02-06-2014 10:20 AM - edited 03-04-2019 10:16 PM
I am having an issue getting this router configured properly. It is a VERY basic setup for our end-users. WAN is DHCP and LAN is DHCP. I am getting address from ISP and my PC's are getting addresses from the router. I can PING outside (google, etc) from the router but not from the LAN. There is no traffic flowing past the router at all. i can even ping the outside facing address of the WAN link but that is as far as it goes. The config is below. Any help would be great as I am sure it is something very simple.
Thanks ahead of time.
-------------------------------------------------------------CONFIG--------------------------------------------------------------------------------------------
Current configuration : 3707 bytes
!
! Last configuration change at 18:01:27 UTC Thu Feb 6 2014 by radmin
! NVRAM config last updated at 18:01:29 UTC Thu Feb 6 2014 by radmin
! NVRAM config last updated at 18:01:29 UTC Thu Feb 6 2014 by radmin
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FREEWEB
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 --------------------------------------
enable password -----------------
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-372594648
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-372594648
revocation-check none
rsakeypair TP-self-signed-372594648
!
!
crypto pki certificate chain TP-self-signed-372594648
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934
36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7
A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838
6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53
CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355
1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86
4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98
C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8
7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891
7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF
844F8CCC 7C301E40 38D45639 40
quit
ip source-route
no ip routing
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.5
ip dhcp excluded-address 10.10.10.2
!
ip dhcp pool ccp-pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 24.226.10.193 24.226.1.94
lease 5
!
!
no ip cef
ip domain name ls.local
ip name-server 24.226.10.193
ip name-server 24.226.1.94
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FGL174720UZ
!
!
username ------- privilege 15 secret 4------------------
6
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 10 permit 10.10.10.0 0.0.0.255
no cdp run
!
!
!
!
banner login Welcome to the new FREEWEB Router
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password -----------
login local
transport input telnet ssh
!
end
----------------------------------------------------------------------------------END OF CONFIG--------------------------------------------------------
02-06-2014 10:26 AM
Paul
You need to NAT your 10.10.10.x addresses eg.
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
ip nat inside source list 101 interface fa4 overload
Jon
02-06-2014 10:35 AM
I had that in there at one point but removed it thinking the access-list could be the culprit. Anyways I put it back in and still not luck.
02-06-2014 10:38 AM
Can you repost with the nat config in?
HTH,
John
*** Please rate all useful posts ***
02-06-2014 10:41 AM
Current configuration : 3821 bytes
!
! Last configuration change at 18:31:35 UTC Thu Feb 6 2014 by radmin
! NVRAM config last updated at 18:31:39 UTC Thu Feb 6 2014 by radmin
! NVRAM config last updated at 18:31:39 UTC Thu Feb 6 2014 by radmin
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FREEWEB
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 -------------------
enable password ------------------
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-372594648
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-372594648
revocation-check none
rsakeypair TP-self-signed-372594648
!
!
crypto pki certificate chain TP-self-signed-372594648
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934
36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7
A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838
6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53
CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355
1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86
4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98
C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8
7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891
7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF
844F8CCC 7C301E40 38D45639 40
quit
ip source-route
no ip routing
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.5
ip dhcp excluded-address 10.10.10.2
!
ip dhcp pool ccp-pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 24.226.10.193 24.226.1.94
lease 5
!
!
no ip cef
ip domain name ls.local
ip name-server 24.226.10.193
ip name-server 24.226.1.94
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FGL174720UZ
!
!
username -------------- privilege 15 secret 4 ----------------------------
6
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
no cdp run
!
!
!
!
banner login Welcome to the new FREEWEB Router
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password -------------------
login local
transport input telnet ssh
!
end
02-06-2014 10:48 AM
The config looks ok. If you're in the router, can you try a couple of things:
1. ping 4.2.2.1 - if successful, go to 2.
2. ping 4.2.2.1 source vlan 1
Why do you have routing disabled? I'd enable it and try again as well:
ip routing
Please post your findings...
HTH,
John
*** Please rate all useful posts ***
02-06-2014 10:51 AM
FREEWEB#ping 4.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/28/36 ms
FREEWEB#ping 4.2.2.1 source vlan 1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.1, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/25/28 ms
02-06-2014 10:53 AM
Paul
Assuming none of the clients are working can you -
1) do a "clear ip nat translations"
2) from a client try a ping to the same address you just used
3) post the output of "sh ip nat translations"
Jon
02-06-2014 10:53 AM
I'm still wondering why routing is disabled.
HTH,
John
*** Please rate all useful posts ***
02-06-2014 10:56 AM
John
That is a very good point
Jon
02-06-2014 10:59 AM
No response on the client for the PING test
FREEWEB#clear ip nat translation *
FREEWEB#sh ip nat translation
FREEWEB#
02-06-2014 11:00 AM
Paul
As per John's suggestion, try enabling ip routing.
Jon
02-06-2014 11:13 AM
I turned the routing on and now I cannot ping by name or IP on the router or the client.
here is the config
Current configuration : 3604 bytes
!
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FREEWEB
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 ---------------------
enable password ------------------------
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-372594648
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-372594648
revocation-check none
rsakeypair TP-self-signed-372594648
!
!
crypto pki certificate chain TP-self-signed-372594648
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934
36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7
A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838
6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53
CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355
1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86
4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98
C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8
7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891
7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF
844F8CCC 7C301E40 38D45639 40
quit
ip source-route
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.5
ip dhcp excluded-address 10.10.10.2
!
ip dhcp pool ccp-pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 24.226.10.193 24.226.1.94
lease 5
!
!
ip cef
ip domain name ls.local
ip name-server 24.226.10.193
ip name-server 24.226.1.94
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FGL174720UZ
!
!
username ----------- privilege 15 secret 4 -------------------------
6
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
no cdp run
!
!
!
!
banner login Welcome to the new FREEWEB Router
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password -------------------
login local
transport input telnet ssh
!
end
02-06-2014 11:17 AM
Paul
Can you -
1) "no ip source-route"
2) post the output of "sh ip int brief" and "sh ip route"
do you know what the IP address of the next hop is meant to be ?
Jon
02-06-2014 11:21 AM
It is dynamic from our ISP so I dont know the next hop
here is the posting
FREEWEB#sh ip int br
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0 unassigned YES unset administratively down down
FastEthernet1 unassigned YES unset administratively down down
FastEthernet2 unassigned YES unset up up
FastEthernet3 unassigned YES unset down down
FastEthernet4 216.221.84.16 YES DHCP up up
NVI0 unassigned YES unset administratively down down
Vlan1 10.10.10.1 YES NVRAM up up
FREEWEB#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, FastEthernet4
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.10.0/24 is directly connected, Vlan1
L 10.10.10.1/32 is directly connected, Vlan1
24.0.0.0/32 is subnetted, 1 subnets
S 24.226.1.122 [254/0] via 216.221.84.1, FastEthernet4
216.221.84.0/24 is variably subnetted, 2 subnets, 2 masks
C 216.221.84.0/25 is directly connected, FastEthernet4
L 216.221.84.16/32 is directly connected, FastEthernet4
FREEWEB#
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide