No internet access from Cisco 1601R

I don't know if you made up the IP addresses you post, but none of them (including the "dns server") is pingable from here on the Net..

Interfaces lookup, how about a routing table?

So, you're talking at least layer-2 across the serial link upstream, but yet this IP doesn't seem routable on the general Net.

Maybe your provider shut you down?

I can access the router from the Net. Here is the message: The server 66.173.244.233 at level 15 access requires a username and password.

Warning: This server is requesting that your username and password be sent in an insecure manner (basic authentication without a secure connection). The gateway address came from my ISP; and they told me today that the gateway address is wrong, it should be 66.173.245.58, to which I've changed it. also the "host" address is 66.173.244.234. It is pingable.

I'm good with Linksys, Netgear, low-end routers, this is my first experience with "high end" routers. I've figured out how to get in to this router, check it's config, but I'm not sure about checking its routing table. The static route is 0.0.0.0 on Ser0. I have no idea what to add; so, I've left it at the default entry.

Sorry about the two replies. Here is a list of the show route-map command: OutputCommand base-URL was: /level/15/exec/- Complete URL was: /level/15/exec/-/show/route-map/CR Command was: show route-map

Nothing there. What do I do now? (I'll keep looking...)

Hmm, okay, so you're trying a web-browser and you didn't supply the correct enable password? Try telnet instead. The web-interface is non-existant/barely there. These boxes were designed for CLI access only.

"high end"??? At the time this router was made far far ago, this was the entry-model version only made to say they had something that was "cost effective". Its far from high-end.

To see the routing table, 'show ip route'.

A config with passwords removed would probably be good 'show conf'.

Sorry about the high end remark. I've just nevery used a router like this before, and if I had a choice, wouldn't now... Anyway, show IP Route produced the following:

Show conf produced this:

Using 833 out of 7506 bytes ! version 12.0 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Cisco1600 ! enable secret 5 $1$O3Dp $obqImiJCRWhw93F3lNw36. ! ip subnet-zero ip name-server 209.137.160.2 ! ! ! interface Ethernet0 description connected to EthernetLAN ip address 66.173.244.233

I thing the problems are with the 0.0.0.0 serial address and the ip classless settings.

woah.. quick type no ip http server!!! and you can change your password now too.

Cisco routers are very popular for a reason. The learning curve involved is frustrating like any required learning, but you receive greater device capibilities in return. Nothing in this problem/solution is really specific to Cisco technologies except having to interact with the Cisco IOS to resolve the problem. The problem looks to be more of a LAN communication problem. I have to guess it is IP address related because we can see the configuration file and test that the outside IP address of the router is communiting properly. What remains is how the host computer is configured to connect through this router to the Internet.

I will gladly provide a command breakdown of your configuration:

The router will put the device uptime in the "show logging" output. I personally prefer the current date and time as set by the "clock set ?" command instead of trying to figure out at what time the device was up for X hours and X minutes for a log entry. The commands "service timestamps debug datetime" and "service timestamps log datetime" will change that, if desired.

The hostname is set and the prompt shows the devicename. This section includes your enable mode password, a command to allow the new style of subnetting, and a DNS server to use for lookups from the router itself, not necessarily the hosts connecting from inside of the router.

Simple enough. The inside LAN IP address range is between 66.173.244.232 and 66.173.244.239 You will notice that this is a 10mb/s connection, very possibly half-duplex due to the interface being "Ethernet" in Cisco terminology instead of "FastEthernet" (100mb/s) or "GigabitEthernet".

Host computers connecting on this LAN segment, even on a crossover cable, will need to use an IP address in the range specified above with a subnet mask the same as specified above. The default gateway used by the host computers will be the IP address of the Ethernet0 interface on the Cisco router. I will include commands below to configure DHCP on this Cisco router for LAN use, just like the home brand equipment like SMC, DLink, and Linksys.

Simple enough. Your router has a serial line connecting to an external CSU/DSU, so no additional configuration is needed than supplying the layer 3 protocol (using an IP address) and the layer 2 protocol (PPP instead of HDLC or frame-relay or ATM). The DS-1 (T1) line has an IP address range between

This is dynamic routing, RIP style, as opposed to EIGRP or OSPF or the others. If your had other routers downstream in your network, information on available networks including the Internet would be passed between routers. It does not sound like you have any so this section of the configuration is not needed. I do not like the "network 66.0.0.0" command and would prefer that it was "network 66.173.244.232", but it still works.

The line "ip route 0.0.0.0 0.0.0.0 Serial0" means to send any default route traffic through interface serial 0. A default route is commonly expressed as subnet IP address 0.0.0.0 with a subnet mask of 0.0.0.0. Without this command, your router would not know which way to send network traffic bound for "default", a.k.a. anything not otherwise specified. Use the IOS command "show ip route" to see IP address range routing information. It shows how the LAN network is known, the WAN network to the ISP (all two usable addresses) is known, and anything that doesn't fall into those categories is "default" and falls under that line which looks something like "S* 0.0.0.0/0 [1/0] via Serial0".

This remaining sections specifies SNMP information and information about logging into the router on VTY ports via telnet or the console port. Your SNMP community string is set to the word "public" which is a commonly known setting. I strongly suggest prohibiting that by some means - a "no snmp-server community public RO" command in configuration mode would do this.

No, those are not the cause. Internet communication on the serial interface is fine. Default routing is fine.

LAN connectivity has not been covered by this troubleshooting. What IP addresses were you using on this computer connected by a crossover cable to the router? Private IP address ranges (10.X.X.X / 172.16-31.X.X /

ip dhcp pool lan-dhcp-pool network 66.173.244.232 255.255.255.248 domain-name cavtel.net dns-server address 209.137.160.2 default-router 66.173.244.233 ip dhcp excluded-address 66.173.244.233

The IP address used by hosts in this LAN will be global Internet IP addresses and have no firewall between them and the Internet. I strongly suggest putting a good access-list on this router for filtering inbound network traffic or enabling features on the hosts to protect themselves from Internet threats. Lucky you! You have five usable static Internet IP addresses! Go put up a web server... or something. :-)

=========== Scott Perry =========== Indianapolis, Indiana ________________________________

I just wanted to thank everyone who helped me with this project. The router is working fine, the T1 connection is great, etc. Thank you for taking time and helping me survive this mess.