10-18-2022 04:42 AM
My C1111-8P has a Modem connected to Wan0 (g0/0/0) and a local PC connected to Lan1 (g0/1/1). I have other routers connected to this modem, and the network access is normal. I don't understand why my PC can't access the network, nor can I ping the external network at the CLI end of the router. The following is my configuration and web screenshot.
router#show running-config
Building configuration...
Current configuration : 6879 bytes
!
! Last configuration change at 03:37:27 UTC Sat Oct 8 2022
!
version 16.10
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip dhcp excluded-address 192.168.1.1 192.168.1.5
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-2702808450
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2702808450
revocation-check none
rsakeypair TP-self-signed-2702808450
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-2702808450
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373032 38303834 3530301E 170D3232 30383139 32313339
30325A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37303238
30383435 30308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A2D7 6774030A B3D868C0 AE4B03C5 EDC64A41 9276A80A F9D411D6
76782754 8BA578A5 3CC7AD4A C1084C8C 45D70FCB 2FB3367C E9B5BEE0 B9339CB3
AFB2B0F4 1D17CEA6 0D71FE1D 2C7E2836 E8544497 EDB92C96 A5AC95DF 2071B418
B9207BAE D9195FE5 20C643C2 B141D37F 2D6522BB 6D968798 A9A49F8A 174595D4
3311CE76 E980C252 9D213DFF 293AC5A6 99009F0B C7168AB9 412E50E3 3CC7B1F1
5E8375B4 710C8CDF 0C340E75 A9C602D3 80A73E54 E3DA4E1E 502F0AC8 2576BD45
B9D18F1E 04712B84 82EB04D7 BDEEDF8A 61AD8D02 B57A532C DCF3D188 FC218D29
3BADB8E9 C1612B31 01355CC6 5B61B764 4F8F1058 648DE560 E6B144E0 15F61B42
B7D451B2 5EDD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14D7A8B6 3201D3BA 22455987 BB713253 18AC533D
F5301D06 03551D0E 04160414 D7A8B632 01D3BA22 455987BB 71325318 AC533DF5
300D0609 2A864886 F70D0101 05050003 82010100 245A2B9C E64640FC 872DF06E
765AF3F8 448A172F E6297DB1 B9F6B3A2 95FC2188 885779E2 886A8133 0297A5F5
7E6A169E A3028E46 C7DD9D56 B729D388 C4D5C2CC 0E6E5ED9 425C610A 20BB94F6
EB270B4E 5C160FD7 5B514A70 F9E65CE2 BB068399 93332CEA 5ACCB74B 14BCC951
0335D944 994F1628 DE02B341 ECE5F5AA 8770295B D803EBE9 F7B3F7FE 7F46E67F
C65AFE63 32FD8A23 A26AEE70 5E8E060B 518E7967 3C917BA4 1FCDD715 0D78F9C4
1493B5ED 2AADA33E D5B7CB9B B88029D8 6CE43EAA 7BFA5D83 7A992764 2627504B
D139E80E 7DCE8487 0B07C06B CCDC6CB3 A571218A 6A6D4929 D814471F E0BA8F63
AD34A79B 60B8C557 A288E32C 9E559347 E43D17F9
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
license udi pid C1111-8P sn FCZ2540R1UH
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Modem
ip address dhcp hostname cisco
ip nat outside
negotiation auto
ipv6 address dhcp
ipv6 address autoconfig
ipv6 dhcp client pd cisco
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
length 0
!
!
!
!
!
!
end
router#shwo int g0/0/0
^
% Invalid input detected at '^' marker.
router#show int g0/0/0
GigabitEthernet0/0/0 is up, line protocol is up
Hardware is C1111-2x1GE, address is 20cf.aede.eb00 (bia 20cf.aede.eb00)
Description: Modem
Internet address is 98.151.134.108/19
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
Full Duplex, 1000Mbps, link type is auto, media type is RJ45
output flow-control is on, input flow-control is on
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:09, output hang never
Last clearing of "show interface" counters never
Input queue: 0/375/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 155000 bits/sec, 329 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
401922 packets input, 24138572 bytes, 0 no buffer
Received 400994 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 595 multicast, 0 pause input
437 packets output, 44736 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
S* 0.0.0.0/0 is directly connected, GigabitEthernet0/0/0
98.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 98.151.128.0/19 is directly connected, GigabitEthernet0/0/0
L 98.151.134.108/32 is directly connected, GigabitEthernet0/0/0
142.254.0.0/32 is subnetted, 1 subnets
S 142.254.191.25 [254/0] via 98.151.128.1, GigabitEthernet0/0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.1/32 is directly connected, Vlan1
10-18-2022 04:47 AM
Have you configured any access-list for this:
match ip address 197?
10-18-2022 10:52 PM
No,I dont! I configure the above contents.
10-18-2022 11:36 PM
Then try the configuration that @balaji.bandi wrote to you.
10-18-2022 05:09 AM
Try below example and test it.
no route-map track-primary-if permit 1
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
!
if you have DNS issue, then change
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 8.8.8.8
10-18-2022 10:54 PM
Thanks,I will try it.
10-20-2022 03:04 AM
Sorry, I still can't connect to the Internet. I'm going to reset this device. What steps can I follow? Or whether there are guidance documents or commands.
10-20-2022 04:22 AM
Can you post the config again after changing and saved the config
10-26-2022 09:33 PM
The latest configuration is shown below. Please take a look.
#show runn
#show running-config
Building configuration...
Current configuration : 6829 bytes
!
! Last configuration change at 03:57:40 UTC Thu Oct 27 2022
!
version 16.10
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
ip name-server 8.8.8.8
ip dhcp excluded-address 192.168.1.1 192.168.1.5
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-2702808450
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2702808450
revocation-check none
rsakeypair TP-self-signed-2702808450
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-2702808450
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373032 38303834 3530301E 170D3232 30383139 32313339
30325A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37303238
30383435 30308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100A2D7 6774030A B3D868C0 AE4B03C5 EDC64A41 9276A80A F9D411D6
76782754 8BA578A5 3CC7AD4A C1084C8C 45D70FCB 2FB3367C E9B5BEE0 B9339CB3
AFB2B0F4 1D17CEA6 0D71FE1D 2C7E2836 E8544497 EDB92C96 A5AC95DF 2071B418
B9207BAE D9195FE5 20C643C2 B141D37F 2D6522BB 6D968798 A9A49F8A 174595D4
3311CE76 E980C252 9D213DFF 293AC5A6 99009F0B C7168AB9 412E50E3 3CC7B1F1
5E8375B4 710C8CDF 0C340E75 A9C602D3 80A73E54 E3DA4E1E 502F0AC8 2576BD45
B9D18F1E 04712B84 82EB04D7 BDEEDF8A 61AD8D02 B57A532C DCF3D188 FC218D29
3BADB8E9 C1612B31 01355CC6 5B61B764 4F8F1058 648DE560 E6B144E0 15F61B42
B7D451B2 5EDD0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14D7A8B6 3201D3BA 22455987 BB713253 18AC533D
F5301D06 03551D0E 04160414 D7A8B632 01D3BA22 455987BB 71325318 AC533DF5
300D0609 2A864886 F70D0101 05050003 82010100 245A2B9C E64640FC 872DF06E
765AF3F8 448A172F E6297DB1 B9F6B3A2 95FC2188 885779E2 886A8133 0297A5F5
7E6A169E A3028E46 C7DD9D56 B729D388 C4D5C2CC 0E6E5ED9 425C610A 20BB94F6
EB270B4E 5C160FD7 5B514A70 F9E65CE2 BB068399 93332CEA 5ACCB74B 14BCC951
0335D944 994F1628 DE02B341 ECE5F5AA 8770295B D803EBE9 F7B3F7FE 7F46E67F
C65AFE63 32FD8A23 A26AEE70 5E8E060B 518E7967 3C917BA4 1FCDD715 0D78F9C4
1493B5ED 2AADA33E D5B7CB9B B88029D8 6CE43EAA 7BFA5D83 7A992764 2627504B
D139E80E 7DCE8487 0B07C06B CCDC6CB3 A571218A 6A6D4929 D814471F E0BA8F63
AD34A79B 60B8C557 A288E32C 9E559347 E43D17F9
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
license udi pid C1111-8P sn FCZ2540R1UH
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description Modem
ip address dhcp hostname Spectrum
ip nat outside
negotiation auto
ipv6 address dhcp
ipv6 address autoconfig
ipv6 dhcp client pd Spectrum
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
!
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
password SpectrumRouter
login
length 0
!
!
!
!
!
!
end
11-23-2022 01:02 AM
Hello,
which IP address is interface GigabitEthernet0/0/0 getting from the Spectrum router ?
10-26-2022 10:18 PM
In addition, there is another problem. My router cannot ping my directly connected PC, but my PC can ping the router
10-27-2022 10:57 AM
This is due to PC may have FW built in, so check PC FW disable and test it.
are you able to see show IP arp PC, that means connection is ok.
coming to your issue, from Router are you able to ping outside network ? or provider network IP address
can you post below information :
show IP route
show IP arp
show nat translations
is that PC not able to get internet using browser ? can PC able to ping 8.8.8.8 and provider IP address ?
10-27-2022 11:25 AM
There were several issues with your prior attempt to configure NAT. The new approach is much better.
I believe that @balaji.bandi is correct in suggesting that the problem pinging the PC is likely to be a firewall or other security policy on the PC.
I believe that @balaji.bandi has asked an important question, which is whether your router is able to ping the Internet. I suspect that it is able to ping the connected modem address but has problems accessing Internet. I believe that the issue may be in the configuration of the default route
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
If a static route specifies the outbound interface without specifying a next hop, and if the interface is Ethenet then the result is that your router must arp for every remote destination address and the connected ISP device must enable proxy arp to respond to the router arp requests for remote addresses. The security implications of proxy arp lead many organizations to not enable proxy arp and I suspect that is the case here. I suggest that you change the static default route to this
ip route 0.0.0.0 0.0.0.0 dhcp
10-28-2022 02:14 AM
thanks,I will try it.
10-27-2022 07:08 PM
No,my router cant ping outside network,PC also cant get internet.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide