Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
639
Views
5
Helpful
3
Replies

DHCP LAN customers won't connect to internet through CISCO 2620

hussainul
Level 1
Level 1

‎02-02-2014 11:27 PM - edited ‎03-04-2019 10:14 PM

i'm configure cisco 2620 as a internet router. my cisco 2620 router has 5  Ethernet interface. One FE and four Ethernet interface (NM-4E). i'm configure  the FE interface as ISP internet interface. and Ethernet 1/1 as a DHCP  LAN interface. as i see my config are ok. but unable to access the  internet from LAN side. below is my config. please help me to solve  this.

Current configuration : 1498 bytes

!

version 12.2

service config

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname xxx

!

enable secret 5 $1$LvPI$UtOZEPSXBrf

enable password xxxxxx

!

ip subnet-zero

no ip routing

!

!

ip name-server 100.12.13.13

ip name-server 200.100.12.12

ip dhcp excluded-address 192.168.5.1 192.168.5.10

!

ip dhcp pool insideDHCP

network 192.168.5.0 255.255.255.0

default-router 192.168.5.1

dns-server 100.12.13.13 200.100.12.12

!

!

call rsvp-sync

!

!

!

!

!

!

!

!

interface FastEthernet0/0

description Broadband Internet

ip address 20.110.211.154 255.255.255.240

ip nat outside

no ip route-cache

no ip mroute-cache

duplex auto

speed auto

no cdp enable

!

interface Ethernet1/0

no ip address

no ip route-cache

no ip mroute-cache

half-duplex

no cdp enable

!

interface Ethernet1/1

description DHCP LAN

ip address 192.168.5.1 255.255.255.0

ip nat inside

no ip route-cache

no ip mroute-cache

full-duplex

no cdp enable

!

interface Ethernet1/2

no ip address

no ip route-cache

no ip mroute-cache

shutdown

half-duplex

no cdp enable

!

interface Ethernet1/3

no ip address

no ip route-cache

no ip mroute-cache

full-duplex

no cdp enable

!

ip nat inside source list 1 interface FastEthernet0/0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 0.110.211.155

no ip http server

!

!

dial-peer cor custom

!

!

!

!

!

line con 0

exec-timeout 0 0

password xxxxxxx

login

line aux 0

line vty 0 4

password xxxxxxxx

login

!

end

Labels:
0 Helpful
3 Replies 3

Jon Marshall
Hall of Fame
Hall of Fame

‎02-03-2014 02:21 AM

Your NAT statement is referencing an acl that you have not defined.

I generally use an extended acl ie.

access-list 101 permit ip 192.168.5.0 0.0.0.255 any

ip nat inside source list 101 interface fa0/0 overload

you can use a standard acl if you want but either way you need to define an acl.

Jon

Aaron Ratcliffe
Level 1
Level 1
In response to Jon Marshall

‎02-03-2014 02:25 AM

this is correct please make an ACL reflecting the source list 1

"ip access-list standard 1"

"permit 192.168.5.0 0.0.0.255 any"

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Aaron Ratcliffe

‎02-03-2014 04:08 AM

I offer a slightly different alternative. In my experience using extended access  lists for NAT where you are going to permit any destination can produce some complications which are avoided when you use a standard access list. So if you are going to use permit ip 192.168.5.0 0.0.0.255 any then I suggest that you make it into a standard access list and permit ip 192.168.5.0 0.0.0.255.

I also note an issue that I hope is just a typo in the default route

ip route 0.0.0.0 0.0.0.0 0.110.211.155

If this is really what is in the config then I can certainly see why nothing can access the Internet.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card