Re: Surely I'm missing something simple!!!

YouDroppedYourPackets · ‎01-23-2020

Hi everyone. I hope somebody is able to assist?

I'm currently learning basic configuration of Cisco routers and switches. However, I can't seem to ping out beyond my internet connection's modem router. I

To help gain experience and pactice setting these devices up, I've picked up a 1941 router and 2960 switch. I haven't even had the chance to set up the switch as I've hit a roadblock on the 1941. I've attached an image with the current test environment I've setup in my workshop. My 1941 is behind my ADSL modem-router, and using bridge mode is not an option at our workshop. We have to double-nat.

So basically, from the router, whose IP is 192.168.1.200 on the modem's lan side I can ping the following successfully:

192.168.1.1 (The ADSL modem)

192.168.1.8 (another PC on the ADSL modem's LAN side).

What I CAN'T ping:

Literally anything beyond 192.168.1.1, so things like 1.1.1.1, 8.8.8.8, pool.ntp.org

It's worth noting that DNS is functioning ok. Ping has no troubles translating domain names to IPs to ping.

Surely I am missing a simple command here or there, and I can do this without modem being in bridge mode... Thus the router can ping out to the internet, in much the same way as I would by plugging my laptop directly into the modem's LAN ports and setting an IP?

My config is the following:

Current configuration : 1479 bytes
!
! Last configuration change at 05:13:59 UTC Fri Jan 24 2020
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname LabRouter
!
boot-start-marker
boot system flash flash:c1900-universalk9-mz.SPA.157-3.M5.bin
boot-end-marker
!
!
!
no aaa new-model

ip name-server 192.168.1.1
ip name-server 8.8.8.8
ip cef
no ipv6 cef
!
multilink bundle-name authenticated

!
redundancy
!

interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.200 255.255.255.0
ip helper-address 192.168.1.1
ip nat outside
ip virtual-reassembly in
duplex full
speed 100
!
interface GigabitEthernet0/1
ip address 192.168.16.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip default-network 192.168.1.0

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
! - COMMENT: note, I _have_ also tried ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
control-plane
!
!
line con 0

Thanks in advance, apologies for the long-winded post!

Muhammad Awais Khan · ‎01-23-2020

Hi,

With the configuration above, your Router should be able to Ping the internet fine with the above configuration. Not sure, what is dropping at Modem. From the Router LAN, things will not work until you complete your double-NAT configuration

!
ip access-list extended INTERNAL
permit ip 192.168.16.1 0.0.0.255 any

ip nat inside source list INTERNAL interface GigabitEthernet0/0 overload

!

you make the direct ping right without any source command ? you said DNS resolution worked fine ?

YouDroppedYourPackets · ‎01-23-2020

Yep, direct ping from router console to the ADSL modem LAN IP addresses in 192.168.1.x range work fine without any source commands, and using 192.168.1.1 as a dns server, dns resolution works absolutely fine.

We just can't seem to ping anything beyond the ADSL modem, which I know has no issues forwarding packets to the internet... I'm currently plugged into it using DHCP on my laptop, writing this post without any troubles.

Muhammad Awais Khan · ‎01-23-2020

That is weird, nothing looks wrong at the Router's configuration.

can you send the output of show ip route, want to see your default route is showing there or no ?

YouDroppedYourPackets · ‎01-23-2020

Here we go, everything seems legit from what I can see. I assume that anything not listed anywhere here will go straight out Ge0/0.... hence S* 0.0.0.0/0 [0/0], GigabitEthernet0/0...

LabRouter#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is not set

S* 0.0.0.0/0 [0/0], GigabitEthernet0/0
* 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C* 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.200/32 is directly connected, GigabitEthernet0/0
192.168.16.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.16.0/24 is directly connected, GigabitEthernet0/1
L 192.168.16.1/32 is directly connected, GigabitEthernet0/1
LabRouter#

Muhammad Awais Khan · ‎01-23-2020

Hi,

Can you remove ip default-network and change the static route to ip route 0.0.0.0 0.0.0.0 x.x.x.x.x to ip address instead of gig0/0 ?

Further, add below command

ip routing

In your routing table, gateway of last resort should be set to the IP of next-hop. I am actually worried in your table [0/0] was showing.

Gateway of last resort is 203.31.170.** to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 203.31.**

YouDroppedYourPackets · ‎01-23-2020

Changed my ip route, and added ip routing, but still we have no change in the situation.

Muhammad Awais Khan · ‎01-23-2020

Any change in routing table? You can see gateway of last resort showing ?

awabradrogers · ‎01-24-2020

I'm out of my workshop for the weekend. I'll follow up once I'm back at it.

awabradrogers · ‎01-24-2020

Anyhow, thanks for your help thus far, this has been quite a head-scratcher for someone trying to learn some stuff.

Muhammad Awais Khan · ‎01-24-2020

I know it's frustrating. Let's make a fresh start once you are back. Also do share the routing table when possible next time.

YouDroppedYourPackets · ‎01-28-2020

Okay, so I have returned to my workshop, and decided to start afresh, and go back to basics.....I did a write erase / reload of the router, and decided to let Gi0/0 pick up a DHCP IP address as per default..... The results were actually good......

LabRouter#sh ip ro
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S* 0.0.0.0/0 [254/0] via 192.168.1.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.2/32 is directly connected, GigabitEthernet0/0

In fact, the results were beautiful:

LabRouter#ping www.google.com
Translating "www.google.com"...domain server (192.168.1.1) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.217.167.68, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 40/66/92 ms
LabRouter#

While this is cool. I'm not satisfied with seeing that something just works, I'm also super interested in the how, and why as well! Besides, I should theoretically be able to assign the static IP of 192.168.1.200 without an issue, right?

So changing the hostname to LabRouter was fine, but I started to change the IP address, and that's where I started to run into trouble:

LabRouter#conf t
Enter configuration commands, one per line. End with CNTL/Z.
LabRouter(config)#int gi0/0
LabRouter(config-if)#ip address 192.168.1.200 255.255.255.0
% Nameserver entry 192.168.1.1 does not exist <=- (Wtf?)

I knew I couldn't ping any domains yet, that's fine, but I couldn't even ping 8.8.8.8, so that's no good. A sh ip ro produced this:

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is not set

192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.200/32 is directly connected, GigabitEthernet0/0

My understanding was that DHCP on an interface (ie, #ip address dhcp) would just affect that ip address / subnet.... The default config when it worked, had learned the default gateway / name server (192.168.1.1) likely from DHCP.... Changing just the IP at an interface level shouldn't affect the name server / gateway settings, which are in other sections of the config, right?

Muhammad Awais Khan · ‎01-28-2020

Hi,

Good to hear that every thing worked well with you. I believe when you assigned static IP Address, the Router removes all the information learned from DHCP including the default Route which seems to be expected behavior. That's the reason default gateway is no more showing in your Routing table and without default route you cannot ping anything outside your network.