Ok, well I picked up a 2600 to play with and Ive been having fun but I have just hit a brick wall and I cannot see the solution.

For playing around purposes I am hooked into the router via console. Eth0/0 is hooked into my SMC Router. All I am trying to do (atm) is get Eth0/0 to pickup an IP and access the web via my existing LAN:

Internet <-> SMC <-> Eth0/0 | 2600 <-> Console <-> Laptop

I can get the IP leased and the router can ping my internal network (192.168.1.x) but pinging the web fails.

Included below is my unabridged config, can anyone see the obvious mistake ??



I am guessing that its the incoming filter but removing the access-lists does not fix the problem :/

Any ideas, anyone ?

Ok, this works:

In as much as the Router can use Eth0/0 to ping the outside world and the intermediate LAN:

What exactly are you trying to achieve? Your internal interface is shut at the minute - is that on purpose?

Also - why do you have the netmask 255.255.255.255 on the default route?

First thing I would do is update the code. PM me if you havent got a CCO login and Ill send you the latest IOS - I need to know from your sh ver how much memory you have onboard first tho, and what variant of 2600 series it is (2621/31/etc)

The reason you cant ping from the internal interface to the www is most likely that your SMC device doesnt know the route back. My experience with SMC routers is that they are little more than internet gateway devices - therefore youre going to have to setup NAT/PAT

Your first config would have worked if you just put a default route to the ADSL router address.

He did have one:

ip route 0.0.0.0 0.0.0.0 Ethernet0/0

but the device on the end of that probably doesnt know the route back

Hi chaps,

I would love to get the latest IOS, Ive tried emailing Cisco using a support advisory that stats I should get it but Ive not had a response.

Ill get the rest of the details a little later if the offer is still open

Youre right about my original configs being sh*te, Ive done a lot of reading since and got the setup working for basic NAT usage. *fingers crossed* that I can get IOS 12.4 off of you as that should allow me to setup some network-objects that might just allow me to get MSN working properly.

Cisco wont give you anything without a support contract - so theres no point in doing that!

You should start off by allowing everything out and everything in that is established then start locking down - its not too difficult - just a bit of patience required if you dont work with the things every day!

Hi Mark,

Here is the show ver output:


Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-IO3-M), Version 12.2(28a), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2005 by cisco Systems, Inc.
Compiled Mon 28-Mar-05 19:19 by kellmill
Image text-base: 0x8000808C, data-base: 0x80A6EE6C

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
ROM: C2600 Software (C2600-IO3-M), Version 12.2(28a), RELEASE SOFTWARE (fc2)

7Six2600 uptime is 2 days, 6 hours, 0 minutes
System returned to ROM by reload at 17:34:00 GMT Thu Nov 2 2006
System restarted at 17:35:19 GMT Thu Nov 2 2006
System image file is "flash:c2600-io3-mz.122-28a.bin"

cisco 2611 (MPC860) processor (revision 0x203) with 28672K/4096K bytes of memory.
Processor board ID JAD04250B6N (1375730044)
M860 processor: part number 0, mask 49
Bridging software.
X.25 software, Version 3.0.0.
2 Ethernet/IEEE 802.3 interface(s)
32K bytes of non-volatile configuration memory.
8192K bytes of processor board System flash (Read/Write)

Configuration register is 0x2102




I am trying to get the router to run in my home, initially as a single WAN interface NAT router. I need to support P2P comms (Skype) and MSN. Additionally I need to be able to create PPTP tunnels in both directions.
Eventually I will be sticking in a DSL WIC and using that for some redundancy / loose load balanacing.

I am quite happy playing around with configs and learning how to use (and configure) the equipment, I like a challenge where I learn something new

My current config looks like this BUT I know its not right as I am basically letting almost all traffic in through the external interface and relying on NAT to stop unwanted stuff from entering the LAN. This was the only mechanisim I have found to enable MessengerLive! Audio/Video to work; it uses dynamic UDP port allocation  (over uPNP) and Cisco stuff doesnt do uPNP !


version 12.2
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname 7Six2600
!
logging console notifications
enable secret 5
enable password
!
clock timezone GMT 0
ip subnet-zero
no ip source-route
ip cef
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.76.1 192.168.76.9
!
ip dhcp pool 7sixLAN
   network 192.168.76.0 255.255.255.0
   default-router 192.168.76.3
   domain-name 7six
   dns-server 4.2.2.1 4.2.2.2
   netbios-node-type h-node
   lease 5
!
ip inspect max-incomplete high 1100
ip inspect max-incomplete low 900
ip inspect one-minute high 1100
ip inspect one-minute low 900
ip inspect name Ethernet0_0 cuseeme
ip inspect name Ethernet0_0 h323
ip inspect name Ethernet0_0 rcmd
ip inspect name Ethernet0_0 realaudio
ip inspect name Ethernet0_0 streamworks
ip inspect name Ethernet0_0 vdolive
ip inspect name Ethernet0_0 sqlnet
ip inspect name Ethernet0_0 tftp
ip inspect name Ethernet0_0 ftp
ip inspect name Ethernet0_0 sip
ip inspect name Ethernet0_0 fragment maximum 256 timeout 1
ip inspect name Ethernet0_0 netshow
ip inspect name Ethernet0_0 rtsp
ip inspect name Ethernet0_0 skinny
ip inspect name Ethernet0_0 tcp
ip inspect name Ethernet0_0 udp
ip audit notify log
ip audit po max-events 100
!
!
!
interface Ethernet0/0
 description WAN Connection (NTL)
 bandwidth 10000000
 ip address dhcp
 ip access-group 101 in
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip accounting access-violations
 ip nat outside
 ip inspect Ethernet0_0 out
 full-duplex
 no cdp enable
!
interface Ethernet0/1
 description LAN Connection
 bandwidth 10000000
 ip address 192.168.76.3 255.255.255.0
 ip nat inside
 full-duplex
 fair-queue
 hold-queue 32 in
!
ip nat inside source list 1 interface Ethernet0/0 overload
ip classless
ip route 0.0.0.0 255.255.255.255 Ethernet0/0
no ip http server
!
logging source-interface Ethernet0/0
access-list 1 permit 192.168.76.0 0.0.0.255
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 101 permit icmp 192.168.1.0 0.0.0.255 any
access-list 101 deny   ip 192.168.0.0 0.0.255.255 any
access-list 101 permit tcp any any established
access-list 101 permit udp any any
access-list 101 permit ip any any
access-list 101 permit gre any any
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any packet-too-big
access-list 101 deny   icmp any any
access-list 101 deny   tcp any any eq ftp
no cdp run
!
line con 0
line aux 0
line vty 0 4
 session-timeout 15
 access-class 1 in
 password
 login
!
ntp clock-period 17208760
ntp server 207.46.232.189
end


Any advice / pointers welcomed and if you can get that IOS update for me I would be very greatful

One quick point. Id set the speed on the interfaces too, the bandwidth statement does bugger all if youre not using a dynamic routing protocol.

How do you do that ?

Ive had a look through the entire IOS and I cannot see anyway to force the speed of the connection other than by bandwidth ? Maybe the speed is something you can do on a Dialup interface and not an Ethernet ?

Its the speed command in the interface sub-context.

But as youve only got Ethernet (10Mb) not FastEthernet interfaces it wont be available to you. (I should learn to read one of these days)

As I said before the bandwidth command doesnt do anything physically to the interface its purely used as a metric for dynamic routing protocols so in this instance its redundant.

If you were to use it youll want to have 10240 in there which is the actual datarate (in kilobits) of a 10Mb Ethernet line.

Ahhh I see, well at least that means I am not going blind