cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4266
Views
0
Helpful
12
Replies

Can ping internet from router but not l3 switch/clients

Matt2010
Level 1
Level 1

Hi all, 

 

I'm having trouble with my lab. I have an 1841 connected to a small netgear router so my roommate can still have internet access while I learn and test stuff. I can ping the internet(8.8.8.8) from my router, but not from the l3 switch or the clients on the switch. I wasn't able to ping the interface of the netgear from the switch at first, but I resolved that by adding a static route to 10.0.0.0 255.255.255.0 192.168.1.6. I've included the router and switch configs below, as well as a diagram of the network. Any help would be greatly appreciated!

Switch: 

 

Current configuration : 4115 bytes
!
! Last configuration change at 18:41:58 Central Sat Oct 14 2017
! NVRAM config last updated at 11:32:19 Central Sat Oct 14 2017
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname S1
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
clock timezone Central -5
switch 1 provision ws-c3750-24p
system mtu routing 1500
ip routing
ip dhcp excluded-address 10.10.10.0 10.10.10.49
ip dhcp excluded-address 10.10.20.0 10.10.20.49
!
ip dhcp pool VLAN10
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 69.7.88.19 69.7.88.18 4.4.2.2 8.8.8.8
domain-name Lowrey.local
lease 0 5
!
ip dhcp pool VLAN20
network 10.10.20.0 255.255.255.0
domain-name Lowrey.local
default-router 10.10.20.1
dns-server 69.7.88.19 69.7.88.18 4.4.2.2 8.8.8.8
lease 0 5
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
description TRUNK_TO_R1
no switchport
ip address 10.0.0.2 255.255.255.0
!
interface FastEthernet1/0/2
switchport access vlan 10
switchport mode access
spanning-tree portfast
!

INTERFACES 1/0/3-23 HAVE NOTHING PLUGGED IN
interface FastEthernet1/0/24
description TRUNK_TO_S2
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
ip address 10.10.1.1 255.255.255.0
!
interface Vlan10
description WIRED_DEFAULT_GATEWAY
ip address 10.10.10.1 255.255.255.0
!
interface Vlan20
ip address 10.10.20.2 255.255.255.0
!
ip default-gateway 10.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 192.168.1.0 255.255.255.0 192.168.1.6
ip route 192.168.1.0 255.255.255.0 10.0.0.1
ip http server
ip http secure-server
!
!
!
line con 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

 

Router: 

 

Current configuration : 1132 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no fair-queue
!
interface Serial0/1/0
no ip address
!
ip classless
no ip route static inter-vrf
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.10.10.0 255.255.255.0 10.0.0.2
ip route 10.10.20.0 255.255.255.0 10.0.0.2
ip route 192.168.1.0 255.255.255.0 192.168.1.1
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login
!
end

1 Accepted Solution

Accepted Solutions

Could you replace the following line?

access-list 1 permit 10.0.0.0

With,

access-list 1 permit 10.0.0.0 0.255.255.255

 

HTH,

Meheretab

HTH,
Meheretab

View solution in original post

12 Replies 12

Hello,

 

You dont need all this routes.

Switches:

ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 192.168.1.0 255.255.255.0 192.168.1.6
ip route 192.168.1.0 255.255.255.0 10.0.0.1

 

You just need this:

ip route 0.0.0.0 0.0.0.0 10.0.0.1. 

 

On router:

You have this:

ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 192.168.1.1

 

You need this:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

However, on the Route 1 you need a route like this:

ip route 10.0.0.0 255.255.255.0 192.168.1.6

 

-If I helped you somehow, please, rate it as useful.-


@Flavio Miranda wrote:

Hello,

 

You dont need all this routes.

Switches:

ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip route 192.168.1.0 255.255.255.0 192.168.1.6
ip route 192.168.1.0 255.255.255.0 10.0.0.1

 

You just need this:

ip route 0.0.0.0 0.0.0.0 10.0.0.1. 

 

On router:

You have this:

ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.1.0 255.255.255.0 192.168.1.1

 

You need this:

ip route 0.0.0.0 0.0.0.0 192.168.1.1

However, on the Route 1 you need a route like this:

ip route 10.0.0.0 255.255.255.0 192.168.1.6

 

-If I helped you somehow, please, rate it as useful.-


Flavio, 

 

I have removed the routes that are not needed. I already have the route 10.0.0.0 255.255.255.0 192.168.1.6 on my netgear router. On the netgear router I'm able to ping all the way to clients in vlan 10 on the switch. From the switch I can ping to 10.200.120.69 but no further than that.

I should mention that I have also tried removing the netgear router and connected my 1841 directly to my ISP, obviously changing the static routes to correspond to the new configuration. Same issue there. I can ping my router's interface from the switch but not past it.

On the Switch:
no ip default-gateway 10.0.0.1 <--- You do not use this command whenever you run "ip routing". Please remove it.

On Router1:
Do you have the following commands?
ip route 10.10.10.0 255.255.255.0 192.168.1.6
ip route 10.10.20.0 255.255.255.0 192.168.1.6

If you still have issue, please share the output of "traceroute 8.8.8.8" from the switch.

HTH,
Meheretab
HTH,
Meheretab

Hello,

 

with the Netgear connected to the Cisco, try the config below. Make sure all your LAN cllients can reach 10.0.0.1.

 

hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
no ip dhcp use vrf connected
!
no ip ips deny-action ips-interface
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no fair-queue
!
interface Serial0/1/0
no ip address
!
ip classless
!
ip nat inside source list 1 interface FastEthernet0/1 overload
!
no ip route static inter-vrf
!
ip route 0.0.0.0 0.0.0.0 dhcp
or
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
Q
ip route 10.10.10.0 255.255.255.0 10.0.0.2
ip route 10.10.20.0 255.255.255.0 10.0.0.2
ip route 192.168.1.0 255.255.255.0 192.168.1.1
!
access-list 1 permit 10.0.0.0
!
ip http server
no ip http secure-server
!
control-plane
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login
!
end

Hey everyone, thanks for responding. I have tried all the things suggested; still no luck. I did remove ip default-gateway 10.0.0.1 from the switch, confirmed I have the routes Meheretab suggested on the netgear(screenshot in attachment) and also updated R1's config to match Georg's suggested config. Here's the output of traceroute 8.8.8.8 on the switch: 

1 10.0.0.1 0 msec 0 msec 8 msec
2 192.168.1.1 0 msec 0 msec 8 msec
3 * * *
4 * * *
5 * * *
6 * * *
7 * * * Repeated all the way to 30 hops

 

Also, I just noticed the network diagram is a bit confusing. Router0 is my R1(cisco 1841) and Router1 is my netgear router. I am able to ping from every subnet to 10.0.0.1. From a client in the 192.168.1.0 network(netgear), a client in the 10.10.10.0 network and a client in the 10.10.20.0 network. Any client can ping to 10.200.120.69(Internet port on netgear), but anything past R1(1841) can't go any further.

Try and ping 8.8.8.8 from the Cisco router, does that work ?

Also, post the router config, it looks like you still have the static default route to 192.168.1.1 in place....

I'm able to ping 8.8.8.8 from the cisco router. Here's the config: 

 

Current configuration : 1210 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
!
no ip dhcp use vrf connected
!
!
no ip ips deny-action ips-interface
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.1.6 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
no fair-queue
!
interface Serial0/1/0
no ip address
!
ip classless
no ip route static inter-vrf
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 10.10.10.0 255.255.255.0 10.0.0.2
ip route 10.10.20.0 255.255.255.0 10.0.0.2
!
ip http server
no ip http secure-server
ip nat inside source list 1 interface FastEthernet0/1 overload
!
access-list 1 permit 10.0.0.0
!
!
control-plane
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
logging synchronous
login
!
end

 

I tried removing ip route 0.0.0.0 0.0.0.0 192.168.1.1, but then I am not even able to ping 8.8.8.8 out of the router. If I remove ip route 0.0.0.0 0.0.0.0 192.168.1.1 and run show ip route it shows "gateway of last resort is 0.0.0.0 to network 0.0.0.0" even though I have made sure I have ip route 0.0.0.0 0.0.0.0 fastEthernet 0/1 added to the config...

 

It seems to me that my ISP's directly connected router doesn't know how to access my 10.0.0.0 network, since I can ping to 10.0.0.1 and 10.10.10.1 from anywhere on my LAN. Could this be possible?

For sure ISP doesn´t know your internal network 10.0.0.0 but it is not necessary actually.

As you are performing NAT on the router, the IP address that reachs the ISP is the IP address of the router interface 192.168.1.6.

 I may lost some steps as someone else came to the discussion. Are you still using two routers?

 From where you are able to ping 8.8.8.8 ? from Switch ?

 

-If I helped you somehow, please, rate it as useful.-

Could you replace the following line?

access-list 1 permit 10.0.0.0

With,

access-list 1 permit 10.0.0.0 0.255.255.255

 

HTH,

Meheretab

HTH,
Meheretab


@Meheretab Mengistu wrote:

Could you replace the following line?

access-list 1 permit 10.0.0.0

With,

access-list 1 permit 10.0.0.0 0.255.255.255

 

HTH,

Meheretab


This fixed it! Thank you!! I haven't gotten to ACLs yet in my study so I'm not 100% sure what the problem was still, but it's now working!