Solved: Re: Cisco 1721-no internet for dhcp client but can ping internet

kuesteral · ‎05-18-2012

Hi,

Router configs not something I work on often so pardon my ignorance if this is an easy one. I have looked over older posts that seem relavent but am not 'getting it'.

I can ping google.com from the router but not from a client attached to the router dhcp interface(10.1.3.1). When I turn on ip routing I cannot ping at all. Here is the config I have now that can ping the internet from the router.

sh run
Building configuration...

Current configuration : 1191 bytes
!
! No configuration change since last restart
!
version 12.3
no service timestamps debug uptime
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

enable password xxxxxxxxx
!
username gfi password 0 xxxxxxxxx

clock timezone Chicago -6
clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa session-id common
ip subnet-zero

no ip routing
!
!
ip dhcp excluded-address 10.1.3.0 10.1.3.29
ip dhcp excluded-address 10.1.3.60 10.1.3.255
!
ip dhcp pool tvmbox
network 10.1.3.0 255.255.255.0
default-router 10.1.3.1
!
ip cef
ip audit po max-events 100
ip dhcp-server 10.1.3.1
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 10.1.1.190 255.255.255.0

no ip route-cache
full-duplex
!
interface FastEthernet0
ip address 10.1.3.1 255.255.255.0

no ip route-cache
speed auto
full-duplex
!
interface Serial0
no ip address

no ip route-cache
shutdown
!

ip default-gateway 10.1.1.2
ip classless
no ip http server
ip http secure-server
!
!
!
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxxx
!
end

Router#

John Blakley · ‎05-18-2012

Al,

You'll need to configure nat if you don't have something else doing natting for you. Which interface is your internal? I'm assuming that it's fa0 on 10.1.3.0/24. Try this config:

access-list 101 permit ip 10.1.3.0 0.0.0.255

ip nat inside source list 101 interface e0 overload

int fa0

ip nat insid

int e0

ip nat outsid

You'll want to turn IP routing back on...

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎05-18-2012

Al,

Your default route should be the fa0 interface address (10.1.3.1). You should be handing out DNS from your dhcp scope which could be the problem for internet access:

ip dhcp pool tvmbox

network 10.1.3.0 255.255.255.0

default-router 10.1.3.1

dns-server 4.2.2.1

!

Try that and everything should work. You're correct that default-gateway isn't used when routing is on, but you will need some sort of default route in this router which I don't see. You'll need to add that like:

ip route 0.0.0.0 0.0.0.0

HTH,

John

Please rate all useful posts..

HTH, John *** Please rate all useful posts ***

View solution in original post

John Blakley · ‎05-18-2012

Al,

You'll need to configure nat if you don't have something else doing natting for you. Which interface is your internal? I'm assuming that it's fa0 on 10.1.3.0/24. Try this config:

access-list 101 permit ip 10.1.3.0 0.0.0.255

ip nat inside source list 101 interface e0 overload

int fa0

ip nat insid

int e0

ip nat outsid

You'll want to turn IP routing back on...

HTH,

John

HTH, John *** Please rate all useful posts ***

kuesteral · ‎05-18-2012

Correct, the fa0 int is the internal.

I will try these settings and report back, thanks.

kuesteral · ‎05-18-2012

Hi John,

Made the changes you suggested. Can ping 10.1.1.x machines from both the router and dhcp clients (10.1.3.x) but still no internet. So more consistent but still not getting out. Here is the config now and I removed the ip default-gateway entry because as I understand it is not needed when ip routing is on. Also changed the defualt router to 10.1.1.2 in the dhcp settings thinking that would help? It was set to 10.1.3.1.

Current configuration : 1384 bytes
!
! Last configuration change at 23:54:49 Chicago Sun May 13 2012 by gfi
!
version 12.3
no service timestamps debug uptime
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 4096 debugging
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxx
!
username gfi password 0 1rOnhead$
clock timezone Chicago -6
clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
aaa new-model
!
!
aaa session-id common
ip subnet-zero
!
!
ip dhcp excluded-address 10.1.3.0 10.1.3.29
ip dhcp excluded-address 10.1.3.60 10.1.3.255
!
ip dhcp pool tvmbox
network 10.1.3.0 255.255.255.0
default-router 10.1.1.2
!
ip cef
ip audit po max-events 100
ip dhcp-server 10.1.3.1
no ftp-server write-enable
!
!
!
!
!
!
!
interface Ethernet0
ip address 10.1.1.190 255.255.255.0
ip nat outside
full-duplex
!
interface FastEthernet0
ip address 10.1.3.1 255.255.255.0
ip nat inside
speed auto
full-duplex
!
interface Serial0
no ip address
shutdown
!
ip nat inside source list 101 interface Ethernet0 overload
ip classless
no ip http server
ip http secure-server
!
!
access-list 101 permit ip 10.1.3.0 0.0.0.255 any
!
!
line con 0
line aux 0
line vty 0 4
password xxxxxxxx
!
end

Router#

John Blakley · ‎05-18-2012

Al,

Your default route should be the fa0 interface address (10.1.3.1). You should be handing out DNS from your dhcp scope which could be the problem for internet access:

ip dhcp pool tvmbox

network 10.1.3.0 255.255.255.0

default-router 10.1.3.1

dns-server 4.2.2.1

!

Try that and everything should work. You're correct that default-gateway isn't used when routing is on, but you will need some sort of default route in this router which I don't see. You'll need to add that like:

ip route 0.0.0.0 0.0.0.0

HTH,

John

Please rate all useful posts..

HTH, John *** Please rate all useful posts ***

Richard Burts · ‎05-19-2012

The original post has the default gateway as this: ip default-gateway 10.1.1.2. So I am guessing that the default route should be ip route 0.0.0.0 0.0.0.0 10.1.1.2.

As I read the original post Al is saying that with ip routing turned off and with the default gateway that he could ping the Internet from the router interface. And for this the router should be using its interface address of 10.1.1.190 as the source address. If that did work as I understand then it tells us that Al is connected to something that is doing address translation for the 10.1.1.0 network. If connections do not work from the 10.1.3.0 network then my guess is that whatever they are connected to which is translating for 10.1.1.0 is not translating for 10.1.3.0.

Perhaps Al can tell us more about what his router is connected to and confirm whether it is translating for 10.1.1.0?

HTH

Rick

HTH

Rick

kuesteral · ‎05-21-2012

John,

Thank you for your help. The router is configured and working as we desire now with your advice, appreciate it.

I am posting the final config in the event it may help someone else in the future. (our specific info munged.)

Current configuration : 1434 bytes

!

! Last configuration change at 21:46:50 Chicago Wed May 16 2012 by xxxxx

!

version 12.3

no service timestamps debug uptime

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

logging buffered 4096 debugging

enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxx

enable password xxxxxxxx

!

username xxxxx password 0 xxxxxxxx

clock timezone Chicago -6

clock summer-time Chicago date Apr 6 2003 2:00 Oct 26 2003 2:00

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

aaa new-model

!

aaa session-id common

ip subnet-zero

!

ip dhcp excluded-address 10.1.3.0 10.1.3.29

ip dhcp excluded-address 10.1.3.60 10.1.3.255

!

ip dhcp pool tvmbox

network 10.1.3.0 255.255.255.0

default-router 10.1.3.1

dns-server x.x.x.x. x.x.x.x

!

ip cef

ip audit po max-events 100

ip dhcp-server 10.1.3.1

no ftp-server write-enable

!

interface Ethernet0

ip address 10.1.1.190 255.255.255.0

ip nat outside

full-duplex

!

interface FastEthernet0

ip address 10.1.3.1 255.255.255.0

ip nat inside

speed auto

full-duplex

!

interface Serial0

no ip address

shutdown

!

ip nat inside source list 101 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.1.2

no ip http server

ip http secure-server

!

access-list 101 permit ip 10.1.3.0 0.0.0.255 any

!

line con 0

line aux 0

line vty 0 4

password xxxxxxxx

!

end

John Blakley · ‎05-21-2012

Thank you for letting us know how it went.

HTH, John *** Please rate all useful posts ***

Cisco 1721-no internet for dhcp client but can ping internet from router