Solved: cisco 2911 no internet behind router

Ralf110666 · ‎04-29-2018

Hello, good morning.

i have problems to get access to the internet behind an 2911. Config should be as follows.

internet is provided by an external dhcp server. signal comes through ge 0/1/0. The 2911 should be standard gateway and dhcp server for the connected clients on ge 0/0 (will be a switch later). ge 0/2/0 should be backup for ge 0/1/0 and cellular 0/0/0 should be backup for ge 0/2/0. But at the moment i am not able to get internett on a connected client at ge0/0.

I figured out the following:

2911 dhcp server is giving ip addresses through ge 0/0 as it should be ( nw 10.0.130.0 excluded 10.0.130.1-30) so i get the first ip 10.0.130.31 at a connected client.

2911 gets an ip from external dhcp on ge 0/0/0

ping is working via console on the 2911 (8.8.8.8)

ping is also translating adresses via console (www.google.com, www.cicso.com)

on a connected client at ge 0/0 i can ping the cisco2911 (static ip 10.0.130.254)

but i can not ping anything from the internet. Network connection shows no internet at windows10

actual config:

! Last configuration change at 16:06:00 UTC Sun Apr 29 2018 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2911
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
--More-- !
!
!
!
!
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.130.1 10.0.130.30
!
ip dhcp pool k130
import all
network 10.0.130.0 255.255.255.0
dns-server 8.8.4.4
default-router 10.0.130.254
!
!
!
ip domain name LUDWIGSHAFEN
ip name-server 10.0.130.254
ip cef
no ipv6 cef
--More-- multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
cts logging verbose
!

!
!

!
redundancy
!
!
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
--More-- !
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.0.130.254 255.0.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
--More-- no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
backup interface GigabitEthernet0/1/0
ip address dhcp
duplex auto
speed auto
!
interface Cellular0/0/0
no ip address
encapsulation slip
dialer in-band
dialer string lte
--More-- !
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat source list 1 interface GigabitEthernet0/1/0 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
!
access-list 1 permit 10.0.130.0 0.0.0.255
!
control-plane
!
!

Georg Pauwen · ‎05-01-2018

Hello,

forget about the backup for now, and try to get the Internet connectivity right first. The below is a stripped down version that should get all your local clients connected to the Internet:

ervice timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2911
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.130.254
ip dhcp excluded-address 10.0.130.1 10.0.130.30
!
ip dhcp pool k130
import all
network 10.0.130.0 255.255.255.0
dns-server 8.8.4.4
default-router 10.0.130.254
!
ip domain name LUDWIGSHAFEN
ip name-server 10.0.130.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
cts logging verbose
!
redundancy
!
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.0.130.254 255.0.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1/0 dhcp
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 10.0.130.0 0.0.0.255
!
control-plane

View solution in original post

Georg Pauwen · ‎05-05-2018

Hello,

you are missing the 'inside' keyword in your NAT statement:

Delete:

ip nat source list 1 interface GigabitEthernet0/1/0 overload

and add:

ip nat inside source list 1 interface GigabitEthernet0/1/0 overload

View solution in original post

Georg Pauwen · ‎05-08-2018

Hello Ralf,

you are missing a few things for the cellular to work. I amended your config (cell parts marked in bold):

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2911
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.130.1 10.0.130.30
ip dhcp excluded-address 10.0.130.254

ip dhcp pool k130
import all
network 10.0.130.0 255.255.255.0
dns-server 8.8.4.4
default-router 10.0.130.254
!
ip domain name LUDWIGSHAFEN
ip name-server 10.0.130.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
cts logging verbose
!
redundancy
!
controller Cellular 0/0
lte sim data-profile 10
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.0.130.254 255.0.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
backup interface GigabitEthernet0/1/0
ip address dhcp
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
async mode interactive
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/1/0 overload
ip nat inside source list 1 interface Cellular0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1/0 dhcp
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 10.0.130.0 0.0.0.255
!
line 3
exec-timeout 0 0
password cisco
script dialer lte
login
modem InOut
no exec
transport input all

View solution in original post

Georg Pauwen · ‎04-30-2018

Hello,

the IP address of your internal interface is wrong and doesn't match the NAT allowed access list.

ip address 10.0.130.254 255.0.0.0

Change this to:

ip address 10.0.130.254 255.255.255.0

Also, you need to exclude the IP address of your default gateway:

ip dhcp excluded-address 10.0.130.254

Georg Pauwen · ‎04-30-2018

Hello,

your NAT statements are missing the 'inside' keyword.

For the sake of completeness, below is the full config including the cellular backup configuration.

Last configuration change at 16:06:00 UTC Sun Apr 29 2018 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2911
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.130.254
ip dhcp excluded-address 10.0.130.1 10.0.130.30
!
ip dhcp pool k130
import all
network 10.0.130.0 255.255.255.0
dns-server 8.8.4.4
default-router 10.0.130.254
!
ip domain name LUDWIGSHAFEN
ip name-server 10.0.130.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
cts logging verbose
!
redundancy
!
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
track 1 ip sla 1 reachability
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.0.130.254 255.0.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
backup interface GigabitEthernet0/1/0
ip address dhcp
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
async mode interactive
!
ip local policy route-map TRACK_PRIMARY
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Cellular0/0/0 overload
ip nat inside source list 2 interface GigabitEthernet0/1/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1/0 dhcp track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 250
!
ip sla auto discovery
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1/0
ip sla schedule 1 life forever start-time now
!
dialer-list 1 protocol ip permit
!
route-map TRACK_PRIMARY permit 1
match ip address 101
set interface GigabitEthernet0/1/0
!
event manager applet CLEAR_IP_NAT
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "clear ip nat translation *"
!
event manager applet CLEAR_IP_NAT
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "clear ip nat translation *"
!
access-list 1 permit 10.0.130.0 0.0.0.255
!
access-list 2 permit 10.0.130.0 0.0.0.255
!
access-list 101 permit icmp any host 8.8.8.8
!
control-plane
!
line 3
script dialer lte
modem InOut
no exec
transport input all
rxspeed 100000000
txspeed 50000000

Ralf110666 · ‎04-30-2018

Hello George

i tried to make the changes acc your config.

unfortunately i have to admit that i dont know how to insert this

ip sla auto discovery
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1/0
ip sla schedule 1 life forever start-time now

my current config goes like this

*Apr 30 10:46:04.143: %SYS-5-CONFIG_I: Configured from console by admin on console
cisco2911#show running
Building configuration...

Current configuration : 6738 bytes
!
! Last configuration change at 10:46:04 UTC Mon Apr 30 2018 by admin
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2911
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
!
--More--         !
!
!
!
!
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.130.1 10.0.130.30
ip dhcp excluded-address 10.0.130.254
!
ip dhcp pool k130
import all
network 10.0.130.0 255.255.255.0
dns-server 8.8.8.8
default-router 10.0.130.254
!
!
!
ip domain name LUDWIGSHAFEN
ip name-server 10.0.130.254
ip cef
--More--         no ipv6 cef
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
cts logging verbose
!

!
redundancy
!
!
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
--More--         lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.0.130.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
--More--         speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
backup interface GigabitEthernet0/1/0
ip address dhcp
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
--More--         ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer string lte
async mode interactive
!
ip local policy route-map TRACK_PRIMARY
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat source list 1 interface GigabitEthernet0/1/0 overload
ip nat inside source list 1 interface Cellular0/0/0 overload
ip nat inside source list 2 interface GigabitEthernet0/1/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 250
ip route 0.0.0.0 0.0.0.0 dhcp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1/0 dhcp
!
--More--         dialer-list 1 protocol ip permit
!
route-map TRACK_PRIMARY permit 1
match ip address 101
set interface GigabitEthernet0/1/0
!
!
access-list 1 permit 10.0.130.0 0.0.0.255
access-list 2 permit 10.0.130.0 0.0.0.255
access-list 101 permit icmp any host 8.8.8.8
!
control-plane
!

still no access from client computer behind 2911

here the net details from the network adaptor at client pc. (sorry its in german)

Georg Pauwen · ‎04-30-2018

Hello,

what is the purpose of this interface:

interface GigabitEthernet0/2/0
backup interface GigabitEthernet0/1/0
ip address dhcp
duplex auto
speed auto

Shut the interface and remove the route:

ip route 0.0.0.0 0.0.0.0 dhcp

Georg Pauwen · ‎04-30-2018

Also remove this line from your configuration:

ip nat source list 1 interface GigabitEthernet0/1/0 overload

Georg Pauwen · ‎04-30-2018

Here is the syntax for the IP SLA:

2911#conf t
2911(config)#track 1 ip sla 1 reachability
2911(config-track)#exit
2911(config)#ip sla auto discovery
2911(config)#ip sla 1
2911(config-ip-sla)#$.8.8.8 source-interface GigabitEthernet 0/1/0
2911(config-ip-sla)#exit
2911(config)#ip sla schedule 1 life forever start-time now
2911(config)#end
2911#wr

Ralf110666 · ‎04-30-2018

strange i cant input that ....

cisco2911#conf t
Enter configuration commands, one per line. End with CNTL/Z.
cisco2911(config)#track 1 ip sla 1 reachability
cisco2911(config-track)#w exit
cisco2911(config)#ip sla auto discovery
^
% Invalid input detected at '^' marker.

cisco2911(config)#ip sla 1
^
% Invalid input detected at '^' marker.

cisco2911(config)#icmp-echo 8.8.8.8 source-interface gigabitehthernet 0/ 1/0
^
% Invalid input detected at '^' marker.

Ralf110666 · ‎04-30-2018

interface 0/2/0 should overtake if 0/1/0 is down ... backup function

Georg Pauwen · ‎04-30-2018

Hello,

it doesn't overtake anything with just enabling it and assigning it an IP address.

Below is the config that should work. Make sure yours looks exactly the same, if you are done configuring, you might want to post it again, so we can double check....

version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname cisco2911
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ip dhcp conflict logging
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.130.254
ip dhcp excluded-address 10.0.130.1 10.0.130.30
!
ip dhcp pool k130
import all
network 10.0.130.0 255.255.255.0
dns-server 8.8.4.4
default-router 10.0.130.254
!
ip domain name LUDWIGSHAFEN
ip name-server 10.0.130.254
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 60 "OK"
cts logging verbose
!
redundancy
!
controller Cellular 0/0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
track 1 ip sla 1 reachability
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.0.130.254 255.0.0.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet0/1/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0/0/0
ip address negotiated
ip nat outside
encapsulation slip
dialer in-band
dialer string lte
dialer-group 1
async mode interactive
!
ip local policy route-map TRACK_PRIMARY
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface Cellular0/0/0 overload
ip nat inside source list 2 interface GigabitEthernet0/1/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1/0 dhcp track 1
ip route 0.0.0.0 0.0.0.0 Cellular0/0/0 250
!
ip sla auto discovery
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/1/0
ip sla schedule 1 life forever start-time now
!
dialer-list 1 protocol ip permit
!
route-map TRACK_PRIMARY permit 1
match ip address 101
set interface GigabitEthernet0/1/0
!
event manager applet CLEAR_IP_NAT
event track 1 state down
action 1.0 cli command "enable"
action 2.0 cli command "clear ip nat translation *"
!
event manager applet CLEAR_IP_NAT
event track 1 state up
action 1.0 cli command "enable"
action 2.0 cli command "clear ip nat translation *"
!
access-list 1 permit 10.0.130.0 0.0.0.255
!
access-list 2 permit 10.0.130.0 0.0.0.255
!
access-list 101 permit icmp any host 8.8.8.8
!
control-plane
!
line 3
script dialer lte
modem InOut
no exec
transport input all
rxspeed 100000000
txspeed 50000000

Ralf110666 · ‎04-30-2018

as i answered before i am not able to input the sla phrases i get allways error messages after input.

confusing

Georg Pauwen · ‎04-30-2018

Ralf,

the exact syntax might be a bit different depending on the IOS version you are running (which one do you have ?)...

Either way, try to get everything else in and leave the SLA for now...

Georg Pauwen · ‎04-30-2018

Hello,

what are your options after:

2911(config)#ip sla ?

Ralf110666 · ‎05-01-2018

sorry my last replies were not posted...

the options after 'ip sla are :

-key-chain

-responder

-server

Ralf110666 · ‎05-01-2018

i tried to setup the config acc to your post the following happened:

- as i changed ge 0/2/1 to state shoutdown, also ge 0/1/0 went down and i wasnt able to get it up again

- problem with the sla commands like discussed before

- ip route 0.0.0.0 0.0.0.0 gigabitethernet 0/1/0 dhcp track 1 dindt work because after dhcp was just a value (1-255) allowed i guess its 1?

- command: set interface gigbitethernet 0/1/0 gave warning : Use P2P interface routemap setinterface clause