Hi,

The cable is connected however orange light is blinking instead of green.

Reboot of modem did not help.

This is a shot in the dark, but cable providers usually only assign an IP address to the first mac address that it sees. From there, you have to nat your connections out.

So, for example, if you had a different router on this modem and then disconnected it and connected the Cisco, the provider may still think that the address that it assigned belonged to the old modem. If the interface is coming up on the Cisco router, it's not a crossover cable issue, and it looks like you have the correct config if you don't have to send pppoe information or anything like that. What you could do is to disconnect the router from the modem, or turn everything off, for about 15 minutes. Turn the modem back on and then the Cisco. If that doesn't work, you may have to do some debugs to see what's going on.

HTH,

John
 

Ok so partially I've got it working, however i'm still not able connect to the internet from my computer.

What i did is sub interface with DHCP assignment and Vlan 10 tagging - my ISP settings. 

From this point i can get external IP address.

interface Gig0/1

description WAN

no ip address

duplex auto

speed auto

interface Gig0/1.10

encapsulation dot1Q 10

ip address dhcp

ip nat outside

I think i need assign ip nat inside for my DATA VLAN however its not working. What i did is:

ip access-list standard UFB.NAT.INSIDE

permit any

ip nat inside source list UFB.NAT.INSIDE interface Gi0/0.110 overload

Than on the interface i assigned ip nat inside:

interface GigabitEthernet0/0.110
 description Data VLAN
 encapsulation dot1Q 110
 ip address 10.110.0.1 255.255.255.0

ip nat inside

My switch config is:

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SwPod1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LDXy$1QdQ73kHv.8sQenQNMq19.
!
!
!
no aaa new-model
clock timezone GMT 13
clock summer-time GMT recurring
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
no ip domain-lookup
!
!
!
!
crypto pki trustpoint TP-self-signed-2133227136
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2133227136
 revocation-check none
 rsakeypair TP-self-signed-2133227136
!
!
crypto pki certificate chain TP-self-signed-2133227136
 certificate self-signed 01
  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32313333 32323731 3336301E 170D3933 30333031 30303030
  35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31333332
  32373133 3630819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100B71D E6CDD16E D6FEDB25 EC976368 7925A2F8 75EE3EF0 D4C371DA 4B5539BB
  E3A9552F DE35F37B 45A2C5C4 30FEF8D7 C3C5C489 C08C8A90 B415D331 F4653100
  DC1E0ECE D93B2BF5 339C7B3A D170B80A AFEE8DA9 A82263F9 6324F8FA 94BB253E
  7B0B45D6 81E39078 1607DED1 85C69650 AB7D7419 96604F65 D9204BC8 1BC259BB
  6D0B0203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603
  551D1104 0B300982 07537750 6F64312E 301F0603 551D2304 18301680 14C16878
  2994DA55 82E0FAD0 046CED6D 0EBDA0EE AA301D06 03551D0E 04160414 C1687829
  94DA5582 E0FAD004 6CED6D0E BDA0EEAA 300D0609 2A864886 F70D0101 04050003
  81810090 C6829BAE 9B2A3A31 2A32C1FB AC7946E5 287A43B6 EC9F31D5 13296A2E
  1810E5EB 2503617C C4CCDF9D 421E2372 E94A8BFA D73AB361 46BF80E4 B2C3E828
  6DB62E7F DE5E0F6F B93A885E 3A5E13CA 6D95426C 9494C22D 005E8BC9 C6C012D5
  DF186CFB 194BC416 89566F98 0C21CC79 D477022C A4845D94 EE0FC299 7C7710C5 32F314
  quit
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/14
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/15
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/16
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/17
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/18
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/19
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/20
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/21
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/22
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface FastEthernet0/23
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet0/24
 switchport access vlan 110
 switchport mode access
 switchport voice vlan 115
 spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan111
 ip address 10.111.0.2 255.255.255.0
!
ip default-gateway 10.111.0.1
ip classless
ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
!
!
!
line con 0
 exec-timeout 120 0
 password cisco
 logging synchronous
 login
line vty 0 4
 exec-timeout 120 0
 password cisco
 logging synchronous
 login
line vty 5 15
 exec-timeout 120 0
 password cisco
 logging synchronous
 login
!
ntp clock-period 36028581
ntp server 10.110.0.1

Any clues ?

Try changing your NAT acl to -

ip access-list standard UFB.NAT.INSIDE

permit ip 10.110.0.0 255.255.0.0

and retest.

Edit - it may be a typo but you also need to make the following change -

ip nat inside source list UFB.NAT.INSIDE interface Gi0/1.10 overload  <--- at the moment you have gi0/0.110 as the interface

Jon

Hi John,

I have tried your suggestion but unfortunately didn't work.

The correct command is:

ip access-list standard UFB.NAT.INSIDE

permit 10.110.0.0 0.0.255.255   (wildcard)

Also i use physical interface Gi0/1 for connection to modem WAN and physical interface Gi0/0 for internal network and is connected to switch. So, ip nat inside has to be assign to Gi0/0.110 - my DATA network.

Please correct me if i am wrong.

Apologies, I forgot the wildcard.

So you need to use the acl with the wildcard.

As for the other part of what I posted. Yes you have applied the correct NAT statements to the correct interfaces so they don't need changing.

It is the actual statement I posted ie. you have referenced the wrong interface.

Please reread and if it's still not clear then let me know.

Jon

Hi John,

Eventually i have started getting something on the router, however i cannot still access internet from my computer or even ping any external IP from the switch.

So my router config now is:

RtrPod1#show running-config

Building configuration...

Current configuration : 6624 bytes

!

! Last configuration change at 06:27:45 GMT Thu Dec 18 2014

! NVRAM config last updated at 05:16:50 GMT Thu Dec 18 2014

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname RtrPod1

!

boot-start-marker

boot system usbflash0:c2800nm-advipservicesk9-mz.124-24.T1.bin

boot system flash c2800nm-advipservicesk9-mz.124-24.T1.bin

boot-end-marker

!

logging message-counter syslog

enable secret 5 $1$kABI$oyiPktODUDz4Ahdz7pCma0

!

no aaa new-model

clock timezone GMT 13

clock summer-time GMT recurring

clock calendar-valid

no network-clock-participate wic 1

network-clock-participate wic 2

!

dot11 syslog

ip source-route

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.110.0.1 10.110.0.10

ip dhcp excluded-address 10.115.0.1 10.115.0.10

!

ip dhcp pool Data

   network 10.110.0.0 255.255.255.0

   default-router 10.110.0.1

!

ip dhcp pool Voice

   network 10.115.0.0 255.255.255.0

   default-router 10.115.0.1

   option 150 ip 10.115.0.1

!

!        

no ip domain lookup

no ipv6 cef

ntp update-calendar

ntp server 192.189.54.33

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!        

!

!

!

!

!

!

voice-card 0

!

!

crypto pki trustpoint TP-self-signed-1408351535

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1408351535

 revocation-check none

 rsakeypair TP-self-signed-1408351535

!

!

crypto pki certificate chain TP-self-signed-1408351535

 certificate self-signed 01

  3082023F 308201A8 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 31343038 33353135 3335301E 170D3134 31323137 31363136

  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34303833

  35313533 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  81009EEF ADD1297E 7CD9BE3E 5BD3798D 10831172 0E025CB9 C7E57188 006DA7E1

  E7B1D9A9 73EC5C53 841413DE E3E4AECD BC80C3D1 CC6BA113 B91CC736 16AF1576

  F37F8437 C9577F4A 0AE72460 1E524E06 74E8DD39 E6952E1F 85547E71 1AD3DE5A

  6DCB12E9 BD953716 13B41148 320EC307 9E45B084 80D0591A E49E8AE2 D87C0716

  86430203 010001A3 67306530 0F060355 1D130101 FF040530 030101FF 30120603

  551D1104 0B300982 07527472 506F6431 301F0603 551D2304 18301680 14880D89

  51BCB633 B6F32385 71C9A39E 72149EAF 99301D06 03551D0E 04160414 880D8951

  BCB633B6 F3238571 C9A39E72 149EAF99 300D0609 2A864886 F70D0101 04050003

  8181004F 662DED7C D740C3AF 4CB08D30 2D5A7A7C 7EAB7CB2 406CAD1B C0A4F670

  CE63A7B1 68800220 7F6F3397 EF569993 67A421C3 8C1146DD F56010FD AE451806

  B1168EB5 0145B229 7DB9A754 4EE6B2A3 658C7A14 A8607699 0391FA22 DFA2630E

  C8C9EF07 F65864E3 6BD6AA1C F8A9D6BD 330CA2F4 89ECE754 8F132314 42EFC493 11EB7E

        quit

!

!

username student privilege 15 secret 5 $1$o8qC$cxUuwRjEtfvasjtjfNZAv/

archive

 log config

  hidekeys

!

!

!        

!

!

controller E1 0/1/0

!

!

!

!

!

interface GigabitEthernet0/0

 no ip address

 duplex auto

 speed auto

!

interface GigabitEthernet0/0.110

 description Data VLAN

 encapsulation dot1Q 110

 ip address 10.110.0.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

!

interface GigabitEthernet0/0.111

 description Management VLAN

 encapsulation dot1Q 111

 ip address 10.111.0.1 255.255.255.0

!

interface GigabitEthernet0/0.115

 description Voice VLAN

 encapsulation dot1Q 115

 ip address 10.115.0.1 255.255.255.0

!

interface GigabitEthernet0/1

 description WAN

 no ip address

 duplex auto

 speed auto

!

interface GigabitEthernet0/1.10

 encapsulation dot1Q 10

 ip address dhcp

 ip nat outside

 ip virtual-reassembly

!

interface Serial0/0/0

 no ip address

 shutdown

 clock rate 2000000

!

interface BRI0/2/0

 no ip address

!

interface BRI0/2/1

 no ip address

!

interface Service-Engine1/0

 no ip address

 shutdown

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1.10

ip http server

ip http authentication local

ip http secure-server

ip http path flash:/gui

!

!

ip nat inside source list UFB.NAT.INSIDE interface GigabitEthernet0/1.10 overload

!

ip access-list standard UFB.NAT.INSIDE

 permit any

!

!

!

!

!

!

tftp-server flash:phone/7942-7962/jar42sccp.8-4-1-23.sbn alias jar42sccp.8-4-1-23.sbn

tftp-server flash:phone/7942-7962/cnu42.8-4-1-23.sbn alias cnu42.8-4-1-23.sbn

tftp-server flash:phone/7942-7962/dsp42.8-4-1-23.sbn alias dsp42.8-4-1-23.sbn

tftp-server flash:phone/7942-7962/term42.default.loads alias term42.default.loads

tftp-server flash:phone/7942-7962/term62.default.loads alias term62.default.loads

tftp-server flash:phone/7942-7962/SCCP42.8-4-2S.loads alias SCCP42.8-4-2S.loads

tftp-server flash:phone/7942-7962/apps42.8-4-1-23.sbn alias cvm42sccp.8-4-1-23.sbn

!

control-plane

!

!

!        

voice-port 0/2/0

!

voice-port 0/2/1

!

voice-port 0/3/0

 cptone NZ

 station-id name 8 Hukanui Crescent

 station-id number 555

 caller-id enable

!

voice-port 0/3/1

!

voice-port 2/0/0

!

voice-port 2/0/1

!

voice-port 2/0/2

!

voice-port 2/0/3

!

voice-port 2/0/4

!

voice-port 2/0/5

!

voice-port 2/0/6

!

voice-port 2/0/7

 shutdown

!

!

mgcp fax t38 ecm

mgcp behavior g729-variants static-pt

!

!

!

!

!

!

telephony-service

 max-ephones 5

 max-dn 10

 ip source-address 10.115.0.1 port 2000

 system message Have A Great Day

 load 7962 SCCP42.8-4-2S

 time-zone 53

 time-format 24

 max-conferences 8 gain -6

 web admin system name webadmin secret 5 $1$MafG$7vShhmB.Tlfy22rnE88BK1

 transfer-system full-consult

 create cnf-files version-stamp 7960 Dec 18 2014 05:16:47

!

!

ephone-dn  1

 number 1000

 label IT Department

 description Accounter

 name Anna Osipova

!

!

ephone-dn  2

 number 2000

 label Accounting Dept

 name Lukasz Dobrzanski

!

!

ephone-dn  3  dual-line

 number 3000 secondary 4000

!

!        

ephone  1

 device-security-mode none

 mac-address 0023.5EB7.9C0F

 username "lukasz" password lukasz

 type 7962

 button  1:1 2:3

 pin 1605

!

!

!

ephone  2

 device-security-mode none

 mac-address 108C.CFE0.19DF

 username "anna" password anna

 type 7962

 button  1:2 2:3

 pin 2166

!

!

alias exec t telnet 10.111.0.2

alias exec c copy running-config startup-config

!

line con 0

 exec-timeout 120 0

 password cisco

 logging synchronous

 login

line aux 0

line 66

 no activation-character

 no exec

 transport preferred none

 transport input all

 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

line vty 0 4

 exec-timeout 120 0

 password cisco

 logging synchronous

 login local

 transport input telnet ssh

line vty 5 15

 exec-timeout 120 0

 password cisco

 logging synchronous

 login local

 transport input telnet ssh

!

scheduler allocate 20000 1000

end

After typing this command i get:

RtrPod1#show ip nat translation

Pro Inside global      Inside local       Outside local      Outside global

udp 203.173.212.98:123 192.168.15.100:123 192.189.54.33:123  192.189.54.33:123

udp 203.173.212.98:68  203.173.212.98:68  203.173.215.254:67 203.173.215.254:67

udp 203.173.212.98:1024 203.173.212.98:5060 198.27.86.243:5077 198.27.86.243:5077

And this one - it only confirms i get external IP on the router:

RtrPod1#show ip interf brie

Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet0/0         unassigned      YES NVRAM  up                    up     

GigabitEthernet0/0.10      unassigned      YES unset  up                    up     

GigabitEthernet0/0.110     10.110.0.1      YES NVRAM  up                    up     

GigabitEthernet0/0.111     10.111.0.1      YES NVRAM  up                    up     

GigabitEthernet0/0.115     10.115.0.1      YES NVRAM  up                    up     

GigabitEthernet0/1         unassigned      YES manual up                    up     

GigabitEthernet0/1.10      203.173.212.98  YES DHCP   up                    up     

Serial0/0/0                unassigned      YES NVRAM  administratively down down   

BRI0/2/0                   unassigned      YES NVRAM  up                    down   

BRI0/2/0:1                 unassigned      YES unset  down                  down   

BRI0/2/0:2                 unassigned      YES unset  down                  down   

BRI0/2/1                   unassigned      YES NVRAM  up                    down   

BRI0/2/1:1                 unassigned      YES unset  down                  down   

BRI0/2/1:2                 unassigned      YES unset  down                  down   

Service-Engine1/0          unassigned      YES NVRAM  administratively down down   

NVI0                       10.110.0.1      YES unset  up                    up      

What is going on ?

Your acl is wrong again.

Can you modify the acl again to use the subnet and wildcard mask.

Jon

I have tried with:

ip access-list standard UFB.NAT.INSIDE
 permit 10.110.0.0 0.0.255.255

but still nothing

Sorry to be pedantic but when you tried with that acl had you also updated the NAT statement as I requested ie. where i said you needed to change the interface.

Your current configuration shows that the statement is now correct but i was wondering if when you tried the updated acl you hadn't updated that statement.

Hope you see what i mean.

Can you confirm one way or the other.

Also i assume you are testing from a client in the 10.110.0.x subnet ?

If so how far can you get with the ping ?

Jon

Hi John and Vishal, sorry for late replay as I was away.

So after show ip route and show ip interface brief I get:

RtrPod1#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

     118.0.0.0/22 is subnetted, 1 subnets

C       118.92.12.0 is directly connected, GigabitEthernet0/1.10

     10.0.0.0/24 is subnetted, 3 subnets

C       10.110.0.0 is directly connected, GigabitEthernet0/0.110

C       10.111.0.0 is directly connected, GigabitEthernet0/0.111

C       10.115.0.0 is directly connected, GigabitEthernet0/0.115

S*   0.0.0.0/0 is directly connected, GigabitEthernet0/1.10

RtrPod1#show ip interf brie

Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet0/0         unassigned      YES NVRAM  up                    up     

GigabitEthernet0/0.110     10.110.0.1      YES NVRAM  up                    up     

GigabitEthernet0/0.111     10.111.0.1      YES NVRAM  up                    up     

GigabitEthernet0/0.115     10.115.0.1      YES NVRAM  up                    up     

GigabitEthernet0/1         unassigned      YES DHCP   up                    up     

GigabitEthernet0/1.10      118.92.14.89    YES DHCP   up                    up     

Serial0/0/0                unassigned      YES NVRAM  administratively down down   

BRI0/2/0                   unassigned      YES NVRAM  up                    down   

BRI0/2/0:1                 unassigned      YES unset  down                  down   

BRI0/2/0:2                 unassigned      YES unset  down                  down   

BRI0/2/1                   unassigned      YES NVRAM  up                    down   

BRI0/2/1:1                 unassigned      YES unset  down                  down   

BRI0/2/1:2                 unassigned      YES unset  down                  down   

Service-Engine1/0          unassigned      YES NVRAM  administratively down down   

NVI0                       10.110.0.1      YES unset  up                    up  

Also I can ping from my computer default gateway and external interface with assigned IP by ISP – in this case 118.92.14.89 .

I cannot ping 4.2.2.2 from the router.

Interesting thing is that if I use permit 10.110.0.1 0.0.255.255 than I do not get any output in:

show ip nat translation

However I do get something with ip permit any

Very strange

Please try to ping 4.2.2.2 from your pc.

I also noticed that you are not assigning any DNS server under DHCP configuration

Please do these 2 steps and keep us posted 

When you use /24 mask, you can make changes in 3rd octet not in 2nd octet

Please check your ip scheme.