cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6352
Views
25
Helpful
12
Replies

Cisco 4331 router - No internet access

HADES2001
Level 1
Level 1

Dear readers,

I am running into an issue, we are replacing a draytek router model 2130 with a Cisco 4331 router.

The internal network is working fine but I cant seem to get the internet working.

I tried searching the forums and looked up multiple Cisco router wan basic setup guides but no success yet.

The details that I know.

Cisco port G0/0/0 IP 5.83.2.162/30 *EDIT was /32 but should be /30

Cisco port G0/0/1 IP 192.168.100.50/24 that is connected to a 48 port switch.

DNS servers of the webprovider are 178.217.80.81 and 178.217.81.80

 

I copied the settings of from the draytek, our provider says that is all and that there are no hidden settings that are required. (aka usernames/passwords)

When i use the webinterface to do a WAN connection test I get a green checkmark on everything except the ping to 8.8.8.8

I have added in a text file the output of "show ip route" and "show conf" since in similar issues that are the most requested outputs at the start.

 

Does anyone maybe see what I am overlooking?

Thank you all in advance for your time

1 Accepted Solution

Accepted Solutions

Hi,

Will you please change your default route configuration as follows:

"ip route 0.0.0.0 0.0.0.0 5.83.2.161"

Best regards,

Antonin

View solution in original post

12 Replies 12

Hello,

 

you say that your provider has given you IP 5.83.2.162/32, however, you have configured /30.

 

Try:

 

interface GigabitEthernet0/0/0
ip address 5.83.2.162 255.255.255.254

 

or

 

interface GigabitEthernet0/0/0
ip address 5.83.2.162 255.255.255.255

Also,

add the lines i bold below to your config:

 

interface GigabitEthernet0/0/1.11
encapsulation dot1Q 11
ip address 192.168.50.30 255.255.255.224
ip nat inside
ip helper-address 192.168.100.2

 

access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 192.168.50.0 0.0.0.31

And also:

 

ip nat inside source list 1 interface GigabitEthernet0/0/0 overload

Thanks for the quick response,

I did forget to mention one important part, we will start working in the future with vlans that will come on 192.168.50.*, but that isnt in use yet our entire network at this moment is on 192.168.100.*/24

The 5.83.2.162/30 is copied from the draytek, I added a screenshot of the its WAN configuration page.

I will do the changes you mentioned straight away, sadly because of work hours the draytek is connected again and cant test.

Will come back to you as soon as possible

 

EDIT: just noticed the mistake in the opening post, edited it sorry for the confusion

Dear Georg,

 

I have changed the settings as recommended but still cant ping 8.8.8.8 from the router, and cant ping 5.83.2.162 from the outside.

Added the new show conf file

Is there maybe anything that you still recommend?

 

Thank you for all your help.

Hi HADES2001,

 

Are you able to ping default gateway(5.83.2.161) from your router?

If not, then check the interface status like speed and duplex.

 

Spooster IT Services Team

Hi,

Will you please change your default route configuration as follows:

"ip route 0.0.0.0 0.0.0.0 5.83.2.161"

Best regards,

Antonin

Thank you all so much for the help,

I added "ip route 0.0.0.0 0.0.0.0 5.83.2.161"

also removed the "spanning-tree portfast trunk" on port g0/0/0.

The webinterface wont let me do the WAN test anymore because it keeps saying there is no port configured as WAN anymore.

But besides that internet is working. (the port forwards arent working yet so our internal applications cant be accessed from the outside but since we now have internet access and the IP phones are working I can easily sit down for that without having short time frames)

again, thank you all for the assistance, hope i gave the helpfull stars away in the proper way new to these forums

Hello,

 

take the 'spanning-tree portfast trunk' off the outside interface and remove the route map. So the config should look like this:

 

Using 3270 out of 33554432 bytes
!
! Last configuration change at 11:25:51 UTC Wed Mar 28 2018
! NVRAM config last updated at 11:25:55 UTC Wed Mar 28 2018
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname MandAR1
!
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging console *removed*
enable secret 5 $1$JXg5$TVFWarnHFk0LqxkZzggf50
enable password *removed*
!
no aaa new-model
!
ip name-server 178.217.80.81 178.217.81.80
!
subscriber templating
!
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-2671645268
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2671645268
revocation-check none
rsakeypair TP-self-signed-2671645268
!
crypto pki certificate chain TP-self-signed-2671645268
!
license udi pid ISR4331/K9 sn FDO21420XP4
diagnostic bootup level minimal
spanning-tree extend system-id
!
username administrator privilege 15 secret 9 $9$4/AI2/AJ1lMM3U$GBG83ziWuEWKIfGXiYhuGADgZtLSC9maMB8LDUnjXZc
username Steven privilege 15 secret 9 $9$4/.L2lIH3lIJ2k$UftXmhQUeCwOhNhCHAIhw4hmm3hJN3aFJQbFT35bp66
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
ip address 5.83.2.162 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.100.50 255.255.255.0
ip helper-address 192.168.100.2
ip nat inside
negotiation auto
spanning-tree portfast trunk
!
interface GigabitEthernet0/0/1.11
encapsulation dot1Q 11
ip address 192.168.50.30 255.255.255.224
ip helper-address 192.168.100.2
ip nat inside
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
ip nat inside source static tcp 192.168.100.8 80 5.83.2.162 80 extendable
ip nat inside source static tcp 192.168.100.8 443 5.83.2.162 443 extendable
ip nat inside source static tcp 192.168.100.8 8084 5.83.2.162 8084 extendable
ip nat inside source static tcp 192.168.100.4 9093 5.83.2.162 9093 extendable
ip nat inside source static tcp 192.168.100.4 9094 5.83.2.162 9094 extendable
ip nat inside source static udp 192.168.100.4 9094 5.83.2.162 9094 extendable
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http port 51283
ip http authentication local
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
access-list 1 permit 192.168.100.0 0.0.0.255
access-list 1 permit 192.168.50.0 0.0.0.31
!
control-plane
!
line con 0
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password *removed*
login
length 0
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
end

I see this in an earlier post from the original poster

I have changed the settings as recommended but still cant ping 8.8.8.8 from the router

if the router can not ping an Internet IP address then that is the first problem that we need to solve. Any of the other suggestions about the config should wait till this is solved.

 

Having suggested that other topics should wait I feel that I must say that I agree with Antonin that the default route pointing just to Gig0/0/0 may be problematic. And that is not what the Draytek was using. A default route specifying the next hop address (or perhaps both outbound interface and next hop address) is better and is what the Draytek was using.  

 

HTH

 

Rick

HTH

Rick

Having read through the thread again and thinking about the issue I would suggest that the first step should be to find out if the router can ping 5.83.2.161.

 

If not then I would ask for the original poster to post the output of the command show ip interface brief

 

HTH

 

Rick

HTH

Rick

Dont worry I am still here, sadly I am stuck on very short time frames because the employees require internet access.

setting alarm extra early to test all the help just posted.

internet access is the primary target, all other things are on hold. (Project managers tend to forget that 9 women cant bear a child in 1 months)

i truelly appreciate all the help from everyone here and will let everyone know tomorrow what the results are.

Review Cisco Networking for a $25 gift card