I am trying to practice for my CCNA, and i picked up an old Cisco 1921 Router (and Catalyst Switch) just to get some practice making my own network. I set everything up to use ROAS, but I can't ping out to the internet (8.8.8.8). I can ping all the connected devices, but it looks like for some reason i cannot find, my Gateway of last resort is not set, and i can't figure out why for the life of me. Ill post my run config below if anyone's willing to look it over and help me figure out what's wrong.
GatewayRouter#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override
Gateway of last resort is not set
S* 0.0.0.0/0 [0/0] via 0.0.0.0, GigabitEthernet0/0 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks C 10.0.0.1/32 is directly connected, Loopback0 C 10.0.1.0/24 is directly connected, GigabitEthernet0/1.1 L 10.0.1.1/32 is directly connected, GigabitEthernet0/1.1 C 10.1.1.0/24 is directly connected, GigabitEthernet0/1.10 L 10.1.1.1/32 is directly connected, GigabitEthernet0/1.10 C 10.1.2.0/24 is directly connected, GigabitEthernet0/1.20 L 10.1.2.1/32 is directly connected, GigabitEthernet0/1.20 * 192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks C* 192.168.0.0/24 is directly connected, GigabitEthernet0/0 L 192.168.0.106/32 is directly connected, GigabitEthernet0/0
GatewayRouter#sh run Building configuration...
Current configuration : 3026 bytes ! ! Last configuration change at 02:39:24 UTC Wed Mar 31 2021 by nick ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname GatewayRouter ! boot-start-marker boot-end-marker ! ! enable secret 4 TkhWb9iRSIgxflbwpcOX0UCPFnZJFHZBfQ/LFoGNOcQ enable password bohr ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ! ! ip dhcp excluded-address 10.1.1.1 ip dhcp excluded-address 10.1.1.2 ip dhcp excluded-address 10.1.1.3 ip dhcp excluded-address 10.1.1.4 ip dhcp excluded-address 10.1.1.5 ip dhcp excluded-address 10.1.1.6 ip dhcp excluded-address 10.1.1.7 ip dhcp excluded-address 10.1.1.8 ip dhcp excluded-address 10.1.1.9 ip dhcp excluded-address 10.1.1.10 ip dhcp excluded-address 10.1.2.1 ip dhcp excluded-address 10.1.2.0 ip dhcp excluded-address 10.0.1.1 ! ip dhcp pool LAN DHCP network 10.1.1.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.1.1 ! ip dhcp pool Wireless LAN network 10.1.2.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.2.1 ! ip dhcp pool MGMT DHCP network 10.0.1.0 255.255.255.0 dns-server 52.119.45.76 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.0.1.1 ! ! ip domain name bohr.com multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! license udi pid CISCO1921/K9 sn FGL17042147 ! ! username nick password 0 bohr ! ! ip ssh version 2 ! ! ! ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description Uplink-to-modem ip address dhcp duplex auto speed auto ! interface GigabitEthernet0/1 description LAN no ip address duplex auto speed auto ! interface GigabitEthernet0/1.1 description mgmt VLAN encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 ! interface GigabitEthernet0/1.10 description LAN VLAN encapsulation dot1Q 10 ip address 10.1.1.1 255.255.255.0 ! interface GigabitEthernet0/1.20 description Wireless VLAN encapsulation dot1Q 20 ip address 10.1.2.1 255.255.255.0 ! router ospf 1 network 10.0.0.0 0.0.255.255 area 0 network 10.1.0.0 0.0.255.255 area 0 network 192.168.0.0 0.0.255.255 area 0 default-information originate ! router rip version 2 network 10.0.0.0 network 192.168.0.0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip default-network 192.168.0.0 ip route 0.0.0.0 0.0.0.0 192.169.0.1 ! !
it looks like you are missing the NAT part. Use the simplified configuration below (important parts marked in bold):
Current configuration : 3026 bytes ! ! Last configuration change at 02:39:24 UTC Wed Mar 31 2021 by nick ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname GatewayRouter ! boot-start-marker boot-end-marker ! ! enable secret 4 TkhWb9iRSIgxflbwpcOX0UCPFnZJFHZBfQ/LFoGNOcQ enable password bohr ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ip dhcp excluded-address 10.1.1.1 ip dhcp excluded-address 10.1.1.2 ip dhcp excluded-address 10.1.1.3 ip dhcp excluded-address 10.1.1.4 ip dhcp excluded-address 10.1.1.5 ip dhcp excluded-address 10.1.1.6 ip dhcp excluded-address 10.1.1.7 ip dhcp excluded-address 10.1.1.8 ip dhcp excluded-address 10.1.1.9 ip dhcp excluded-address 10.1.1.10 ip dhcp excluded-address 10.1.2.1 ip dhcp excluded-address 10.1.2.0 ip dhcp excluded-address 10.0.1.1 ! ip dhcp pool LAN DHCP network 10.1.1.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.1.1 ! ip dhcp pool Wireless LAN network 10.1.2.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.2.1 ! ip dhcp pool MGMT DHCP network 10.0.1.0 255.255.255.0 dns-server 52.119.45.76 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.0.1.1 ! ip domain name bohr.com multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! license udi pid CISCO1921/K9 sn FGL17042147 ! username nick password 0 bohr ! ip ssh version 2 ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description Uplink-to-modem ip address dhcp --> ip nat outside duplex auto speed auto ! interface GigabitEthernet0/1 description LAN no ip address duplex auto speed auto ! interface GigabitEthernet0/1.1 description mgmt VLAN encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 --> ip nat inside ! interface GigabitEthernet0/1.10 description LAN VLAN encapsulation dot1Q 10 ip address 10.1.1.1 255.255.255.0 --> ip nat inside ! interface GigabitEthernet0/1.20 description Wireless VLAN encapsulation dot1Q 20 ip address 10.1.2.1 255.255.255.0 --> ip nat inside ! --> ip nat inside source list 1 interface GigabitEthernet0/0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! --> ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp ! --> access-list 1 permit 10.0.0.0 0.0.0.255
Please rate and mark as an accepted solution if you have found any of the information provided useful. This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
in case any other Vlans in the 10.0.0.0/8 range are added.
will work just fine
Unfortunately it won’t -the original acl range is a /24 bit subnet not a /16 , the OP have at least 3 subnets that require nat
Please rate and mark as an accepted solution if you have found any of the information provided useful. This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
hey guys. thank you very much for the assistance. I tried to implement the fixes mentioned above, (see spoiler) and it added a few lines automatically like the overload on the ip nat source and the 'ip virtual-reassembly in' line. Unfortunately it does not seem to have resolved my issue:
GatewayRouter#ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
GatewayRouter#ping 8.8.8.8 source 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 ..... Success rate is 0 percent (0/5)
I tried adding the 'permit any' to access-list 1 after there was no success just to make sure nothing was getting blocked, but no joy.
Are there any other suggestions for commands I'm missing, or could the router itself just be borked?
Current configuration : 3366 bytes ! ! Last configuration change at 00:52:24 UTC Thu Apr 1 2021 ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname GatewayRouter ! boot-start-marker boot-end-marker ! ! enable secret 4 TkhWb9iRSIgxflbwpcOX0UCPFnZJFHZBfQ/LFoGNOcQ enable password bohr ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ! ! ip dhcp excluded-address 10.1.1.1 ip dhcp excluded-address 10.1.1.2 ip dhcp excluded-address 10.1.1.3 ip dhcp excluded-address 10.1.1.4 ip dhcp excluded-address 10.1.1.5 ip dhcp excluded-address 10.1.1.6 ip dhcp excluded-address 10.1.1.7 ip dhcp excluded-address 10.1.1.8 ip dhcp excluded-address 10.1.1.9 ip dhcp excluded-address 10.1.1.10 ip dhcp excluded-address 10.1.2.1 ip dhcp excluded-address 10.1.2.0 ip dhcp excluded-address 10.0.1.1 ! ip dhcp pool LAN DHCP network 10.1.1.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.1.1 ! ip dhcp pool Wireless LAN network 10.1.2.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.2.1 ! ip dhcp pool MGMT DHCP network 10.0.1.0 255.255.255.0 dns-server 52.119.45.76 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.0.1.1 ! ! ip domain name bohr.com multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! license udi pid CISCO1921/K9 sn FGL17042147 ! ! username nick password 0 bohr ! ! ip ssh version 2 ! ! ! ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description Uplink-to-modem ip address dhcp ip nat outside ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 description LAN no ip address duplex auto speed auto ! interface GigabitEthernet0/1.1 description mgmt VLAN encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.10 description LAN VLAN encapsulation dot1Q 10 ip address 10.1.1.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! interface GigabitEthernet0/1.20 description Wireless VLAN encapsulation dot1Q 20 ip address 10.1.2.1 255.255.255.0 ip nat inside ip virtual-reassembly in ! router ospf 1 network 10.0.0.0 0.0.255.255 area 0 network 10.1.0.0 0.0.255.255 area 0 network 192.168.0.0 0.0.255.255 area 0 default-information originate ! router rip version 2 network 10.0.0.0 network 192.168.0.0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list 1 interface GigabitEthernet0/0 overload ip default-network 192.168.0.0 ip route 0.0.0.0 0.0.0.0 192.169.0.1 ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp ! access-list 1 permit 10.0.0.0 0.255.255.255 access-list 1 permit any ! !
Hello You should be able to ping the internet from the router if you cannot then something else is wrong -However Please remove and add the following
no ip default-network 192.168.0.0 no ip route 0.0.0.0 0.0.0.0 192.169.0.1 no router rip no router ospf no int loopback 0 no access-list 1 no ip dhcp excluded-address 10.1.2.0
lastly make sure the connection on the switch that connects to this rtr gig0/1 interface is a trunk interface and you have created the additional l2 vlans 10-20
Post the output from: sh ip int brief sh arp
Please rate and mark as an accepted solution if you have found any of the information provided useful. This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
what you have posted in the spoiler looks very different from what was originally proposed. Make sure when you issue a 'sh run', everyting looks exactly like below. Just go through this line by line, and remove everything that does not match.
That said, is the LED on GigabitEthernet0/0 lit green ? Also, what else is in your network (why do you have OSPF and RIP configured) ?
Current configuration : 3026 bytes ! ! Last configuration change at 02:39:24 UTC Wed Mar 31 2021 by nick ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname GatewayRouter ! boot-start-marker boot-end-marker ! enable secret 4 TkhWb9iRSIgxflbwpcOX0UCPFnZJFHZBfQ/LFoGNOcQ enable password bohr ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ip dhcp excluded-address 10.1.1.1 ip dhcp excluded-address 10.1.1.2 ip dhcp excluded-address 10.1.1.3 ip dhcp excluded-address 10.1.1.4 ip dhcp excluded-address 10.1.1.5 ip dhcp excluded-address 10.1.1.6 ip dhcp excluded-address 10.1.1.7 ip dhcp excluded-address 10.1.1.8 ip dhcp excluded-address 10.1.1.9 ip dhcp excluded-address 10.1.1.10 ip dhcp excluded-address 10.1.2.1 ip dhcp excluded-address 10.1.2.0 ip dhcp excluded-address 10.0.1.1 ! ip dhcp pool LAN DHCP network 10.1.1.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.1.1 ! ip dhcp pool Wireless LAN network 10.1.2.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.2.1 ! ip dhcp pool MGMT DHCP network 10.0.1.0 255.255.255.0 dns-server 52.119.45.76 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.0.1.1 ! ip domain name bohr.com multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! license udi pid CISCO1921/K9 sn FGL17042147 ! username nick password 0 bohr ! ip ssh version 2 ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description Uplink-to-modem ip address dhcp --> ip nat outside duplex auto speed auto ! interface GigabitEthernet0/1 description LAN no ip address duplex auto speed auto ! interface GigabitEthernet0/1.1 description mgmt VLAN encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 --> ip nat inside ! interface GigabitEthernet0/1.10 description LAN VLAN encapsulation dot1Q 10 ip address 10.1.1.1 255.255.255.0 --> ip nat inside ! interface GigabitEthernet0/1.20 description Wireless VLAN encapsulation dot1Q 20 ip address 10.1.2.1 255.255.255.0 --> ip nat inside ! --> ip nat inside source list 1 interface GigabitEthernet0/0 ! ip forward-protocol nd ! no ip http server no ip http secure-server ! --> ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp ! --> access-list 1 permit 10.0.0.0 0.255.255.255
Thanks for all the help again. I added the routing protocols under the vain hope they would populate my Gateway of last resort (clearly they did not). The ports lights are green on the router, and the Switch has all the VLANS configured, with the uplink port set for trunk and allowing all Vlans. I have tried to match the suggested commands as much as possible, but the router is adding lines without my input, for example the overload command on the below command. I have removed it and re-added it a few times, and the router always overloads it.
ip nat inside source list 1 interface GigabitEthernet0/0 overload
GatewayRouter#sh ip int brief Interface IP-Address OK? Method Status Protocol Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down GigabitEthernet0/0 192.168.0.106 YES DHCP up up GigabitEthernet0/1 unassigned YES manual up up GigabitEthernet0/1.1 10.0.1.1 YES manual up up GigabitEthernet0/1.10 10.1.1.1 YES manual up up GigabitEthernet0/1.20 10.1.2.1 YES manual up up Loopback0 10.0.0.1 YES manual up up NVI0 192.168.0.106 YES unset up up
GatewayRouter#sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 8.8.4.4 0 Incomplete ARPA Internet 8.8.8.8 0 Incomplete ARPA Internet 10.0.1.1 - acf2.c581.bb41 ARPA GigabitEthernet0/1.1 Internet 10.1.1.1 - acf2.c581.bb41 ARPA GigabitEthernet0/1.10 Internet 10.1.1.13 0 4ccc.6a8a.638e ARPA GigabitEthernet0/1.10 Internet 10.1.2.1 - acf2.c581.bb41 ARPA GigabitEthernet0/1.20 Internet 10.5.0.10 0 Incomplete ARPA Internet 10.5.0.12 0 Incomplete ARPA Internet 10.5.0.44 0 Incomplete ARPA Internet 192.168.0.1 0 60e3.275d.f2df ARPA GigabitEthernet0/0 Internet 192.168.0.106 - acf2.c581.bb40 ARPA GigabitEthernet0/0 Internet 192.168.0.107 0 d8d0.9004.1974 ARPA GigabitEthernet0/0 Internet 192.168.0.108 14 4ccc.6a8a.638e ARPA GigabitEthernet0/0
I have no idea where the 10.5.x.x IPs are coming from, i never added them.
GatewayRouter#ping 8.8.8.8 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
GatewayRouter#ping 8.8.8.8 source 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 ..... Success rate is 0 percent (0/5)
GatewayRouter#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override
Gateway of last resort is not set
S* 0.0.0.0/0 [0/0] via 0.0.0.0, GigabitEthernet0/0 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks C 10.0.0.1/32 is directly connected, Loopback0 C 10.0.1.0/24 is directly connected, GigabitEthernet0/1.1 L 10.0.1.1/32 is directly connected, GigabitEthernet0/1.1 C 10.1.1.0/24 is directly connected, GigabitEthernet0/1.10 L 10.1.1.1/32 is directly connected, GigabitEthernet0/1.10 C 10.1.2.0/24 is directly connected, GigabitEthernet0/1.20 L 10.1.2.1/32 is directly connected, GigabitEthernet0/1.20 192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.0.0/24 is directly connected, GigabitEthernet0/0 L 192.168.0.106/32 is directly connected, GigabitEthernet0/0
GatewayRouter#sh ip route 8.8.8.8 % Network not in table
From my understanding, if the IP is not in the route table, the router should direct it out the Gateway of Last Resort automatically, which is why I am concerned/confused about the lack of a GW on the router., and why I had several attempted commands to add a GW.
Current configuration : 3264 bytes ! ! Last configuration change at 03:15:17 UTC Fri Apr 2 2021 ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 ! NVRAM config last updated at 01:18:34 UTC Wed Mar 24 2021 version 15.1 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname GatewayRouter ! boot-start-marker boot-end-marker ! ! enable secret 4 TkhWb9iRSIgxflbwpcOX0UCPFnZJFHZBfQ/LFoGNOcQ enable password bohr ! no aaa new-model ! no ipv6 cef ip source-route ip cef ! ! ! ip dhcp excluded-address 10.1.1.1 ip dhcp excluded-address 10.1.1.2 ip dhcp excluded-address 10.1.1.3 ip dhcp excluded-address 10.1.1.4 ip dhcp excluded-address 10.1.1.5 ip dhcp excluded-address 10.1.1.6 ip dhcp excluded-address 10.1.1.7 ip dhcp excluded-address 10.1.1.8 ip dhcp excluded-address 10.1.1.9 ip dhcp excluded-address 10.1.1.10 ip dhcp excluded-address 10.1.2.1 ip dhcp excluded-address 10.0.1.1 ! ip dhcp pool LAN DHCP network 10.1.1.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.1.1 ! ip dhcp pool Wireless LAN network 10.1.2.0 255.255.255.0 dns-server 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.1.2.1 ! ip dhcp pool MGMT DHCP network 10.0.1.0 255.255.255.0 dns-server 52.119.45.76 8.8.8.8 8.8.4.4 domain-name bohr.com default-router 10.0.1.1 ! ! ip domain name bohr.com multilink bundle-name authenticated ! crypto pki token default removal timeout 0 ! ! license udi pid CISCO1921/K9 sn FGL17042147 ! ! username nick password 0 bohr ! ! ip ssh version 2 ! ! ! ! interface Loopback0 ip address 10.0.0.1 255.255.255.255 ! interface Embedded-Service-Engine0/0 no ip address shutdown ! interface GigabitEthernet0/0 description Uplink-to-modem ip address dhcp ip nat outside no ip virtual-reassembly in duplex auto speed auto ! interface GigabitEthernet0/1 description LAN no ip address duplex auto speed auto ! interface GigabitEthernet0/1.1 description mgmt VLAN encapsulation dot1Q 1 native ip address 10.0.1.1 255.255.255.0 ip nat inside no ip virtual-reassembly in ! interface GigabitEthernet0/1.10 description LAN VLAN encapsulation dot1Q 10 ip address 10.1.1.1 255.255.255.0 ip nat inside no ip virtual-reassembly in ! interface GigabitEthernet0/1.20 description Wireless VLAN encapsulation dot1Q 20 ip address 10.1.2.1 255.255.255.0 ip nat inside no ip virtual-reassembly in ! router ospf 1 network 10.0.0.0 0.0.255.255 area 0 network 10.1.0.0 0.0.255.255 area 0 network 192.168.0.0 0.0.255.255 area 0 default-information originate ! ip forward-protocol nd ! no ip http server no ip http secure-server ! ip nat inside source list 1 interface GigabitEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp ! access-list 1 permit 10.0.1.0 0.0.0.255 access-list 1 permit 10.1.1.0 0.0.0.255 access-list 1 permit 10.1.2.0 0.0.0.255 ! ! ! control-plane ! ! !
The root cause is your isp modem, you seem to obtaining an ip address however you cannot reach the internet, now the question is:
Before you attached this cisco rtr did you have just a pc or another device connected to the isp modem and did it work? if the answer is yes. Then its possible the modem is negating internet access due to the untrusted arp address (cisco rtr) it is now seeing.
To bypass this you can "Spoof" the moden by setting the arp of the "old" device that worked on the cisco gig0/0 infterface.
cisco rtr int gig0/0
mac-address xxxx.xxxx.xxxx < old pc mac address>
Please rate and mark as an accepted solution if you have found any of the information provided useful. This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
