Setting up Cisco router to share cable connection

methoselahmethoselah Posts: 49Member ■■□□□□□□□□
Upon reading about NAT and PAT, I decided it would be cool to use a Cisco router to share my cable modem internet connection on my home LAN, instead of using a Win2K computer with 2 NICs running Internet Connection Sharing (ICS).

So I went ahead and bought a Cisco 2514 (2 ethernet/AUI ports, 2 WAN serial ports, 16MB RAM/16MB Flash) from eBay. Two days later I received the router and proceeded to hook up my LAN and configure the router.

[Internet/ Adelphia ]
>[Toshiba cable modem]
>[Cisco 2514]
>[hub/ home LAN]

At first, I tried to get a dynamic public IP from Adelphia by setting “ip address dhcp” on Ethernet 0. However, it wouldn’t recognize the command and realized I had to upgrade my IOS from 12.0(18b) to IOS 12.2(1d). After successfully setting up a TFTP server and installing the newer IOS, I was able to setup eth0 to obtain an IP address via DHCP, but I kept getting a private address 10.x.x.x . But whenever I hooked up a PC directly to the cable modem, I would always get a public IP address 24.x.x.x . I tried two different PCs with two different NICs, and always the same result. icon_confused.gif

“WTF?”, I thought to myself. Perhaps Adelphia recognizes the OUI portion of my int eth0 MAC address as belonging to Cisco, and would only allocate a private address to it. Perhaps Adelphia had something against their customers using Cisco equipment. I therefore cloned a NIC’s MAC address from a PC onto the router’s eth0 using the “mac-address xxxx.xxxx.xxxx” command. I tried MAC addresses from two other NICs, but to no avail. Eth0 would still only get a private address assigned. Frustrated, I gave Adelphia a call to find out if they were doing anything at their end to purposely give us Cisco wannabe types a hard time.

I spoke with a Level I tech, and he gave me the usual “we don’t support routers” and other CPE. I explained my problem how I was only able to get a private address from their DHCP server and wondered if they had a policy against customers setting up a home LAN and sharing our internet connection through Cisco equipment. I was promptly transferred to a Level II tech. The Level II tech said it is ok for Adelphia customers to have more than one computer share a connection, and that they could give a rat’s ass as to what type of router we use to perform connection sharing. The only thing they care about is their customers aren’t setting up any servers, and the only MAC address they keep track of is your cable modem’s. He assured me that they have nothing against us using Cisco routers and has no idea why I’m getting a private address. He placed me on hold and came back on telling me he just asked someone about my problem, and said it is a Cisco incompatibility… something about DHCP “option 60” whatever that means. The tech suggested I contact Cisco.

I searched the internet regarding “option 60” and stumbled upon a forum discussion indicating that I should upgrade to an even newer IOS. Hence, I fired up the TFTP server again and installed IOS 12.2(24) [c2500-ik8os-l.122-24.bin]. With this upgrade, I was finally able to obtain a public IP on Ethernet 0. I still don’t understand all this “option 60” stuff icon_confused.gif: , but at least I’m getting a public IP now.

Next, I had to install IP NAT. Let me just say that Cisco’s NAT terminology is utterly confusing to say the least. “Inside global,” “outside global,” “inside local,” “outside local”…. whaaaaaaaaaaaaaaaaaaaaaaa ! What the heck are they trying to say? At least once I started configuring, all I had to know was “ip nat inside” and “ip nat outside”. Simple enough... or so I thought.

I set eth0 to ip nat outside, and set eth1 to ip nat inside. I then did the Ethernet0 overload thing and setup my access list. I was sure I did everything right; however, I was unable to ping from a host on my lan to the outside world (such as Cisco at 198.x.x.x). I could reach Cisco while I was on the router, but couldn’t on my LAN. So I fiddled and fiddled with my access list, checked “sho ip route”, “sho ip nat translations”, “sho ip nat statistics”, “sho dhcp lease”, “sho dhcp server”, “sho run”, did “copy run start” alot, did a bunch of reloads, and went on pinging and tracerouting everything, over and over.

This went on for hours until I noticed a line near the top of my config that said, “no ip routing”. icon_eek.gif OMG!! Ahahahahhhhhhhhhhhhhhhhh! I don’t know if I was laughing with glee or crying. Once I enabled ip routing, everything worked fine. Y’know, I was wondering why my route table looked different than the one in my Sybex CCNA book. I just figured it might be because my IOS version was different.

Well, after days of trying, I finally got this router setup and running properly. icon_cool.gif It would have been quicker and less trouble if I simply bought a Linksys router for $50 at Best Buy and be done with it (which in fact did cross my mind), but I wouldn't learn anything. icon_wink.gif I tried configmaker, but the version I had didn’t support “ip address DHCP.” Even my buddy who was CCNA came over, but he was not much help.

In all, it was an excruciating experience, yet educational.

Comments

  • dannyboydannyboy Posts: 6Member ■□□□□□□□□□
    Hey webmaster, you wanna put that into a technote!! :)
  • methoselahmethoselah Posts: 49Member ■■□□□□□□□□
    yeah. especially IP NAT. icon_wink.gif
  • xwesleyxwillisxxwesleyxwillisx Posts: 158Member
    yeah a technote would be great... even if it might not correspond to an exam objective... imagine how many important networking concepts that entails icon_exclaim.gif

    congrats on getting the Cisco router to share the connection for your LAN... I think that sounds like a great experiment icon_idea.gif ... I plan on trying to do this myself soon :)
  • quickpotquickpot Posts: 47Member ■■□□□□□□□□
  • methoselahmethoselah Posts: 49Member ■■□□□□□□□□
    yeah a technote would be great... even if it might not correspond to an exam objective... imagine how many important networking concepts that entails icon_exclaim.gif

    congrats on getting the Cisco router to share the connection for your LAN... I think that sounds like a great experiment icon_idea.gif ... I plan on trying to do this myself soon :)


    Yes, this exercise has been great practice for:
    - basic router commands
    - setting up interfaces
    - backing up, installing IOSs
    - backing up and restoring configs from TFTP
    - passwords
    - cabling (patch and console)
    - learning different NATs: static, dynamic, overload
    - routing. default gateway
    - importance of copy run start !!
    - access lists
    - trouble-shooting bottom 3 layers
    - ping, tracert, debug, show interface, show ip route
    - "Scaling IP Addresses" (NAT & DHCP)


    Besides doing NAT overload, I also set up the router as a DHCP server.

    The router is configured to dynamically give out private addresses to hosts residing within my inside LAN (except for 192.168.0.1 which is the int eth1 and 192.168.0.7 which is my Win2KAS Domain Controller/DNS server).

    For security, I still need to make a decent access list and apply it to Ethernet0 "in". I know how to block certain ports, but having trouble creating access lists permitting only certain services/ports, while allowing surfing and emailing. I need to read more on it.

    Anyways, here is my config. Maybe it will help you out on your project.



    show running-config


    Building configuration...

    Current configuration : 1176 bytes
    !
    version 12.3
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    !
    hostname Cisco2514
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5
    enable password 7
    !
    no aaa new-model
    ip subnet-zero
    ip dhcp excluded-address 192.168.0.1
    ip dhcp excluded-address 192.168.0.7
    !
    ip dhcp pool insideDHCP
    network 192.168.0.0 255.255.255.0
    default-router 192.168.0.1
    dns-server 192.168.0.7 68.xx.xx.xxx 68.xx.xx.xxx
    !
    !
    !
    !
    interface Ethernet0
    description connected to Internet
    ip address dhcp
    ip nat outside
    no ip route-cache
    no ip mroute-cache
    !
    interface Ethernet1
    description connected to EthernetLAN_1
    ip address 192.168.0.1 255.255.255.0
    ip nat inside
    no ip route-cache
    no ip mroute-cache
    !
    interface Serial0
    no ip address
    shutdown
    !
    interface Serial1
    no ip address
    shutdown
    !
    ip nat inside source list 1 interface Ethernet0 overload
    ip http server
    ip classless
    ip route 0.0.0.0 0.0.0.0 67.xx.xxx.1 254
    !
    !
    access-list 1 permit 192.168.0.0 0.0.0.255
    !
    line con 0
    exec-timeout 0 0
    password 7
    login
    line aux 0
    password 7
    login
    line vty 0 4
    password 7
    login
    !
    end
Sign In or Register to comment.