cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3927
Views
0
Helpful
53
Replies

CISCO 871W cannot ping external router interface

jprophet64
Level 1
Level 1

Good morning everyone,

I hope someone here could assist me with the situation I am facing, I am a network administrator who has been assigned the task of adding a secondary router to a redundant backup third party provided internet circuit. This router will serve two-fold firstly it will serve out dhcp addresses through a dhcp pool and secondly it will accomodate 2 Unifi AP access points. I'll show my config below but the end result is I cannot ping the outside router interface that the ISP has provided which ultimately should allow me to get on the internet.  My config is below:

 

CLTCHIEF2#show run
Building configuration...

Current configuration : 1934 bytes
!
! Last configuration change at 17:52:47 UTC Sun Mar 3 2002
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CLTCHIEF2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$fMm.$fVzzs3q6pnSM6avr03Nho1
enable password 7 12211D0E081115
!
no aaa new-model
!
!
dot11 syslog
ip source-route
ip dhcp excluded-address 172.16.102.1 172.16.102.99
ip dhcp excluded-address 172.16.102.151 172.16.102.254
!
ip dhcp pool CLT2WIRELESS
   network 172.16.102.0 255.255.255.0
   default-router 172.16.102.1
   domain-name INTERNAL.COM
   lease 7
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
bridge irb
!
!
!
interface FastEthernet0
!
interface FastEthernet1
 shutdown
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 description WAN INTERFACE
 ip address 50.58.80.82 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
 54.0
 station-role root
!
interface Vlan1
 description VLAN WIRED AND WIRELESS
 no ip address
 no ip redirects
 bridge-group 1
!
interface BVI1
 description VIRTUAL BONDED INTERFACE
 ip address 172.16.102.2 255.255.255.0
 no ip redirects
 no ip unreachables
 ip nat inside
 ip virtual-reassembly max-reassemblies 1024
 ip tcp adjust-mss 1360
 load-interval 30
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 150 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 172.16.102.1
ip route 0.0.0.0 0.0.0.0 50.58.80.81
!
access-list 150 remark NAT TRANSLATIONS
access-list 150 permit ip 172.16.102.0 0.0.0.255 any
!
!
!
snmp-server community public RO
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password 7 07173955541300
 login
 transport input all
!
end

 

 

Does this config look right?

 

Thank-you.

 

53 Replies 53

Ok things are starting to look up now I now have the dhcp pool serving an address now to my laptop and I can now ping the .81 from laptop but not .82 which has been tied to interface fa4, cant quite figure thatt one out here is the latest config folks.

Current configuration : 1696 bytes
!
! Last configuration change at 01:01:35 UTC Fri Mar 1 2002
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CLTLVLTHREE
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$b126$CBurGrg/NkVtK63I7p4fg.
enable password 7 05331E163B5657
!
no aaa new-model
!
!
dot11 syslog
ip source-route
ip dhcp excluded-address 172.16.102.1 172.16.102.99
ip dhcp excluded-address 172.16.102.151 172.16.102.254
!
ip dhcp pool CLTLVL3
   network 172.16.102.0 255.255.255.0
   default-router 172.16.102.1
   domain-name CLTINTERNAL.COM
   lease 7
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
 shutdown
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 ip address 50.58.x.82 255.255.255.252
 ip nat outside
 ip virtual-reassembly max-reassemblies 1024
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

 station-role root
!
interface Vlan1
 ip address 172.16.102.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 150 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 50.58.x.81
!
access-list 10 remark ACCESS PERMISSIONS
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 permit 172.16.0.0 0.15.255.255
access-list 150 remark NAT TRANSLATIONS
access-list 150 permit ip 172.16.102.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password 7 1111011C0D0812
 login
 transport input all
!
end

You need to -

1) add "ip nat inside" to vlan 1 interface

2) add DNS servers to your DHCP pool

Jon

Are you sure you can ping .81 from a laptop because that shouldn't work.

You don't have "ip nat inside" so it won't translate the 172.16.102.x IP and the ISP will not have a route for that subnet.

Can you post "sh ip arp"  ?

Jon

Here is the "sh ip arp"

CLTLVLTHREE#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  50.58.x.81            29   00a0.c86f.e57c  ARPA   FastEthernet4
Internet  50.58.x.82             -   001e.4ac3.7cd9  ARPA   FastEthernet4
Internet  172.16.102.1            -   001e.4ac3.7ccf  ARPA   Vlan1
Internet  172.16.102.100          4   000b.9731.9fc5  ARPA   Vlan1

 

Okay, that looks a lot better.

Still not sure how your laptop is pinging the .81 IP without NAT.

Anyway if you add the last changes I suggested do you get connectivity.

Jon

Ok Jon I added both changes you asked me to and here is what I am noticing coming from the hyperteminal interface I am able to ping the .82 interface (fa4) but not the default isp .81 router.

Also when I do an ipconfig  the dhcp service is working but there is no default gateway line...its blank.

Here is the config again:

Current configuration : 1685 bytes
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CLTLVLTHREE
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$b126$CBurGrg/NkVtK63I7p4fg.
enable password 7 05331E163B5657
!
no aaa new-model
!
!
dot11 syslog
ip source-route
ip dhcp excluded-address 172.16.102.1 172.16.102.99
ip dhcp excluded-address 172.16.102.151 172.16.102.254
!
ip dhcp pool CLTLVL3
   network 172.16.102.0 255.255.255.0
   default-router 172.16.102.1
   domain-name CLTINTERNAL.COM
   dns-server 216.136.95.2 64.132.94.250
   lease 7
!
!
ip cef
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
 ip address 50.58.x.82 255.255.255.252
 ip nat outside
 ip virtual-reassembly max-reassemblies 1024
 duplex auto
 speed auto
!
interface Dot11Radio0
 no ip address
 shutdown
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0

 station-role root
!
interface Vlan1
 ip address 172.16.102.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 150 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 50.58.x.81
!
access-list 10 remark ACCESS PERMISSIONS
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 permit 172.16.0.0 0.15.255.255
access-list 150 remark NAT TRANSLATIONS
access-list 150 permit ip 172.16.102.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password 7 1111011C0D0812
 login
 transport input all
!
end

 

 

 

The config looks correct now.

So are you saying when you get an IP address from the router on the laptop and then do an "ipconfig /all" you are not seeing a default gateway ?

Are you seeing the DNS servers ?

Jon

yep....the 2 dns servers are showing up from the isp but here is something that i noticed the dhcp server line shows 172.16.101.1 which is supposed to be the default gateway.

 

here is something that i noticed the dhcp server line shows 172.16.101.1 which is supposed to be the default gateway.

That is correct the DHCP server line should be the same IP.

I am getting a bit lost here, are you saying that there is just no default-gateway entry in ipconfig /all ?

Jon

Here is what I am seeing with ipconfig /all 

Your comment about the 101 subnet is not in the config that subnet is the one that our corporate internal network is using which is how I am accessing the laptop through wireless.

I hope the picture will paint a clearer picture.

 

 

You can't have two default gateways for your client.

You didn't mention your laptop had another connection.

This won't work unless you can set the default gateway to be the router but by doing that I suspect you would lose connectivity to the laptop.

What you could do is pick an IP on the internet ie. 8.8.8.8 and then add a route for that IP to your laptop pointing to 172.16.102.1 and then at least you would be able to test IP connectivity.

Jon

 

Posting the output of ipconfig was very helpful to me. For one thing it helped me realize that I had not read some details carefully and had missed that both 172.16.101 and 172.16.102 are being used.

 

It is also helpful to know that the laptop is reporting connectivity for both its wireless interface and its wired Ethernet interface. I wonder if not having a default gateway indicated in the wired Ethernet interface reflects the fact that this is the second interface active on the laptop and the default gateway for the wireless takes precedence?

 

Can you post the output of route print which will help us to see which interface it is using when it attempts to ping?

 

HTH

 

Rick

HTH

Rick

Rick

 I wonder if not having a default gateway indicated in the wired Ethernet interface reflects the fact that this is the second interface active on the laptop and the default gateway for the wireless takes precedence?

I believe that is exactly what is happening ie. the router is sending the default gateway but the laptop simply doesn't use it because it already has one which is a logical thing to do.

I think the only solution is to add a temporary route just to test connectivity because if you change the default gateway you wouldn't be able to connect to it from the corporate network.

Jon

you both are correct and both very smart...I have since arrived at the location where the circuit is located and have disconnected the wireless altogether which foes along with you mentoning you cannot have two default gateways. Now that tha wireless is disconnected I am only connected to fa0 through mym laptop which ip address is 172.16.102.100 and now it is showing the default gateway as being 172.16.102.1.

However for some reason the internet is unattainable still, here is the updated config.

Building configuration...                         

Current configuration : 1746 bytes                                  
!
! Last configuration change at 00:50:02 UTC Fri Mar 1 2002                                                          
!
version 15.1            
no service pad              
service timestamps debug datetime msec                                      
service timestamps log datetime msec                                    
service password-encryption                           
!
hostname CLTLVLTHREE                    
!
boot-start-marker                 
boot-end-marker               
!
enable secret 5 $1$b126$CBurGrg/NkVtK63I7p4fg.                                              
enable password 7 05331E163B5657                                
!
no aaa new-model                
!
!
dot11 syslog            
ip source-route               
ip dhcp excluded-address 172.16.102.1 172.16.102.99                                                   
ip dhcp excluded-address 172.16.102.151 172.16.102.254                                                      
!
ip dhcp pool CLTLVL3                    
   network 172.16.102.0 255.255.255.0                                     
   default-router 172.16.102.1                              
   domain-name CLTINTERNAL.COM                              
   dns-server 216.136.95.2 64.132.94.250                                        
   lease 7          
!
!
ip cef      
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0                       
!
interface FastEthernet1                       
!
interface FastEthernet2                       
!
interface FastEthernet3                       
!
interface FastEthernet4                       
 ip address 50.58.80.82 255.255.255.252                                       
 ip nat outside               
 ip virtual-reassembly max-                          
 duplex auto            
 speed auto           
!
interface Dot11Radio0                     
 no ip address              
 shutdown         
 speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0                                                                                

 station-role root                  
!
interface Vlan1               
 ip address 172.16.102.1 255.255.255.0                                      
 ip nat inside              
 ip virtual-reassembly                      
!
ip forward-protocol nd                      
no ip http server                 
no ip http secure-server                        
!
ip nat inside source list 150 interface FastEthernet4 overload                                                              
ip route 0.0.0.0 0.0.0.0 50.58.80.81                                    
!
access-list 10 remark ACCESS PERMISSIONS
access-list 10 permit 192.168.0.0 0.0.255.255
access-list 10 permit 172.16.0.0 0.15.255.255
access-list 150 remark NAT TRANSLATIONS
access-list 150 permit ip 172.16.102.0 0.0.0.255 any
!
!
!
!
control-plane
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 password 7 1111011C0D0812
 login
 transport input all
!
end

 

I think it is quite helpful to now have the laptop with only a single active interface. I do not see anything in the config that would impact Internet access. I would suggest that as a first test that you use the Hyperterm connection to the router console and ping the .81 address through the Hyperterm connection. That would be the router pinging to a connected subnet. If that ping does not work then we need to consider the possibility that the ISP device may be configured so that it will not respond to ping. In that case I like Jon's suggestion that you try to ping 8.8.8.8 (and perhaps configure a route for that address). After we get some success with the router doing the ping then we can test with ping from the laptop.

 

HTH

 

Rick

HTH

Rick