dhcp server is on the switch, google dns-server, gateway of the switch

that information can only help what PC have ip and DNS, we have asked some more information can you able to provide if you looking further assistance.

as i stated earlier, the dhcp server is the cisco 3850 switch! I am using the inside address from the router. when I activate the connection from windows. below 2921 router and 3850 switch setups.

Switch Setup:

Still couple of things missing and check :

1. On the switch 3850 do you have route added (default ?)

ip route 0.0.0.0 0.0.0.0  192.168.50.1

2. On the Router i see ACL for Switch and Router p2p and not the users IP address

add on router

access-list 1 permit 192.168.20.0 0.0.0.255

3. On the router i do not see NAT statement on any of your screenshot - if not there add below config on router :

ip nat inside source list 1 interface gig0/0 overload

4. on the router make sure you have route come from DHCP - check show ip route.

if not add below config on router.

ip route 0.0.0.0 0.0.0.0 Gig 0/0 dhcp

Still issue below output in TEXT  (not screenshot)

Router :

show run

show ip interface brief

show ip route

show ip nat trans

Switch :

show run

show ip route

show ip interface brief

PC

traceroute to 8.8.8.8

ping 8.8.8.8

Here are the results:

From Router:

From PC:

Looks like you not reading the reply correctly.

Do you have this config on your router ?

2. On the Router i see ACL for Switch and Router p2p and not the users IP address

add on router

access-list 1 permit 192.168.20.0 0.0.0.255

3. On the router i do not see NAT statement on any of your screenshot - if not there add below config on router :

ip nat inside source list 1 interface gig0/0 overload

Still issue below output in TEXT  (not screenshot)

Router :

show run

show ip interface brief

show ip route

show ip nat trans

Switch :

show run

show ip route

show ip interface brief

PC

traceroute to 8.8.8.8

ping 8.8.8.8

SWITCH SHOW RUN:

stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
!
!
!
!
!
!
end

LAB3850#sh ip int b
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan20 192.168.20.1 YES NVRAM up up
GigabitEthernet0/0 10.0.10.20 YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down
GigabitEthernet1/0/4 unassigned YES unset down down
GigabitEthernet1/0/5 unassigned YES unset down down
GigabitEthernet1/0/6 unassigned YES unset down down
GigabitEthernet1/0/7 unassigned YES unset down down
GigabitEthernet1/0/8 unassigned YES unset down down
GigabitEthernet1/0/9 unassigned YES unset down down
GigabitEthernet1/0/10 unassigned YES unset down down
GigabitEthernet1/0/11 unassigned YES unset down down
GigabitEthernet1/0/12 unassigned YES unset down down
GigabitEthernet1/0/13 unassigned YES unset down down
GigabitEthernet1/0/14 unassigned YES unset down down
GigabitEthernet1/0/15 unassigned YES unset down down
GigabitEthernet1/0/16 unassigned YES unset down down
GigabitEthernet1/0/17 unassigned YES unset down down
GigabitEthernet1/0/18 unassigned YES unset down down
GigabitEthernet1/0/19 unassigned YES unset down down
GigabitEthernet1/0/20 unassigned YES unset down down
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset down down
GigabitEthernet1/0/24 192.168.50.2 YES NVRAM up up
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
Te1/1/1 unassigned YES unset down down
Te1/1/2 unassigned YES unset down down
Te1/1/3 unassigned YES unset down down
Te1/1/4 unassigned YES unset down down
LAB3850#
LAB3850>en
Password:
LAB3850#
LAB3850#sh run | inc routing
class-map match-any system-cpp-police-routing-control
LAB3850#show ip default-gateway
^
% Invalid input detected at '^' marker.

LAB3850#sh ip route
Extended Host Mode is enabled
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.50.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.50.1
S 192.168.20.0/24 [1/0] via 192.168.50.1
192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, GigabitEthernet1/0/24
L 192.168.50.2/32 is directly connected, GigabitEthernet1/0/24
LAB3850#
LAB3850>reload
% Bad IP address or host name% Unknown command or computer name, or unable to find computer address
LAB3850>en
Password:
Password:
LAB3850#reload

System configuration has been modified. Save? [yes/no]: yes
Building configuration...
[OK]Reload command is being issued on Active unit, this will reload the whole stack
Proceed with reload? [confirm]

*Mar 30 02:01:58.610: %SYS-5-RELOAD: Reload requested by console. Reload Reason: Reload Command.
Chassis 1 reloading, reason - Reload command
reload fp action requested
process exit with reload stack code

% FACTORYRESET - Exiting without calling factory_reset
watchdog: watchdog0: watchdog did not stop!
reboot: Restarting system

Booting...
Both links down, not waiting for other switches
Switch number is 1

Restricted Rights Legend

Use, duplication, or disclosure by the Government is
subject to restrictions as set forth in subparagraph
(c) of the Commercial Computer Software - Restricted
Rights clause at FAR sec. 52.227-19 and subparagraph
(c) (1) (ii) of the Rights in Technical Data and Computer
Software clause at DFARS sec. 252.227-7013.

Cisco Systems, Inc.
170 West Tasman Drive
San Jose, California 95134-1706

Cisco IOS Software [Gibraltar], Catalyst L3 Switch Software (CAT3K_CAA-UNIVERSALK9-M), Version 16.12.12, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2024 by Cisco Systems, Inc.
Compiled Thu 12-Sep-24 03:45 by mcpre

This software version supports only Smart Licensing as the software licensing mechanism.

PLEASE READ THE FOLLOWING TERMS CAREFULLY. INSTALLING THE LICENSE OR
LICENSE KEY PROVIDED FOR ANY CISCO SOFTWARE PRODUCT, PRODUCT FEATURE,
AND/OR SUBSEQUENTLY PROVIDED SOFTWARE FEATURES (COLLECTIVELY, THE
"SOFTWARE"), AND/OR USING SUCH SOFTWARE CONSTITUTES YOUR FULL
ACCEPTANCE OF THE FOLLOWING TERMS. YOU MUST NOT PROCEED FURTHER IF YOU
ARE NOT WILLING TO BE BOUND BY ALL THE TERMS SET FORTH HEREIN.

Your use of the Software is subject to the Cisco End User License Agreement
(EULA) and any relevant supplemental terms (SEULA) found at
http://www.cisco.com/c/en/us/about/legal/cloud-and-software/software-terms.html.

You hereby acknowledge and agree that certain Software and/or features are
licensed for a particular term, that the license to such Software and/or
features is valid only for the applicable term and that such Software and/or
features may be shut down or otherwise terminated by Cisco after expiration
of the applicable license term (e.g., 90-day trial period). Cisco reserves
the right to terminate any such Software feature electronically or by any
other means available. While Cisco may provide alerts, it is your sole
responsibility to monitor your usage of any such term Software feature to
ensure that your systems and networks are prepared for a shutdown of the
Software feature.

ztate to up
*Mar 30 02:06:22.060: %PKI-2-NON_AUTHORITATIVE_CLOCK: PKI functions can not be initialized until an authoritative time source, like NTP, can be obtained.
*Mar 30 02:06:22.088: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI_LEGACY created succesfully
*Mar 30 02:06:22.132: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SUDI_LEGACY has been generated or imported by pki-sudi
*Mar 30 02:06:22.245: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI_LEGACY0 created succesfully
*Mar 30 02:06:22.262: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI created succesfully
*Mar 30 02:06:22.301: %CRYPTO_ENGINE-5-KEY_ADDITION: A key named CISCO_IDEVID_SUDI has been generated or imported by pki-sudi
*Mar 30 02:06:22.517: %PKI-6-TRUSTPOINT_CREATE: Trustpoint: CISCO_IDEVID_SUDI0 created succesfully
*Mar 30 02:06:22.528: %IOSXE_INFRA-6-PROCPATH_CLIENT_HOG: IOS shim client 'pkissl reader mqipc' has taken 266 msec (runtime: 253 msec) to process a 'unknown' message
LAB3850>

LAB3850>en
Password:
LAB3850#sh run
Building configuration...

Current configuration : 9544 bytes
!
! Last configuration change at 14:06:20 PST Sun Mar 30 2025
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
no platform punt-keepalive disable-kernel-core
platform management port rate-limt-enabled
!
hostname LAB3850
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!

LAB3850#sh run
Building configuration...

Current configuration : 9544 bytes
!
! Last configuration change at 14:06:20 PST Sun Mar 30 2025
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
no platform punt-keepalive disable-kernel-core
platform management port rate-limt-enabled
!
hostname LAB3850
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 9 $9$cO1KBscJJVKe9E$bZDIRcjWeSzgAETvqridNoiiRMBxwZw9RVrmchX54p2
!
no aaa new-model
boot system switch 1 flash:packages.conf
clock timezone PST 12 0
switch 1 provision ws-c3850-24p
!
!
!
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
no destination transport-method email
!
!
!
!
!
no ip domain lookup
ip domain name JMP.Local
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool 20
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 8.8.8.8 8.8.4.4
!
!
!
login on-success log
!
!
!
!
!
no device-tracking logging theft
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki trustpoint TP-self-signed-3376566880
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3376566880
revocation-check none
rsakeypair TP-self-signed-3376566880
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
crypto pki certificate chain TP-self-signed-3376566880
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33333736 35363638 3830301E 170D3235 30323138 32303137
34305A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33373635
36363838 30308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 0100F0B1 6D8C3A62 DCF8B781 9E6389DE 6E5E3425 7668C697 222440DC
68BFF866 01E9AD50 E6FA611F 009B11D1 DA3BB4F0 3E2A7AF0 18A91AF4 371D51BC
75D79DD1 3E092C93 CCF76F12 70C08545 C358DC80 C110B483 C826EB93 7E4E1748
65D9F162 3ADAD509 CF6D436C 967C379C B5645C4E 098B3F3E D5A2420B 60F72895
66DF59FB E1D3FEB5 987807D6 2C689E4E BE32C988 C6845083 602AE73F 9A3341B1
31DF0961 24411D7A 34424749 90EC7F1F D7C542E9 0EC1914D 2F280532 9DA49EDD
6F2C4FAE 602163F1 4B3C457B B115E23D A236DA47 6F7DA4C6 E5F1EA82 69616160
55AAB91A 6BEF2929 A7335190 38CA3103 67F5D411 2CFD5ACF 480E3F8C 68D04EA8
21B15A64 495F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 148E2FA6 71CB0867 93BC9C25 CF8AF1C3 6E0BBD68
B6301D06 03551D0E 04160414 8E2FA671 CB086793 BC9C25CF 8AF1C36E 0BBD68B6
300D0609 2A864886 F70D0101 05050003 82010100 263EC093 D28729B6 E3E40B6D
A5563866 F84AB79D CF8AE80D A1C3FDD3 28834A40 BF24CEBA 5C9C6D78 DE817E1D
1B5F3F9D B4C10E23 91129F32 B617C7A3 2221E10A BEDC84CC 23D023FC B41E9F6A
651225CF FAADEAA4 A1A50CF4 89DE030D 5BF7AE8D 6226A8E9 2E4424E8 49D4F931
1E0464F9 16021A87 4453E63F CE9FF786 F3F2E4D1 67B5C9FA 5C1A750F 535C05E1
709CC523 4B6F456E 907F7C7D 045F2A28 A436E368 A8180D44 9D7DA937 6B912716
E17A133B 66609C38 6CC0B7A1 CBFEBDCE 09A2DEB5 111C8203 C0BC8C83 2D595E73
C1CDD96F E8AF88C1 8C1B8115 7B203C92 A3755767 0DE38126 A1626607 A78A340B
F2A2C7FE FB795A13 E9AC4893 D0834C6C 3DBD23B4
quit
!
!
license boot level ipbasek9
!
!
diagnostic bootup level minimal
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
memory free low-watermark processor 79468
!
username admin privilege 15 secret 9 $9$ZICW89u./Tm2xE$kYS.5ZjJGCw3PaKKoesCAUxegiNo9IbVMaVLvJC4A6g
!
redundancy
mode sso
!
!
!
!
!
transceiver type all
monitoring
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description EWLC control, EWLC data, Inter FED
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, High Rate App, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control and Low Latency
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-dhcp-snooping
description DHCP snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold Pkt
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.0.10.20 255.255.255.0
negotiation auto
!
interface GigabitEthernet1/0/1
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
no switchport
ip address 192.168.50.2 255.255.255.0
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface TenGigabitEthernet1/1/3
!
interface TenGigabitEthernet1/1/4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.50.1
ip route 10.0.10.0 255.255.255.0 192.168.0.1
ip route 192.168.20.0 255.255.255.0 192.168.50.1
ip ssh version 2
!
!
!
!
!
control-plane
service-policy input system-cpp-policy
!
!
line con 0
exec-timeout 20 0
logging synchronous
login
stopbits 1
line aux 0
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
!
!
!
!
!
!
end

LAB3850#

SHOW IP ROUTE:

LAB3850#sh ip route
Extended Host Mode is enabled
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.50.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.50.1
S 192.168.20.0/24 [1/0] via 192.168.50.1
192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, GigabitEthernet1/0/24
L 192.168.50.2/32 is directly connected, GigabitEthernet1/0/24
LAB3850#

SWITCH SHOW IP INTERFACE BRIEF:
LAB3850#sh ip int br
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM administratively down down
Vlan20 192.168.20.1 YES NVRAM up down
GigabitEthernet0/0 10.0.10.20 YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset down down
GigabitEthernet1/0/4 unassigned YES unset down down
GigabitEthernet1/0/5 unassigned YES unset down down
GigabitEthernet1/0/6 unassigned YES unset down down
GigabitEthernet1/0/7 unassigned YES unset down down
GigabitEthernet1/0/8 unassigned YES unset down down
GigabitEthernet1/0/9 unassigned YES unset down down
GigabitEthernet1/0/10 unassigned YES unset down down
GigabitEthernet1/0/11 unassigned YES unset down down
GigabitEthernet1/0/12 unassigned YES unset down down
GigabitEthernet1/0/13 unassigned YES unset down down
GigabitEthernet1/0/14 unassigned YES unset down down
GigabitEthernet1/0/15 unassigned YES unset down down
GigabitEthernet1/0/16 unassigned YES unset down down
GigabitEthernet1/0/17 unassigned YES unset down down
GigabitEthernet1/0/18 unassigned YES unset down down
GigabitEthernet1/0/19 unassigned YES unset down down
GigabitEthernet1/0/20 unassigned YES unset down down
GigabitEthernet1/0/21 unassigned YES unset down down
GigabitEthernet1/0/22 unassigned YES unset down down
GigabitEthernet1/0/23 unassigned YES unset down down
GigabitEthernet1/0/24 192.168.50.2 YES NVRAM up up
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
Te1/1/1 unassigned YES unset down down
Te1/1/2 unassigned YES unset down down
Te1/1/3 unassigned YES unset down down
Te1/1/4 unassigned YES unset down down
LAB3850#

ROUTER SHOW RUN:

LAB2921#show run
Building configuration...

Current configuration : 2494 bytes
!
! Last configuration change at 22:31:25 UTC Sun Mar 30 2025
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LAB2921
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/0
enable secret 5 $1$gdyy$PfbPXJfHjJ6nWka6MgKgn1
!
no aaa new-model
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
!
!
no ip domain lookup
ip domain name JMP.Local
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
vxml logging-tag
license udi pid CISCO2921/K9 sn FTX1539AK8N
hw-module ism 0
!
hw-module pvdm 0/1
!
!
!
username admin privilege 15 secret 5 $1$5eNv$nfhpp7rMdOg16oq/qaBgU0
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface ISM0/0
no ip address
shutdown
!Application: CUE Running on ISM
!
interface GigabitEthernet0/1
ip address 192.168.50.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
interface ISM0/1
no ip address
!
interface Vlan1
no ip address
!
interface Async0/1/0
no ip address
encapsulation slip
!
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 192.168.20.0 255.255.255.0 192.168.50.2
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
ip ssh version 2
!
ipv6 ioam timestamp
!
!
access-list 1 permit 192.168.50.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
!
control-plane
!
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
gatekeeper
shutdown
!
!
line con 0
logging synchronous
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/1/0
stopbits 1
speed 115200
flowcontrol hardware
line 131
no activation-character
no exec
transport preferred none
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
logging synchronous
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

ROUTER SHOW IP INTERFACE BRIEF:
LAB2921#sh ip int br
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 192.168.0.135 YES DHCP up up
ISM0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/1 192.168.50.1 YES NVRAM up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
ISM0/1 unassigned YES unset up up
Async0/1/0 unassigned YES unset down down
NVI0 unassigned YES unset up up
Vlan1 unassigned YES unset up up
LAB2921#

ROUTER SHOW IP ROUTE:

LAB2921#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.0.1, GigabitEthernet0/0
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, GigabitEthernet0/0
L 192.168.0.135/32 is directly connected, GigabitEthernet0/0
S 192.168.20.0/24 [1/0] via 192.168.50.2
192.168.50.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.50.0/24 is directly connected, GigabitEthernet0/1
L 192.168.50.1/32 is directly connected, GigabitEthernet0/1
LAB2921#

ROUTER SHOW IP NAT TRANSLATION:
LAB2921>sh ip nat trans
LAB2921>
PC PING & TRACEROUTE:

Pinging 8.8.8.8 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Windows\system32>tracert 8.8.8.8

Tracing route to dns.google [8.8.8.8]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 ^C
C:\Windows\system32>

I got it to work by tearing down and starting from scratch. thanks for your help