Solved: Can't access internet with C1101-4P Router

acet · ‎02-12-2024

Hello,

My VLAN users are unable to access Internet. I have tried different access lists and can't figure out the problem. Can someone tell me what is missing here?

Thank you.

interface GigabitEthernet0/0/0
description Connection to Internet
ip address 1.2.3.4 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip http client secure-trustpoint SLA-TrustPoint
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 1.2.3.5
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

Georg Pauwen · ‎02-12-2024

Hello,

add the lines marked in bold to your configuration:

interface GigabitEthernet0/0/0
description Connection to Internet
ip address 1.2.3.4 255.255.255.0
--> ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
--> ip nat inside
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip http client secure-trustpoint SLA-TrustPoint
ip forward-protocol nd
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 1.2.3.5
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
--> access-list 1 permit 172.16.1.0 0.0.0.255

View solution in original post

Georg Pauwen · ‎02-12-2024

Hello,

add the lines marked in bold to your configuration:

interface GigabitEthernet0/0/0
description Connection to Internet
ip address 1.2.3.4 255.255.255.0
--> ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
--> ip nat inside
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip http client secure-trustpoint SLA-TrustPoint
ip forward-protocol nd
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 1.2.3.5
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
--> access-list 1 permit 172.16.1.0 0.0.0.255

acet · ‎02-13-2024

Thank You Georg.

interface GigabitEthernet0/0/0
description Connection to Internet
ip address 1.2.3.4 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip http client secure-trustpoint SLA-TrustPoint
ip forward-protocol nd
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 1.2.3.4
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
ip access-list standard 1
10 permit 172.16.1.0 0.0.0.255

acet · ‎02-13-2024

Update:

I removed this line:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

because it was working sporadically probably due to this error:

%Default route without gateway, if not a point-to-point interface, may impact performance

Georg Pauwen · ‎02-13-2024

Hello,

if you know the next hop IP address, and if that is a static address, it is indeed better to use this address. The 'error' message is not really an error message, it just tells you that the router has to ARP for the next hop, which can add a delay to your connection. In reality, that delay is negligible.

paul driver · ‎02-12-2024

Hello
You are using private non public routable addressing as such your clients will not be able to reach the internet, to accomplish this you will require a routing device (rtr or high end switch) that can perform Network/Port Address Translation ( NAT/PAT)
Also suggest you defined a fully specified static routes when the need arises. (nexthop interface and ip address.

Example
no ip route 0.0.0.0 0.0.0.0 1.2.3.5
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 1.2.3.5
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 1.2.3.5

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul