Having issues getting my Cisco 4321 to get internet and can't ping 18.104.22.168. I can ping the ISP ip address though which is odd, then on my laptop i get no default gateway at
Current configuration : 3046 bytes
! Last configuration change at 23:52:43 UTC Sun Sep 30 2018
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
vrf definition Mgmt-intf
no aaa new-model
ip name-server 22.214.171.124
ip dhcp pool Planet
network 192.168.1.0 255.255.255.0
multilink bundle-name authenticated
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip address dhcp
ip nat outside
vrf forwarding Mgmt-intf
no ip address
ip default-gateway 192.168.1.1
ip nat inside source list 50 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp
access-list 50 permit 192.168.1.0 0.0.0.255
line con 0
line aux 0
line vty 0 4
all or internet access. below is
Solved! Go to Solution.
quick glance at your config, need to correct couple of things..
1. Your GigabitEthernet0/0/0 and gateway address set to same ip (192.168.1.1). Change internal IP, if gateway is correct.
2. You DHCP config missing default-gateway and additional information like lease, DNS address.
Correct those first and check online for DHCP config on Cisco routers, you will find ton of configuration examples. If you still run into issue, post the config.
Looks like you have a lot of configuration issues....
-remove the two static routes, and add just one "ip route 0.0.0.0 0.0.0.0 dhcp". routing to an interface is a bad practice, since you end up ARPing for every remote connection. Eventually you fill your ARP cache is doing this in production
- remove your NAT statement and update to NAT to the outside interface IP, "ip nat inside source list 50 interface GigabitEthernet0/0/1 overload". Your current statement is NATing inside to inside.
- Add a gateway (default router) to your DHCP pool, so hosts pulling DHCP have a gateway to get out of that subnet, 192.168.1.1.
- Add DNS servers to your DHCP pool, so hosts pulling DHCP will have DNS name resolution
sorry for any typos, doing this on a cell phone
Yes, sorry I had trouble signing back into my cisco account or I reply sooner. I can accept solution by email but not sign in to reply. Im training to get ccna license, so im at begin stage.
I did notice my upstream bandwidth was at 9mb and should be at 75mb. Any ideas?
Is it 9MBps or 9Mbps, notice big B vs little b? If you are looking at throughput from a PC / computer perspective, data rate is typically in MBps (megabytes vs megabits). 9MBps (megabytes per second/computer throughput) equals 63Mbps (megabits per second/network interface rate). This is due to there being eight bits per byte. This would be pretty close to your expected data rate.
below is the output, seems i'm getting a lot of drops and bandwidth is all over the place.
GigabitEthernet0/0/1 is up, line protocol is up
Hardware is ISR4321-2x1GE, address is xxxxxx
Internet address is 47.xxx.xx.XXX/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 2/255, rxload 4/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 100Mbps, link type is auto, media type is RJ45
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 02:22:21, output 00:00:51, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 3330
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1755000 bits/sec, 227 packets/sec
5 minute output rate 1112000 bits/sec, 195 packets/sec
1141867 packets input, 996816574 bytes, 0 no buffer
Received 157 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 281 multicast, 0 pause input
1080040 packets output, 778554923 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
7 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
2 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
I believe you are seeing output drops due to buffer exhaustion, AKA tail drops. This is common, when you have more bandwidth into a router or switch than out of it. I believe this is the case, whereas the port facing you (users) is negotiating gigabit Ethernet (1000Mbps), but the port leaving the router is negotiating a speed of FastEthernet (100Mbps). When you do something like speed test websites, you computer will be sending as much data as it can, as fast as it can. This can result in the routers input interface (Gi0/0/0 in your case) receiving more than 100Mbps if it is negotiated at 1000Mbps. The output interface (Gi0/0/1) leading to the internet is only negotiated at 100Mbps, thus will end up dropping some of this data on output. If this is in your lab and not production you can see if my theory is right is simply set the port facing you/users to 100Mbps. Next, clear your counters and run a few speed test. Now that both the input side and output side of the router are both 100Mbps, the output drops should stop.
The other possibility is licensing. The default licensing for a Cisco 4321 router is 50Mbps. A performance license can be applied, not a default included option, which will bring the throughput capability up to 100Mbps. See table 4 on the following link for more information regarding throughput on Cisco ISR4000 routers: https://www.cisco.com/c/en_in/products/collateral/routers/4000-series-integrated-services-routers-isr/datasheet-c78-732542.html . Cisco got much smarter on the ISR4000 routers than they had been on previous ISR generations. THe previous generations always had inconsistent performance, depending on what features you enable, i.e. NAT, PfR, stateful firewalling or ZBAC. When Cisco built this generation they allocated a multicore CPU architecture, in which cores and bus were licensed and protected, to ensure the advertised rate was always available. So, with a ISR4321, you'll always get 50+ Mbps on base license, regardless of what features you enable. Add the PERF license and you will always get 100Mbps. The only other license that could ever be needed that can impact throughput is the HSEC, since encryption is rate limited and only available for unlocked rate within certain countries based on US and several other allies laws. This licensing would only impact encrypted VPN traffic, where the encryption and decryption (tunneling) of the traffic was being performed by the router itself..
Could you change your configuration to the below then test again:
no ip default-gateway 192.168.1.1
no ip nat inside source list 50 interface GigabitEthernet0/0/0 overload
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp
no ip name-server 126.96.36.199
no router rip
ip dhcp pool Planet
network 192.168.1.0 255.255.255.0
lease 0 12
ip route 0.0.0.0 0.0.0.0 dhcp
ip nat inside source list 50 interface GigabitEthernet0/0/1 overload