Solved: can't get to internet

Zach8585 · ‎06-29-2018

I have a small cisco lab consisting of an 8-port 3560 switch, a 2851 router and a cisco POE WAP, which I have set up for my CCNA studies. A few weeks ago I was able to get it onto the internet with no problem, however I took it back off to reconfigure for VLSM and VLAN practice. Previously I was only using VLAN1 and one subnet in the 192.168.1.0/24 network for wired and wireless clients.

After setting up VLANs and VLSM, I just tried putting it back on with my cable modem to gain access to the internet. I cannot get any access at all from any computers, whether wired, wireless or on guest VLAN. When I'm in the CLI of the router, I'm able to ping 8.8.8.8, but further into my network nothing works. Even when I'm in the Switch's CLI, I cannot ping 8.8.8.8, but I can ping everything else in my internal network.

Here's a brief description of my set up, with the configurations to follow:

VLANS:

1- native

20 - wired connections

30 - wireless connections

40 - guests on wireless connections

WAP is set up with two SSIDs (for internal users and a guest network), both separated by VLAN.

Gi interfaces from switch to router is trunked, and Fa interface from switch to WAP is trunked.

SWITCH CONFIG

Using 3233 out of 524288 bytes
!
! Last configuration change at 15:16:40 EST Fri Jun 29 2018 by zach
! NVRAM config last updated at 18:27:56 EST Fri Jun 29 2018 by zach
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Switch01
!
boot-start-marker
boot-end-marker
!
<<LINE REMOVED>>
!
<<LINE REMOVED>>
!
!
no aaa new-model
clock timezone EST -5
clock summer-time EST recurring
system mtu routing 1500
ip routing
ip domain-name corpnet.com
ip host Router01 192.168.1.254
!
!
!
!
crypto pki trustpoint TP-self-signed-949207168
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-949207168
revocation-check none
rsakeypair TP-self-signed-949207168
!
!
crypto pki certificate chain TP-self-signed-949207168
certificate self-signed 01 nvram:IOS-Self-Sig#3838.cer
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh version 2
!
!
!
interface FastEthernet0/1
switchport access vlan 20
!
interface FastEthernet0/2
switchport access vlan 20
!
interface FastEthernet0/3
switchport access vlan 20
!
interface FastEthernet0/4
switchport access vlan 20
!
interface FastEthernet0/5
switchport access vlan 20
!
interface FastEthernet0/6
switchport access vlan 20
!
interface FastEthernet0/7
switchport access vlan 20
!
interface FastEthernet0/8
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
description SWITCH01 to ROUTER01
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
ip address 192.168.1.253 255.255.255.252
!
interface Vlan20
ip address 192.168.1.66 255.255.255.240
!
interface Vlan30
ip address 192.168.1.2 255.255.255.192
!
interface Vlan40
ip address 192.168.2.2 255.255.255.0
!
ip default-gateway 192.168.1.254
ip classless
ip http server
ip http secure-server
!
!
ip access-list extended GUEST_VLAN
deny ip 192.168.2.0 0.0.0.255 192.168.1.0 0.0.0.255
permit ip any any
!
logging 192.168.1.70
!
!
banner motd ^C
<<BANNER REMOVED>>
^C
!
line con 0
exec-timeout 5 0
<<LINE REMOVED>>
logging synchronous
login local
line vty 0 4
exec-timeout 0 0
<<LINE REMOVED>>
logging synchronous
login local
transport input ssh
line vty 5 15
exec-timeout 0 0
<<LINE REMOVED>>
logging synchronous
login local
transport input ssh
!
ntp clock-period 36029474
ntp server 192.168.1.70
end

SWITCH CONFIG

Current configuration : 4099 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Router01
!
boot-start-marker
boot system flash:c2800nm-advsecurityk9-mz.151-4.M12a.bin
boot-end-marker
!
!
logging buffered 4096
<<LINE REMOVED>>
!
no aaa new-model
!
clock timezone EST -5 0
clock summer-time EST recurring
!
dot11 syslog
ip source-route
!
!
ip cef
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.1.65
ip dhcp excluded-address 192.168.1.66
ip dhcp excluded-address 192.168.1.12
ip dhcp excluded-address 192.168.1.62
ip dhcp excluded-address 192.168.1.70
ip dhcp excluded-address 192.168.2.1
ip dhcp excluded-address 192.168.2.2
!
ip dhcp pool WIRED
network 192.168.1.64 255.255.255.240
default-router 192.168.1.65
dns-server 75.75.75.75 75.75.76.76
lease 3
!
ip dhcp pool WIRELESS
network 192.168.1.0 255.255.255.192
default-router 192.168.1.1
dns-server 75.75.75.75 75.75.76.76
lease 3
!
ip dhcp pool STATIC
host 192.168.1.12 255.255.255.192
client-identifier 05f4.a997.203f.80
!
ip dhcp pool GUEST
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server 75.75.75.75 75.75.76.76
!
!
!
ip domain name corpnet.com
ip host Switch01 192.168.1.253
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
!
!
<<LINE REMOVED>>
<<LINE REMOVED>>
!
redundancy
!
!
ip ssh version 2
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.100.250 255.255.255.0
!
interface GigabitEthernet0/0
description Router01 to Switch01
ip address 192.168.1.254 255.255.255.252
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
ip route-cache policy
duplex auto
speed auto
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.1.65 255.255.255.240
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip address 192.168.1.1 255.255.255.192
!
interface GigabitEthernet0/0.40
encapsulation dot1Q 40
ip address 192.168.2.1 255.255.255.0
!
interface GigabitEthernet0/1
description Router01 to Modem
ip address dhcp
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
no cdp enable
!
interface Serial0/0/0
no ip address
shutdown
no fair-queue
!
interface Serial0/1/0
no ip address
shutdown
!
interface Serial0/2/0
no ip address
shutdown
!
interface Serial0/3/0
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip flow-export source Loopback0
ip flow-export version 9
ip flow-export destination 192.168.1.70 2055
!
ip nat inside source list MYLAN interface GigabitEthernet0/1 overload
!
ip access-list standard MYLAN
permit 192.168.1.0 0.0.0.255
permit 192.168.2.0 0.0.0.255
!
logging 192.168.1.70
!
!
!
!
!
control-plane
!
!
banner motd ^C
<<BANNER REMOVED>>

^C
!
line con 0
<<LINE REMOVED>>
logging synchronous
login local
line aux 0
line vty 0 4
exec-timeout 0 0
<<LINE REMOVED>>
logging synchronous
login local
transport input ssh
line vty 5 15
exec-timeout 0 0
<<LINE REMOVED>>
logging synchronous
login local
transport input ssh
!
scheduler allocate 20000 1000
ntp logging
ntp server 192.168.1.70
end

Zach8585 · ‎06-29-2018

After taking a break and having a fresh mindset, I had an "ah-hah" moment when I was looking closely at the Router's interfaces. It came to mind that I probably do "ip nat inside" on the sub interfaces like on the main Gi0/0 interface. That worked for me!

View solution in original post

Zach8585 · ‎06-29-2018

After taking a break and having a fresh mindset, I had an "ah-hah" moment when I was looking closely at the Router's interfaces. It came to mind that I probably do "ip nat inside" on the sub interfaces like on the main Gi0/0 interface. That worked for me!