Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
179
Views
0
Helpful
2
Replies

[Help] Basic Setup for Cisco C1111-4PLTE to Act as Main Home Router

natuan0
Level 1
Level 1

‎04-05-2025 05:27 AM - edited ‎04-05-2025 07:07 PM

Hi everyone,

I’m trying to set up my Cisco C1111-4PLTE (running IOS XE 17.12.4) as the main router for my home network.

My Goal:

  • Use Cellular0/2/0 (LTE) as the primary WAN connection.

  • Use the 4 LAN ports (GigabitEthernet0/1/0 to 0/1/3) to serve home devices. If possible, use the 2 WANs as LANs because I only use LTE as WAN.
  • Provide DHCP for the home network in subnet 192.168.5.0/24, with router IP 192.168.5.1. I will connect an Wifi AP to provide Internet for the house

Current Issue:

  • I cannot even ping 8.8.8.8 from the router CLI console.

  • Cellular0/2/0 interface shows “up” and gets an IP address from my LTE provider.
  • I set up NAT rules via Web UI, but something seems to be missing.
  • DHCP on LAN works — my laptop receives an IP in 192.168.5.0/24.
  • I can’t access the Internet from the router or from LAN devices.

Below is the config file. Really appreciate any guidance — I'm stuck and just want a simple Internet setup to start with. Thanks!

version 17.12
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname BSRouter
!
boot-start-marker
boot system flash:c1100-universalk9.17.12.04.SPA.bin
boot-end-marker
!
!
logging console emergencies
no aaa new-model
clock timezone ICT 7 0
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.2.0 192.168.2.99
ip dhcp excluded-address 192.168.5.0 192.168.5.99
!
ip dhcp pool HomeLAN
 network 192.168.5.0 255.255.255.0
 default-router 192.168.5.1 
 dns-server 8.8.8.8 8.8.4.4 
 lease infinite
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
vtp version 1
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-2258791517
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2258791517
 revocation-check none
 rsakeypair TP-self-signed-2258791517
 hash sha256
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
 hash sha256
!
!
crypto pki certificate chain TP-self-signed-2258791517
crypto pki certificate chain SLA-TrustPoint
!
!
diagnostic bootup level minimal
!
license udi pid C1111-4PLTELA sn FGL2415L2VY
memory free low-watermark processor 65711
!
spanning-tree extend system-id
!
enable secret 9 xxxx
enable password xxxx
!
username admin privilege 15 password 0 Xsw21q@z
!
redundancy
 mode none
!
controller Cellular 0/2/0
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 ip address 192.168.100.1 255.255.255.0
 negotiation auto
!
interface GigabitEthernet0/0/1
 no ip address
 shutdown
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1/0
 switchport mode access
!
interface GigabitEthernet0/1/1
 switchport mode access
!
interface GigabitEthernet0/1/2
 switchport
 switchport mode access
!
interface GigabitEthernet0/1/3
 switchport
 switchport mode access
!
interface Cellular0/2/0
 description Primary_ 
 ip address negotiated
 ip nat outside
 ip tcp adjust-mss 1460
 dialer in-band
 dialer-group 1
 ipv6 enable
 pulse-time 1
!
interface Cellular0/2/1
 no ip address
 shutdown
!
interface Vlan1
 ip address 192.168.5.1 255.255.255.0
 ip nat inside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip nat inside source list 1 interface Cellular0/2/0 overload
ip nat inside source list WEBUI-NAT-ACL interface Cellular0/2/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/2/0
ip ssh bulk-mode 131072
!
ip access-list extended WEBUI-NAT-ACL
 10 permit ip any any
!
ip access-list standard 1
 10 permit 192.168.2.0 0.0.0.255
dialer-list 1 protocol ip permit
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
 transport input none
 stopbits 1
line vty 0 4
 password xxxx
 login
 length 0
 transport input ssh
line vty 5 14
 password xxxx
 login
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
!
!
!
!
!
!
end
Labels:
0 Helpful
2 Replies 2

pieterh
VIP
VIP

‎05-04-2025 08:40 AM 

ip nat inside source list 1 interface Cellular0/2/0 overload
!
ip access-list standard 1
 10 permit 192.168.2.0 0.0.0.255

I suggest you NAT the  HomeLAN subnet instead 

ip dhcp pool HomeLAN
 network 192.168.5.0 255.255.255.0
 default-router 192.168.5.1

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to pieterh

‎05-04-2025 03:30 PM

I agree with @pieterh that the configuration of the acl used for NAT is not correct and should be fixed. But that is not the only problem. I note this in the OP " cannot even ping 8.8.8.8 from the router CLI console". Pinging from the console would use the outside interface and would not need NAT. I suggest adding a parameter to your default route

ip route 0.0.0.0 0.0.0.0 Cellular0/2/0 dhcp

 

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents