cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
672
Views
100
Helpful
47
Replies
Beginner

Re: WAN routing issues---need some help please!

Still trying to figure this out if anyone can help!

 

VIP Advocate

Re: WAN routing issues---need some help please!

Hi,

Make some correction as below


no ip domain lookup
ip cef
!
interface GigabitEthernet0/0
description Facing the ISP (the WAN)
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
description Facing my LAN (the LAN)
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache cef
duplex auto
speed auto
no cdp enable
!
no ip default-gateway 10.0.1.1
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
!
!
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.1.0 0.0.0.255 any

One Simple question: Why you disabled the CEF on both interfaces? 

 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution If this comment will make help you!
Hall of Fame Master

Re: WAN routing issues---need some help please!

I had wondered about why cef was disabled. Glad to see the suggestion about it. Also agree that the second static default route which mentions outbound interface but not next hop should be removed.

 

Would the original poster give us the output of show arp from the router? Also can you clarify what you are trying to access on the Internet and how you are trying to access it? Is it web browsing or ping or something else? Does it make any difference if you try to access it by IP address rather than by name?

 

HTH

 

Rick

Beginner

Re: WAN routing issues---need some help please!

Hi, thanks for your help...it is much appreciated!  

 

I'm trying to get out on the internet and browse the web when I'm referring to internet access.  Here is the show ARP output and show run if it helps.  Really pulling my hair out here! 

 

Lab_2921#show run
Building configuration...

Current configuration : 1919 bytes
!
! Last configuration change at 14:31:03 UTC Wed Mar 27 2019
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Lab_2921
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.0.1.170
ip dhcp excluded-address 10.0.1.100 10.0.1.254
ip dhcp excluded-address 10.0.1.1
!
ip dhcp pool InsideDHCP
import all
network 10.0.0.0 255.0.0.0
default-router 10.0.1.1
dns-server 8.8.8.8 8.8.4.4
class any
!
ip dhcp pool Inside DHCP
network 10.0.1.0 255.255.255.0
!
!
ip dhcp class any
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2921/K9 sn FTX1728AHR1
!
!
username davidstriplin secret 5 $1$j5Ka$6u.mf3wInjRpFMZ2PRLxY.
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Facing The ISP (WAN)
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Facing The LAN (LAN)
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 dhcp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
!
!
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.1.0 0.0.0.255 any
!
control-plane
!
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

 

Lab_2921#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.1.1 - f872.ea8c.0ed1 ARPA GigabitEthernet0/1

Hall of Fame Master

Re: WAN routing issues---need some help please!

Thanks for the output. I have several observations:

Earlier you had posted the output of show ip interface brief 

Lab2921#sho ip int br
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 unassigned YES DHCP up up
GigabitEthernet0/1 10.0.1.1 YES manual up up

I am puzzled about the interface not showing an IP address. Can you verify the status of this interface and of the connection to the outside?

 

The output of show arp has 2 interesting and potentially significant things

Lab_2921#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.0.1.1 - f872.ea8c.0ed1 ARPA GigabitEthernet0/1

First is the fact that there is no entry for Gig0/0. This may relate to my item above and suggests that the interface is not working. That would certainly explain why no access to Internet.

Second is the fact that there is no entry for the PC. If there is no arp entry then the PC is not communicating with the router. Can you check on that connection? If the PC is directly connected to the router I wonder if you need a cross over cable?

 

The DHCP section is odd

ip dhcp pool InsideDHCP
import all
network 10.0.0.0 255.0.0.0
default-router 10.0.1.1
dns-server 8.8.8.8 8.8.4.4
class any
!
ip dhcp pool Inside DHCP
network 10.0.1.0 255.255.255.0
!

where network 10.0.0.0 shows up as both /8 and as /24. It was not that way in the previous configs that you have posted and I am not clear how it got this way. I would like to see that cleaned up.

 

HTH

 

Rick

 

 

 

Beginner

Re: WAN routing issues---need some help please!

Hi, 

Sorry I have to keep flip flopping my setup back and forth while testing.  Here is the outputs when things are connected.  I cleaned up what you specified, but I still don't have internet access.  Please see below.

 

Lab_2921#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.1.1                -   f872.ea8c.0ed1  ARPA   GigabitEthernet0/1

Internet  10.0.1.2                0   f430.b9cd.00b3  ARPA   GigabitEthernet0/1

Lab_2921#

 

 

Lab_2921#show ip dhcp pool

 

Pool Inside DHCP :

 Utilization mark (high/low)    : 100 / 0

 Subnet size (first/next)       : 0 / 0

 Total addresses                : 254

 Leased addresses               : 1

 Pending event                  : none

 1 subnet is currently in the pool :

 Current index        IP address range                    Leased addresses

 10.0.1.3             10.0.1.1         - 10.0.1.254        1

Lab_2921#show ip int br

Interface                  IP-Address      OK? Method Status                Protocol

Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down

GigabitEthernet0/0         unassigned      YES DHCP   down                  down

GigabitEthernet0/1         10.0.1.1        YES manual up                    up

GigabitEthernet0/2         unassigned      YES unset  administratively down down

NVI0                       unassigned      YES unset  up                    up

Lab_2921#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.1.1                -   f872.ea8c.0ed1  ARPA   GigabitEthernet0/1

Internet  10.0.1.2                0   f430.b9cd.00b3  ARPA   GigabitEthernet0/1

Beginner

Re: WAN routing issues---need some help please!

Here are the outputs with everything in place...

 

Lab_2921#show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.1.1                -   f872.ea8c.0ed1  ARPA   GigabitEthernet0/1

Internet  10.0.1.2                0   f430.b9cd.00b3  ARPA   GigabitEthernet0/1

Internet  69.180.36.1             0   0001.5c7d.2446  ARPA   GigabitEthernet0/0

Internet  69.180.36.8             -   f872.ea8c.0ed0  ARPA   GigabitEthernet0/0

                                                                                                                   

Lab_2921#show ip int br

Interface                  IP-Address      OK? Method Status                Protocol

Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down

GigabitEthernet0/0         69.180.36.8     YES DHCP   up                    up

GigabitEthernet0/1         10.0.1.1        YES manual up                    up

GigabitEthernet0/2         unassigned      YES unset  administratively down down

NVI0                       unassigned      YES unset  up                    up

Lab_2921#

Hall of Fame Master

Re: WAN routing issues---need some help please!

There are obviously things in your environment that we do not know or understand, such as what you are flopping. Some of the outputs that you have posted point toward obvious serious problems (such as interface for outside not working). The current set of outputs look good and I hope we can keep them that way for a while. Now that the outputs show that both router interfaces are up/up and arp tables show 2 connected devices, we should be able to do some testing. I suggest that we start by verifying connectivity from router to Internet. Can you ping successfully from the router to its gateway address? (show ip route should give you the gateway address) Assuming that pinging the gateway works then can you ping a couple of resources in the Internet?

 

Assuming that pinging the Internet works we will do some tests from the connected PC. 

First I suggest verifying that it is successful in pinging to the router connected interface. (lets make sure we have local connectivity)

Assuming that worked then I suggest testing ping from the PC to the IP address of the router outside interface. (lets make sure that we can ping to a remote address)

Assuming that worked then I suggest testing ping from the PC to the router gateway address (the ISP address). (lets make sure that address translation is working)

Assuming that worked then I suggest testing ping from the PC to some Internet resource IP address. (lets make sure that our routing for Internet is working)

Assuming that worked then I suggest testing web browsing to some Internet resource. (lets make sure that DNS name resolution is working and that web browsing is ok)

 

If it breaks down at some point then we know where to look for the problem.

 

HTH

 

Rick

Highlighted
Beginner

Re: WAN routing issues---need some help please!

That is great advice.  Let me do the testing recommended and I will post results as well as any info that the tests show.  Stand by please....and thank you so much!

 

Beginner

Re: WAN routing issues---need some help please!

Ok....so found a couple of issues.  When doing the ping testing, these three test failed with an error that I will post below.  Also, I copied all commands entered as well as the results for your review.  Please take a look and let me know your thoughts if you can.

 

Thanks again....

Lab_2921>show arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.1.1                -   f872.ea8c.0ed1  ARPA   GigabitEthernet0/1

Internet  10.0.1.2                0   f430.b9cd.00b3  ARPA   GigabitEthernet0/1

Internet  69.180.36.1             0   0001.5c7d.2446  ARPA   GigabitEthernet0/0

Internet  69.180.36.8             -   f872.ea8c.0ed0  ARPA   GigabitEthernet0/0

 

Lab_2921>show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       a - application route

       + - replicated route, % - next hop override, p - overrides from PfR

 

Gateway of last resort is 69.180.36.1 to network 0.0.0.0

 

S*    0.0.0.0/0 [1/0] via 69.180.36.1, GigabitEthernet0/0

                [1/0] via 69.180.36.1

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.0.1.0/24 is directly connected, GigabitEthernet0/1

L        10.0.1.1/32 is directly connected, GigabitEthernet0/1

      69.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        69.180.36.0/23 is directly connected, GigabitEthernet0/0

L        69.180.36.8/32 is directly connected, GigabitEthernet0/0

      76.0.0.0/32 is subnetted, 1 subnets

S        76.96.93.29 [254/0] via 69.180.36.1, GigabitEthernet0/0

 

Lab_2921>ping 69.180.36.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 69.180.36.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 8/12/20 ms

 

Ping transmit failures when doing ping from the command prompt of the PC on both .1 and .8

Ping transmit failures when doing ping from the command prompt of the PC on 8.8.8.8

Hall of Fame Master

Re: WAN routing issues---need some help please!

Thanks for doing the testing. The results are surprising. I expected the ping from router to ISP to work and it did. I did not expect the ping from PC to router to fail. The fact that it did fail shows that we have a problem to identify and solve. The entry in the arp table

Internet  10.0.1.2                0   f430.b9cd.00b3  ARPA   GigabitEthernet0/1

shows that at the data link layer the devices are communicating. So I expected the ping would have worked. Would you post the output of these commands on the PC ipconfig and arp -a (or equivalent commands if it is not a Windows PC)?

 

I notice that the IP routing table has 2 entries for the default route

S*    0.0.0.0/0 [1/0] via 69.180.36.1, GigabitEthernet0/0

                [1/0] via 69.180.36.1

This is because you have 2 ip route statements for 0.0.0.0. They duplicate each other and there is not any benefit from having a second one. So I suggest that you remove one of them.

 

HTH

 

Rick

 

Hall of Fame Master

Re: WAN routing issues---need some help please!

It might be helpful if you would also post the output of the router command show interface Gig0/1

 

HTH

 

Rick

Beginner

Re: WAN routing issues---need some help please!

Thank you again for the help!  Here is the output of the ARP-a commands.

 

arp.pngipconfig.pngI'v

 

I've also added the SHow Run to show I deleted the statement that you specificed.

 

Lab_2921#show run
Building configuration...

Current configuration : 1783 bytes
!
! Last configuration change at 19:25:43 UTC Wed Mar 27 2019
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Lab_2921
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 10.0.1.170
ip dhcp excluded-address 10.0.1.100 10.0.1.254
ip dhcp excluded-address 10.0.1.1
!
ip dhcp pool Inside DHCP
network 10.0.1.0 255.255.255.0
!
ip dhcp pool InsideDHCP
!
!
ip dhcp class any
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO2921/K9 sn FTX1728AHR1
!
!
username davidstriplin secret 5 $1$j5Ka$6u.mf3wInjRpFMZ2PRLxY.
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description Facing The ISP (WAN)
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0/1
description Facing The LAN (LAN)
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp
!
!
!
access-list 1 permit 10.0.1.0 0.0.0.255
access-list 102 permit ip 10.0.1.0 0.0.0.255 any
!
control-plane
!
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
!
end

Beginner

Re: WAN routing issues---need some help please!

One thing I left off.... I was able to ping the Cisco router of 10.0.1.1 from my PC, but not the gateway of the ISP as you described earlier.  Don't know if that makes a difference to you or not...

Hall of Fame Master

Re: WAN routing issues---need some help please!

Actually it makes a huge difference. I had been analyzing based on this statement in a previous response

Ping transmit failures when doing ping from the command prompt of the PC on both .1 and .8

So I have been assuming that the PC could not ping the router. Knowing that the PC can ping the router is a significant change. 

 

The output of ipconfig is also very helpful and in fact I think it might provide some understanding of what is going on here. Looking at that output I see that the PC has 2 IP addresses. In addition to 10.0.1.2 it has IP 172.20.10.5. The 172.20.10.5 entry does have a default gateway. But your 10.0.1.2 does not have a default gateway. And that makes it easier to understand that pinging the router is in the local subnet and so it uses its arp entry to send to it. But pinging the router outside address is remote and it does not have a default gateway. So that ping fails.

 

Looking at the most current running config I see that the DHCP scope has been truncated and no longer has an entry for default router. I believe that is the cause of the current issue.

 

HTH

 

Rick

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards