cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1587
Views
0
Helpful
7
Replies

Can ping internet from console but not from pc

andri.vork
Level 1
Level 1

Hello,

We let cisco professional to configure 1941w router with EHWIC-3G card. So the Gig 0/0 and wlan clients could communicate the internet over 3G.
So we bought another 1941w and copied the config over to new one. Can ping from console but not from client pc.

The only differents between old and new is "ip source-nat" line. New router just don't save it to running-conf. No errors also.

Router#show run

Building configuration...

Current configuration : 3238 bytes

!

! No configuration change since last restart

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

logging buffered 16000

enable secret 5 xxxxxxxxxxxxxxxxxxxxxx.

!

no aaa new-model

service-module wlan-ap 0 bootimage autonomous

!

no ipv6 cef

!

!

!

ip dhcp excluded-address 10.10.1.1 10.10.1.31

!

ip dhcp pool sise

network 10.10.1.0 255.255.255.0

default-router 10.10.1.1

dns-server 194.204.0.1

!

ip dhcp pool wifi

network 10.10.2.0 255.255.255.0

default-router 10.10.2.1

dns-server 194.204.0.1

!

!

ip cef

multilink bundle-name authenticated

!

chat-script gsm0 "" "ATDT*99*3#" TIMEOUT 60 "CONNECT"

crypto pki token default removal timeout 0

!

!

license udi pid CISCO1941W-E/K9 sn xxxxxxxxxxxxxx

hw-module ism 0

!

!

!

username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx

!

!

controller Cellular 0/0

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address dhcp

duplex auto

speed auto

!

interface GigabitEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.10.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface wlan-ap0

description Service module interface to manage the embedded AP

ip address 10.10.11.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

arp timeout 0

no mop enabled

no mop sysid

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Wlan-GigabitEthernet0/0

description Internal switch interface connecting to the embedded AP

switchport mode trunk

no ip address

!

interface Cellular0/0/0

ip address negotiated

ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer in-band

dialer string gsm0

dialer-group 1

async mode interactive

ppp chap hostname elisa

ppp chap password 0 elisa

ppp ipcp dns request

!

interface Cellular0/0/1

no ip address

encapsulation ppp

!

interface Vlan1

ip address 10.10.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Vlan2

description WiFi

ip address 10.10.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list natlist interface Cellular0/0/0 overload

ip route 0.0.0.0 0.0.0.0 Cellular0/0/0

!

ip access-list extended natlist

permit ip 10.10.1.0 0.0.0.255 any

permit ip 10.10.2.0 0.0.0.255 any

permit ip 10.10.3.0 0.0.0.255 any

!

access-list 1 permit any

dialer-list 1 protocol ip list 1

!

!

!

control-plane

!

!

!

line con 0

line aux 0

line 2

script dialer gsm0

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line 0/0/0

exec-timeout 0 0

script dialer gsm0

modem InOut

no exec

transport input all

transport output all

rxspeed 7200000

txspeed 5760000

line 0/0/1

no exec

rxspeed 7200000

txspeed 5760000

line 67

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

line vty 0 4

login

transport input all

!

scheduler allocate 20000 1000

!

end

Please help.

Thank You

7 Replies 7

andri.vork
Level 1
Level 1

I noticed one difference.

Old router config was starting with line "version 15.1"

But now is 15.2.

Should i downgrade to 15.1?

Andri,

don't downgrade your router unless strange IOS behaviour and find out why the ip source nat command line does not come up in your config. With no NAT all the private IP (like your host) won't go in anywhere while the router possibly is chosing a public IP to encapsulate the ongoing packet. try this:

ping Internet_IP source 10.10.11.1

you should not get any echo-reply also if you do this from console. if i am right you definitely need to write down the line code for NAT on the new 1941w.

HTH

Alessio

I'm not an expert - thats why i cant write new code.

So far i have progress. Downgraded to 15.1 and the nat is working now.

But there is new problem. Wireless clients cant get their ip from dhcp.

Here is AP config:

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname ap

!

enable secret 5 xxxxxxxxxxxxxx

!

no aaa new-model

no ip domain lookup

!

!

dot11 syslog

!

dot11 ssid kbv

   vlan 2

   authentication open

   authentication key-management wpa

   mbssid guest-mode

   wpa-psk ascii 7 xxxxxxxxxxxxxxxxxxx

!

!

!

username tester privilege 15 secret 5 xxxxxxxxxxxxxx

!

!

bridge irb

!

!

interface Dot11Radio0

no ip address

no ip route-cache

!

encryption vlan 2 mode ciphers aes-ccm tkip

!

broadcast-key vlan 2 change 3600

!

!

ssid kbv

!

antenna gain 0

mbssid

station-role root

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface Dot11Radio1

no ip address

no ip route-cache

shutdown

!

encryption vlan 2 mode ciphers aes-ccm tkip

!

broadcast-key vlan 2 change 3600

!

!

ssid kbv

!

antenna gain 0

no dfs band block

mbssid

channel dfs

station-role root

!

interface Dot11Radio1.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

bridge-group 1 subscriber-loop-control

bridge-group 1 block-unknown-source

no bridge-group 1 source-learning

no bridge-group 1 unicast-flooding

bridge-group 1 spanning-disabled

!

interface Dot11Radio1.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

bridge-group 2 subscriber-loop-control

bridge-group 2 block-unknown-source

no bridge-group 2 source-learning

no bridge-group 2 unicast-flooding

bridge-group 2 spanning-disabled

!

interface GigabitEthernet0

description the embedded AP GigabitEthernet 0 is an internal interface connecting AP with the host router

no ip address

no ip route-cache

!

interface GigabitEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

no bridge-group 1 source-learning

bridge-group 1 spanning-disabled

!

interface GigabitEthernet0.2

encapsulation dot1Q 2

no ip route-cache

bridge-group 2

no bridge-group 2 source-learning

bridge-group 2 spanning-disabled

!

interface BVI1

ip address 10.10.3.2 255.255.255.0

no ip route-cache

!

ip default-gateway 10.10.3.1

ip http server

no ip http secure-server

ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag

bridge 1 route ip

!

!

!

line con 0

no activation-character

line vty 0 4

login local

!

end

Hi Andri,

you did not write any dhcp pool so you can't provide IPs to your wireless clients. If the dhcp server is not the router but a server in another point of the network possibly you want to implemen on the vlan of your clients the ip helper-address command to point to the dhcp server ip address.

Alessio

PS: very few in this forum are real experts (me EXcluded)

On the router side there are dhcp pool for wlan. On the first router it did work.

ip dhcp pool wifi

network 10.10.2.0 255.255.255.0

default-router 10.10.2.1

dns-server 194.204.0.1

Set the excluded ip addresses in the pool

Alessio

Added it, but still nothing.
Now it looks following:

no ipv6 cef

ip source-route

ip cef

!

!

!

ip dhcp excluded-address 10.10.1.1 10.10.1.31

ip dhcp excluded-address 10.10.2.1 10.10.2.31

!

ip dhcp pool sise

network 10.10.1.0 255.255.255.0

default-router 10.10.1.1

dns-server 194.204.0.1

!

ip dhcp pool wifi

network 10.10.2.0 255.255.255.0

default-router 10.10.2.1

dns-server 194.204.0.1

Review Cisco Networking for a $25 gift card