Solved: Home Lab | Client Not able to reach internet

mr_Nobody · ‎03-06-2025

Switch config:

ip dhcp pool Mgmt-Network
network 10.72.44.0 255.255.255.0
default-router 10.72.44.1
dns-server 1.1.1.1 1.0.0.1
domain-name example.com
lease 0 8

vlan 10

int vlan 10
ip add 10.72.44.1 255.255.255.0
ip nat inside

int gig1/3
ip add 192.168.0.100 255.255.255.0
ip nat outside

int gig0/0
switchport mode access
switchport access vlan 10

ip route 0.0.0.0 0.0.0.0 192.168.0.1

access-list 1 permit 10.72.144.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet1/3 overload

----------------------------------------------------------------------------

Switch:

1. Switch is able to reach internet with source vlan 10 and without source as well.
2. Switch is able to reach the PC

PC:

1. PC is getting IP address from dhcp(10.72.44.2)
2. PC is able to reach 10.72.44.1, 192.168.0.100
3. But PC is not able to reach 192.168.0.1 and internet

balaji.bandi · ‎03-08-2025

Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Experimental Version 15.2(20170321:233949) [mmen 101]
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 22-Mar-17 08:38 by mmen

I had a closer look and wondered why it was not working. I do not recall the solution.

There is a bug in vIOS - possible solutions as below :

1. Go to switch config mode and try to remove cef by issuing command as

config t

no ip cef

end

Then test it.

2. Other options I can think of are use the L3 Router image (rather l2 image)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎03-09-2025

As I mentioned, it's a bug on the virtual image; real hardware is not an issue.

try latest vIOS or IOL image.

check my old post for reference to CEF if you like to know more :

https://community.cisco.com/t5/switching/configure-process-switching/td-p/4803272

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

Richard Burts · ‎03-06-2025

What kind of switch is this? Very few Cisco switches are able to provide NAT.

HTH

Rick

M02@rt37 · ‎03-06-2025

Hello,

Do you check if nat translation is ok ?

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

balaji.bandi · ‎03-07-2025

There is a mistake in the ACL, correct it.

access-list 1 permit 10.72.144.0 0.0.0.255

to

access-list 1 permit 10.72.44.0 0.0.0.255

still issue - as other member asked what switch is this, can you post show version

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

M02@rt37 · ‎03-07-2025

hello @balaji.bandi

hawk eye !!!

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

mr_Nobody · ‎03-07-2025

@balaji.bandi

that's a typo in the access list. actualy access-list is correct

switch#sh access-lists 1
Standard IP access list 1
10 permit 10.72.44.0, wildcard bits 0.0.0.255

@Richard Burts

This lab is in Eve-NG

switch#sh ver
Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Experimental Version 15.2(20170321:233949) [mmen 101]
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 22-Mar-17 08:38 by mmen

M02@rt37

ip nat translations

switch#ping 1.1.1.1 source vlan10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.72.144.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 85/94/114 ms
switch#

switch#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.100:1024 10.72.144.1:1 1.1.1.1:1 1.1.1.1:1024

balaji.bandi · ‎03-08-2025

Still i am not sure the information correct.

10 permit 10.72.44.0, wildcard bits 0.0.0.255

Your output shows 144 - one of the sure its wrong.

switch#ping 1.1.1.1 source vlan10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.72.144.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 85/94/114 ms
switch#

switch#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.100:1024 10.72.144.1:1 1.1.1.1:1 1.1.1.1:1024

Make sure your ACL and VLAN should either 144 or 44

start with PC can able to ping gateway, try traceroute to 1.1.1.1 show us the output ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

krmp010608 · ‎03-07-2025

ipconfig in PC, please

mr_Nobody · ‎03-08-2025

switch#sh access-lists 1
Standard IP access list 1
10 permit 10.72.44.0, wildcard bits 0.0.0.255

switch#ping 1.1.1.1 source vlan10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.72.44.1

witch#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.0.100:1024 10.72.44.1:1 1.1.1.1:1 1.1.1.1:1024

--------------------------------------------------------------

balaji.bandi · ‎03-08-2025

Cisco IOS Software, vios_l2 Software (vios_l2-ADVENTERPRISEK9-M), Experimental Version 15.2(20170321:233949) [mmen 101]
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 22-Mar-17 08:38 by mmen

I had a closer look and wondered why it was not working. I do not recall the solution.

There is a bug in vIOS - possible solutions as below :

1. Go to switch config mode and try to remove cef by issuing command as

config t

no ip cef

end

Then test it.

2. Other options I can think of are use the L3 Router image (rather l2 image)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help