Solved: Re: Cisco 892FSP router basic config

alficho23 · ‎03-06-2023

Hi all,

Please help me with the below configuration, i`m stuck on basic routing for last two days.

End users get dhcp, but no internet access - any guidance will be much appriciated.

Building configuration...

Current configuration : 1817 bytes
!
! Last configuration change at 22:05:15 UTC Mon Mar 6 2023
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
!
!
!
!
!
!


!
ip dhcp excluded-address 10.20.10.1 10.20.10.30
!
ip dhcp pool LAN-TRUNK
network 10.20.10.0 255.255.255.0
default-router 10.20.10.1
dns-server 1.1.1.1 8.8.8.8
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C892FSP-K9 sn xxxxxxxx
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
switchport access vlan 103
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet9
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
ip address 10.20.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Vlan1 overload
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
!
access-list 1 permit 10.20.10.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

MHM Cisco World · ‎03-06-2023

ip nat inside source list 1 interface Giga8 overload

this missing

View solution in original post

David Ruess · ‎03-06-2023

Hello,

4 Questions:

1. Are devices being NAT'd - after the device attempts to reach the internet are they being put in the local NAT table?

show ip nat

2. does the internet have a route back to your network. You have a default route out but you need routing for return traffic as well

3. Your default route points to

10.10.10.1

Can you reach it (ping)?

4. Is your

Gig8 interface

getting an IP address?

-David

alficho23 · ‎03-06-2023

Hi David,

1)

 Router#show ip nat translations
Pro Inside global Inside local Outside local Outside global
udp 10.20.10.1:49882 10.20.10.31:49882 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:49882 10.20.10.31:49882 8.8.8.8:53 8.8.8.8:53
udp 10.20.10.1:50534 10.20.10.31:50534 8.8.8.8:53 8.8.8.8:53
udp 10.20.10.1:51434 10.20.10.31:51434 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:51434 10.20.10.31:51434 8.8.8.8:53 8.8.8.8:53
udp 10.20.10.1:51482 10.20.10.31:51482 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:51482 10.20.10.31:51482 8.8.8.8:53 8.8.8.8:53
udp 10.20.10.1:51961 10.20.10.31:51961 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:51961 10.20.10.31:51961 8.8.8.8:53 8.8.8.8:53
udp 10.20.10.1:52178 10.20.10.31:52178 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:52178 10.20.10.31:52178 8.8.8.8:53 8.8.8.8:53
udp 10.20.10.1:52899 10.20.10.31:52899 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:52899 10.20.10.31:52899 8.8.8.8:53 8.8.8.8:53
udp 10.20.10.1:53646 10.20.10.31:53646 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:53646 10.20.10.31:53646 8.8.8.8:53 8.8.8.8:53
udp 10.20.10.1:54568 10.20.10.31:54568 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:54568 10.20.10.31:54568 8.8.8.8:53 8.8.8.8:53
tcp 10.20.10.1:54765 10.20.10.31:54765 52.114.74.222:443 52.114.74.222:443
tcp 10.20.10.1:54774 10.20.10.31:54774 13.69.239.73:443 13.69.239.73:443
udp 10.20.10.1:55337 10.20.10.31:55337 1.1.1.1:53 1.1.1.1:53
udp 10.20.10.1:55337 10.20.10.31:55337 8.8.8.8:53 8.8.8.8:53

2) No i have not set route back

3) Yes without any problem

4) Yes it gets ip address from my pfsense router

I thought it would be a good idea to learn on cisco equipment, therefore deployed 892fsp in my home lab.

Thanks for your quick reply David

balaji.bandi · ‎03-06-2023

As per the config on the router - if you getting DHCP IP outside interface as you configured, then you need to change below and test it :

interface GigabitEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
!
interface Vlan1
ip address 10.20.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
no ip nat inside source list 1 interface Vlan1 overload

ip nat inside source list 1 interface gig8 overload
no ip route 0.0.0.0 0.0.0.0 10.10.10.1

ip route 0.0.0.0 0.0.0.0 gig8 dhcp

still not working

post new config

show run

show IP interface brief

show IP route

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

alficho23 · ‎03-06-2023

Hi guys still not working, new config as follow:

Router#show running-config
Building configuration...

Current configuration : 1775 bytes
!
! Last configuration change at 23:04:55 UTC Mon Mar 6 2023
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
aqm-register-fnf
!
!
no aaa new-model
!
!
!
!
!
!


!
ip dhcp excluded-address 10.20.10.1 10.20.10.30
!
ip dhcp pool LAN-TRUNK
network 10.20.10.0 255.255.255.0
default-router 10.20.10.1
dns-server 1.1.1.1 8.8.8.8
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C892FSP-K9 sn xxxxxx
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
switchport access vlan 103
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet9
no ip address
shutdown
duplex auto
speed auto
!
interface Vlan1
ip address 10.20.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp
!
!
access-list 1 permit 10.20.10.0 0.0.0.255
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
!
end

Router#show IP interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES unset up up
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset down down
GigabitEthernet8 10.10.10.89 YES DHCP up up
GigabitEthernet9 unassigned YES unset administratively down down
NVI0 10.10.10.89 YES unset up up
Vlan1 10.20.10.1 YES manual up up

Router#show IP route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.10.10.1, GigabitEthernet8
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.10.10.0/24 is directly connected, GigabitEthernet8
L 10.10.10.89/32 is directly connected, GigabitEthernet8
C 10.20.10.0/24 is directly connected, Vlan1
L 10.20.10.1/32 is directly connected, Vlan1

MHM Cisco World · ‎03-06-2023

ip nat inside source list 1 interface Giga8 overload

this missing

alficho23 · ‎03-06-2023

Correct all working now.

Thanks a lot

I own you a beer

balaji.bandi · ‎03-06-2023

i do not see NAT config :

ip nat inside source list 1 interface gig8 overload

how are you testing, on what port the device is connected.

if the below port you using to test, this port belong to VLAN 103 (and you have layer 3 interface vlan 1) - so you need to change to vlan 1 to work.

interface GigabitEthernet2
switchport access vlan 103
no ip address

End device what IP address you getting ? or you not getting any IP address ? (if you are not getting any IP address then that is is cause of VLAN config issue correct it.

Testings from router :

1. start ping from router 8.8.8.8 (is this working ?)

2. what is the IP address PC getting ?

3. ping from PC to Gateway 10.20.10.1 ? is this working ?

4. ping from PC to 8.8.8.8 is this working ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

alficho23 · ‎03-06-2023

@MHM Cisco World advised missing

ip nat inside source list 1 interface Giga8 overload

all works now

balaji.bandi · ‎03-06-2023

Good, you were able to resolve the issue - the advice was suggested in the first instance of my reply post to make necessary changes to work (looks like that was ignored in this instance i guess ).

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

alficho23 · ‎03-06-2023

No not at all ignored, it is my first cisco device for testing purposes only.

I did not fully understood you advice, neverthless many thanks for all your help.