Solved: No internet for Clients C1111

murmucka · ‎11-11-2021

Hi guys,

router connects successfully to the internet, i also can ping WAN destination from CLI. But no internet for clients on Ethernet POrts.

Current configuration : 5787 bytes

!

! Last configuration change at 07:58:19 UTC Fri Nov 12 2021

!

version 16.9

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

platform qfp utilization monitor load 80

no platform punt-keepalive disable-kernel-core

!

hostname GW-MURMUCKA-01

!

boot-start-marker

boot system flash bootflash:c1100-universalk9_ias.16.09.05.SPA.bin

boot-end-marker

!

!

enable secret 5 xxx

enable password 7 xxx

!

no aaa new-model

clock timezone UTC 1 0

!

!

ip nbar http-services

!

ip name-server 8.8.8.8

ip dhcp excluded-address 10.0.10.1 10.0.10.99

ip dhcp excluded-address 10.0.20.1 10.0.20.99

ip dhcp excluded-address 10.0.99.1 10.0.99.99

!

ip dhcp pool ClientPrinter

network 10.0.10.0 255.255.255.0

default-router 10.0.10.2

dns-server 8.8.8.8

!

ip dhcp pool IoT

network 10.0.20.0 255.255.255.0

default-router 10.0.20.2

dns-server 8.8.8.8

!

ip dhcp pool ManagementNetwork

network 10.0.99.0 255.255.255.0

default-router 10.0.99.2

dns-server 8.8.8.8

!

!

!

login on-success log

!

!

!

!

!

!

!

subscriber templating

multilink bundle-name authenticated

!

!

!

crypto pki trustpoint TP-self-signed-1281955900

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-1281955900

revocation-check none

rsakeypair TP-self-signed-1281955900

!

!

crypto pki certificate chain TP-self-signed-1281955900

certificate self-signed 01

...

quit

!

license udi pid C1111-4P sn xxx

no license smart enable

!

diagnostic bootup level minimal

!

spanning-tree extend system-id

!

!

username admin privilege 15 secret 9 xxx

!

redundancy

mode none

!

!

vlan internal allocation policy ascending

!

!

!

!

!

!

interface GigabitEthernet0/0/0

description Ace Telecom

no ip address

ip mtu 1452

ip nbar protocol-discovery

ip nat outside

ip tcp adjust-mss 1412

negotiation auto

pppoe enable group global

pppoe-client dial-pool-number 1

!

interface GigabitEthernet0/0/1

no ip address

shutdown

negotiation auto

!

interface GigabitEthernet0/1/0

description Link to CoreSwitch

switchport trunk native vlan 99

switchport mode trunk

spanning-tree portfast trunk

!

interface GigabitEthernet0/1/1

description ClientPrinter

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/1/2

description IoT

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/1/3

description Management

switchport access vlan 99

switchport mode access

spanning-tree portfast

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

description *** ClientPrinter ***

ip address 10.0.10.2 255.255.255.0

ip nat inside

!

interface Vlan20

description *** IoT ***

ip address 10.0.20.2 255.255.255.0

ip nat inside

!

interface Vlan99

description *** Management ***

ip address 10.0.99.2 255.255.255.0

ip nat inside

!

interface Dialer1

mtu 1480

ip address negotiated

ip mtu 1452

encapsulation ppp

ip tcp adjust-mss 1412

dialer pool 1

dialer idle-timeout 0

dialer persistent

dialer-group 1

ppp mtu adaptive

ppp authentication pap callin

ppp pap sent-username user password 7 password

ppp ipcp dns request

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

ip nat inside source list 11 interface GigabitEthernet0/0/0 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

!

!

access-list 11 remark define internal networks

access-list 11 permit 10.0.10.0 0.0.0.255

access-list 11 permit 10.0.20.0 0.0.0.255

access-list 11 permit 10.0.99.0 0.0.0.255

dialer-list 1 protocol ip permit

!

!

snmp-server community public RO

!

!

control-plane

!

!

line con 0

transport input none

stopbits 1

line vty 0 4

password 7 xxx

login

length 0

!

!

!

!

!

!

end

Georg Pauwen · ‎11-11-2021

Hello,

make the changes marked in bold to your configuration:

Current configuration : 5787 bytes
!
! Last configuration change at 07:58:19 UTC Fri Nov 12 2021
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname GW-MURMUCKA-01
!
boot-start-marker
boot system flash bootflash:c1100-universalk9_ias.16.09.05.SPA.bin
boot-end-marker
!
enable secret 5 xxx
enable password 7 xxx
!
no aaa new-model
clock timezone UTC 1 0
!
ip nbar http-services
!
ip name-server 8.8.8.8
ip dhcp excluded-address 10.0.10.1 10.0.10.99
ip dhcp excluded-address 10.0.20.1 10.0.20.99
ip dhcp excluded-address 10.0.99.1 10.0.99.99
!
ip dhcp pool ClientPrinter
network 10.0.10.0 255.255.255.0
default-router 10.0.10.2
dns-server 8.8.8.8
!
ip dhcp pool IoT
network 10.0.20.0 255.255.255.0
default-router 10.0.20.2
dns-server 8.8.8.8
!
ip dhcp pool ManagementNetwork
network 10.0.99.0 255.255.255.0
default-router 10.0.99.2
dns-server 8.8.8.8
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-1281955900
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1281955900
revocation-check none
rsakeypair TP-self-signed-1281955900
!
crypto pki certificate chain TP-self-signed-1281955900
certificate self-signed 01...
quit
!
license udi pid C1111-4P sn xxx
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 xxx
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
description Ace Telecom
no ip address
ip mtu 1452
ip nbar protocol-discovery
ip nat outside
ip tcp adjust-mss 1412
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
description Link to CoreSwitch
switchport trunk native vlan 99
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet0/1/1

description ClientPrinter
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/2
description IoT
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/3
description Management
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description *** ClientPrinter ***
ip address 10.0.10.2 255.255.255.0
ip nat inside
!
interface Vlan20
description *** IoT ***
ip address 10.0.20.2 255.255.255.0
ip nat inside
!
interface Vlan99
description *** Management ***
ip address 10.0.99.2 255.255.255.0
ip nat inside
!
interface Dialer1
mtu 1480
ip address negotiated
--> ip nat outside
ip mtu 1452
encapsulation ppp
ip tcp adjust-mss 1412
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp mtu adaptive
ppp authentication pap callin
ppp pap sent-username user password 7 password
ppp ipcp dns request
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
--> ip nat inside source list 11 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 11 remark define internal networks
access-list 11 permit 10.0.10.0 0.0.0.255
access-list 11 permit 10.0.20.0 0.0.0.255
access-list 11 permit 10.0.99.0 0.0.0.255
dialer-list 1 protocol ip permit
!
snmp-server community public RO
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
password 7 xxx
login
length 0
!
end

View solution in original post

balaji.bandi · ‎11-11-2021

Let's try below : ( what kind of clients ? what IP clients get ?) from client are you able to ping gateway if yes ttry below ?;

no ip nat inside source list 11 interface GigabitEthernet0/0/0 overload

ip nat inside source list 11 interface Dialer1 overload

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

murmucka · ‎11-11-2021

Hi, i just test the connection on Port GiEth0/1/1 (VLAN10)

Client is a PC, setting: DHCP. Client receive the proper IP 10.0.10.100 from ClientPrinter Pool, with the right gateway (10.0.10.2, and DNS 8.8.8.8)

But no internet on this PC. Ping the gateway works.

I changed the config to the suggested, without success. There is only internet from Cisco CLI

balaji.bandi · ‎11-12-2021

sorry missed the point on

interface Dialer1
 ip nat outside

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎11-11-2021

Hello,

make the changes marked in bold to your configuration:

Current configuration : 5787 bytes
!
! Last configuration change at 07:58:19 UTC Fri Nov 12 2021
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname GW-MURMUCKA-01
!
boot-start-marker
boot system flash bootflash:c1100-universalk9_ias.16.09.05.SPA.bin
boot-end-marker
!
enable secret 5 xxx
enable password 7 xxx
!
no aaa new-model
clock timezone UTC 1 0
!
ip nbar http-services
!
ip name-server 8.8.8.8
ip dhcp excluded-address 10.0.10.1 10.0.10.99
ip dhcp excluded-address 10.0.20.1 10.0.20.99
ip dhcp excluded-address 10.0.99.1 10.0.99.99
!
ip dhcp pool ClientPrinter
network 10.0.10.0 255.255.255.0
default-router 10.0.10.2
dns-server 8.8.8.8
!
ip dhcp pool IoT
network 10.0.20.0 255.255.255.0
default-router 10.0.20.2
dns-server 8.8.8.8
!
ip dhcp pool ManagementNetwork
network 10.0.99.0 255.255.255.0
default-router 10.0.99.2
dns-server 8.8.8.8
!
login on-success log
!
subscriber templating
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-1281955900
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1281955900
revocation-check none
rsakeypair TP-self-signed-1281955900
!
crypto pki certificate chain TP-self-signed-1281955900
certificate self-signed 01...
quit
!
license udi pid C1111-4P sn xxx
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 xxx
!
redundancy
mode none
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/0/0
description Ace Telecom
no ip address
ip mtu 1452
ip nbar protocol-discovery
ip nat outside
ip tcp adjust-mss 1412
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
description Link to CoreSwitch
switchport trunk native vlan 99
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet0/1/1

description ClientPrinter
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/2
description IoT
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1/3
description Management
switchport access vlan 99
switchport mode access
spanning-tree portfast
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description *** ClientPrinter ***
ip address 10.0.10.2 255.255.255.0
ip nat inside
!
interface Vlan20
description *** IoT ***
ip address 10.0.20.2 255.255.255.0
ip nat inside
!
interface Vlan99
description *** Management ***
ip address 10.0.99.2 255.255.255.0
ip nat inside
!
interface Dialer1
mtu 1480
ip address negotiated
--> ip nat outside
ip mtu 1452
encapsulation ppp
ip tcp adjust-mss 1412
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp mtu adaptive
ppp authentication pap callin
ppp pap sent-username user password 7 password
ppp ipcp dns request
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
--> ip nat inside source list 11 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 11 remark define internal networks
access-list 11 permit 10.0.10.0 0.0.0.255
access-list 11 permit 10.0.20.0 0.0.0.255
access-list 11 permit 10.0.99.0 0.0.0.255
dialer-list 1 protocol ip permit
!
snmp-server community public RO
!
control-plane
!
line con 0
transport input none
stopbits 1
line vty 0 4
password 7 xxx
login
length 0
!
end

murmucka · ‎11-11-2021

Thank you guys, awesome, it works