cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8409
Views
50
Helpful
22
Replies

Cannot ping from router.

Jeremy Tyson
Level 1
Level 1

Recently just attempted to setup my 1800 series router with charter cable internet. Everything seems to be set up correctly but we can't ping anything outside of our local network.  I'm just curious what the first step to take in resolving this is. I have posted a copy of my running config if anyone would like to help.

 

Thanks, Jeremy

22 Replies 22

John Blakley
VIP Alumni
VIP Alumni

Jeremy,

You can try changing:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

to:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp

Many  times the isp will disable proxy arp which is required when using an interface as the next hop.

 

Outside of that, I don't see any issues with your config.

HTH,

John

HTH, John *** Please rate all useful posts ***

Thank you so much. After changing that, at first I was getting 100% success rate but now it is varying between (2/5) 40% and (3/5) 60%. I also have a host plugged into Fa0/1 that can obtain an IP address but is unable to ping anything but the router. Any other ideas? Thanks again.

If you always know the default route, you really should specify it instead of using the ethernet interface. Will your route always change?

HTH, John *** Please rate all useful posts ***

No it shouldn't. I'm still a beginner though. I somewhat understand how ip route works but not necessarily how to configure it in this scenario.

You could try it. Do the dhcp thing with the "dhcp" tag at the end of the route. When you get your address, do a "show ip default". The address that it comes back with should be your default gateway. Then you can manually specify it in the route statement instead of the interface. Assuming your default gateway is 1.1.1.1, you'd put:

ip route 0.0.0.0 0.0.0.0 1.1.1.1

Try your pings out and see if that helps the loss. I doubt it really has anything to do with the loss which could be the result of a bad cable as well. If they work and work well, then you can leave it like this. If you lose internet access, you'll want to check that the default route hasn't changed. You could also test this by setting it, testing pings, shut the router off for about 10 minutes, and then bring it back up. If it's the same, you're probably safe.

HTH,

John

HTH, John *** Please rate all useful posts ***

Once again thank you very much. I have gotten one step further with your reply. Now the host connected to the router is able to ping ip addresses outside of the LAN but still does not have access to the Internet.

Jeremy,

Glad to hear that parts working. The reason the host isn't getting on the internet seems to be because you're assigning the wrong gateway through your dhcp scope. Change:

ip dhcp pool DATA
 import all
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.254
 dns-server 8.8.8.8

To:

 

ip dhcp pool DATA
 import all
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 8.8.8.8

That should fix it. Your nat config looks fine.

HTH,

John

HTH, John *** Please rate all useful posts ***

That was one of the things that I actually managed to catch on my own. I have since changed that and still no luck.

Can you post the current config that you have? What IP address do you have on the host? Also post:

sh ip nat translat

sh ip dhcp binding

sh ip route

 

HTH, John *** Please rate all useful posts ***


Router#sh ip nat translat
Pro Inside global      Inside local       Outside local      Outside global
tcp 71.82.223.214:49255 192.168.0.5:49255 77.234.41.65:80    77.234.41.65:80
tcp 71.82.223.214:49265 192.168.0.5:49265 108.160.162.107:80 108.160.162.107:80
tcp 71.82.223.214:49267 192.168.0.5:49267 74.125.69.106:443  74.125.69.106:443
tcp 71.82.223.214:49513 192.168.0.5:49513 184.85.215.35:80   184.85.215.35:80
tcp 71.82.223.214:49514 192.168.0.5:49514 23.61.75.27:80     23.61.75.27:80
tcp 71.82.223.214:49517 192.168.0.5:49517 74.125.225.27:80   74.125.225.27:80

Router#sh ip dhcp binding
Bindings from all pools not associated with VRF:
IP address          Client-ID/              Lease expiration        Type
                    Hardware address/
                    User name
192.168.0.4         0026.55cd.8c39          Nov 19 2014 05:46 PM    Automatic
192.168.0.5         0100.2655.cd8c.39       Nov 19 2014 06:03 PM    Automatic

Router#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, FastEthernet0/1
L        192.168.0.1/32 is directly connected, FastEthernet0/1
 


Router#sh running-config
Building configuration...

Current configuration : 1696 bytes
!
! Last configuration change at 17:45:49 UTC Tue Nov 18 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$uxDT$/mC6m6gDgUI/Nr/jZngEP0
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.2
ip dhcp excluded-address 192.168.0.3
!
ip dhcp pool DATA
 import all
 network 192.168.0.0 255.255.255.0
 default-router 192.168.0.1
 dns-server 24.196.64.53
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FTX123720KE
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
 description WAN
 ip address dhcp
 ip nat outside
 no ip virtual-reassembly in
 no ip route-cache
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/1
 description LAN
 ip address 192.168.0.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
 no ip route-cache
 duplex auto
 speed auto
!
interface Serial0/0/0
 no ip address
 shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 71.82.222.1
ip route 0.0.0.0 0.0.0.0 71.82.222.1 254
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
!
access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 permit ip any any
access-list 101 deny   ip any 192.168.0.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 20000 1000
end

Here is the current config that seems to be working after updating my access list according to CSCO11758457 's comment. Does this look like the best way to have everything configured? Assuming I configured my switch correctly, will I be able to plug directly into the switch or is this configured to only be used with a host directly connected to it? (the router)

You need to remove these...

access-list 101 permit ip 192.168.0.0 0.0.0.255 any
access-list 101 permit ip any any
access-list 101 deny   ip any 192.168.0.0 0.0.0.255

What CSCO11758457 was talking about absolutely does not apply.

Your acl should only specify "permit ip 192.168.0.0 0.0.0.255 any"

This is only used for NAT and it is not blocking your traffic. For the acl to be applicable to blocking, it has to be applied to an interface with the "access-group" statement, which you don't have.

Please remove these two lines:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 71.82.222.1

And, I'm not sure what you're doing here:

ip route 0.0.0.0 0.0.0.0 71.82.222.1 254

So please remove it. You don't need a floating route if you only have one connection.

Add:

ip route 0.0.0.0 0.0.0.0 71.82.222.1

When you do this, save the changes and reload the router. See if your connection works.

HTH, John *** Please rate all useful posts ***

Thanks again! And yes it still works after this configuration. Speed is a lot slower on the host connected directly to the 1800 vs. a host connected to my linksys consumer router but as long as I have internet access, I'm happy.

Hi,

What John said is perfect if your linksys supplies public ip to cisco router, but in your case you are doing double nat which will not work.

the other method is simply remove all natting and just add default route towards your cisco wan interface, it should work.

if not 

please remove all acl-statements and re-add what i gave before 

interface FastEthernet0/0

ip nat outside

interface FastEthernet0/1

 ip nat inside

 

ip nat inside source list 101 interface FastEthernet0/0 overload

access-list 101 deny   ip any 192.168.0.0 0.0.0.255

access-list 101 permit ip any any

Okay so this is all starting to make a little more sense and has been an invaluable learning experience. My question for you is will this config with ip nat outside and ip nat inside and so on work with my current setup of {Charter Modem --> Linksys consumer router --> Cisco router} or will that only work with {Charter Modem --> Cisco router.} Also, my roommate who is currently trying to learn this along side of me came up with the idea of using a dumb switch like this {Charter Modem --> Linksys dumb switch --> Linksys consumer router & Cisco router.} Thanks!

Review Cisco Networking for a $25 gift card