Solved: Re: Cisco C921 Router VLAN / Internet Access - Page 2

AlexM445 · ‎05-16-2023

Hello All,

I am continuing a project to learn to program a Cisco router (C921-4P).

Problem: The computers connected two ports, GIG0 (Vlan 20) and GIG2 (VLAN 40). Both fail when pinging 8.8.8.8. Both ports have their respective DHCP Pools running and are obtaining their address. My thought is that it has something to do with the access lists. The running config is posted below.

I would like to have a good explanation in the errors I have made since I am a beginner trying to learn.

Thank You,

AM

*May 16 21:36:11.688: %SYS-5-CONFIG_I: Configured from console by consolen
Building configuration...

Current configuration : 2699 bytes
!
! Last configuration change at 21:36:11 UTC Tue May 16 2023
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.150.60 192.168.150.62
ip dhcp excluded-address 192.168.150.188 192.168.150.190
!
ip dhcp pool PublicInternet-Pool
network 192.168.150.0 255.255.255.192
dns-server 8.8.8.8
default-router 192.168.150.62
domain-name MHHPublic.com
!
ip dhcp pool PublicWork-Pool
network 192.168.150.128 255.255.255.192
default-router 192.168.150.190
dns-server 8.8.8.8
domain-name MHHWorkConnect.com
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid C921-4P sn PSZ27011KMG
!
!
!
redundancy
!
!
!
!
!
!
interface GigabitEthernet0
description Vlan 20 Test
switchport access vlan 20
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
description Vlan 40 test
switchport access vlan 40
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
description Uplink To ISP
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.150.60 255.255.255.192
ip nat inside
ip virtual-reassembly in
!
!
interface Vlan40
ip address 192.168.150.188 255.255.255.192
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
ip ssh version 2
!
!
!
access-list 1 permit 192.168.150.0 0.0.0.63
access-list 1 permit 192.168.150.128 0.0.0.63
!
control-plane
!
!
line con 0
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

Flavio Miranda · ‎05-16-2023

No more idea. Sorry.

Does it worked before? If you do with one vlan does it works?

Let me try in the simulador.

Flavio Miranda · ‎05-16-2023

Hi

I think I found out the mistake

You are using

ip nat source list 1 interface GigabitEthernet5 overload

It should be

ip nat inside source list 1 interface GigabitEthernet5 overload

AlexM445 · ‎05-16-2023

The change was a partial success! I am now able to ping from the command "8.8.8.8 source vlan 40" (as well as from vlan 20). The bad news, computer is still not able to run the ping from the terminal window.

Router#ping 8.8.8.8 source vlan 40
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.150.188
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 22/29/36 ms
Router#show run
Building configuration...

Current configuration : 1872 bytes
!
! Last configuration change at 02:26:27 UTC Wed May 17 2023
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.150.60 192.168.150.62
ip dhcp excluded-address 192.168.150.188 192.168.150.190
!
ip dhcp pool PublicWork-Pool
network 192.168.150.128 255.255.255.192
default-router 192.168.150.190
dns-server 8.8.8.8
!
ip dhcp pool PublicInternet-Pool
network 192.168.150.0 255.255.255.192
dns-server 8.8.8.8
default-router 192.168.150.62
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid C921-4P sn PSZ27011KMG
!
!
!
redundancy
!
!
!
!
!
!
interface GigabitEthernet0
switchport access vlan 20
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
switchport access vlan 40
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
description Uplink To ISP
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.150.60 255.255.255.192
ip nat inside
ip virtual-reassembly in
!
interface Vlan40
ip address 192.168.150.188 255.255.255.192
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
ip ssh version 2
!
!
!
access-list 1 permit 192.168.150.0 0.0.0.63
access-list 1 permit 192.168.150.128 0.0.0.63
!
control-plane
!
!
line con 0
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

AlexM445 · ‎05-16-2023

As I was writing my last reply, the thought occurred to me that my VLAN Addresses needed to be the same as the gateway. Upon making a that change, everything worked correctly and successfully. Thank you very much for walking me through this and teaching me some things.

Flavio Miranda · ‎05-16-2023

I am glad you made it. Keep going on your study

csolutions748 · ‎09-06-2023

Physical Connectivity: Ensure cables and connections are secure for GigabitEthernet0 and GigabitEthernet2.
IP Address Allocation: Confirm DHCP is assigning IP addresses correctly by checking show ip dhcp binding.
NAT Configuration: Verify NAT is correctly configured on VLAN 20 and VLAN 40 interfaces.
Default Routes: Ensure GigabitEthernet5 obtains a DHCP lease (show ip dhcp binding interface GigabitEthernet5).
NAT Overload: Double-check NAT overload configuration (ip nat source list 1 interface GigabitEthernet5 overload) and ACL 1.
ACLs: Ensure no ACLs or firewalls block traffic.
ISP Uplink: Confirm ISP connection is operational.