cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4505
Views
0
Helpful
4
Replies

Can't ping from host (Cisco newb here)

s.quirion
Level 1
Level 1

Hey Cisco community, I'm going through the CCNA training and I'm setting up my DHCP server on my 871 router. I have my cable modem into the WAN port on my router and have 1 host plugged directly into Fastethernet 1. I can ping any IP I want from the IOS prompt but I only have local access from the host. I figure I'm missing something very basic and would very much appreciate any help someone has to offer

Thanks!

Steve

Here are my settings and ping results:

!

! Last configuration change at 10:38:23 UTC Sun Jul 1 2012 by steve

!

version 12.4

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

crypto pki trustpoint TP-self-signed-585681807

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-585681807

revocation-check none

rsakeypair TP-self-signed-585681807

!

!

crypto pki certificate chain TP-self-signed-585681807

certificate self-signed 01

30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030

30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 35383536 38313830 37301E17 0D303230 39303632 31323135

365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F

532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3538 35363831

38303730 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100

AB147A31 E5D67C9F 7D468642 6EBAC39F D74176BC 6AC37029 44C5B9FA F7DBAF51

1CF8B124 DDB72DA3 A45CCC38 12AD7F60 A2541768 5162B139 0606D6AD C31DB065

010789FF C86FF916 A7C5CB0D 7668FCF9 DBDAC009 A2640711 C7200B14 F27FD88B

B4B7F7A3 B0BDF3F6 C3FAC127 FD9EA816 4EBBC039 FD9D335B D2DA1FB9 5EB2D64B

02030100 01A36C30 6A300F06 03551D13 0101FF04 05300301 01FF3017 0603551D

11041030 0E820C52 312E7374 6576652E 636F6D30 1F060355 1D230418 30168014

9D2224CA 9D245BE7 E3192D3C 31737387 9A2A82A6 301D0603 551D0E04 1604149D

2224CA9D 245BE7E3 192D3C31 7373879A 2A82A630 0D06092A 864886F7 0D010104

05000381 81007134 0085B36F 195C884F 965D44ED 3851A29B D0386887 9E92D941

C39A0BE9 F4991889 CBB1B20B 6DDBEAD9 2A5A1931 648F93C6 50B563E1 DD174798

BA9372B1 BA17AD01 F75B5B66 918B5123 21C59D77 513F17E5 48161241 01138F6D

4815B646 0685905A 70ED775C C00F1C5B 0BFC08CC 1B17C625 13073A89 3EBB01D1

30A0160F CEFE

quit

dot11 syslog

ip cef

!

!

ip dhcp use vrf connected

ip dhcp excluded-address 192.168.1.1 192.168.1.19

ip dhcp excluded-address 192.168.1.101 192.168.1.254

!

ip dhcp pool SQ_DHCP

import all

network 192.168.1.0 255.255.255.0

domain-name home.local

default-router 192.168.1.1

dns-server 68.105.29.15

lease 3

!

!

ip domain name steve.com

!

multilink bundle-name authenticated

!

!

username steve privilege 15 password 0 cisco

!

!

archive

log config

hidekeys

!

!

ip ssh version 2

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

description WAN PORT

ip address dhcp

duplex auto

speed auto

!

interface Vlan1

ip address 192.168.1.1 255.255.255.0

!

ip forward-protocol nd

!

!

ip http server

ip http authentication local

ip http secure-server

ip dns server

!

!

!

!

!

control-plane

!

banner motd ^C

***********************************************

CISCO 871 | LOG OUT NOW

***********************************************

^C

alias exec save copy running-config startup-config

!

line con 0

exec-timeout 30 0

password cisco

logging synchronous

login local

no modem enable

line aux 0

line vty 0 4

exec-timeout 30 0

password cisco

logging synchronous

login local

transport input telnet ssh

!

scheduler max-task-time 5000

end

______________________________________

IOS Ping results:

R1#ping google.com

Translating "google.com"...domain server (68.105.28.11) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 74.125.224.199, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms

R1#

____________________________________________________

Host Ping Results:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . : home.local

Link-local IPv6 Address . . . . . : fe80::89f0:a7ad:a347:c59c%13

IPv4 Address. . . . . . . . . . . : 192.168.1.22

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

C:\Users\Q1>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time<1ms TTL=255

Reply from 192.168.1.1: bytes=32 time<1ms TTL=255

Reply from 192.168.1.1: bytes=32 time<1ms TTL=255

Reply from 192.168.1.1: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.1.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\Users\Q1>ping www.google.com

Ping request could not find host www.google.com. Please check the name and try a

gain.

C:\Users\Q1>ping 4.2.2.2

Pinging 4.2.2.2 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 4.2.2.2:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

1 Accepted Solution

Accepted Solutions

John Blakley
VIP Alumni
VIP Alumni

You're missing your nat config. Try adding these lines:

ip nat inside source list 100 inter f4 overload

access-list 100 permit 192.168.1.0 0.0.0.255 any

int vlan 1

ip nat inside

int fa4

ip nat outside

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

4 Replies 4

John Blakley
VIP Alumni
VIP Alumni

You're missing your nat config. Try adding these lines:

ip nat inside source list 100 inter f4 overload

access-list 100 permit 192.168.1.0 0.0.0.255 any

int vlan 1

ip nat inside

int fa4

ip nat outside

HTH,

John

HTH, John *** Please rate all useful posts ***

Wow, thank you so much John! It fired right up!

If its not too much to ask, is there any way you could explain each of those commands? It would help out greatly in my quest for the CCNA.

Thanks !

Steve

Sure!          

ip nat inside source list 100 inter f4 overload

This says to nat from the inside using an acl to match on. It will use the ip address that's applied to interface f4. The overload command enabled port address translation (PAT) which basically allows many thousands of connections. For example, if you have 2 different web sites open, that would be 2 different ip addresses that you'd be connected to but they are both port 80. So, with port translation you will be seen as:

Inside host address: 192.168.1.5

192.168.1.5:45000 -> 4.4.4.4:80

192.168.1.5:45001 -> 5.5.5.5:80

The router will basically keep state information for these connections. When the return traffic comes back from 5.5.5.5:80 -> 192.168.1.5:45001, the router knows where to deliver the traffic.

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

The access-list is referenced in the nat statement. This acl matches all of your internal hosts going to anything on any port. If you want to nat only when going to port 80, then you'd change your acl to reflect that. There are tons of things that you can do with acls. For example with nat, if you wanted to deny 1 person from getting to websites but not deny them from getting to the internet, you could deny them in the above acl and then permit everything else:

access-list 100 deny tcp host 192.168.1.5 any eq 80

access-list 100 permit ip 192.168.1.0 0.0.0.255 any

The 2 entries above would deny host 192.168.1.5 from getting to any standard http websites, but they would be able to get to any secure sites on 443. Basically, if the 1st line doesn't match, they would roll over to the 2nd line, but if the 1st line matches they won't nat out of the router and can't get to websites.

int vlan 1

ip nat inside

int fa4

ip nat outside


These 2 sections enable nat on the interfaces. In order for nat to work, you need to enable at least 1 inside interface and 1 outside interface. You can have multiple inside interfaces using 1 outside interface, you can have multiple outside interfaces with only 1 nat interface, and you can have multiple inside and outside interfaces depending on the situation.

HTH,

John

HTH, John *** Please rate all useful posts ***

Very much appreciated John!

Review Cisco Networking for a $25 gift card