Need help configuring a default route

hfakoor222 · ‎04-07-2022

Topology below my RTR1 can ping google, facebook, my PC

My PC, and server LOL at the end cannot ping past the f2/0 port of RTR1

I'm asking for suggestions on how to configure a default route on RTR1 so my VPCS and LOL server can ping the internet

Current configuration : 1489 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RTR1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.0.1
!
ip dhcp pool L1
network 172.16.0.0 255.255.255.0
default-router 172.16.0.1
!
!
no ip domain lookup
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat source list IPNAT interface FastEthernet2/0 overload
!
ip access-list standard IPNAT
permit any
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login

hfakoor222 · ‎04-07-2022

On my LOL server is Ubuntu and it looks liek a IP address has been assigned via DHCP, and the default route is currently 172.16.0.1

No I am trying to have my vpcs and ubuntu server ping the internet but not able to

David Ruess · ‎04-07-2022

Hello,

I assume you can ping the Default Gateway

On R1 you cans try this:

ip route 0.0.0.0 0.0.0.0 <next hop ip/exit interface>

<- you should be able to use either next hop or exit interface of internet

-David

balaji.bandi · ‎04-07-2022

Try below :

no ip nat source list IPNAT interface FastEthernet2/0 overload

no ip access-list standard IPNAT



ip dhcp pool L1
network 172.16.0.0 255.255.255.0
default-router 172.16.0.1

dns-server 8.8.8.8

!

ip route 0.0.0.0 0.0.0.0 FastEthernet2/0    ( I am sure DHCP supplied route but to be safe)

access-list 101 permit ip 172.16.0.0 0.0.0.255 

!

ip nat inside source list 101 interface FastEthernet2/0 overload

Still have issues:

post the latest config of the router and switch.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎04-07-2022

I have seen issues when NAT was configured with an access list which used the "any" parameter. So I agree with @balaji.bandi that the NAT configuration should be changed. But his suggested change still uses "any". And why use an extended access list here? A simple standard acl would work quite well such as

ip access-list standard IPNAT
permit 172.16.0.0 0.0.0.255

The suggestion to add a dns server to the dhcp pool is quite appropriate.

The major issue raised in the original post is the lack of a default route. The suggestion to use

ip route 0.0.0.0 0.0.0.0 FastEthernet2/0

(just to be safe) requires that the next hop device support proxy arp. And it would have the result that the router would arp for every remote address to which it tries to forward traffic. A better solution would be

ip route 0.0.0.0 0.0.0.0 dhcp

HTH

Rick

balaji.bandi · ‎04-08-2022

@Richard Burts - good catch - fast typo corrected now

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎04-08-2022

Can Not ping port in router ?

PC-L2SW-R <- this make the broadcast from PC reach the R which is GW for PC
PC-L3SW-L2Link-R <- this make the broadcast from PC reach the R which is GW for PC

PC-L3SW-L3link-R <- this way R can not be GW for PC, the GW is SVI in L3SW and you need routing between L3SW and R

paul driver · ‎04-09-2022

Hello
As you have a dhcp enabled wan interface then its means your public ip is in theory dynamic and not statically assigned so when that interface receives an dhcp allocation a default route should be appended in to the rtrs routing table (providing ip routing isnt disabled) with an high administrative distance metric (200) however it is recommended that you do apply a static default route specifically when you have NAT applied- Also NAT access-lists with access-list control entries(ace) with ANY ANY isn’t supported as you could in theory nat packets unintentionally so ACL aces need to be more specific.

suggest try the following:

conf t

ip route 0.0.0.0 0.0.0.0 fa2/0 dhcp

ip access-list standard IPNAT

no 10
permit 172.16.0.0 0.0.0.255

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

hfakoor222 · ‎04-15-2022

Am I correct in assuming this is what fixed my issue?

ip route 0.0.0.0 0.0.0.0 fa2/0 dhcp

hfakoor222 · ‎04-15-2022

So i tried this

!
router rip
version 2
redistribute connected
network 192.168.122.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet2/0
!
!
no ip http server
no ip http secure-server
ip nat inside source list 99 interface FastEthernet2/0 overload
!
access-list 99 permit 172.106.0.0 (took this out and left 2nd one in below)
access-list 99 permit 172.106.0.0 0.0.0.255

to taking the final suggestion by Paul with still no luck... I can ping to the segment on the router interface but not the cloud


!
!
archive
log config
hidekeys
!
!
!
!
ip tcp synwait-time 5
!
!
!
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
clock rate 2000000
!
interface FastEthernet0/1
ip address 172.16.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
router rip
version 2
redistribute connected
network 192.168.122.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet2/0 dhcp
!
!
no ip http server
no ip http secure-server
ip nat source list IPNAT interface FastEthernet2/0 overload
!
ip access-list standard IPNAT
permit 172.16.0.0 0.0.0.255
!
no cdp log mismatch duplex
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0

It is still not able to ping to the outside

hfakoor222 · ‎04-15-2022

Is there a way to ping it without DHCP?

\

My overall goal is to connect Ubuntu VM to the internet

Richard Burts · ‎04-15-2022

If I am reading the discussion correctly you tried a static default route that did not include the dhcp parameter and could not access the Internet. Then you tried a static default route that did include the dhcp parameter and could successfully access the Internet. So in your case it seems to be required to use the dhcp parameter.

Clearly you need dhcp on interface fa2/0 to get an IP address. You need your router to trust and use the default route provided by dhcp.

HTH

Rick

hfakoor222 · ‎04-16-2022

no the DHCP route did not work. I've tried static routing and haven't found a way. I've thn at the end inquired about connecting via no SHCP or even NAT, if that's a possibility, since my goal is to connect to the internet.

balaji.bandi · ‎04-16-2022

You config have issue here. check the NAT statement

ip route 0.0.0.0 0.0.0.0 FastEthernet2/0 dhcp
!
!
ip nat inside source list 99 interface FastEthernet2/0 overload
!

no access-list 99 
access-list 99 permit 172.16.0.0 0.0.0.255 any   ( before it was 172.106.x.x - that is wrong)

Not sure you need RIP here in your network - lets clean up not necessary config :

no router rip

My overall goal is to connect Ubuntu VM to the internet

what is Ubunutu VM IP. ubuntu able to ping gateway? what port did it connect? do you have any switches in between?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎04-16-2022

At one point there was a comment that it had started to work. But apparently that has been edited out and so we assume that routing is still an issue. (Though the NAT issue identified by @balaji.bandi could well be the issue now) So let me identify the ways that a default route can be implemented:

- Your router could learn a default route by running a dynamic routing protocol with the ISP (typically this would be BGP). I do not think that BGP in this environment is very likely.

- Your router could implement a static default route which specifies a next hop address. Since you are using dhcp on the outside interface I am assuming that the ISP did not supply a next hop address to be used in the configuration. So this is not an appropriate approach.

- Your router could implement a static default route which specifies the outbound interface. Sometimes this works and some times it does not work - it depends on whether the next hop device has enabled proxy arp or not. Without proxy arp this does not work. And even if it does work it makes the router work much harder and is generally not recommended. Posts in this discussion suggest that you did try this and that it did not work.

- Your router could implement a static default route which specifies the parameter dhcp. This tells the router to trust and use the default route which was provided in the dhcp negotiation. I suggested this approach in a previous post. It is not clear whether you tried this or not.

- Your router could implement a static default route which specifies both the outbound interface and the parameter dhcp. Using the parameter dhcp resolves the issue about requiring proxy arp when the static route specifies the outbound interface. I believe that you have tried this approach but it seems to not be working.

If it is not working then we need to do some additional investigation and troubleshooting. Please provide a current copy of the full running config. Also please post the output of these commands from the router:

- show ip interface brief

- show arp

- show ip route

From the device that you are testing with please provide its IP address, mask, and default gateway.

From the device that you are testing with

- can the device ping the router LAN interface?

- can the device ping the router WAN interface (FA2/0)?

- the output of traceroute (or tracert) to 8.8.8.8

HTH

Rick