Recommended Posts

Hi ive got my first managed router to replace a buggy netgear one. I upgraded cisco sdm to 2.5 and setup a host name + password.

At this point i had the router directly connected to the forefront tmg server's embedded nic with cat 6 ip's were

10.10.10.1 255.255.255.0 10.10.10.2 255.255.255.0

Router TMG external network nic

And i had internet access + Cisco Configuration + SDM working

Everything seemed to be perfect until i changed the ip back from the default 10.10.10.1 to 10.0.2.1 255.255.255.0 to match the rules in forefront tmg for the old router. Since then i cant connect with SDM

or Cisco Configuration the network connection seems to be up and ive got packets flowing .

My current configuration is

10.0.2.1 255.255.255.0 10.0.2.2 255.255.255.0

Router TMG external network nic

ive tried pinging the 10.0.2.2 from the router's serial port (Since lan is unavailable) but got nothing. Ive completely shutdown tmg with no effect. Ive connected the router to a laptop (to rule out tmg blocking it) but again when i try to visit the routers url the connection just times out.

Can anyone suggest whats the problem ?

Link to comment
https://www.neowin.net/forum/topic/1045673-first-time-cisco-router-setup/
Share on other sites

Use the serial cable to look at the config.

Look for a line that looks like:

ip http access-class some number

then

You can then either update the access list with your new ip range or temporarily remove the access-class by

no ip access-class <the number listed from above>

this will get the sdm working


Router#show config
Using 745 out of 29688 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no aaa new-model
ip subnet-zero
!
!
!
!
ip cef
ip ips po max-events 100
no ftp-server write-enable
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
dsl operating-mode auto
!
interface BRI0
no ip address
shutdown
!
interface FastEthernet0
ip address 10.0.2.1 255.255.255.0
speed auto
!
ip classless
ip http server
ip http secure-server
!
!
!
access-list 23 permit 10.0.0.0 0.255.255.255
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
!
end
[/CODE]

Is this the correct config ? Im still not getting a responce from the ip address

show the interface, is it up?

What is this suppose to route to? looks like both ATM0 and BRIO are shutdown, and I don't see a no shut for Fastethernet 0 so for all we know its shut.

Which would explain why you can not talk to it ;)

FastEthernet0 is up, line protocol is up
Hardware is PQUICC_FEC, address is 0019.5690.f232 (bia 0019.5690.f232)
Internet address is 10.0.2.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:05, output 00:00:03, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
4579 packets input, 364389 bytes
Received 485 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
1012 packets output, 83060 bytes, 0 underruns
4 output errors, 0 collisions, 2 interface resets
0 babbles, 0 late collision, 0 deferred
4 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out[/CODE]

Yeah it seems to be up and im getting traffic when i try to install cisco sdm or connect using cisco config. Ive tried ccess-list 23 permit 10.0.0.0 0.0.255.255

  On 17/12/2011 at 00:15, giantsnyy said:

correct me if I'm wrong...

but shouldn't it read

access-list 23 permit 10.0.0.0 0.0.255.255 ?

access-list 23 isn't associated with anything at this stage so the access-list isn't actually doing nothing.

So the OP has either completed the 'no ip access-class 23' or it's just not in there.

  On 17/12/2011 at 00:15, giantsnyy said:

also, like budman said... Fast0 might be shutdown.

run the following command and paste it:

sho int Fast0

The config shows it's not shutdown.

--------------------------------------

You've statically configured 10.0.2.2 into the laptop? Turned off the firewall on the laptop and tested ICMP (ping)?

And maybe show arp on both the laptop and the router.

So after 24 hours of head scratching i figured out what was happening, Forefront was blocking the router because it thought it was spoofing its ip address. The client i tested to eliminate this never worked because it applied the forefront proxy settings to windows and opera every time it booted up.

After disabling the proxy sdm installs without any issue. Thanks for the help.

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.