Solved: ISR1100 not receiving an IP Address

90-Lowrider · ‎01-20-2025

I have an ISR111-8PWA that I purchased several months ago. I have been having all kinds of difficulties just connecting to my router and accessing the internet. The latest config is attached as well as a picture of what comes up when it tries to connect. the configuration manual instructs to configure a Loopback interface as well as another interface the call Virtual-Template1. I set both up the same way as in the manual. Prior to this attempt (without the Loopback interface) the router was receiving a public IP address but my computer could access the router, the router could access the ISP and the DNS server but could not access the internet. I went through several iterations with advice from a few generous experts in this community to no avail. I then set upon this path going back to basics using the configuration manual.

90-Lowrider · ‎03-02-2025

I was able to get it to work. Both last week and this week. I had to add the DNS server definition to the WEBUIPool. Config is attached.

Thank You!

View solution in original post

Flavio Miranda · ‎01-20-2025

@90-Lowrider

Your NAT is wrong

!
ip nat inside source list Pool_ACL interface Vlan1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip ssh bulk-mode 131072
!
ip access-list extended Pool_ACL
1 permit ip any any
!

Use this way

!
ip nat inside source list Pool_ACL interface GigabitEthernet0/0/0 overload

!
ip access-list extended Pool_ACL
1 permit ip 192.168.1.0 0.0.0.255 any
!

90-Lowrider · ‎01-20-2025

Thanks Flavio. I made the changes suggested and I am now receiving a public ip address but the original problem still persists. I cannot access the internet. Update config is attached

MHM Cisco World · ‎01-21-2025

Why ypu use virtual template??

MHM

90-Lowrider · ‎01-21-2025

Was following the configuration manual. It says to configure a loopback interface as well as a virtual template interface. I thought those missing 2 might have been the issue.

Flavio Miranda · ‎01-21-2025

@90-Lowrider

Can you at least ping 8.8.8.8 from a machine behind the Router?

You are passing the Router as DNS server, right? But you Router does not have DNS service. If you are able to ping 8.8.8.8 from PC, then add this IP address as DNS server instead the Router.

90-Lowrider · ‎01-21-2025

I haven't been able to ping 8.8.8.8 but haven't tried since the recent changes. I won't be at the machine until the weekend and will try then. You saw the picture of the Test Wan results I posted in the original posting?

Flavio Miranda · ‎01-21-2025

@90-Lowrider

Yes, I did and seems to not make sense. First, that DNS is actually on the internet basically. If you get there, you should be able to get on google, unless your ISP is blokcing something.

Second, if you are passing 192.168.1.1 as DNS for PC, this is the DNS they should use, which would obsviously fail.

Router is not like PC that receives IP address, gateway and DNS from DHCP server. I have no clue why that DNS 71.10.216.71 came into play.

Richard Burts · ‎01-21-2025

I am not clear about the topology. Would you post a simple diagram or some description of the topology?

Certainly the nat configuration of the original post was a major problem since it specified the wrong interface. Correcting that is important. Changing the acl used for nat is nice but I do not believe that the original acl caused any problem.

I very much like Paul's suggestion to add dhcp to the default route. If a static route specifies just the outbound Ethernet interface then it forces the router to arp for EVERY remote destination. Since it makes the router work harder it is not a good idea. But the real issue is that doing this requires that the ISP use proxy arp to respond and some ISP do not do this because of the security implications.

I am puzzled about the DHCP on G0/0/0. The post says the router was getting a Public IP, but the output posted shows the router getting 192.168.100 address. Can you clarify?

HTH

Rick

90-Lowrider · ‎01-21-2025

Mac computer plugged into G01/5...router connected to Spectrum modem

Flavio spotted that I had VLAN1 specified in my NAT statement and I changed to Gig0/0/0. That solved the not getting an IP address problem. I am back to the original problem we had been working on which is not being able to access the internet despite reaching the ISP and DNS servers. I posted the config file post change. Before the change it was assigning 192.168.100. That is what you may be looking at?

Next step, I think, is to examine the DNS server assignment. The command came from instructions I found on how to configure in order to access the GUI. Should the router not be assigned the DNS server? Think that is what Flavio is referring to.

Richard Burts · ‎01-21-2025

Arthur

Thanks for the additional information. Certainly the nat was an issue, and I believe it is now corrected and should work. I wonder if the static default route might have been an issue, and even if it is not a problem then Paul's suggestion to add dhcp will be an improvement.

Yes I believe that Flavio is referring to configuring the router as DNS server for connected devices. I am not sure that specifying the router as DNS server is a real problem. But removing that from the config would be an easy thing to do and to test. And testing would be pretty easy: if you attempt ping to a name and it fails but ping to its IP address works, then you have a DNS issue.

When you have access to the equipment and can test, I suggest that first you test access from the router. If that fails then you have one set of issues to investigate. If it is successful then test from your mac computer. If it fails from your mac computer then you have a different set of issues to investigate.

HTH

Rick

90-Lowrider · ‎01-21-2025

Thanks Rick. So ping 8.8.8.8 from the CLI and then ping 8.8.8.8 from the Mac?

Richard Burts · ‎01-21-2025

Arthur

Yes ping to IP from CLI and if successful then from Mac is a good start. If these are success then attempt to ping by name.

HTH

Rick

paul driver · ‎01-20-2025

Hello
Looking at your cfg, you dont require the virtual template, would suggest change your nat acl as already stated also your default route

no interface Virtual-Template1
no int loopback 0
no ip nat inside source list Pool_ACL interface Vlan1 overload
no ip access-list extended Pool_ACL

ip access-list extended Pool_ACL
permit ip 192.168.1.0 0.0.0.255 any

ip nat inside source list Pool_ACL interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

vishalbhandari · ‎01-21-2025

@90-Lowrider It seems the main issue lies in the router's configuration, possibly with how NAT, routing, or the virtual-template interface is set up. The fact that the router can reach the ISP and DNS but not access the internet suggests there may be a missing or misconfigured NAT rule or an issue with the default route. Ensure you’ve configured PAT (Port Address Translation) on the outbound interface and verify that the default route points to your ISP’s gateway. Also, double-check the Virtual-Template and Loopback setup to ensure they align with the manual’s requirements. If possible, share a snippet of your NAT and routing configurations for further assistance!