Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2691
Views
1
Helpful
8
Replies

Router ISR 1101-4P configuration. IP address DHCP from ISP. Not routing local network.

Go to solution
san4ez39
Level 1
Level 1

‎06-25-2021 03:47 AM

Hi,

i have Cisco ISR C1101-4P router.

I have configured it to take DHCP address from ISP on WAN port. 

Configured VLAN1 IP Address that i receive connecting my PC to LAN Ports.

Router can ping IP like 8.8.8.8 or any other and can ping FQDN. But my computer does not, i can only ping and traceroute to VLAN1 IP address and that is all.

Can someone help me in configuration? I suspect i need something like bridge maybe?

This is current router config:

 

version 16.9

service timestamps debug datetime msec

service timestamps log datetime msec

platform qfp utilization monitor load 80

no platform punt-keepalive disable-kernel-core

!

hostname R1

!

boot-start-marker

boot system flash bootflash:c1100-universalk9_ias.16.09.05.SPA.bin

boot-end-marker

!

no logging console

!

aaa new-model

!

aaa authentication login default local

aaa authorization exec default local

!

aaa session-id common

clock timezone GMT 2 0

clock summer-time GMT+2 recurring last Sun Mar 2:00 last Sun Oct 2:00

no ip source-route

ip options drop

!

ip name-server 212.59.8.18 212.59.8.19

ip domain lookup source-interface GigabitEthernet0/0/0

ip domain name kalv.local

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool LAN

 network 192.168.1.0 255.255.255.0

 default-router 192.168.1.1

 dns-server 212.59.8.18 212.59.8.19

!

login block-for 120 attempts 4 within 120

login on-failure log

login on-success log

!

subscriber templating

!

multilink bundle-name authenticated

!

license accept end user agreement

license boot level appxk9

no license smart enable

archive

 log config

  logging enable

  logging size 500

  notify syslog contenttype plaintext

  hidekeys

!

diagnostic bootup level minimal

!

spanning-tree extend system-id

!

!

redundancy

 mode none

!

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/0/0

 description ISP1

 ip address dhcp

 negotiation auto

!

interface GigabitEthernet0/1/0

!

interface GigabitEthernet0/1/1

!

interface GigabitEthernet0/1/2

 switchport mode access

!

interface GigabitEthernet0/1/3

!

interface Vlan1

 ip address 192.168.1.1 255.255.255.0

!

no ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp

ip ssh rsa keypair-name MGMT

ip ssh version 2

!

logging trap notifications

logging origin-id hostname

logging facility syslog

!

control-plane

!

line con 0

 exec-timeout 15 0

 privilege level 15

 logging synchronous

 transport input none

 stopbits 1

line vty 0 4

 exec-timeout 15 0

 privilege level 15

 logging synchronous

 transport input ssh

line vty 5 15

 exec-timeout 15 0

 privilege level 15

 logging synchronous

 transport input ssh

!

end

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎06-25-2021 04:10 AM - edited ‎06-25-2021 04:10 AM

Hello
You need to NAT for network vlan 1 users to be abe to reach the internet.

Int gig0/0/0
ip nat outside
int vlan 1
ip nat inside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source-list1 interface gig0/0/0


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

0 Helpful
8 Replies 8

Go to solution
paul driver
VIP
VIP

‎06-25-2021 04:10 AM - edited ‎06-25-2021 04:10 AM

Hello
You need to NAT for network vlan 1 users to be abe to reach the internet.

Int gig0/0/0
ip nat outside
int vlan 1
ip nat inside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source-list1 interface gig0/0/0


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
san4ez39
Level 1
Level 1
In response to paul driver

‎06-25-2021 04:28 AM

Thank you.

 

i know now where i was wrong. I tried this config before and it was not working:

Int gig0/0/0
ip nat outside
int vlan 1
ip nat inside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source-list1 interface vlan 1 overload

 

After i made changes and set your config - it started to work.

 

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to san4ez39

‎10-01-2023 07:31 AM

Hello @san4ez39 
your setup is just basically the same as this OP apart from your “wan” connection is already attached to a isp rtr that is performing PAT on your behalf hence what you receive a rfc 1918 private ip address on the wan interface of your own rtr

Now if you are wanting to ADD additional lan subnets internally requiring internet access you will ALSO need to apply PAT on your rtr for those additional lan subnets.

remove
no ip name-server 192.168.2.13
no ip dhcp excluded-address 192.16.2.1
no ip dhcp pool LAN
no ip route 0.0.0.0 0.0.0.0 192.168.2.1
no access-list 1 permit 
no ip default-gateway 192.168.2.2

add
ip name-server 
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1

ip route 0.0.0.0 0.0.0.0 gig0/0/0 192.168.1.1
access-list 1 permit 192.168.1.0 0.0.0.255

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
zissisktm
Level 1
Level 1
In response to paul driver

‎10-02-2023 03:05 AM

Hi,

Finally it's working!

I made the changes and also i add the

ip route 0.0.0.0 0.0.0.0 192.168.2.1 

access-list 1 permit 192.168.2.0  0.0.0.255

 

Thank you for your help!!

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to zissisktm

‎10-02-2023 06:04 AM

Glad to hear it..


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
zissisktm
Level 1
Level 1

‎09-28-2023 02:11 PM

Hi,

I have the same router and i have no connectivity from all lan ports g0/1/0,g0/1/1,g0/1/2,g0/1/3.

The interface g0/0/0 its ok and can make successful pings outside.

What do you think that is the problem?

Thanks in advance

 

0 Helpful

Go to solution
san4ez39
Level 1
Level 1
In response to zissisktm

‎09-30-2023 10:42 PM

Hi,

no routes, no nat? Hard to tell. Paste config please.

0 Helpful

Go to solution
zissisktm
Level 1
Level 1

‎10-01-2023 12:39 AM - last edited on ‎10-01-2023 12:48 AM by Community Manager

Hi,

i am new to networking and i m little bit confuse.

This router its like soho routers with 4 Lan interfaces L2 and 1 wan interface L3.

The topology is from the Lan ISP modem/router to cisco c1101-4p wan port. 

No connectinity from cisco LAN ports.

hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
!
ip name-server 192.168.2.13
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool LAN10
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.13
domain-name xxx
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed- xxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxx
revocation-check none
rsakeypair TP-self-signed-xxx
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
license udi pid C1101-4P sn
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
username xxx privilege 15 password xxx

!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 192.168.2.2 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
switchport mode access
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip dhcp server use subscriber-id client-id
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip default-gateway 192.168.2.2
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
transport input all
line vty 5 15
login
transport input all
!
!
!
!
!
!
end

Thanks for your replay

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card