Solved: Re: Configuring Cisco C921 - 4P Help

AlexM445 · ‎05-15-2023

Hello All,

I am a beginner with networking devices from Cisco. I am attempting to have the router connect to my computer through gigabit port 0 and my ISP to be on gigabit port 5. I have successfully setup a DHCP server and can obtain an ip to my computer, however, I can not reach the internet from it. I have posted my running configuration below, does anyone have any ideas on what I may have missed and why? I am trying to learn, so a detailed explanation of my errors would be very beneficial.

Thank you very much,

AM

Current configuration : 1521 bytes
!
! Last configuration change at 17:56:09 UTC Mon May 15 2023
!
version 15.9
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.150.60
!
ip dhcp pool PublicInternet-Pool
network 192.168.150.0 255.255.255.192
default-router 192.168.150.60
dns-server 8.8.8.8
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
license udi pid C921-4P sn PSZ27011KMG
!
!
!
redundancy
!
!
!
!
!
!
interface GigabitEthernet0
description Something
switchport access vlan 20
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
description uplink to isk
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.150.60 255.255.255.192
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
ip ssh version 2
!
!
!
access-list 1 permit 192.168.150.0 0.0.0.192
!
control-plane
!
!
line con 0
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

MHM Cisco World · ‎05-15-2023

access-list 1 permit 192.168.150.0 ~~0.0.0.192~~
access-list 1 permit 192.168.150.0 0.0.0.63

View solution in original post

Flavio Miranda · ‎05-15-2023

Hi

change this ACL here

access-list 1 permit 192.168.150.0 0.0.0.192

to

access-list 1 permit 192.168.150.0 0.0.0.255

MHM Cisco World · ‎05-15-2023

access-list 1 permit 192.168.150.0 ~~0.0.0.192~~
access-list 1 permit 192.168.150.0 0.0.0.63

AlexM445 · ‎05-15-2023

Thank you very much. Both solutions were successful. However, I am wondering why the X.X.X.63 and X.X.X.255 are allowing the connection while the X.X.X.192 failed?

MHM Cisco World · ‎05-15-2023

the cisco using subnet or wildcard
in ACL you must use wildcard
the subnet is 255.255.255.192 and it wildcard is 0.0.0.63.
why it important
wildcard include or exclude (permit or deny) the host IP that need to ACL of NATing, in other words if the wildcard is wrong the host private IP not NATing and this why the access to internet is failed.