Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
1
Replies

Can ping ISP from router but LAN drops packets.

mawright1
Level 1
Level 1

‎03-16-2016 09:16 AM - edited ‎03-08-2019 04:59 AM

Hello,

Please can someone assist, I have a Cisco 887va, which is currently connected to talktalk (uk) ISP via VDSL2 I have setup and configured the router and i'm able to get an IP address from the ISP no problem, I can also ping 8.8.8.8 consistently without any issues from the router. But as soon as I try to ping 8.8.8.8 from a PC it will intermittently drop the packets, but routers ping will continue without any problems.

Any help will be very much appreciated. 

Please see config below:

 

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname XXXXXXX
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 XXXXXXXXXXXXX
!
no aaa new-model
memory-size iomem 10
!
!
!
!
!
!


!
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool LAN
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 192.168.0.1
lease infinite
!
!
!
no ip domain lookup
ip domain name XXXXXX
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-K9 sn FCZ1822C209
license boot module c880-data level advipservices
!
!
username admin privilege 7 secret 5 $1$g8/P$yfmkQoavIatoB3ityHXFB.
!
!
!
!
!
controller VDSL 0
firmware filename flash:vdsl.bin-A2pv6C035d_d23j
!
!
!
!
!
!
!
!
!
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
encapsulation dot1Q 101
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
no autostate
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Ethernet0.101 overload
!
access-list 1 permit any
!
!
control-plane
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login local
length 0
transport input ssh
line vty 5 15
login
transport input ssh
!
!
end

Labels:
0 Helpful
1 Reply 1

Shaunak
Cisco Employee
Cisco Employee

‎03-16-2016 10:45 AM

Hi mawright1,

Can you change the ACL and the NAT statement to an extended ACL explicitly allowing the internal VLAN1 subnet and not use a standard ACL with a permit any?

use this for example -

Extended IP access list 100
10 permit ip 192.168.0.0 0.0.0.255 any

and make appropriate changes to the ip nat inside list statement calling the extended ACL.

See if this helps.

Thanks,

Shaunak

0 Helpful
Customers Also Viewed These Support Documents