Re: Cisco 2801 Series Router Not Connecting Users to Internet

Edgar Panduro · ‎10-16-2017

I have a Cisco 2801 series router, and I would like to connect router to Internet and act as a gateway to the Internet for my users on the LAN network. So far I've configured both FE ports, and still my users don't have Internet access.

On Cisco router I did a sh run, and my output is below.

interface FastEthernet0/0

description ##Internet##

ip address dhcp

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description ##My LAN##

ip address 192.168.0.12 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

I used this link https://supportforums.cisco.com/t5/lan-switching-and-routing/how-do-you-connect-a-cisco-router-to-the-internet-through-a/td-p/2242370 to configure my router. Not sure what the problem is. So far we know router is working because its giving out IP addresses. Router can ping users on LAN, and users can ping router. But router cannot ping ISP router.

Any suggestions on how properly configure router so users on LAN can access Internet?

Meheretab Mengistu · ‎10-16-2017

Hi Edgar,

1) Could you ping internet from the router?
2) Did you receive IP address from your ISP? You can run "sh ip int bri" to check.
3) If your answer is yes for the above questions, please share the output of "sh run".

HTH,
Meheretab

HTH,
Meheretab

Edgar Panduro · ‎10-17-2017

Hi Meheretab,

1) Router cannot ping Internet

2) I'm not receiving an IP address from ISP router

3) When I run "sh ip int "I see no DHCP IP address

4) Below is output, when I run "sh ip int"

Router#sh ip int
FastEthernet0/0 is up, line protocol is up
Internet address will be negotiated using DHCP
Broadcast address is 255.255.255.255
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is MY_WAN
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain outside
BGP Policy Mapping is disabled
Input features: Stateful Inspection, Virtual Fragment Reassembly, Access List, Virtual Fragment Reassembly After IPSec Decryption, NAT Outside, MCI Check
Output features: CCE Output Classification, Post-routing NAT Outside, Stateful Inspection
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
FastEthernet0/1 is up, line protocol is up
Internet address is 192.168.x.x/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is enabled
IP CEF switching turbo vector
IP multicast fast switching is enabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is enabled, interface in domain inside
BGP Policy Mapping is disabled
Input features: Stateful Inspection, Virtual Fragment Reassembly, Virtual Fragment Reassembly After IPSec Decryption, MCI Check
Output features: NAT Inside, Stateful Inspection
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled
Serial0/2/0 is administratively down, line protocol is down
Internet protocol processing disabled
Serial0/2/1 is administratively down, line protocol is down
Internet protocol processing disabled
BRI0/3/0 is administratively down, line protocol is down
Internet protocol processing disabled
BRI0/3/0:1 is administratively down, line protocol is down
Internet protocol processing disabled
BRI0/3/0:2 is administratively down, line protocol is down
Internet protocol processing disabled
NVI0 is administratively down, line protocol is down
Internet protocol processing disabled
SSLVPN-VIF0 is up, line protocol is up
Interface is unnumbered. Using address of SSLVPN-VIF0 (0.0.0.0)
Broadcast address is 255.255.255.255
MTU is 1406 bytes
Helper address is not set
Directed broadcast forwarding is disabled
Outgoing access list is not set
Inbound access list is not set
Proxy ARP is enabled
Local Proxy ARP is disabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is disabled
IP fast switching on the same interface is disabled
IP Flow switching is disabled
IP CEF switching is disabled
IP Null turbo vector
IP Null turbo vector
IP multicast fast switching is disabled
IP multicast distributed fast switching is disabled
IP route-cache flags are Fast, CEF
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
RTP/IP header compression is disabled
Policy routing is disabled
Network address translation is disabled
BGP Policy Mapping is disabled
Input features: MCI Check
WCCP Redirect outbound is disabled
WCCP Redirect inbound is disabled
WCCP Redirect exclude is disabled

Meheretab Mengistu · ‎10-17-2017

Edgar,

Since you are not receiving IP address from your ISP on your gateway, you will not have Internet access. The first thing I would do is contact the ISP and troubleshoot with them why IP address is not issued.

Once you get IP address, if you still have connectivity issue, you will need to check George's and Julio's advice.

HTH,
Meheretab

HTH,
Meheretab

Edgar Panduro · ‎10-17-2017

Meheretab,

It's not an ISP issue. I have a Cisco ASA 5505 Series firewall and it's able to receive DHCP IP address from ISP router.

My Cisco ASA 5505 is on a different LAN then my router.

Georg Pauwen · ‎10-17-2017

Try and replace:

ip address dhcp

with

ip address negotiated

Georg Pauwen · ‎10-16-2017

Hello,

you need to have at the very least the three lines in bold in your configuration:

interface FastEthernet0/0

description ##Internet##

ip address dhcp

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

description ##My LAN##

ip address 192.168.0.12 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

ip nat inside source list 1 interface FastEthernet0/0

ip route 0.0.0.0 0.0.0.0 FastEthernet0/0

access-list 1 permit 192.168.0.0 0.0.0.255

Julio E. Moisa · ‎10-16-2017

Hi

Additional to Georg's config, is this ACL being used: ip access-group MY_WAN in? it could be removed.

>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Edgar Panduro · ‎10-17-2017

Hi Georg,

I added the three lines to my config and still no Internet access. Also, port fa0/0 which is connected to ISP router is not receiving DHCP IP address.

I think port fa0/0 is the reason why we can't access the Internet.

Georg Pauwen · ‎10-17-2017

Actually, try the below:

interface FastEthernet0/0
pppoe-client dial-pool-number 1

interface dialer 1
ip address negotiated
ip mtu 1492
encapsulation ppp
ppp authentication chap
dialer pool 1
dialer-group 1

ip nat inside source list 1 interface Dialer1 overload

dialer-list 1 protocol ip permit

ip route 0.0.0.0 0.0.0.0 Dialer1

Edgar Panduro · ‎10-18-2017

Hi Georg,

I entered your lines of code, and still no luck. You think maybe I need to set ACL for Outgoing access? I ran a sh ip int, and port fa0/0 still isn't getting DHCP IP address. You think maybe I need to add ISP gateway address?

Georg Pauwen · ‎10-18-2017

Hello,

to avoid confusion, post the full configuration you have right now. I have lost track of the changes you made, and something essential might be missing...

Edgar Panduro · ‎10-18-2017

Sure my output is below.

Router#sh run
Building configuration...

Current configuration : 1818 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
!
ip dhcp excluded-address 192.168.x.x 192.168.x.x
!
ip dhcp pool My_LAN
network 192.168.x.x 255.x.x.x
default-router 192.168.x.x
dns-server 209.18.x.x 209.18.x.x
!
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description ##Internet##
ip address dhcp
ip access-group MY_WAN in
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
description ##My LAN##
ip address 192.168.x.x 255.x.x.x
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/2/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 2000000
!
interface BRI0/3/0
no ip address
encapsulation hdlc
shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Dialer1 overload
ip nat inside source list My_LAN interface FastEthernet0/0 overload
!
ip access-list extended MY_WAN
permit tcp any any established
deny tcp any any
permit ip any any
!
dialer-list 1 protocol ip permit
!
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Router#

Georg Pauwen · ‎10-18-2017

Hello,

I have adjusted your configuration. Below are two configurations, one for PPPoE with a dialer interface, the other for direct Ethernet access. Try them both, and make sure that they look EXACTLY like I posted them:

Configuration 1

Current configuration : 1818 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.x.x 192.168.x.x
!
ip dhcp pool My_LAN
network 192.168.x.x 255.x.x.x
default-router 192.168.x.x
dns-server 209.18.x.x 209.18.x.x
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
!
voice-card 0
!
archive
log config
hidekeys
!
interface FastEthernet0/0
description ##Internet##
ip virtual-reassembly
duplex auto
speed auto
pppoe enable
pppoe-client dial-pool-number 1
!
interface FastEthernet0/1
description ##My LAN##
ip address 192.168.x.x 255.x.x.x
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/2/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 2000000
!
interface BRI0/3/0
no ip address
encapsulation hdlc
shutdown
!
interface Dialer1
ip address negotiated
ip nat outside
ip mtu 1492
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface Dialer1 overload
!
dialer-list 1 protocol ip permit
!
access-list 1 permit 192.168.0.0 0.0.255.255
!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Configuration 2

Current configuration : 1818 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
ip dhcp excluded-address 192.168.x.x 192.168.x.x
!
ip dhcp pool My_LAN
network 192.168.x.x 255.x.x.x
default-router 192.168.x.x
dns-server 209.18.x.x 209.18.x.x
!
ip cef
!
no ipv6 cef
multilink bundle-name authenticated
!
voice-card 0
!
archive
log config
hidekeys
!
interface FastEthernet0/0
description ##Internet##
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description ##My LAN##
ip address 192.168.x.x 255.x.x.x
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/2/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/2/1
no ip address
shutdown
clock rate 2000000
!
interface BRI0/3/0
no ip address
encapsulation hdlc
shutdown
!
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface FastEthernet0/0 overload
!
access-list 1 permit 192.168.0.0 0.0.255.255

!
control-plane
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end