10-21-2017 04:53 AM - edited 03-05-2019 09:20 AM
Hi
I am new to cisco router and I am having problem making LAN able to access internet.
My LAN network is 192.168.2.x/24
My ISP's default gateway is 192.168.0.1
GigabitEthernet0/1 is the interface facing LAN
GigabitEthernet0/0 is the interface facing WAN
Can anyone help, what am I getting wrong?
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable secret 5 $1$3Ng.$Ss8vhlESYljXeb9roSGEm/
enable password 24917468
!
no aaa new-model
!
clock timezone PCTime 8 0
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
no ip routing
no ip cef
!
!
!
!
!
ip name-server 168.95.1.1
ip name-server 192.168.0.1
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941W-A/K9 sn FTX153282DN
license accept end user agreement
hw-module ism 0
!
!
!
username yfi privilege 15 secret 5 $1$s2oR$6PL4ZJRbeb1Diohz4PMK60
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface Embedded-Service-Engine0/0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 192.168.0.99 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
no ip route-cache
shutdown
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1452
duplex auto
speed auto
no mop enabled
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
no ip address
shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip default-gateway 192.168.0.1
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255 log
!
!
!
!
!
snmp-server community public RO
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
privilege level 15
password 24917468
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
Solved! Go to Solution.
10-22-2017 04:02 AM
10-21-2017 05:10 AM
Hello,
the 'log' keyword at the end of your access list kills your NAT. Remove that keyword and check if you get connectivity:
So, change:
access-list 1 permit 192.168.2.0 0.0.0.255 log
to
access-list 1 permit 192.168.2.0 0.0.0.255
10-21-2017 08:06 PM
Hi Georg,
I had removed "log" as suggested but still having the same problem. Any thoughts? I had also use Cisco CP to test connection and I am getting this Failure reasons:
Troubleshooting Results
Failure Reason(s) | Recommended Action(s) |
To test connectivity, Cisco CP tries to ping the configured DNS servers. However, there is no configured route to any of the DNS servers through the selected interface. | Select 'User-specified' option or add a 'host specific/network specific/default' route through this interface and retest connection. |
10-21-2017 11:51 PM
Hello,
below is the revised configuration. I enabled 'ip routing' (this is the most important part missing, 'ip cef', and removed the 'default-gateway'. If that still doesn't work, try the following name servers:
ip name-server 8.8.8.8
ip name-server 8.8.4.4
-------------------
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable secret 5 $1$3Ng.$Ss8vhlESYljXeb9roSGEm/
enable password 24917468
!
no aaa new-model
!
clock timezone PCTime 8 0
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
ip routing
ip cef
!
ip name-server 168.95.1.1
ip name-server 192.168.0.1
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO1941W-A/K9 sn FTX153282DN
license accept end user agreement
hw-module ism 0
!
username yfi privilege 15 secret 5 $1$s2oR$6PL4ZJRbeb1Diohz4PMK60
!
redundancy
!
interface Loopback0
no ip address
!
interface Embedded-Service-Engine0/0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 192.168.0.99 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
no ip route-cache
shutdown
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1452
duplex auto
speed auto
no mop enabled
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
no ip address
shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
!
snmp-server community public RO
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
privilege level 15
password 24917468
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
10-22-2017 02:14 AM
Hi,
I had changed the configuration to the one you suggested but still not working, I had also change the ip-name-server as well and still not working. Below is the current configuration used:
------------------------------------------
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable secret 5 $1$3Ng.$Ss8vhlESYljXeb9roSGEm/
enable password 24917468
!
no aaa new-model
!
clock timezone PCTime 8 0
service-module wlan-ap 0 bootimage autonomous
!
no ipv6 cef
ip source-route
no ip routing
no ip cef
!
!
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1941W-A/K9 sn FTX153282DN
license accept end user agreement
hw-module ism 0
!
!
!
username yfi privilege 15 secret 5 $1$s2oR$6PL4ZJRbeb1Diohz4PMK60
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
no ip address
!
interface Embedded-Service-Engine0/0
no ip address
no ip route-cache
shutdown
!
interface GigabitEthernet0/0
description $ETH-WAN$
ip address 192.168.0.99 255.255.255.0
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface wlan-ap0
description Service module interface to manage the embedded AP
no ip address
no ip route-cache
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
description $ETH-LAN$
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1452
duplex auto
speed auto
no mop enabled
!
interface Wlan-GigabitEthernet0/0
description Internal switch interface connecting to the embedded AP
no ip address
shutdown
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip default-gateway 192.168.0.1
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.2.0 0.0.0.255
!
!
!
!
!
snmp-server community public RO
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
privilege level 15
password 24917468
login local
transport input telnet ssh
line vty 5 15
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
end
10-22-2017 04:02 AM
You need to enable ip routing:
cisco#conf t
cisco(config)#ip routing
10-22-2017 07:30 AM
Hi Georg,
Thank you so much for your time and effort. Really appreciate your help!
10-22-2017 07:59 AM
So you have full connectivity now ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide