routed interfaces on your router, they need to be in different networks. I like to think of them as bubbles. If you have one bubble connected to one interface, it can't touch another bubble, otherwise they'll pop. So, consider your home network one bubble, then make your lab network another bubble. Make sure you use unique network address space for each bubble, and you should be ok.
The next step is being able to route between everything. Once you've clearly configured unique networks on each side of the router, you might need RIP or Static routes to tell the routers how to get to networks that aren't directly connected. From what I can tell in your show commands above, you've got the static default route setup correctly. If you want to route from your home network to your lab network, the linksys is going to need to have a static route configured to point back to the 891's interface (or you could do host routes on your home computers).
My main point with saying ditch the NAT is I'd recommend getting familiar with the different routing and subnetting concepts first. I'm not saying ditch NAT permanently, just try taking things one step at a time, otherwise you might not know what is breaking the communication and it'll make it harder to troubleshoot the real problem.
I hope this helps answer your questions. Keep at it and I'm sure you'll get it working.
I had to go look up RFC 1918, and those are the IP`s I went with or was trying to use. So I should be good on those. I wondered what happened if you used IPs besides those and I guess we know as according to the post the ISP can block out other IP`s. Though they according to the videos they drop private IP`s. However I guess they could cut you off period for using IP`s that are not private but do not belong to you. Thanks for the information I love little pieces of information like that. I really, really, love networking.
I work in IT all day long as (new to the position), Server Support Engineer(server side not networking side), and then come home and the majority of the nights work on networking and study, for my certs, and on top of that I am working on a bachelor degree in networking which hits both server side and networking; however I did not take summer classes so I can take at least my CCENT I, maybe the CCENT II but if I do both I really need to get busy seems like there is never enough time!
When you love the field it’s not work and it’s not a job it’s fun. It’s why I love the videos I can relate to the enthusiasm for networking.
The bubble analogy makes sense, and I was kind of looking at it similar to that, and I figured it had to be that way unless I wanted to setup a Dynamic NAT (which I have not studied in-depth yet as I have been stuck on other things but I know it’s primarily used when you have two different networks, that may have same IPs such as a corporation buys another corporation). I am working on keeping my subnets different however as you said.
I try to draw a diagram up with all the routers and subnets so I have a chart with all the subnets and routers listed, I just don’t know how to add pictures to the forum here or I would put up a nice little picture in. I suppose I could have used a free hosting website with a link.
I pulled up the gui for the Linksys and I found settings where I can set up the router to supply static IPs to a network so I will play with the Linksys, in addition I can also turn on RIP on the Linksys but to do that I think I have to turn off NAT so going with the NAT on the Linksys and statics IPs probably better than turning off the NAT and going with RIP. I will see if there is more options as well.
I think I you hit on the main problem I have had as well when you said the following:
“If you want to route from your home network to your lab network, the linksys is going to need to have a static route configured to point back to the 891's interface”
When I ask myself what is the difference between the ISP addresses and the Private addresses coming from my linksys I can make the logical guess based off what you said that the difference is the ISP has static addresses which point to my devices and modem. The Linksys does not, and its not setup to communicate back and forth. The ISP is most probably setup to communicate back and forth. So if my linksys will give me enough control to do that which I think I can do through the static routing as you suggest that might just fix the issue I hope.
I am hoping that r2 can ping 4.2.2.2 on the internet that’s my goal lol… right now I can only ping up to the LAN side of the R1 router which is 10.10.10.1
I am trying to make the R1 which is my 891w the choke point between the home internet and the lab, I almost like the old routers better than the new stuff lol.
The old routers have basic configs this new 891W came loaded with so much stuff that I didn’t know what 60% of it was and have slowly been trying to peel off as much as I can, and Google stuff non stop. I will say it’s been a crazy learning period, and I know a lot more now than before I bought it.
Oh btw you probably saw some old routes in RIP:
“192.168.1.1 120 4d13h”
that’s old information. I use to have my windows server plugged into s1 and all my switches and routers had 192.168.1.0 addresses same as my linksys and everything could communicate with each other as it was all on the same network.
I wanted to create different subnets though and separate so I unplugged the server from s1 and changed all those switches and routers over to new subnets which I listed. I will go in and make sure that I don’t have some old RIP routes still in there as that might mess with things as well.
I like the idea of peeling back the NAT, when I normally trouble shoot stuff I am comfortable around and as well as familiar the first thing I do is start with the basics. However, for me personally when I get in a new unfamiliar area I sometimes find that I don’t follow my basic trouble shooting steps like I should as its almost a lost feeling if you can understand what I am saying.
These conversations have definitely given me some new ideas and some increased my enthusiasm again so I can try some different approaches.
I am sure I will many more ruts but it’s good to get going moving in forward thinking process. I dont have anyone to talk to networking stuff about so having ideas tossed at me and hearing from another person is great, and makes it less lonely lol. I work in IT but all those guys are mainly server guys and helpdesk and not into the networking part. dont get me wrong server is fun to me as well and I love it also, but just not quite as much as the networking, and I tend to focus on what I am tring to do which is get my CCNA, then CCNP, and eventually CCIE.
Thanks for your assistance I will let you know if something interesting pops up.
Respectfully,
Brian
Hi,
I appreciate any assistance.
1,) You have my design laid out clearly. Cable Modem > Linksys > 891W plugged into port on Linksys.
2,) MY DHCP for my home network is done by my windows server 2008 R2. DHCP server is 192.168.1.2/24 network. It connects wirelessly to the linksys router. So for my home network I do not use my linksys router though I have emergency scope of DHCP addresess that I excluded on the Server 2008 R2 so that I can switch instantly to linksys if I screw up something on my server when experimenting with windows Server.
I use my Cisco Home Lab to learn the CCNA exam and study jeremy`s CCENT I and II videos. Thats why I dont want it for the main.
I take down the routers and switches and redo them practicing for the CCNA, so this would eventually get me beheaded at the house; as the wife likes Pentros on Iphone and the kids pulse stops if their xbox is down for very long.
I am just playing with the RIP Version 2 right now but soon will go to EIGRP, OSPF.
Jeremy in his videos has his main router connected to the internet and I think its an older version of my 891W. I was just trying to do the same thing but treat my linksys as the internet and plug into that and still get internet access to the 891W router.
That way I can mess it all up and hey no big deal I just erase the configs and start over.
I was studying the nugget video:
NAT: Command-line NAT Configuration
In this video he sets up NAT to the internet (I was tryign to setup my network as a fake internet and mimic this. Here is the thing, I dont know if what I am trying to do is break a rule or if the ISP is really no different than just another network and so the NAT should have worked. In otherwords I dont know enough about it to know if I am trying to break a concrete law if you will.
Thats why I was setting up NAT as I was following the instructions, the only difference is he did it to the ISP and I did it to my linksys router because I thought it would be the same.
I can try it from my ISP as well to test it. I know I have connected up to the ISP with the 891 and gotten to the internet and all my wireless worked as well. What I did not test prior is if I could ping from R2 to my ISP IP addresses.
Right now simulating my linksys IP network 192.168.1.0 as the ISP and acting like those are public IPs I cannot ping them from R2.
does it make a difference if its a private network like that or does it have to be like the 184.180.xxx.xxx which would be my actual static public IP?
So I can ditch the NAT but I was trying to learn NAT thats why I am doing it but maybe I am trying to learn NAT and doing somethign that is impossible and thats my problem. Thing is I have found nothing in my reading that says that is the problem so I am clueless.
I can also erase the wirelss but since I was not using the wireless right now didnt figure it was hurting the lan side. but I am not really ready for wireless in my studies yet that was just to get it working so I could use as my home router should I choose.
The RIP is not between the 891W and the E4200. I actually think the linksys may support RIP but the video series was to keep your network seperate from the public IP and NAT was another tool that allowed nothing from the outside to get to private IPs.
I will check into auto summarization.
Ok I have alot of typing here so sorry for that just trying to give you a feel for whats I am trying to do and whats going on.
I am ok if I am doing something not possible I will just change my goals and if need be plug directly into the cable modem, and work later in the evening. I was more worried not about recreating the wheel but making sure I am not missing some silly little piece of information that I should not be missing.
Anyway hope this clears up some headway in what I am after!
Respectfully,
Brian