cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
914
Views
0
Helpful
10
Replies

881W Router Cant get out from inside network

ndemers
Cisco Employee
Cisco Employee

Cant reach the internet.  75.x network gets an ip from dhcp.  all good.  Fa4 gets an IP as well.   Not sure if NAT is broken or if routing is or something else.

 

 

!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DAGOBAH
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
!
!
!
memory-size iomem 10
service-module wlan-ap 0 bootimage autonomous
!
!
ip source-route
!
!
no ip dhcp conflict logging
!
ip dhcp pool INSIDE_POOL
   network 192.168.75.0 255.255.255.0
   dns-server 8.8.8.8 4.4.2.2 
   default-router 192.168.75.1 
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!         
!
!
!
!
voice-card 0
!
!
!
!
!

!
!
!
!
!
!
!
interface FastEthernet0
 switchport access vlan 75
 !
!         
interface FastEthernet1
 !
!
interface FastEthernet2
 !
!
interface FastEthernet3
 !
!
interface FastEthernet4
 ip address dhcp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 !
!
interface wlan-ap0
 description Service module interface to manage the embedded AP
 no ip address
 shutdown
 arp timeout 0
 !        
!
interface Wlan-GigabitEthernet0
 description Internal switch interface connecting to the embedded AP
 !
!
interface Vlan1
 no ip address
 !
!
interface Vlan75
 ip address 192.168.75.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 !
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 100 permit ip 192.168.75.0 0.0.0.255 any log
!
!
!
!
!
control-plane
 !
!
!
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
line vty 0 4
 login
!
scheduler max-task-time 5000
end

DAGOBAH(config-if)#

2 Accepted Solutions

Accepted Solutions

We are making progress. Now we know that there is some kind of issue between the router and the provider device. It might not be a bad idea to save your config and then to power cycle both the router and the provider device. Try that and see if it makes any difference.

 

I am very puzzled about the fact that there seem to be two networks associated with F4. There is a network that you have disguised so that we do not know what it is and there is 76.96.94.196. Where does this second network come from?

 

Is there any information given by the provider that might help describe how to establish the connection?

 

HTH

 

Rick

HTH

Rick

View solution in original post

Thanks for letting us know that it is solved. Sometimes (especially when there are some weird symptoms) a reboot is a very effective solution - as it was in your case.

 

HTH

 

Rick

HTH

Rick

View solution in original post

10 Replies 10

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

looks like you are missing this line:

 

!

ip nat inside source list 100 interface fa4 overload

!

 

You may want to remove  the 'log' command from your ACL 100. I have seen the inclusion of the command cause issues with NAT.

 

cheers,

Seb.

While I was messing with things i forgot to add the nat statement back in.  Thank you.  I made your change recommendations.  They are in the right direction however it still does not work.

 

DAGOBAH#show run | i nat
 ip nat outside
 ip nat inside
ip nat inside source list 100 interface FastEthernet4 overload
DAGOBAH#show run | i access
 switchport access vlan 75
access-list 100 permit ip 192.168.75.0 0.0.0.255 any

-----------------------

 ping 8.8.8.8

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

It is likely that there is also a problem with your routing. You have configured

 

ip route 0.0.0.0 0.0.0.0 FastEthernet4

while it is possible that this might work, it is suboptimal and it is possible that this is broken. The issue is that this configuration will make your router ARP for every remote destination reached through FastEth4. If your provider supports proxy arp then this can work (but requires more resources and makes the router work harder). And if the provider does not support proxy arp then you will not get out (which sounds like it might be the case). You would be better to use something like this

ip route 0.0.0.0 0.0.0.0 dhcp

 

HTH

 

Rick

HTH

Rick

Didnt realize you could do that.  I did make that change and was able to see it populate in the routing table.  However still could not access anything from the web

 

 

In that case we will need to dig a bit deeper to find this problem. From the router can you post the output of these commands

show ip interface brief

show ip route

show arp

And from the PC can you post the output of ipconfig

 

HTH

 

Rick

HTH

Rick

Here is the output.  So you are on the right track.  The Gateway for Comcast is not pingable from the inside or the outside.

 


Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0              unassigned      YES unset  up                    up      
FastEthernet1              unassigned      YES unset  up                    down    
FastEthernet2              unassigned      YES unset  down                  down    
FastEthernet3              unassigned      YES unset  up                    down    
FastEthernet4              x.x.x.98   YES DHCP   up                    up      
NVI0                       unassigned      NO  unset  up                    up      
Vlan1                      unassigned      YES unset  up                    up      
Vlan75                     192.168.75.1    YES manual up                    up      
Wlan-GigabitEthernet0      unassigned      YES unset  up                    up      
wlan-ap0                   unassigned      YES unset  administratively down down    
DAGOBAH#

DAGOBAH#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is x.x.x.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via x.x.x.1
       x.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        x.x.x.0/21 is directly connected, FastEthernet4
L        x.x.x.98/32 is directly connected, FastEthernet4
      76.0.0.0/32 is subnetted, 1 subnets
S        76.96.94.196 [254/0] via x.x.x.1, FastEthernet4
      192.168.75.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.75.0/24 is directly connected, Vlan75
L        192.168.75.1/32 is directly connected, Vlan75
DAGOBAH#


DAGOBAH#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  x.x.x.1            0   Incomplete      ARPA   
Internet  x.x.x.98           -   0024.c4b2.9eb6  ARPA   FastEthernet4
Internet  192.168.75.1            -   0024.c4b2.9eb2  ARPA   Vlan75
Internet  192.168.75.2            0   28d2.446b.7392  ARPA   Vlan75

 

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::35f8:97f7:9353:d3fc%3
   IPv4 Address. . . . . . . . . . . : 192.168.75.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.75.1

 

DAGOBAH#ping x.x.x.1 source f4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to x.x.x.1, timeout is 2 seconds:
Packet sent with a source address of x.x.x.98 
.....
Success rate is 0 percent (0/5)

We are making progress. Now we know that there is some kind of issue between the router and the provider device. It might not be a bad idea to save your config and then to power cycle both the router and the provider device. Try that and see if it makes any difference.

 

I am very puzzled about the fact that there seem to be two networks associated with F4. There is a network that you have disguised so that we do not know what it is and there is 76.96.94.196. Where does this second network come from?

 

Is there any information given by the provider that might help describe how to establish the connection?

 

HTH

 

Rick

HTH

Rick

Yeah Im not sure where the  76.96.94.196 address is coming from.  You would think it wouldnt make any difference unless Im getting the wrong IP and I should be getting an address from the  76.96.94.196 range.

 

Ill look into this.

Well a reboot worked.    The odd subnet is gone and the everything works now.  Thank you and ...just ridiculous.....

Thanks for letting us know that it is solved. Sometimes (especially when there are some weird symptoms) a reboot is a very effective solution - as it was in your case.

 

HTH

 

Rick

HTH

Rick
Review Cisco Networking for a $25 gift card