Hi,

Thanks for the reply.

I tried it out but i'm still not able to ping any site.(even from router)

I reactivate dns lookup and see it the router finds the dns-servers and it looks like he does.

ping google.be
Translating "google.be"...domain server (208.67.222.222) (208.67.220.220) (195.130.131.5) (195.130.130.5)
% Unrecognized host or address, or protocol not running.

The router is a C891F-K9.

Here below you find the full config file

Router#show running-config
Building configuration...

Current configuration : 2459 bytes
!
! Last configuration change at 09:11:16 EST Mon Nov 7 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!enable secret 5 $Password
!
no aaa new-model
clock timezone EST 1 0
!!!!!

no ip domain lookup
ip name-server 208.67.222.222
ip name-server 208.67.220.220
ip cef
no ipv6 cef
!!!
multilink bundle-name authenticated
!!!!
license udi pid C891F-K9 sn FCZ
!
interface BRI0
no ip address
encapsulation hdlc
no isdn termination multidrop
!
interface FastEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0
switchport access vlan 10
no ip address
!
interface GigabitEthernet1
switchport access vlan 10
no ip address
!
interface GigabitEthernet2
switchport access vlan 10
no ip address
!
interface GigabitEthernet3
switchport access vlan 20
no ip address
!
interface GigabitEthernet4
switchport access vlan 10
no ip address
!
interface GigabitEthernet5
switchport access vlan 10
no ip address
!
interface GigabitEthernet6
switchport access vlan 10
no ip address
!
interface GigabitEthernet7
switchport access vlan 20
no ip address
!
interface GigabitEthernet8
description WAN port
ip address dhcp
ip nat outside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip nat enable
ip virtual-reassembly in
!
interface Vlan20
ip address 10.10.10.1 255.255.255.0
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 10 interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!snmp-server community 192.168.0.254 RO
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 permit 10.10.10.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!!!!
line con 0
no modem enable
line aux 0
line 3
speed 115200
flowcontrol hardware
line vty 0 4
no login
transport input none
!
scheduler allocate 20000 1000
!
end

Thx for the help

Hello,

your interface GigabitEthernet8 is getting a DHCP address. Usually you do not need to configure anything DNS locally on your router, as DHCP will provide that. So, either leave everything as is and configure:

Router(config)#ip domain-lookup

or remove the DNS stuff from your router:

Router(config)#no ip name-server 208.67.222.222
Router(config)#no ip name-server 208.67.220.220

Hi,

I've removed the open dns servers without any succes.

I've added the ip name-servers & change no ip domain-lookup to ip domain-lookup but also without any succes.

any thoughts?

thx

Bram,

do you get a public IP address on interface GigabitEthernet8 ? Keep in mind that nothing on Vlan 20 can access anything, since you don't have that interface configured for NAT. Only Vlan 10 clients can access the Internet.

Can you post the output of 'show ip interface GigabitEthernet8' ?

Hi,

Interace GigabitEthernet 8 gets a public IP.

I paste the logs because the router is now disconnect so the firm can work on internet.

*Nov 7 08:13:45.435: %LINK-3-UPDOWN: Interface GigabitEthernet8, changed state to up
*Nov 7 08:13:46.435: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet8, changed state to up
*Nov 7 08:13:54.403: %DHCP-6-ADDRESS_ASSIGN: Interface GigabitEthernet8 assigned DHCP address 81.165.155.9, mask 255.255.248.0, hostname Router

I can't ping in the console of the router so i think the vlan ain't the problem right now.)

about the vlans:

I don't want that vlan 20 can access vlan 10 or the other way arround. Both networks must go online.

Hello,

try and remove the 'ip nat enable' from your GigabitEthernet8 and Vlan 10 interfaces, or change the statement:

ip nat inside source list 10 interface GigabitEthernet8 overload

to

ip nat source list 10 interface GigabitEthernet8 overload

(remove the 'inside').

Bram,

in addition of my previous post, the 'ip nat inside source' is used when the source is a physical interface (e.g. GigabitEthernet1), and the 'ip nat source' command is used when the source is a virtual interface, such as Vlan 10 (in your case).

Hi,

I tried it out but no result :s

What am I missing.

Router#show ip interface GigabitEthernet8
GigabitEthernet8 is up, line protocol is up
Internet address is 81.165.154.114/21
Broadcast address is 255.255.255.255
Address determined by DHCP
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Input features: Common Flow Table, Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
Output features: Post-routing NAT Outside, Common Flow Table, Stateful Inspection, NAT ALG proxy
IPv4 WCCP Redirect outbound is disabled
IPv4 WCCP Redirect inbound is disabled
IPv4 WCCP Redirect exclude is disabled

Router#show running-config
Building configuration...

Current configuration : 2382 bytes
!
! Last configuration change at 12:18:47 EST Tue Nov 8 2016
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$
!
no aaa new-model
clock timezone EST 1 0
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
license udi pid C891F-K9 sn FC
!
interface BRI0
no ip address
encapsulation hdlc
no isdn termination multidrop
!
interface FastEthernet0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0
switchport access vlan 10
no ip address
!
interface GigabitEthernet1
switchport access vlan 10
no ip address
!
interface GigabitEthernet2
switchport access vlan 10
no ip address
!
interface GigabitEthernet3
switchport access vlan 20
no ip address
!
interface GigabitEthernet4
switchport access vlan 10
no ip address
!
interface GigabitEthernet5
switchport access vlan 10
no ip address
!
interface GigabitEthernet6
switchport access vlan 10
no ip address
!
interface GigabitEthernet7
switchport access vlan 20
no ip address
!
interface GigabitEthernet8
description WAN port
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
ip address 10.10.10.1 255.255.255.0
ip virtual-reassembly in
!
interface Async3
no ip address
encapsulation slip
!
no ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 10 interface GigabitEthernet8 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!
snmp-server community 192.168.0.254 RO
access-list 10 permit 192.168.0.0 0.0.0.255
access-list 10 permit 10.10.10.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
no modem enable
line aux 0
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
no login
transport input none
!
scheduler allocate 20000 1000
!
end

thx

hi

I had to reactivate ip domain lookup and it worked for the main domain.

The visitors-network can't acces the internet.

thx

Bram,

the visitor's Vlan, is that Vlan 20 ? Configure 'ip nat inside' on that interface as well if you want users connected to Vlan 20 to access the Internet (I thought I remembered that you didn't want Vlan 20 users to access ?)...

hi gpauwen,

I did identical.

interface Vlan10
ip address 192.168.0.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in

If fixed it now with a guest wifi-router (on vlan10)

Will vlan10 and vlan20 be able to communicate? (I don't want them to be able to do)

thx for all the help.

Bram,

you can apply an outbound access list on Vlan 10:

ip access-list extended NO_VLAN_20
deny tcp 10.10.10.0 0.0.0.255 any
permit ip any any
!
interface Vlan10
ip access-group NO_VLAN_20 out

This (I think) effectively blocks access from both VLANs to each other. Be careful though when your clients make use of DHCP. If you do, add

permit udp any eq bootpc any eq bootps

to the access list.