10-14-2020 02:12 AM
Hi!
Current network has Asus router connect to ISP Modem, local network is working ok.
Cisco Router connected to the local network switch -> router WAN port gi5
I am trying to test if the gi5 WAN port on dhcp is working
I could not ping from router to 8.8.8.8
R1(config)#int gi5
R1(config-if)#do ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
interface GigabitEthernet3
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet4
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip nat inside source list list1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
ip access-list standard list1
permit any
!
!
!
access-list 1 permit 0.0.0.0 255.255.255.0
What did I miss?
Much appreciate your assistance! Thank you!
Solved! Go to Solution.
10-14-2020 02:54 AM - edited 10-14-2020 02:54 AM
NVI0 192.168.2.1 YES unset up up
Vlan1 unassigned YES unset down down
Vlan20 192.168.2.1 YES manual down
You got 2 IP address Overlapping
for testing
interface Vlan20
No ip address 192.168.2.1 255.255.255.0
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no shutdown
no access-list 1 permit 192.168.2.0 255.255.255.0
access-list 1 permit 192.168.3.0 255.255.255.0
Test - post ping results 8.8.8.8 along with below details ?
sho ip nat statistics
Show IP nat translation
Show ip route
show ip access-list
10-16-2020 06:20 AM - edited 10-16-2020 06:21 AM
Hello
I think you need to check the physical connectivity between asus and rtr1 i see you have two switches interconnected
Also why are you setting the wan interface of rtr1 to dhcp - is the asus supposed to be providing address allocation for rtr1 ?
lastly remove the static route from the rtr1 that static route relating to the svi 250 on the rtr1 so it isn’t required
Confirm the physical connectivity please
10-16-2020 10:42 AM
The output of show ip interface brief shows G5 using DHCP but with no IP address learned. That would also explain why default routes using G5 are not being installed in the IP routing table. We need to figure out the issue with DHCP on this interface.
10-17-2020 12:32 AM - edited 10-17-2020 12:58 AM
Hi @Richard Burts and @paul driver
Thank you so much! After I plug Cisco router gi5 direct to the TPLink Switch, it works!
Now, I can ping and tracert 8.8.8.8 from the PC plug to the Cisco switchport gi3
I cant get to any website or internet, i believe DNS or NAT is causing the issue?
Here is my config
ip dhcp pool pool1
import all
network 192.168.250.0 255.255.255.0
dns-server 75.75.75.75 ---> 8.8.8.8 it works now!!!
default-router 192.168.250.1
!
!
!
ip cef
no ipv6 cef
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
switchport access vlan 250
switchport mode access
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan250
ip address 192.168.250.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
!
access-list 1 permit 192.168.250.0 0.0.0.255
Much appreciate everyone help! =D
And hope this can help someone using 900 ISR
10-21-2020 08:43 AM
Thanks for the update. On some devices no switchport does work and some devices it does not. So it looks like your device does not support this and you will need to assign interfaces to a vlan, configure the vlan interface to provide L3 functionality, and assign IP address to the vlan interface.
10-14-2020 02:39 AM
Try change below config :
ip nat inside source list 1 interface GigabitEthernet5 overload
no ip nat inside source list list1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
no ip access-list standard list1
!
!
!
no access-list 1 permit 0.0.0.0 255.255.255.0
access-list 1 permit 192.168.2.0 255.255.255.0
see if that works ?
Also post show ip interface brief after change done and still not working.
10-14-2020 02:48 AM
Hi BB,
Thank you for replying!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
!
!
access-list 1 permit 0.0.0.0 255.255.255.0
********************************************************
show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES unset down down
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES manual down down
GigabitEthernet5 unassigned YES DHCP up up
NVI0 192.168.2.1 YES unset up up
Vlan1 unassigned YES unset down down
Vlan20 192.168.2.1 YES manual down
10-14-2020 02:54 AM - edited 10-14-2020 02:54 AM
NVI0 192.168.2.1 YES unset up up
Vlan1 unassigned YES unset down down
Vlan20 192.168.2.1 YES manual down
You got 2 IP address Overlapping
for testing
interface Vlan20
No ip address 192.168.2.1 255.255.255.0
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no shutdown
no access-list 1 permit 192.168.2.0 255.255.255.0
access-list 1 permit 192.168.3.0 255.255.255.0
Test - post ping results 8.8.8.8 along with below details ?
sho ip nat statistics
Show IP nat translation
Show ip route
show ip access-list
10-14-2020 07:12 PM - edited 10-14-2020 07:36 PM
Hi BB,
Test Ping
R1(config)#int gi5
R1(config-if)#do ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
************************************************************************************
R1#sho ip nat statistics
*Oct 15 02:01:20.840: %SYS-5-CONFIG_I: Configured from console by console
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
GigabitEthernet5
Inside interfaces:
Vlan20
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 2] access-list 1 interface GigabitEthernet5 refcount 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
******************************************************************************************
Show IP nat translation
=\\ no output
*****************************************************************************************
R1#Show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
*****************************************************************************
R1#show ip access-list
Standard IP access list 1
10 permit 0.0.0.0, wildcard bits 255.255.255.0
*************************************************************************
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES unset down down
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES manual down down
GigabitEthernet5 unassigned YES DHCP up up
NVI0 192.168.2.1 YES unset up up
Vlan1 unassigned YES unset down down
Vlan20 192.168.2.1 YES manual down down
***********************************************************************
Thank you =]
10-14-2020 03:10 AM
Hello,
the access list 1 is wrong, you need to use a wildcard mask (see line marked in bold). What is GigabitEthernet5 actually connected to, the ISP modem, the ASUS ?
interface GigabitEthernet3
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet4
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
--> access-list 1 permit 192.168.2.0 0.0.0.255
10-14-2020 07:33 PM - edited 10-14-2020 07:38 PM
Hi Georg,
Thanks for replying!
GigabitEthernet5 is connected to local network switch.
Asus is the router connected to the ISP modem in local network on DHCP.
** Correction - SG90D-05 is a Cisco hub, not switch.
interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
I tried your suggestion, still no connection.
10-15-2020 12:56 AM
Hello,
it was suggested by Balaji before that appparently, the ASUS is dishing out 192.168.2.0/24 addresses, which overlap with the IP addressing of Vlan 20. Did you change that ? Use the exact config below:
interface GigabitEthernet3
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet4
ip address dhcp
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
--> ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
--> access-list 1 permit 192.168.3.0 0.0.0.255
10-15-2020 01:54 AM
Hi Georg,
Yes I did, but still no connection.
interface GigabitEthernet3
switchport access vlan 20
switchport mode access
no ip address
!
interface GigabitEthernet4
ip address dhcp
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan20
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5 dhcp
!
!
!
access-list 1 permit 192.168.3.0 0.0.0.255
10-15-2020 02:56 AM
Hello,
can you ping anything on the Vlan 20 network from the ASUS ? Try and ping 192.168.3.1 from the ASUS, does that work ?
10-15-2020 10:22 PM
Hi George,
All 5 packet failed
I tried both gi3 and gi5
10-16-2020 12:54 AM
Hello,
make sure that ASUS has a route back to the 192.168.3.0/24 network. You probably have to add a static route to this network on the ASUS.
10-16-2020 01:09 AM - edited 10-16-2020 01:19 AM
Hello
@Georg Pauwen You wouldnt wont to apply a static route on the Asus for a network that suppose to be hidden by NAT from the ISR rtr
@T0mTheCat Suggest before you apply any NAT in fact remove it completely from the ISR router and then once removed test you connectivity from the ISR towards the Asus, make sure you have connectivity to/from the rtrs before you append any NAT.
10-16-2020 02:30 AM
Hi Paul,
I did try setting it manually, however I still cant get any PING from the ASUS router to Cisco Router.
interface GigabitEthernet5
ip address 192.168.2.7 255.255.255.0
duplex auto
speed auto
10-16-2020 02:22 AM - edited 10-16-2020 02:23 AM
Hi Georg,
So I reset the router and redo abit, however I still cant get any ping even from the ASUS router to Cisco Router
**************************************************************************
! Last configuration change at 09:14:07 UTC Fri Oct 16 2020
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
memory-size iomem 25
!
!
!
ip dhcp pool pool1
network 192.168.250.0 255.255.255.0
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
redundancy
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
switchport access vlan 250
switchport mode access
no ip address
!
interface GigabitEthernet4
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet5
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan250
ip address 192.168.250.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet5 overload
ip route 192.168.250.0 255.255.255.0 192.168.2.1
!
!
!
access-list 1 permit 192.168.250.0 0.0.0.25
*******************************************************************
R1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set <---------- not sure why my gateway is not set, i tried ip route 0.0.0.0 0.0.0.0 192.168.2.1 as well
192.168.250.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.250.0/24 is directly connected, Vlan250
L 192.168.250.1/32 is directly connected, Vlan250
*******************************************************************************************
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide