02-06-2014 10:20 AM - edited 03-04-2019 10:16 PM
I am having an issue getting this router configured properly. It is a VERY basic setup for our end-users. WAN is DHCP and LAN is DHCP. I am getting address from ISP and my PC's are getting addresses from the router. I can PING outside (google, etc) from the router but not from the LAN. There is no traffic flowing past the router at all. i can even ping the outside facing address of the WAN link but that is as far as it goes. The config is below. Any help would be great as I am sure it is something very simple.
Thanks ahead of time.
-------------------------------------------------------------CONFIG--------------------------------------------------------------------------------------------
Current configuration : 3707 bytes
!
! Last configuration change at 18:01:27 UTC Thu Feb 6 2014 by radmin
! NVRAM config last updated at 18:01:29 UTC Thu Feb 6 2014 by radmin
! NVRAM config last updated at 18:01:29 UTC Thu Feb 6 2014 by radmin
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FREEWEB
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 --------------------------------------
enable password -----------------
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-372594648
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-372594648
revocation-check none
rsakeypair TP-self-signed-372594648
!
!
crypto pki certificate chain TP-self-signed-372594648
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934
36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7
A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838
6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53
CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355
1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86
4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98
C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8
7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891
7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF
844F8CCC 7C301E40 38D45639 40
quit
ip source-route
no ip routing
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.5
ip dhcp excluded-address 10.10.10.2
!
ip dhcp pool ccp-pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 24.226.10.193 24.226.1.94
lease 5
!
!
no ip cef
ip domain name ls.local
ip name-server 24.226.10.193
ip name-server 24.226.1.94
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FGL174720UZ
!
!
username ------- privilege 15 secret 4------------------
6
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 FastEthernet4
!
access-list 10 permit 10.10.10.0 0.0.0.255
no cdp run
!
!
!
!
banner login Welcome to the new FREEWEB Router
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password -----------
login local
transport input telnet ssh
!
end
----------------------------------------------------------------------------------END OF CONFIG--------------------------------------------------------
02-06-2014 11:43 AM
Paul,
Can you try changing the default route to:
ip route 0.0.0.0 0.0.0.0 fa4 dhcp
HTH,
John
*** Please rate all useful posts ***
02-06-2014 11:43 AM
Hi Paul,
I would recommend replace FastEthernet4 with IP of next hop from ISP. I saw simillar discusion today and it helped.
ip route 0.0.0.0 0.0.0.0 FastEthernet4 <---- replace with next hop IP.
HTH
Jan
02-06-2014 11:29 AM
Paul
Can you -
1) make sure you remove the "ip source-route"
2) save the configuration
3) from a client -
traceroute to the WAN IP of the router ?
traceroute to an internet IP
I suspect none of the above will work but i cannot see how enabling "ip routing" should stop everything working. You need this device to route or your clients will never be able to get to the internet.
How is the client you are testing from connected to the router is it on one of the switch ports on the router ?
Jon
02-06-2014 11:41 AM
ip source-route gone
The trace route from the client to the WAN IP was successful
Traceroute to the 4.2.2.1 was not. It went as far at 10.10.10.1 (Vlan 1)
I have tried ethernet connection and AP to the ports. Neither has been successful.
I know it must be a routing issue but I cant see it.
02-06-2014 11:44 AM
Hi Paul,
I would recommend replace FastEthernet4 with IP of next hop from ISP. I saw simillar discusion today and it helped.
ip route 0.0.0.0 0.0.0.0 FastEthernet4 <---- replace with next hop IP.
HTH
Jan
02-06-2014 11:48 AM
Paul
I was in that discussion with Jan and that's why i asked about the next hop.
If John's latest suggestion doesn't work then i think you should try this. If you can't ping from the router anymore to the internet then -
1) temporarily disable ip routing
2) hopefully you should then from the router be able to ping an internet IP
3) do a traceroute from the router to the internet IP and make a note of the first hop which should be the ISP router
4) enable ip routing again
5) change the default route to use that the ISP next hop and retest
Jon
02-06-2014 11:56 AM
My ISP only provides dynamic addresses. My next hop could change as well for all I know. I could try it temporarily but I am not sure this is a stable solution.
02-06-2014 11:54 AM
Paul
One other suggestion you may want to try. Can you -
1) leave ip routing enabled
2) remove the defalut route and don't put anything in it's place
3) shut and unshut the WAN interface
4) check the routing table with "sh ip route" and see if you have a default route.
Jon
02-06-2014 12:02 PM
OK no luck on changing the IP to next hop
I was able to retrieve the next hop by disabling the IP ROUTE though as suggested by jon. This is very bizarre.
I will try the option Jon provided by removing the route and enabling the IP ROUTE option again.
02-06-2014 12:06 PM
I cannot ping from the router to the Internet with IP ROUTING enabled and no route.
Building configuration...
Current configuration : 3730 bytes
!
! Last configuration change at 20:02:18 UTC Thu Feb 6 2014 by radmin
! NVRAM config last updated at 20:02:19 UTC Thu Feb 6 2014 by radmin
! NVRAM config last updated at 20:02:19 UTC Thu Feb 6 2014 by radmin
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname FREEWEB
!
boot-start-marker
warm-reboot
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 ------------------------------------------------------
enable password -----------------------
!
no aaa new-model
memory-size iomem 10
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-372594648
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-372594648
revocation-check none
rsakeypair TP-self-signed-372594648
!
!
crypto pki certificate chain TP-self-signed-372594648
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373235 39343634 38301E17 0D313331 31313930 33343530
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 32353934
36343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A5213A4E C109E2B7 05A884F9 B16DBC8B 67819F9B 5C98FED1 74B8343E D86F1BE7
A8E1129B ED531292 0DAD1132 1452A308 95682EBF 60431489 C38BBDF7 DF9CA838
6701B71B A5761133 53CFE4E2 045DCE49 0F14FCC7 093D3B33 C079D33A BD7B2F53
CECE0069 ACCDB302 37A35703 4C326E1C DF933586 CFC81135 F41B13FA 364F0655
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 16801464 152EDEF2 5D044D76 5C404A8D 55777128 B3EA0830 1D060355
1D0E0416 04146415 2EDEF25D 044D765C 404A8D55 777128B3 EA08300D 06092A86
4886F70D 01010505 00038181 00639ECF CD9F3A6B 3DB0E322 C0C08455 1904FD98
C70D0B39 D7F80FB8 5D36A917 BDA1327B D0CF7ECE 63FD6329 3334A5C1 D7BDF9B8
7A03D0B2 4B650E42 3989ED65 28337C43 121343DE 06EB9768 DAF01780 3F063891
7E0E1157 8DF2D32D D0C53465 56E8169B 57DDA475 84DBB5CA 21A96217 C71B84FF
844F8CCC 7C301E40 38D45639 40
quit
no ip source-route
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.10.10.5
ip dhcp excluded-address 10.10.10.2
!
ip dhcp pool ccp-pool
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 24.226.10.193 24.226.1.94
lease 5
!
!
ip cef
ip domain name ls.local
ip name-server 24.226.10.193
ip name-server 24.226.1.94
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FGL174720UZ
!
!
username -------------------- privilege 15 secret 4 -----------------------------------------------------
6
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface FastEthernet1
no ip address
shutdown
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface FastEthernet4
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
description $ETH_LAN$
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 101 interface FastEthernet4 overload
!
access-list 10 permit 10.10.10.0 0.0.0.255
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
no cdp run
!
!
!
!
banner login Welcome to the new FREEWEB Router
!
line con 0
login local
no modem enable
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password --------------------
login local
transport input telnet ssh
!
end
02-06-2014 12:10 PM
restarted router and config is working!!!!!
02-06-2014 12:24 PM
Paul
Good news although to be honest i have lost track of which config
Is it the one with ip routing enabled but no default route configured ? If so what does your routing table look like ?
Believe it or not I was half way through a post a while back where i was going to suggest rebooting but i just couldn't bring myself to do it. Coming from a Unix background rebooting always seemed to be a sign you couldn't fix the problem.
So apologies for that.
If it is the config without a default route i suspect rebooting cleared all the DHCP info and then it was a clean start.
Would be interesed to know which config you are working with in case we get other users with the same issue ?
Jon
02-06-2014 03:14 PM
"Coming from a Unix background rebooting always seemed to be a sign you couldn't fix the problem."
Hehe...That's what Roy from the IT Crowd likes to say - "Have you tried turning it off and on again?"
Glad to hear it's working Paul
HTH,
John
*** Please rate all useful posts ***
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide