# Cisco 2811 Router - Need Help W/ Basic Configuration



## mikewestpcs (Jun 13, 2012)

Hello everyone, I've followed a few guides online to try and set up my router. I would like to use the two FastEthernet ports available on the 2811 for my network. I want to use one for my outside Ip address coming from the ISP and the other for my LAN to hand out Ips to the devices on my network. 

With my current configuration, I still cannot connect to the internet when I plug my computer into my LAN port. 

Here is my current configuration (sh running-config cmd)



Current configuration : 1565 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname USCORRTRCCA01R
!
boot-start-marker
boot-end-marker
!
! card type command needed for slot/vwic-slot 0/1
enable secret 5 $1$ZBd9$QJjb9Oi6wKrHPyAYcnsq2.
enable password chpm7612
!
no aaa new-model
dot11 syslog
!
!
ip cef
no ip dhcp use vrf connected
!
ip dhcp pool LAN
network 192.168.15.0 255.255.255.0
default-router xx.xx.87.2
dns-server xx.x.224.17 xx.x.224.18
!
!
no ip domain lookup
multilink bundle-name authenticated
!
!
voice-card 0
no dspfarm
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface FastEthernet0/0
description ***LAN***
ip address 192.168.15.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description ***INTERNET***
ip address xx.xx.87.2 255.255.255.248
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 68.65.87.3
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 0.0.0.0 255.255.255.0
access-list 1 permit 0.0.0.1 255.255.255.0
access-list 1 permit 192.168.15.0 0.0.0.255
access-list 1 permit any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
access-class 1 in
password chadmin83
login
!
scheduler allocate 20000 1000
!
end





ANY HELP IS GREATLY APPRECIATED!!

P.S. I x'd out parts of my ip for privacy, incase you were wondering


----------



## jakesonu (Jun 26, 2012)

The problem lies here "default-router xx.xx.87.2". It should be 192.168.15.1.


----------



## snedie (Feb 9, 2008)

Yup, it's your DHCP config, you have the default route pointing to an internet address, to which your pc doesn't know how to reach: The default route(r) should always be an IP address on the router which is accessible within the internal subnet.

Jakesonu has it correct, in this case the closest address to the internet your LAN clients can reach is the Fa router, set this as your default route and it should work: Don't forget to refresh your client machines for a new DHCP address.


----------



## snedie (Feb 9, 2008)

Just as a word of caution, if you're going to use a Cisco router as a dedicated DMZ for your home, you will want to use a Dynamic Access List:

Lock-and-Key: Dynamic Access Lists - Cisco Systems

What it will do is block all incoming connections by default, as you initiate a connection from inside your network, the access list will open the relevant inbound port and direct it to your machine (don't worry default ports such as 80 still work with other machines due to NAT). It will save anyone attempting to gain access to your network.


----------

