Solved: Re: Can not reach Internet

MichaelMcCoy · ‎02-06-2021

I am afraid I am experiencing a simple oversight but I have looked at this for a little while, and decided to reach out to the community for help.

In my home I am running a Cisco 2901 with a 3560 behind it. I have three vlans on the switch an dthe Router is handling DHCP. From the switch I can ping the gateway, which is on the router in a router-on-a-stick config for the vlans. also from the switch ip, I can ping the gi0/0 interface on the router which is directly connected to the ISP. The issue is I am unable to get out to the internet. I can not ping 8.8.8.8 from the switch, or router inside interface. I can ping 8.8.8.8 from the outside interface on the router. I have attached my configs. I think the issue is somewhere involving NAT, but I can't be sure.

I have not done anything with the WAP at the bottom, I am currently plugged into port 1 (10.0.10.11)

Any ideas?

MichaelMcCoy · ‎02-07-2021

What I have come across as the biggest impediment and gotten resolved is that my statement

access-list 1 permit 10.0.0.0 0.0.0.255 was incorrect. The correct statement was:

access-list 1 permit 10.0.0.0 0.255.255.255.

I initially hand this configured as a /24 to allow 10.0.0.0 to be natted, but I was attempting to do a /8. I made an error with the wildcard mask. Once this was corrected, I was able to successfully ping the internet from my internal interface on my router.

Now I am working on the WAP configuration.

View solution in original post

balaji.bandi · ‎02-07-2021

high level i do not see route to outside

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0

or

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

Interface gi0/1.10

ip nat inside

Encapsulation dot1q 10

Ip address 10.0.10.1 255.255.255.0

Interface gi0/1.20

ip nat inside

Encapsulation dot1q 20

Ip address 10.0.20.1 255.255.255.0

Interface gi0/1.30

ip nat inside

Encapsulation dot1q 30

Ip address 10.0.30.1 255.255.255.0

after changing still not working - please post updated config.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MichaelMcCoy · ‎02-07-2021

When I do a sh ip route, I have my default route in. I even set it up to use the port instead of the external ip address. I did not have the dhcp command at the end, but I will make that change and see what happens. Thank you for taking the time to help.

Georg Pauwen · ‎02-07-2021

Hello,

there are numerous issues with your configurations. Make sure the router and switch configs look EXACTLY like the ones below, line by line:

ROUTER

hostname McCoy_Router
!
no ip domain-lookup
no cdp run
!
ip dhcp excluded-address 10.0.10.1 10.0.10.10
ip dhcp pool BeautifulLie
default-router 10.0.10.1
dns-server X.X.X.X
network 10.0.10.0 255.255.255.0
!
ip dhcp excluded-address 10.0.20.1 10.0.20.10
ip dhcp pool 2M
default-router 10.0.20.1
dns-server X.X.X.X
network 10.0.20.0 255.255.255.0
!
Ip dhcp excluded-address 10.0.30.1 10.0.30.10
ip dhcp pool Work
default-router 10.0.30.1
dns-server X.X.X.X
network 10.0.30.0 255.255.255.0
!
interface gi0/0
description Uplink_to_Internet
ip address dhcp
ip nat outside
!
access-list 1 permit 10.0.0.0 0.0.0.255
!
ip nat inside source list 1 interface gi0/0 overload
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/1.10
encapsulation dot1q 10
ip address 10.0.10.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.20
encapsulation dot1q 20
ip address 10.0.20.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/1.30
encapsulation dot1q 30
ip address 10.0.30.1 255.255.255.0
ip nat inside
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
ip nat inside source list 1 interface gi0/0 overload
!
access-list 1 permit 10.0.0.0 0.0.0.255

SWITCH

hostname McCoy_Switch
no ip domain-lookup
no cdp run
!
vlan 10
name BeautifulLie
vlan 20
name 2M
vlan 30
name Work
!
interface range gi0/1-16
switchport mode access
switchport access vlan 10
spanning-tree portfast
!
interface range gi0/17-32
switchport mode access
switchport access vlan 20
spanning-tree portfast
!
interface range gi0/33-47
switchport mode access
switchport access vlan 30
spanning-tree portfast
!
Interface gi0/51
Description Trunk_to_Uplink
switchport mode trunk

########## WAP ##########

Interface gi0/51
Description Meraki_wifi

MichaelMcCoy · ‎02-07-2021

I'm going through this and making sure I got it all correct, will update. Thank you very much.

MichaelMcCoy · ‎02-07-2021

In an effort to make this a little less confusing for the time being, I have configured the switch, but I can not ping from the 10.0.10.1 interface on the router to 8.8.8.8.

For my purposes and to be sure that I was understanding everything, I took the switch out the loop.

I entered in all the commands like you suggested. I've added a sh run and sh ip route of the router.

MichaelMcCoy · ‎02-07-2021

What I have come across as the biggest impediment and gotten resolved is that my statement

access-list 1 permit 10.0.0.0 0.0.0.255 was incorrect. The correct statement was:

access-list 1 permit 10.0.0.0 0.255.255.255.

I initially hand this configured as a /24 to allow 10.0.0.0 to be natted, but I was attempting to do a /8. I made an error with the wildcard mask. Once this was corrected, I was able to successfully ping the internet from my internal interface on my router.

Now I am working on the WAP configuration.

Georg Pauwen · ‎02-07-2021

Hello,

good catch !