10-18-2022 04:42 AM
My C1111-8P has a Modem connected to Wan0 (g0/0/0) and a local PC connected to Lan1 (g0/1/1). I have other routers connected to this modem, and the network access is normal. I don't understand why my PC can't access the network, nor can I ping the external network at the CLI end of the router. The following is my configuration and web screenshot.
router#show running-config
Building configuration...
Current configuration : 6879 bytes
!
! Last configuration change at 03:37:27 UTC Sat Oct 8 2022
!
version 16.10
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip dhcp excluded-address 192.168.1.1 192.168.1.5
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-2702808450
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2702808450
revocation-check none
rsakeypair TP-self-signed-2702808450
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-2702808450
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373032 38303834 3530301E 170D3232 30383139 32313339
30325A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37303238
30383435 30308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A2D7 6774030A B3D868C0 AE4B03C5 EDC64A41 9276A80A F9D411D6
76782754 8BA578A5 3CC7AD4A C1084C8C 45D70FCB 2FB3367C E9B5BEE0 B9339CB3
AFB2B0F4 1D17CEA6 0D71FE1D 2C7E2836 E8544497 EDB92C96 A5AC95DF 2071B418
B9207BAE D9195FE5 20C643C2 B141D37F 2D6522BB 6D968798 A9A49F8A 174595D4
3311CE76 E980C252 9D213DFF 293AC5A6 99009F0B C7168AB9 412E50E3 3CC7B1F1
5E8375B4 710C8CDF 0C340E75 A9C602D3 80A73E54 E3DA4E1E 502F0AC8 2576BD45
B9D18F1E 04712B84 82EB04D7 BDEEDF8A 61AD8D02 B57A532C DCF3D188 FC218D29
3BADB8E9 C1612B31 01355CC6 5B61B764 4F8F1058 648DE560 E6B144E0 15F61B42
B7D451B2 5EDD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14D7A8B6 3201D3BA 22455987 BB713253 18AC533D
F5301D06 03551D0E 04160414 D7A8B632 01D3BA22 455987BB 71325318 AC533DF5
300D0609 2A864886 F70D0101 05050003 82010100 245A2B9C E64640FC 872DF06E
765AF3F8 448A172F E6297DB1 B9F6B3A2 95FC2188 885779E2 886A8133 0297A5F5
7E6A169E A3028E46 C7DD9D56 B729D388 C4D5C2CC 0E6E5ED9 425C610A 20BB94F6
EB270B4E 5C160FD7 5B514A70 F9E65CE2 BB068399 93332CEA 5ACCB74B 14BCC951
0335D944 994F1628 DE02B341 ECE5F5AA 8770295B D803EBE9 F7B3F7FE 7F46E67F
C65AFE63 32FD8A23 A26AEE70 5E8E060B 518E7967 3C917BA4 1FCDD715 0D78F9C4
1493B5ED 2AADA33E D5B7CB9B B88029D8 6CE43EAA 7BFA5D83 7A992764 2627504B
D139E80E 7DCE8487 0B07C06B CCDC6CB3 A571218A 6A6D4929 D814471F E0BA8F63
AD34A79B 60B8C557 A288E32C 9E559347 E43D17F9
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
license udi pid C1111-8P sn FCZ2540R1UH
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Modem
ip address dhcp hostname cisco
ip nat outside
negotiation auto
ipv6 address dhcp
ipv6 address autoconfig
ipv6 dhcp client pd cisco
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
length 0
!
!
!
!
!
!
end
router#shwo int g0/0/0
^
% Invalid input detected at '^' marker.
router#show int g0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
Hardware is C1111-2x1GE, address is 20cf.aede.eb00 (bia 20cf.aede.eb00)
Description: Modem
Internet address is 98.151.134.108/19
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:09, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 155000 bits/sec, 329 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
401922 packets input, 24138572 bytes, 0 no buffer
Received 400994 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 595 multicast, 0 pause input
437 packets output, 44736 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
98.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 98.151.128.0/19 is directly connected, GigabitEthernet0/0/0
L 98.151.134.108/32 is directly connected, GigabitEthernet0/0/0
142.254.0.0/32 is subnetted, 1 subnets
S 142.254.191.25 [254/0] via 98.151.128.1, GigabitEthernet0/0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.1/32 is directly connected, Vlan1
10-28-2022 12:02 PM
Then you need provide the information we requested :
show IP interface brief
show IP route
show IP arp
show nat translations
10-30-2022 06:41 PM
#showiproute
Codes:L-local,C-connected,S-static,R-RIP,M-mobile,B-BGP
D-EIGRP,EX-EIGRPexternal,O-OSPF,IA-OSPFinterarea
N1-OSPFNSSAexternaltype1,N2-OSPFNSSAexternaltype2
E1-OSPFexternaltype1,E2-OSPFexternaltype2,m-OMP
n-NAT,Ni-NATinside,No-NAToutside,Nd-NATDIA
i-IS-IS,su-IS-ISsummary,L1-IS-ISlevel-1,L2-IS-ISlevel-2
ia-IS-ISinterarea,*-candidatedefault,U-per-userstaticroute
H-NHRP,G-NHRPregistered,g-NHRPregistrationsummary
o-ODR,P-periodicdownloadedstaticroute,l-LISP
a-applicationroute
+-replicatedroute,%-nexthopoverride,p-overridesfromPfR
Gatewayoflastresortis98.155.80.1tonetwork0.0.0.0
S*0.0.0.0/0[1/0]via98.155.80.1
isdirectlyconnected,GigabitEthernet0/0/0
98.0.0.0/8isvariablysubnetted,2subnets,2masks
C98.155.80.0/20isdirectlyconnected,GigabitEthernet0/0/0
L98.155.85.132/32isdirectlyconnected,GigabitEthernet0/0/0
142.254.0.0/32issubnetted,1subnets
S142.254.191.25[254/0]via98.155.80.1,GigabitEthernet0/0/0
192.168.1.0/24isvariablysubnetted,2subnets,2masks
C192.168.1.0/24isdirectlyconnected,Vlan1
L192.168.1.1/32isdirectlyconnected,Vlan1
#showiparp
ProtocolAddressAge(min)HardwareAddrTypeInterface
Internet98.155.80.100001.5c77.1a46ARPAGigabitEthernet0/0/0
Internet98.155.85.132-20cf.aede.eb00ARPAGigabitEthernet0/0/0
Internet192.168.1.1-20cf.aede.eb74ARPAVlan1
Internet192.168.1.9006400.6a2f.0c6cARPAVlan1
#showipnattranslations
Totalnumberoftranslations:0
11-01-2022 08:29 AM
Thanks for the additional information. It is interesting that the show ip route does have the gateway address which it learned from dhcp
Gatewayoflastresortis98.155.80.1
And interesting that the arp table shows only 2 entries associated with G0/0/0. If you run debug for arp and then attempt to ping something in the Internet from the router (or from some device in vlan 1) I believe that you will see your router sending arp requests and either receiving no response or receiving an error response.
11-01-2022 06:34 PM
Thanks for your reply. So how should I do next?
11-01-2022 08:13 PM
Several responses ago I suggested changing the static default route to this
ip route 0.0.0.0 0.0.0.0 dhcp
Give it a try and let us know the results.
11-01-2022 08:17 PM
Yes, I've tried that. However, it still cannot work normally.
11-01-2022 08:30 PM
Please post the current running config. Also please post the output of show ip route. then attempt to ping some Internet IP and then immediately do show arp and post that output.
11-11-2022 10:22 AM
11-11-2022 09:32 PM
Thank you for the additional information. I suggest that you remove this line from the config
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
I also suggest that you remove the line that does nat using a route map.
For both of these commands there are other commands in the config that will work better than these two.
The output of the arp table is interesting, especially the entry that is incomplete. The incomplete entry shows that your router has sent an arp request for the remote address and has not received a response. This suggests that your router is using the static default route that specifies the outbound interface but not a next hop and is why I suggest that you remove that line.
11-18-2022 07:25 AM
Thank you!I seem to have made some progress. Now the router can ping 8.8.8.8, but the host connected to the router cannot access the Internet. I cannot even ping to the host through the router. Is it my IP setting problem? I think my host does not get the IP from the router,Because my router cannot ping the host. Is it my internal DHCP or other problem? My configuration information is attached below.
Tanks again!
11-18-2022 11:04 PM
It is good to know that you have made some progress. I suggest that you remove the line in the config that specifies nat using a route map and leave nat only using the access list. Make this change and let us know the result.
11-22-2022 12:22 AM
Thank you very much ! I have a question as well, I want to reset my device ,but there are some prerequisites,I donnt know wheather I can reset it.
This is the link on Cisco's official website which talk about the reset:Cisco 1100 Series Software Configuration Guide, Cisco IOS XE Fuji 16.7.x - Console Port, Telnet, SSH Handling, and Reset Button [Cisco IOS XE 16] - Cisco
11-22-2022 08:31 PM
In addition, my router is connected to a modem. Will this device affect my router configuration?
11-23-2022 12:32 AM
There are several things to address:
- the link you provide about enabling the reset button describes multiple variables/restrictions and we do not know enough about your router to know which might apply. I suggest that you try enabling the service. If it works that is good. If it does not work you are no worse off than you are now.
- It is not clear whether being connected to a modem would have any impact on your config. I have looked at the config that you have posted. and do not see anything that is dependent on a modem connection. I can not say for sure that there is not something that we do not see which might have an impact. But in general I wold say no impact on config due to being connected to a modem
- You have posted several times the running config. In most of them interface g0/0/0 has specified nat outside. In the most recent version posted it shows nat inside. If correct that is a problem. This interface should be nat outside.
11-23-2022 01:48 AM
thank you very much ! Because the Internet is connected internally through the modem, I'm worried about whether PPPOE needs to be configured on my router, or whether my router's NAT configuration needs to be changed after dialing on the modem.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide