09-21-2014 01:24 PM - edited 03-07-2019 08:49 PM
Hi
I am trying to test a Cisco 1941on my home network (to prepare for a site connection to a BTNet NTE) ...
I have routing working fine for the internal VLANs but and can ping everything (including the Internet) from the router console, but cannot ping from any client connected to any VLAN to the Internet.
The setup is basically >
Int gi0/0 connected to the Homehub
Int gi0/0/0 connected to the PC (the pc has an IP of 10.23.4.40). Interestingly when I try and ping to say www.google.co.uk it resolves the ip via DNS ok, but no replies. No internet either via IE.
Here is my fairly basic running-config >
_____________________________________________________________________
CORE-RT1# sh run
Building configuration...
*Sep 21 20:14:08.403: %SYS-5-CONFIG_I: Configured from console by admin on console
Current configuration : 4169 bytes
!
! Last configuration change at 20:14:08 UTC Sun Sep 21 2014 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CORE-RT1
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 3cAj.f2PkssJmkRu4YUQUCCy3vPEtMp3aQDdde3hiFU
!
no aaa new-model
!
no ip source-route
ip cef
!
!
!
ip dhcp excluded-address 10.23.3.1 10.23.3.39
ip dhcp excluded-address 10.23.4.1 10.23.4.39
ip dhcp excluded-address 10.23.1.1 10.23.1.150
ip dhcp excluded-address 10.23.2.1 10.23.2.39
!
ip dhcp pool USERS
import all
network 10.23.3.0 255.255.255.0
default-router 10.23.3.1
!
ip dhcp pool DATA
import all
network 10.23.4.0 255.255.255.0
default-router 10.23.4.1
dns-server 192.168.1.254
!
ip dhcp pool MGMT
import all
network 10.23.1.0 255.255.255.0
default-router 10.23.1.1
!
ip dhcp pool CCTV
import all
network 10.23.2.0 255.255.255.0
default-router 10.23.2.1
!
!
!
ip domain name XXXXXXX
ip name-server 192.168.1.254
no ipv6 cef
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1284061912
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1284061912
revocation-check none
rsakeypair TP-self-signed-1284061912
!
!
crypto pki certificate chain TP-self-signed-1284061912
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31323834 30363139 3132301E 170D3134 30393231 31363330
31315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 32383430
36313931 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
81008ADD 2D46064A 356B70C8 C8EFA1D7 B22C11A8 950680CF 68DF335A 7A19B982
7080913D C5C0776E 93B9579A B1776B26 864DF529 83C88225 08B92EFA B29ED9C7
48026077 5C25C5EE 6B924F6B 366E0478 B74A694D 6885EE66 8CF01774 0869B393
0E618221 1CB081DB AE0A5ADB 6536A95D E64E4D07 E63324D0 C2CF3CA9 5F28D3BC
A7490203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1437E42E B1BD86C7 94D9B99C 5D7C5498 D585D5B5 8D301D06
03551D0E 04160414 37E42EB1 BD86C794 D9B99C5D 7C5498D5 85D5B58D 300D0609
2A864886 F70D0101 05050003 8181002A D6DF1CB9 FEB18E09 93B57980 5A36FEE8
D9F84CF6 EE331D77 46C92D8C 36D014CB 00A23CB8 33E1932E 55D5E518 D40B1694
F0D7B511 CFD1A40B BBCD42BC 09EA183F EBABF39C 4FD3257B 6092C79A 1C2E3DE3
583BFAB1 87B18EFF 80317E8D 7BA8E766 C0A46751 6ECCB6EA 94082138 7A614F43
3681C2EC 8257257C E0E95335 2A1833
quit
license udi pid CISCO1941/K9 sn FCZ1812C2MY
!
!
username XXXXXX password 0 XXXXXXX
!
!
ip ssh version 2
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.1.138 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
switchport access vlan 40
no ip address
!
interface GigabitEthernet0/0/1
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
description Management
ip address 10.23.1.1 255.255.255.0
!
interface Vlan20
description CCTV
ip address 10.23.2.1 255.255.255.0
!
interface Vlan30
description Phones
ip address 10.23.3.1 255.255.255.0
!
interface Vlan40
description Data and users
ip address 10.23.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
router rip
redistribute connected
network 10.0.0.0
network 192.168.1.0
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip nat pool out 192.168.1.138 192.168.1.138 prefix-length 24
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
!
!
!
control-plane
!
!
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end
__________________________________________________________
Also here is the output from show ip route >
CORE-RT1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 192.168.1.254
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.23.4.0/24 is directly connected, Vlan40
L 10.23.4.1/32 is directly connected, Vlan40
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, GigabitEthernet0/0
L 192.168.1.138/32 is directly connected, GigabitEthernet0/0
many thanks in advance
Rob
Solved! Go to Solution.
09-22-2014 01:49 PM
Add a route on your internet router
ip route10.23.0.0 255.255.0.0 192.168.1.138
09-22-2014 09:59 AM
Please add following command
# ip routing
09-22-2014 10:32 AM
I have typed that command about 50 times ..... it never appears in the sh run
Any thoughts please?
Thanks
09-22-2014 10:49 AM
Try to type ip routing and then hit (?) and please let me know what you see.
Could you please send me the output of following command
# ping 4.2.2.2 source 192.168.1.138
# ping 4.2.2.2 source 10.23.4.1
09-22-2014 10:53 AM
ip routing ?
protocol IP Routing Protocol
<cr>
Results - ping 4.2.2.2 source 192.168.1.138
100% success
ping 4.2.2.2 source 10.23.4.1
0 % success
thanks!
09-22-2014 11:13 AM
please send me following output
# show vlan
# show ip int b
After seeing your config, I think your ISP is doing NATing, so you don't need to do NATing on your side. You can remove the NAT statement from both the interface.
if you don't see any vlan other then vlan 1 in your # show vlan out put, then you need to create a L2 vlans
vlan 40
name XXXX
vlan 20
name xxxx
vlan 30
name xxxxx
09-22-2014 01:08 PM
Output as requested >
CORE-RT1#show ip int b
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 192.168.1.138 YES DHCP up up
GigabitEthernet0/1 unassigned YES NVRAM down down
GigabitEthernet0/0/0 unassigned YES unset down down
GigabitEthernet0/0/1 unassigned YES unset down down
GigabitEthernet0/0/2 unassigned YES unset down down
GigabitEthernet0/0/3 unassigned YES unset down down
Vlan1 10.23.1.1 YES NVRAM down down
Vlan20 10.23.2.1 YES NVRAM down down
Vlan30 10.23.3.1 YES NVRAM down down
Vlan40 10.23.4.1 YES NVRAM down down
CORE-RT1#show vlan
% Ambiguous command: "show vlan"
CORE-RT1#show vlans
No Virtual LANs configured.
09-22-2014 01:09 PM
vishalvyas1986 FYI
I have DHCP and intervlan routing working fine.
A client on VLAN 40 can ping a client on VLAN 1 etc ... just none of them can ping the internet router (192.168.1.254) or the access the internet
thanks
Rob
09-22-2014 01:18 PM
If you see above output, all the vlans are down, so you need to crate a L2 vlans as below.
vlan 40
name XXXX
exit
Once you do that, vlan 40 will show up as ( up up ), and you should able to ping the internet
09-22-2014 01:23 PM
Ok, i type the following:
conf t
vlan 40
name DATA
exit
exit
show vlans
*** No Virtual LANs configured. ***
Odd ???
Thoughts please?
Rob
09-22-2014 01:29 PM
There are some different commands when you use EHWIC card in 1941, so please do following
# show vlan?
# show vlan ?
It will give you all the possible options.
Please also send me the output of
# show ip int b
09-22-2014 01:31 PM
Most probably it is
# show vlan-switch
09-22-2014 01:36 PM
CORE-RT1#show vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/0/1, Gi0/0/3
20 CCTV active
30 PHONES active
40 DATA active Gi0/0/0, Gi0/0/2
99 VLAN0099 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 1002 1003
20 enet 100020 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
40 enet 100040 1500 - - - - - 0 0
99 enet 100099 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 1 1003
1003 tr 101003 1500 1005 0 - - srb 1 1002
1004 fdnet 101004 1500 - - 1 ibm - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1005 trnet 101005 1500 - - 1 ibm - 0 0
CORE-RT1#
09-22-2014 01:45 PM
Please see my above comment
09-22-2014 01:47 PM
Laptop got a good DHCP address from router for VLan40
ip 10.23.1.40
router 10.23.4.1
Can ping the 1941 router (192.168.1.138), but not the internet router (192.168.1.254)
Rob
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide