03-24-2019 05:31 AM
My Configuration is below I'm able to ping websites inside the router. But unable to browse the internet on Lan IP address.
Building configuration...
Current configuration: 2680 bytes
!
! Last configuration change at 11:59:53 UTC Sun Mar 24 2019
! NVRAM config last updated at 10:46:41 UTC Sun Mar 24 2019
!
version 15.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
asr901-platf-multi-nni-cfm
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip cef
!
!
ip dhcp pool vois_pool
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8 8.8.4.4
lease 0 1
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
no ipv6 cef
!
!
multilink bundle-name authenticated
l3-over-l2 flush buffers
!
!
spanning-tree mode pvst
spanning-tree extend system-id
license udi pid A901-6CZ-F-D sn CAT1832U26L
license accept end user agreement
license boot level AdvancedMetroIPAccess
!
!
!
interface GigabitEthernet0/0
no ip address
negotiation auto
service instance 1 ethernet
encapsulation untagged
bridge-domain 1
!
!
interface GigabitEthernet0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/3
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/4
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/5
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/6
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/7
no ip address
negotiation auto
service instance 8 ethernet
encapsulation untagged
bridge-domain 8
!
!
interface GigabitEthernet0/8
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/9
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/10
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/11
no ip address
shutdown
negotiation auto
!
interface TenGigabitEthernet0/0
no ip address
shutdown
!
interface TenGigabitEthernet0/1
no ip address
shutdown
!
interface FastEthernet0/0
no ip address
shutdown
!
interface Vlan1
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
interface Vlan8
ip address 10.70.70.254 255.255.255.0
ip nat outside
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.70.70.1
!
access-list 1 permit 192.168.20.0 0.0.0.255
!
!
!
control-plane
!
environment monitor
!
exception crashinfo buffersize 128
!
!
end
03-24-2019 05:48 AM - edited 03-24-2019 05:49 AM
ip nat inside source list 1 interface vlan 8 overload
Jon
03-24-2019 09:55 PM
Hi Jon,
I tried with the "ip nat inside source list 1 interface VLAN 8 overload" with no success. Still no Internet on LAN
03-24-2019 10:44 PM
Hi,
Are you able to successfully ping to 8.8.8.8 from the router console using the source VLAN 8? Which is a device "10.70.70.1"?
Regards,
Deepak Kumar
03-24-2019 11:11 PM
03-25-2019 12:52 AM
Hello,
which physical interface(s) on the ASR are your clients connected to ?
03-25-2019 05:31 AM
Clients are connected on interface gi0/0 and the WAN port is gi0/7.
03-25-2019 06:03 AM
Hello,
try and change:
interface GigabitEthernet0/0
no ip address
negotiation auto
service instance 1 ethernet
encapsulation untagged
bridge-domain 1
to
interface GigabitEthernet0/0
no ip address
negotiation auto
service instance 1 ethernet
encapsulation dot1q 1 untagged
bridge-domain 1
03-25-2019 06:05 AM
Would you post the updated config? Also would you post output of the commands show ip route and show arp?
HTH
Rick
03-25-2019 09:06 AM
03-25-2019 11:37 AM
Hi,
Can you try with:
!
no ip nat inside source list 1 interface Vlan8 overload
!
Ip access-list standard 2
permit any
!
ip nat inside source list 2 interface vlan 8 overload
!
Regards,
Deepak Kumar
03-25-2019 10:44 PM - edited 03-25-2019 10:50 PM
Hi Deepak,
As per the suggestion, I've changed the configuration as following, Still, it is not working.
ip nat inside source list 2 interface Vlan8 overload
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.70.70.1
!
access-list 2 permit any
!
03-26-2019 01:34 AM
Hi,
Let do more tshoot on client machine:
Open CMD and run a command:
1. Ipconfig /all
2. route -4 print
3. tracert 8.8.8.8
Share all logs with us.
Regards,
Deepak Kumar
03-26-2019 08:09 PM
Hi,
One more point:
interface Vlan1
ip address 192.168.20.1 255.255.255.0
IP NAT Inside
!
I think you removed this command. And please verify that 10.10.10.71 is the next-hop address for WAN (default route).
Regards,
Deepak Kumar
03-26-2019 12:34 AM
Hello,
small detail maybe, but try and add:
ip dhcp excluded-address 192.168.20.1
to your configuration...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide