Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1095
Views
15
Helpful
6
Replies

NAT/Internet issue. Only my router can ping the internet.

Go to solution
dtzips
Level 1
Level 1

‎06-22-2021 05:28 PM

Hello,

 

I have been trying to configure my home network with cisco equipment for the purpose of learning.

 

Currently, I have my ISP modem connected to a Cisco 1841 router. This router is connected to a Cisco Catalyst 3750 series switch and they are both configured with OSPF. The switch is configured with 3 vlans which are all functional. The logical setup of this network is Modem>Router>Switch

 

The router can ping www.google.com, but the switch cannot. However, everything on the network can ping the router. This includes the switch and the devices connected to it. My research has lead me to believe this is just an issue with NAT.

 

Below are the running configs for the router and the switch. Please let me know the correct process for configuring NAT on these devices, or if there is anything else that I need to change to make the devices ping to the internet. Thanks in advance, any feedback is appreciated!

 

Router:

Current configuration : 1196 bytes
!
! Last configuration change at 00:05:43 UTC Wed Jun 23 2021
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO1841 sn FTX1028W00P
!
redundancy
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.1.101 255.255.255.252
ip nat inside
ip virtual-reassembly in
ip ospf network point-to-point
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
!
router ospf 1
network 10.0.1.100 0.0.0.3 area 0
network 173.90.0.0 0.0.255.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

 

MLS:

Current configuration : 5175 bytes
!
! Last configuration change at 05:05:47 UTC Mon Mar 1 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MLS
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c3750x-48p
system mtu routing 1500
ip routing
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool VLAN_30
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
!
ip dhcp pool VLAN_10
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
ip dhcp pool VLAN_20
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
!
!
!
!
crypto pki trustpoint TP-self-signed-2834786944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834786944
revocation-check none
rsakeypair TP-self-signed-2834786944
!
!
crypto pki certificate chain TP-self-signed-2834786944
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383334 37383639 3434301E 170D3933 30333031 30303031
32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38333437
38363934 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C16F E0E8F6C1 322F21E8 C7FD1C6B 79E08438 AE791B61 04264B89 4524E9E2
73652C5B 2FC17133 9D99A4AC 49F6A8A0 66894FAD 86869C33 163C4690 FD805683
D8E0652B AB439065 15873875 C440DD9B 685413FC C375C0D9 0B906DD7 2F8C73DF
3A3964A5 B3693B84 853A8DB5 792F52CD A38CC91A 56E697D2 DB741276 095C74DC
BF690203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603
551D1104 07300582 034D4C53 301F0603 551D2304 18301680 14580F20 DF95EB79
1537B233 8B369735 6BBACCE2 A2301D06 03551D0E 04160414 580F20DF 95EB7915
37B2338B 3697356B BACCE2A2 300D0609 2A864886 F70D0101 04050003 81810005
75E856D3 20536E65 C2527DBD 68AE39FC 9F6D73E7 4391F488 E194B646 6D20D31E
9CCC3A73 80DCA199 AAB62476 044672F0 2AA9BAB3 EEB9EFFF 87F8A7E4 565A05E9
3333AEEC CF3AC750 DFF9D648 BC08CCA1 93BFE0E0 469F2C00 DFAC79BE FFD9D58D
8AEBD78C ECCA178C 5D31AC79 5A667679 59D270CA 2BABBBA7 3F51EE2E E8F5BA
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
no switchport
ip address 10.0.1.102 255.255.255.252
ip ospf network point-to-point
speed 100
!
interface GigabitEthernet1/0/2
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description Guest_Access
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 20
spanning-tree portfast
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
!
interface Vlan30
ip address 192.168.3.1 255.255.255.0
!
router ospf 1
network 10.0.1.100 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
!
ip http server
ip http secure-server
!
!
logging esm config
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎06-23-2021 07:56 AM

Hello,

 

on  a side note, 'permit ip any any' in a NAT access list is usually not a good idea and will often not work, or work erratically.

 

Either way, the changes marked in bold should get you going:

 

Current configuration : 1196 bytes
!
! Last configuration change at 00:05:43 UTC Wed Jun 23 2021
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO1841 sn FTX1028W00P
!
redundancy
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.1.101 255.255.255.252
ip nat inside
ip virtual-reassembly in
ip ospf network point-to-point
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
!
router ospf 1
network 10.0.1.100 0.0.0.3 area 0
network 173.90.0.0 0.0.255.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
--> ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
--> access-list 1 permit 192.168.2.0 0.0.0.255
--> access-list 1 permit 192.168.3.0 0.0.0.255
logging esm config
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

 

MLS:

 

Current configuration : 5175 bytes
!
! Last configuration change at 05:05:47 UTC Mon Mar 1 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MLS
!
boot-start-marker
boot-end-marker
!
no aaa new-model
switch 1 provision ws-c3750x-48p
system mtu routing 1500
ip routing
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool VLAN_30
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
--> dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool VLAN_10
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
--> dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool VLAN_20
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
--> dns-server 8.8.8.8 8.8.4.4
!
crypto pki trustpoint TP-self-signed-2834786944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834786944
revocation-check none
rsakeypair TP-self-signed-2834786944
!
crypto pki certificate chain TP-self-signed-2834786944
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383334 37383639 3434301E 170D3933 30333031 30303031
32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38333437
38363934 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C16F E0E8F6C1 322F21E8 C7FD1C6B 79E08438 AE791B61 04264B89 4524E9E2
73652C5B 2FC17133 9D99A4AC 49F6A8A0 66894FAD 86869C33 163C4690 FD805683
D8E0652B AB439065 15873875 C440DD9B 685413FC C375C0D9 0B906DD7 2F8C73DF
3A3964A5 B3693B84 853A8DB5 792F52CD A38CC91A 56E697D2 DB741276 095C74DC
BF690203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603
551D1104 07300582 034D4C53 301F0603 551D2304 18301680 14580F20 DF95EB79
1537B233 8B369735 6BBACCE2 A2301D06 03551D0E 04160414 580F20DF 95EB7915
37B2338B 3697356B BACCE2A2 300D0609 2A864886 F70D0101 04050003 81810005
75E856D3 20536E65 C2527DBD 68AE39FC 9F6D73E7 4391F488 E194B646 6D20D31E
9CCC3A73 80DCA199 AAB62476 044672F0 2AA9BAB3 EEB9EFFF 87F8A7E4 565A05E9
3333AEEC CF3AC750 DFF9D648 BC08CCA1 93BFE0E0 469F2C00 DFAC79BE FFD9D58D
8AEBD78C ECCA178C 5D31AC79 5A667679 59D270CA 2BABBBA7 3F51EE2E E8F5BA
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
no switchport
ip address 10.0.1.102 255.255.255.252
ip ospf network point-to-point
speed 100
!
interface GigabitEthernet1/0/2
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description Guest_Access
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 20
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
!
interface Vlan30
ip address 192.168.3.1 255.255.255.0
!
router ospf 1
network 10.0.1.100 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
!
ip http server
ip http secure-server
!
logging esm config
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

View solution in original post

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎06-23-2021 08:12 AM

I agree that the missing access list 1 was the biggest problem and prevented Internet access for the vlans. I also agree that the static default route including the dhcp parameter is good. I would like to see the output of show ip route from the switch. I suspect that the switch is not getting the default route advertised from the router, and that the router needs to include default-information originate in its OSPF configuration.

HTH

Rick

View solution in original post

0 Helpful
6 Replies 6

Go to solution
paul driver
VIP
VIP

‎06-23-2021 12:19 AM - edited ‎06-23-2021 12:20 AM

Hello

Looks like your missing an NAT access-list on the rtr for your lan subnets 

ip nat inside source list 1 interface FastEthernet0/0 overload

access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎06-23-2021 04:16 AM

When you setup DHCP, iam sure DHCP gave you Route on the router, so check show ip route, you should have static route towards ISP (since you able to reach from router, that is take care)

 

 ip route 0.0.0.0 0.0.0.0 fast0/0 dhcp  - if required to help route.

 

Not sure about this network in your OSPF ?

 

network 173.90.0.0 0.0.255.255 area 0

 

But you to do not having matching ACL for Access list 1

 

ip nat inside source list 1 interface FastEthernet0/0 overload

 

I can add acess-liust 1 permit any any - which will take effect on any new IP come in.

 

But if you like to control based on subnets

 

access-list 1 permit 192.168.1.0 0.0.0.255

access-list 1 permit 192.168.2.0 0.0.0.255

access-list 1 permit 192.168.3.0 0.0.0.255

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Go to solution
Georg Pauwen
VIP
VIP

‎06-23-2021 07:56 AM

Hello,

 

on  a side note, 'permit ip any any' in a NAT access list is usually not a good idea and will often not work, or work erratically.

 

Either way, the changes marked in bold should get you going:

 

Current configuration : 1196 bytes
!
! Last configuration change at 00:05:43 UTC Wed Jun 23 2021
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO1841 sn FTX1028W00P
!
redundancy
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.1.101 255.255.255.252
ip nat inside
ip virtual-reassembly in
ip ospf network point-to-point
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
!
router ospf 1
network 10.0.1.100 0.0.0.3 area 0
network 173.90.0.0 0.0.255.255 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
--> ip route 0.0.0.0 0.0.0.0 FastEthernet0/0 dhcp
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
--> access-list 1 permit 192.168.2.0 0.0.0.255
--> access-list 1 permit 192.168.3.0 0.0.0.255
logging esm config
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

 

MLS:

 

Current configuration : 5175 bytes
!
! Last configuration change at 05:05:47 UTC Mon Mar 1 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MLS
!
boot-start-marker
boot-end-marker
!
no aaa new-model
switch 1 provision ws-c3750x-48p
system mtu routing 1500
ip routing
ip dhcp excluded-address 192.168.3.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool VLAN_30
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
--> dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool VLAN_10
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
--> dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool VLAN_20
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
--> dns-server 8.8.8.8 8.8.4.4
!
crypto pki trustpoint TP-self-signed-2834786944
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2834786944
revocation-check none
rsakeypair TP-self-signed-2834786944
!
crypto pki certificate chain TP-self-signed-2834786944
certificate self-signed 01
3082023B 308201A4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32383334 37383639 3434301E 170D3933 30333031 30303031
32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 38333437
38363934 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C16F E0E8F6C1 322F21E8 C7FD1C6B 79E08438 AE791B61 04264B89 4524E9E2
73652C5B 2FC17133 9D99A4AC 49F6A8A0 66894FAD 86869C33 163C4690 FD805683
D8E0652B AB439065 15873875 C440DD9B 685413FC C375C0D9 0B906DD7 2F8C73DF
3A3964A5 B3693B84 853A8DB5 792F52CD A38CC91A 56E697D2 DB741276 095C74DC
BF690203 010001A3 63306130 0F060355 1D130101 FF040530 030101FF 300E0603
551D1104 07300582 034D4C53 301F0603 551D2304 18301680 14580F20 DF95EB79
1537B233 8B369735 6BBACCE2 A2301D06 03551D0E 04160414 580F20DF 95EB7915
37B2338B 3697356B BACCE2A2 300D0609 2A864886 F70D0101 04050003 81810005
75E856D3 20536E65 C2527DBD 68AE39FC 9F6D73E7 4391F488 E194B646 6D20D31E
9CCC3A73 80DCA199 AAB62476 044672F0 2AA9BAB3 EEB9EFFF 87F8A7E4 565A05E9
3333AEEC CF3AC750 DFF9D648 BC08CCA1 93BFE0E0 469F2C00 DFAC79BE FFD9D58D
8AEBD78C ECCA178C 5D31AC79 5A667679 59D270CA 2BABBBA7 3F51EE2E E8F5BA
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
shutdown
!
interface GigabitEthernet1/0/1
no switchport
ip address 10.0.1.102 255.255.255.252
ip ospf network point-to-point
speed 100
!
interface GigabitEthernet1/0/2
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet1/0/3
description Guest_Access
switchport access vlan 30
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 20
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
!
interface Vlan30
ip address 192.168.3.1 255.255.255.0
!
router ospf 1
network 10.0.1.100 0.0.0.3 area 0
network 192.168.1.0 0.0.0.255 area 0
network 192.168.2.0 0.0.0.255 area 0
network 192.168.3.0 0.0.0.255 area 0
!
ip http server
ip http secure-server
!
logging esm config
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎06-23-2021 08:12 AM

I agree that the missing access list 1 was the biggest problem and prevented Internet access for the vlans. I also agree that the static default route including the dhcp parameter is good. I would like to see the output of show ip route from the switch. I suspect that the switch is not getting the default route advertised from the router, and that the router needs to include default-information originate in its OSPF configuration.

HTH

Rick
0 Helpful

Go to solution
paul driver
VIP
VIP

‎06-23-2021 01:29 PM - edited ‎06-23-2021 01:40 PM

Hello

in this instance the gateway of last resort will be the isp be it with an high admin distance via the dhcp allocation from the isp rtr although applying a static default is always recommended something i personally missed.and @balaji.bandi  highlighted. 

 

@Richard Burts stated a good point regards the switch not having a default route and applying ospf default information originate so then as its a stub network anyway possibly could go one step further and append “always” function to it?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎06-25-2021 08:19 AM

I am glad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card