Re: Getting UP from DHCP but cant connect to internet.

kral10 · ‎08-22-2018

Hello, I have configured DHCP but when I connect computer to this cisco router, then I get DHCP IP but cant connect to Internet. What is wrong in my settings?

!
version 15.5
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname ******
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 128000
no logging rate-limit
no logging console
enable secret *******
!
aaa new-model
!
!
aaa session-id common
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
ip dhcp excluded-address 10.249.111.1
ip dhcp excluded-address 10.249.111.254
!
ip dhcp pool Hnevotin
network 10.249.111.0 255.255.255.0
default-router 10.249.111.1
dns-server 10.249.111.1 8.8.8.8
lease 30
!
!
!
no ip bootp server
no ip domain lookup
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!

!
!

!
!
!
!
!
controller VDSL 0
operating mode auto adsl2+ vdsl2
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
!
interface ATM0.50 point-to-point
description WAN
ip address 85.163.13.9 255.255.255.254
atm route-bridged ip
pvc 8/50
vbr-nrt 640 640 1
tx-ring-limit 3
oam-pvc manage 0
encapsulation aal5snap
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface Ethernet0
no ip address
!
interface FastEthernet0
description Broadband Internet
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 10.249.111.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
ip default-gateway 10.249.111.1
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 85.163.13.8
!
!
access-list 1 permit 85.163.3.33
access-list 1 permit 85.163.8.27
access-list 1 remark VTY_ACL
access-list 1 permit 85.163.13.8
access-list 1 permit 80.74.38.0 0.0.0.255
access-list 1 permit 80.74.39.0 0.0.0.255
!
!
!
ipv6 access-list VTY_ACL_V6
deny ipv6 any any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
banner motd ^C
---------------------------------------------------------------

---------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 1 in
ipv6 access-class VTY_ACL_V6 in
transport input telnet ssh
line vty 5 15
access-class 1 in
ipv6 access-class VTY_ACL_V6 in
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Seb Rupik · ‎08-22-2018

Hi there,

Your NAT statements are not fully configured.

Try the following:

!
int atm0.50
  ip nat outside
!
int vlan1
  ip nat inside
!
!
ip nat inside source list 100 interface atm0.50 overload
!
access-list 100 permit 10.249.111.0 0.0.0.255 any
!

...also:

!
no ip default-gateway 10.249.111.1
!

cheers,

Seb.

kral10 · ‎08-22-2018

This part wont work for me.

(config)#access-list 100 permit 10.249.111.0 0.0.0.255 any
^
% Invalid input detected at '^' marker.

Diana Karolina Rojas · ‎08-22-2018

Can you try (config)#access-list 100 permit ip 10.249.111.0 0.0.0.255 any ?

Please do not forget to rate useful post.

Best Regards,

kral10 · ‎08-22-2018

This command work. Iam I able check if it working now without connected computer to switch?

Thank You very much for help!

Diana Karolina Rojas · ‎08-22-2018

You can try to do a ping from your device to the DNS Google server or another web page which IP address you know:

ping 8.8.8.8 source 10.249.111.1

This will prove the layer 3 connection between your LAN and internet, also you can use the command "show ip nat trans" in order to see t and NATs translations (after the ping test). You can also test the https and https ports using telnet from the device using the 10.249.111.1 as source, to the ports 80, 8080 and 443. But If you want a complete test (including DNS function) I recommend you to connect your PC.

Best Regards,

kral10 · ‎08-22-2018

My configuration now:

#show configuration
Using 3013 out of 262136 bytes
!
! Last configuration change at 14:14:24 CEST Fri Aug 10 2018 by cetin
!
version 15.5
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname *****
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 128000
no logging rate-limit
no logging console
enable secret ******
!
aaa new-model
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!

!
ip dhcp excluded-address 10.249.114.1
ip dhcp excluded-address 10.249.114.254
!
ip dhcp pool Mohelnice
network 10.249.114.0 255.255.255.0
default-router 10.249.114.1
dns-server 10.249.114.1 8.8.8.8
lease 30
!
!
no ip bootp server
no ip domain lookup
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
!
!
!
license udi pid ************
!
!
username cetin ****************
!
!
controller VDSL 0
operating mode auto adsl2+ vdsl2
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
!
interface ATM0.50 point-to-point
description WAN
ip address 85.163.13.15 255.255.255.254
atm route-bridged ip
pvc 8/50
vbr-nrt 640 640 1
tx-ring-limit 3
oam-pvc manage 0
encapsulation aal5snap
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 10.249.114.1 255.255.255.0
!
ip default-gateway 10.249.114.1
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 85.163.13.14
!
!
access-list 1 permit 85.163.3.33
access-list 1 permit 85.163.8.27
access-list 1 remark VTY_ACL
access-list 1 permit 85.163.13.14
access-list 1 permit 80.74.38.0 0.0.0.255
access-list 1 permit 80.74.39.0 0.0.0.255
!
!
!
ipv6 access-list VTY_ACL_V6
deny ipv6 any any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
banner motd ^C
---------------------------------------------------------------

---------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 1 in
ipv6 access-class VTY_ACL_V6 in
transport input telnet ssh
line vty 5 15
access-class 1 in
ipv6 access-class VTY_ACL_V6 in
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

************

Is it correct now?

Diana Karolina Rojas · ‎08-22-2018

Sorry but I can't see all the commands we suggested you,

access-list 100 permit ip 10.249.111.0 0.0.0.255 any
interface ATM0.50 point-to-point
ip nat outside
exit
int vlan1
ip nat inside
exit
ip nat inside source list 100 interface atm0.50 overload
dns-server 4.2.2.2 8.8.8.8

These commands are missed, please apply those and send me the "show runn" after that.

Best Regards,

kral10 · ‎08-22-2018

Done:

Current configuration : 3230 bytes
!
! Last configuration change at 14:07:52 CEST Wed Aug 22 2018 by cetin
!
version 15.5
service tcp-keepalives-in
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
logging buffered 128000
no logging rate-limit
no logging console
enable secret
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
ethernet lmi ce
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
ip dhcp excluded-address 10.249.111.1
ip dhcp excluded-address 10.249.111.254
!
ip dhcp pool Hnevotin
network 10.249.111.0 255.255.255.0
default-router 10.249.111.1
dns-server 4.2.2.2 8.8.8.8
lease 30
!
!
!
no ip bootp server
no ip domain lookup
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid
!
!
username cetin
!
!
!
!
!
controller VDSL 0
operating mode auto adsl2+ vdsl2
!
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
no atm ilmi-keepalive
!
interface ATM0.50 point-to-point
description WAN
ip address 85.163.13.9 255.255.255.254
ip nat outside
ip virtual-reassembly in
atm route-bridged ip
pvc 8/50
vbr-nrt 640 640 1
tx-ring-limit 3
oam-pvc manage 0
encapsulation aal5snap
!
!
interface BRI0
no ip address
encapsulation hdlc
shutdown
isdn termination multidrop
!
interface Ethernet0
no ip address
!
interface FastEthernet0
description Broadband Internet
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 10.249.111.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source list 100 interface ATM0.50 overload
ip route 0.0.0.0 0.0.0.0 85.163.13.8
!
!
access-list 1 permit 85.163.3.33
access-list 1 permit 85.163.8.27
access-list 1 remark VTY_ACL
access-list 1 permit 85.163.13.8
access-list 1 permit 80.74.38.0 0.0.0.255
access-list 1 permit 80.74.39.0 0.0.0.255
access-list 100 permit ip 10.249.111.0 0.0.0.255 any
!
!
!
ipv6 access-list VTY_ACL_V6
deny ipv6 any any
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
banner motd ^C
---------------------------------------------------------------

---------------------------------------------------------------
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
access-class 1 in
ipv6 access-class VTY_ACL_V6 in
transport input telnet ssh
line vty 5 15
access-class 1 in
ipv6 access-class VTY_ACL_V6 in
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

kral10 · ‎08-22-2018

is this also correct or not?
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source list 100 interface ATM0.50 overload

Thank You.

Diana Karolina Rojas · ‎08-22-2018

Kral!

No that is not correct, what is the proupose of this command to you?

ip nat inside source list 1 interface FastEthernet0 overload

When you use the "ip nat inside source list 100 interface ATM0.50 overload" you are telling the device to use the public IP address of the interface ATM0.50 in order to go out to the internet, other way your devices can't reach the internet resources, but in FastEthernet0 you don't have configuration, so what are you using that interface for?

Best Regards,

kral10 · ‎08-22-2018

FastEthernet0 - to this port will be connected dumb HPE 24p switch, from which will be connected computers. So I have to dele this option for this port ok?

Diana Karolina Rojas · ‎08-22-2018

If the computers connected to that HPE Switch are in vlan 1 the nat will be applied when the packet reach the interface vlan 1 in the Cisco device that is configured as ip nat inside, so you don't have to do any additional configuration in order for this to work. You have to delete that line.

Best Regards,

kral10 · ‎08-22-2018

Ok, its deleted. I will see if tis config will work. Thank You for Your awesome help!

kral10 · ‎08-23-2018

Hello, one more question, how I can change password for user and change also password for enable?

Thank You.