Solved: Re: Router ISR 1101-4P configuration. IP address DHCP from ISP. Not ro

san4ez39 · ‎06-25-2021

Hi,

i have Cisco ISR C1101-4P router.

I have configured it to take DHCP address from ISP on WAN port.

Configured VLAN1 IP Address that i receive connecting my PC to LAN Ports.

Router can ping IP like 8.8.8.8 or any other and can ping FQDN. But my computer does not, i can only ping and traceroute to VLAN1 IP address and that is all.

Can someone help me in configuration? I suspect i need something like bridge maybe?

This is current router config:

version 16.9

service timestamps debug datetime msec

service timestamps log datetime msec

platform qfp utilization monitor load 80

no platform punt-keepalive disable-kernel-core

!

hostname R1

!

boot-start-marker

boot system flash bootflash:c1100-universalk9_ias.16.09.05.SPA.bin

boot-end-marker

!

no logging console

!

aaa new-model

!

aaa authentication login default local

aaa authorization exec default local

!

aaa session-id common

clock timezone GMT 2 0

clock summer-time GMT+2 recurring last Sun Mar 2:00 last Sun Oct 2:00

no ip source-route

ip options drop

!

ip name-server 212.59.8.18 212.59.8.19

ip domain lookup source-interface GigabitEthernet0/0/0

ip domain name kalv.local

ip dhcp excluded-address 192.168.1.1

!

ip dhcp pool LAN

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 212.59.8.18 212.59.8.19

!

login block-for 120 attempts 4 within 120

login on-failure log

login on-success log

!

subscriber templating

!

multilink bundle-name authenticated

!

license accept end user agreement

license boot level appxk9

no license smart enable

archive

log config

logging enable

logging size 500

notify syslog contenttype plaintext

hidekeys

!

diagnostic bootup level minimal

!

spanning-tree extend system-id

!

redundancy

mode none

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/0/0

description ISP1

ip address dhcp

negotiation auto

!

interface GigabitEthernet0/1/0

!

interface GigabitEthernet0/1/1

!

interface GigabitEthernet0/1/2

switchport mode access

!

interface GigabitEthernet0/1/3

!

interface Vlan1

ip address 192.168.1.1 255.255.255.0

!

no ip forward-protocol nd

no ip http server

no ip http secure-server

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp

ip ssh rsa keypair-name MGMT

ip ssh version 2

!

logging trap notifications

logging origin-id hostname

logging facility syslog

!

control-plane

!

line con 0

exec-timeout 15 0

privilege level 15

logging synchronous

transport input none

stopbits 1

line vty 0 4

exec-timeout 15 0

privilege level 15

logging synchronous

transport input ssh

line vty 5 15

exec-timeout 15 0

privilege level 15

logging synchronous

transport input ssh

!

end

paul driver · ‎06-25-2021

Hello
You need to NAT for network vlan 1 users to be abe to reach the internet.

Int gig0/0/0
ip nat outside
int vlan 1
ip nat inside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source-list1 interface gig0/0/0

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

paul driver · ‎06-25-2021

Hello
You need to NAT for network vlan 1 users to be abe to reach the internet.

Int gig0/0/0
ip nat outside
int vlan 1
ip nat inside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source-list1 interface gig0/0/0

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

san4ez39 · ‎06-25-2021

Thank you.

i know now where i was wrong. I tried this config before and it was not working:

Int gig0/0/0
ip nat outside
int vlan 1
ip nat inside
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source-list1 interface vlan 1 overload

After i made changes and set your config - it started to work.

paul driver · ‎10-01-2023

Hello @san4ez39
your setup is just basically the same as this OP apart from your “wan” connection is already attached to a isp rtr that is performing PAT on your behalf hence what you receive a rfc 1918 private ip address on the wan interface of your own rtr

Now if you are wanting to ADD additional lan subnets internally requiring internet access you will ALSO need to apply PAT on your rtr for those additional lan subnets.

remove
no ip name-server 192.168.2.13
no ip dhcp excluded-address 192.16.2.1
no ip dhcp pool LAN
no ip route 0.0.0.0 0.0.0.0 192.168.2.1
no access-list 1 permit
no ip default-gateway 192.168.2.2

add
ip name-server
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 192.168.1.1

ip route 0.0.0.0 0.0.0.0 gig0/0/0 192.168.1.1
access-list 1 permit 192.168.1.0 0.0.0.255

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

zissisktm · ‎10-02-2023

Hi,

Finally it's working!

I made the changes and also i add the

ip route 0.0.0.0 0.0.0.0 192.168.2.1

access-list 1 permit 192.168.2.0 0.0.0.255

Thank you for your help!!

paul driver · ‎10-02-2023

Glad to hear it..

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

zissisktm · ‎09-28-2023

Hi,

I have the same router and i have no connectivity from all lan ports g0/1/0,g0/1/1,g0/1/2,g0/1/3.

The interface g0/0/0 its ok and can make successful pings outside.

What do you think that is the problem?

Thanks in advance

san4ez39 · ‎09-30-2023

Hi,

no routes, no nat? Hard to tell. Paste config please.

zissisktm · ‎10-01-2023

Hi,

i am new to networking and i m little bit confuse.

This router its like soho routers with 4 Lan interfaces L2 and 1 wan interface L3.

The topology is from the Lan ISP modem/router to cisco c1101-4p wan port.

No connectinity from cisco LAN ports.

hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
!
ip name-server 192.168.2.13
ip dhcp excluded-address 192.168.2.1
!
ip dhcp pool LAN10
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 192.168.2.13
domain-name xxx
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed- xxx
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-xxx
revocation-check none
rsakeypair TP-self-signed-xxx
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
license udi pid C1101-4P sn
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
username xxx privilege 15 password xxx

!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip address 192.168.2.2 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
switchport mode access
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip dhcp server use subscriber-id client-id
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
ip default-gateway 192.168.2.2
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.2.1
!
!
access-list 1 permit 192.168.2.0 0.0.0.255
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
transport input all
line vty 5 15
login
transport input all
!
!
!
!
!
!
end

Thanks for your replay

Router ISR 1101-4P configuration. IP address DHCP from ISP. Not routing local network.