Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
0
Helpful
7
Replies

Cisco ISR 4431 Router Configuration, ISP IP not pinging

Shaik.Kadri
Level 1
Level 1

‎09-02-2021 11:05 PM

Hello my friends,
i need one help on facing one issue on cisco ISR4431 Router Configuration, i am using DHCP ISP in 0/0/0 GigabiteEther port 192.168.*.* as DHCP. and GigabitEthernet 0/0/1 i am using 192.168.2.1 Static IP address for internal network, here problem is i am not able ping ISP default Gateway 192.168.1.1 IP address from Gigabit Ethernet port 0/0/1, refer below code for which i am configuring.

Router#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.1.4 YES DHCP up up
GigabitEthernet0/0/1 unassigned YES unset administratively down down
GigabitEthernet0/0/2 unassigned YES unset administratively down down
GigabitEthernet0/0/3 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset administratively down down

=> Below command i have configured as a dhcp in GigabitEthernet 0/0/0.refer below:

Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#interface gigabitEthernet0/0/0
Router(config-if)#no shutdown
Router(config-if)#ip address dhcp

=> after this dhcp configuration i am trying to ping 192.168.1.1 but its not pinging as well.

Router(config)#do ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)


=> Then i have configured GigabitEthernet 0/0/1 for internal network, refer command below:

TPNODL-CENTRAL-STORE(config)#interface gigabitEthernet 0/0/1
TPNODL-CENTRAL-STORE(config-if)#ip address 192.168.2.1 255.255.255.0
TPNODL-CENTRAL-STORE(config-if)#no shutdown
TPNODL-CENTRAL-STORE(config-if)#exit

=> then i checked the interfacebrief command to see the interface, refer below:

TPNODL-CENTRAL-STORE#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 192.168.1.4 YES DHCP up up
GigabitEthernet0/0/1 192.168.2.1 YES manual up up
GigabitEthernet0/0/2 unassigned YES unset administratively down down
GigabitEthernet0/0/3 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset administratively down down

Both the GigabitEthernet 0/0/0 is up but still i am not able ping ISP Default gateway 192.168.1.1 from GigabitEthernet 0/0/1 but i am able to ping the GigabitEthernet 0/0/0 DHCP ip from GigabietEthernet 0/0/1 Port.

=> after this i have created the DHCP pool for our internal network and provided ip route as well

TPNODL-CENTRAL-STORE(config)#ip dhcp pool centralstore
TPNODL-CENTRAL-STORE(dhcp-config)#network 192.168.2.0 /24
TPNODL-CENTRAL-STORE(dhcp-config)#default-router 192.168.2.1
TPNODL-CENTRAL-STORE(dhcp-config)#dns-server 8.8.8.8 4.2.2.2
TPNODL-CENTRAL-STORE(dhcp-config)#exit
TPNODL-CENTRAL-STORE(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.1
TPNODL-CENTRAL-STORE(config)#exit

=> after this command still try to ping the ISP Gateway still it is not pinging. then i have configured Inside NAT and Outside Nat Command below

TPNODL-CENTRAL-STORE(config)#interface gigabitEthernet 0/0/0
TPNODL-CENTRAL-STORE(config-if)#ip nat outside
TPNODL-CENTRAL-STORE(config-if)#exit

TPNODL-CENTRAL-STORE(config)#interface gigabitEthernet 0/0/1
TPNODL-CENTRAL-STORE(config-if)#ip nat inside
TPNODL-CENTRAL-STORE(config-if)#exit

=> after that i have created the access list then overload with GigabitEthernet 0/0/0,

TPNODL-CENTRAL-STORE(config)#ip access-list standard 1
TPNODL-CENTRAL-STORE(config-std-nacl)#permit any
TPNODL-CENTRAL-STORE(config-std-nacl)#exit

TPNODL-CENTRAL-STORE(config)#ip nat in
TPNODL-CENTRAL-STORE(config)#ip nat inside sou
TPNODL-CENTRAL-STORE(config)#ip nat inside source list 1 int
TPNODL-CENTRAL-STORE(config)#ip nat inside source list 1 interface gigabitEthernet 0/0/0 overload
TPNODL-CENTRAL-STORE(config)#exit

after this overload command i am able to access internet connection but before this overload command i am not able to ping 192.168.1.1 ISP default gateway.

after this i am saving all the configuration using below command.

TPNODL-CENTRAL-STORE#copy running-config startup-config
Destination filename [startup-config]?
Building configuration...

[OK]
TPNODL-CENTRAL-STORE#
*Sep 1 16:10:11.126: %SYS-2-PRIVCFG_ENCRYPT: Successfully encrypted private config file


But also when we restrarted the router again, the DHCP is showing unasigned and internet is not access in the internal network. getting below code when using interface brief command

TPNODL-CENTRAL-STORE#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 unassigned YES DHCP up up
GigabitEthernet0/0/1 192.168.2.1 YES manual up up
GigabitEthernet0/0/2 unassigned YES unset administratively down down
GigabitEthernet0/0/3 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset administratively down down


i request you to help me out on this as soon as possible and thanks in advance for your help guys.

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎09-02-2021 11:44 PM

Hello,

 

a NAT access list with 'permit any' does not work. Make sure the access list looks like below:

 

access-list 1 permit 192.168.2.0 0.0.0.255

 

Also, do you have a default route ?

 

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp 

 

?

0 Helpful

Shaik.Kadri
Level 1
Level 1
In response to Georg Pauwen

‎09-02-2021 11:50 PM

Yes, for ISP it is 192.168.1.1 is default gateway

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎09-02-2021 11:46 PM - edited ‎09-03-2021 12:58 AM

worth posting show run after saving verify here :

 

here are some suggestions :

 

ip dhcp excluded-address 192.168.2.1
!
access-list 1 permit ip 192.168.2.0 0.0.0.255 any 
access-list 1 permit 192.168.2.0 0.0.0.255
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet 0/0/0 dhcp

still not working as suggested post-show run

 

@Georg Pauwen ..appologies, corrected now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Shaik.Kadri
Level 1
Level 1
In response to balaji.bandi

‎09-02-2021 11:48 PM

Yes, for ISP it is 192.168.1.1 is default gateway

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Shaik.Kadri

‎09-03-2021 12:58 AM

i would use interface with DHCP, since it is DHCP to get route.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Georg Pauwen
VIP
VIP
In response to balaji.bandi

‎09-02-2021 11:53 PM

@balaji.bandi 

 

--> access-list 1 permit ip 192.168.2.0 0.0.0.255 any 

 

Not to be annoying but this is the wrong syntax...

0 Helpful

paul driver
VIP
VIP

‎09-03-2021 03:23 AM - edited ‎09-03-2021 03:24 AM

Hello
can you post 
show version?

In addtion try the follwoing:
conf t
no service private-config-encryption
default int gig0/0/0
default int gig0/0/1

do wr mem
reload

 

int gig0/0/0
ip address dhcp
ip nat outside
no shut


int gig0/0/1
ip address 192.168.2.1 255.255.255.0

ip nat inside
no shut

 

access-list 100 permit ip 192.168.2.0 0.0.0.255 any
ip nat inside source-list 100 interface gig0/0/0

 

sh ip int brief | in up
sh ip route

ip route 0.0.0.0 0.0.0.0 gig0/0/0 dhcp

wr mem
reload


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card