Cisco 887VA no internet connectivity on the LAN

stevenr_robins · ‎09-29-2013

Hi All.

I am having an issue getting internet connectivity from any devices connected to any of the ethernet ports on the LAN. The router has internet connection from the console however and I can ping external websites such at google.com or 8.8.8.8 - All the devices on the LAN can ping the router fine (and each other).

The routers ip is 192.168.0.1 - The devices on the LAN are getting an IP fine from the DHCP pool on the cisco.

Can anyone advise what the issue may be?

Please see my config below:

Current configuration : 2560 bytes

!

! Last configuration change at 19:33:24 UTC Sat Sep 28 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname TheBeast

!

boot-start-marker

boot system flash:c880data-universalk9-mz.151-4.M4.bin

boot-end-marker

!

no logging console

enable secret 4 ##############################

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

ip source-route

!

ip dhcp excluded-address 192.168.0.1

ip dhcp excluded-address 192.168.0.12

!

ip dhcp pool HomeNetwork

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server 62.24.199.13 62.24.199.23

lease 0 2

!

ip cef

ip name-server 62.24.199.13

ip name-server 62.24.199.23

no ipv6 cef

!

license udi pid CISCO887VA-K9 sn FCZ17119094

!

vtp mode transparent

!

controller VDSL 0

firmware filename flash:vdsl.bin-A2pv6C035d_d23j

!

vlan 10

!

interface Ethernet0

no ip address

ip virtual-reassembly in

!

interface Ethernet0.101

encapsulation dot1Q 101

ip address dhcp

pppoe-client dial-pool-number 1

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

pvc 0/38

pppoe-client dial-pool-number 1

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 101 interface Dialer0 overload

ip nat inside source static tcp 192.168.0.12 53 interface Dialer0 53

ip nat inside source static udp 192.168.0.12 53 interface Dialer0 53

ip nat inside source static tcp 192.168.0.12 80 interface Dialer0 80

ip nat inside source static udp 192.168.0.12 88 interface Dialer0 88

ip nat inside source static tcp 192.168.0.12 3074 interface Dialer0 3074

ip nat inside source static udp 192.168.0.12 3074 interface Dialer0 3074

ip route 0.0.0.0 0.0.0.0 Ethernet0

!

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

line con 0

line aux 0

line vty 0 4

login

transport input all

!

end

Thanks.

Jonn cos · ‎09-29-2013

Dear Friend,

I dont see ip nat outside command anywhere ???

markeelen · ‎09-29-2013

Hi Ste,
I can see your ip nat inside on VLAN 1, but can't see your ip nat outside. Try putting it on Ethernet0.101
Other than that I can't see what's up.
Cheers
Mark

Sent from Cisco Technical Support iPhone App

stevenr_robins · ‎10-01-2013

I'm pretty sure you are correct on that! Will apply it to the ethernet0 interface tonight as its a VDSL connection and let you know.

Thankyou.

stevenr_robins · ‎10-06-2013

Hi All. Well unfortunately putting ip nat outside on the ethernet0.101 interface didnt work. I can still ping fine from the console to 8.8.8.8 or google.co.uk but nothing on the LAN has internet connectivity. I tried all 4 ethernet ports and the devices are getting an IP from the DHCP pool (192.168.0.x).

I have tried putting ip nat outside on the physical WAN interface (ethernet0) also and made no difference.

Any more ideas? Please see my current config below and result of interfaces:

Thanks in advance.

Current configuration : 2416 bytes

!

! Last configuration change at 13:29:25 UTC Sun Oct 6 2013

! NVRAM config last updated at 13:30:40 UTC Sun Oct 6 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname TheBeast

!

boot-start-marker

boot system flash:c880data-universalk9-mz.151-4.M4.bin

boot-end-marker

!

enable secret 4 #######################################

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

ip source-route

!

ip dhcp excluded-address 192.168.0.12

ip dhcp excluded-address 192.168.0.1

!

ip dhcp pool HomeNetwork

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server 62.24.199.13 62.24.199.23

lease 0 2

!

ip cef

ip name-server 62.24.199.13

ip name-server 62.24.199.23

no ipv6 cef

!

license udi pid CISCO887VA-K9 sn FCZ17119094

!

vtp mode transparent

!

controller VDSL 0

firmware filename flash:vdsl.bin-A2pv6C035d_d23j

!

vlan 10

!

interface Ethernet0

no ip address

ip virtual-reassembly in

!

interface Ethernet0.101

encapsulation dot1Q 101

ip address dhcp

ip nat outside

ip virtual-reassembly in

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

pvc 0/38

pppoe-client dial-pool-number 1

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Dialer0

no ip address

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip nat inside source list 101 interface Ethernet0 overload

ip nat inside source static tcp 192.168.0.12 53 interface Ethernet0 53

ip nat inside source static udp 192.168.0.12 53 interface Ethernet0 53

ip nat inside source static tcp 192.168.0.12 80 interface Ethernet0 80

ip nat inside source static udp 192.168.0.12 88 interface Ethernet0 88

ip nat inside source static tcp 192.168.0.12 3074 interface Ethernet0 3074

ip nat inside source static udp 192.168.0.12 3074 interface Ethernet0 3074

ip route 0.0.0.0 0.0.0.0 Ethernet0

!

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

line con 0

line aux 0

line vty 0 4

login

transport input all

!

end

TheBeast#

TheBeast#sh ip int brief

Interface IP-Address OK? Method Status Protocol

ATM0 unassigned YES NVRAM administratively down down

Dialer0 unassigned YES unset up up

Ethernet0 unassigned YES NVRAM up up

Ethernet0.101 89.168.164.42 YES DHCP up up

FastEthernet0 unassigned YES unset down down

FastEthernet1 unassigned YES unset down down

FastEthernet2 unassigned YES unset down down

FastEthernet3 unassigned YES unset up up

NVI0 unassigned YES unset administratively down down

Vlan1 192.168.0.1 YES NVRAM up up

John Blakley · ‎10-06-2013

Hi,

You'll need to change this line to poing to e0.101:

Change:

ip nat inside source list 101 interface Ethernet0 overload

To:

ip nat inside source list 101 interface Ethernet0.101 overload

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

stevenr_robins · ‎10-06-2013

Thanks John. That worked. I can now ping 8.8.8.8 from a laptop connected to the LAN.

However DNS doesnt appear to work. The router is acting as the DNS server and as you can see from the config I have specified the primary and secondary DNS servers for my ISP in the config?

John Blakley · ‎10-06-2013

Actually, you're setting dns via dhcp, so the router isn't being used as a dns server.

You'll need to change all of these static nats to point to e0.101 as well:

ip nat inside source static tcp 192.168.0.12 53 interface Ethernet0 53

ip nat inside source static udp 192.168.0.12 53 interface Ethernet0 53

ip nat inside source static tcp 192.168.0.12 80 interface Ethernet0 80

ip nat inside source static udp 192.168.0.12 88 interface Ethernet0 88

ip nat inside source static tcp 192.168.0.12 3074 interface Ethernet0 3074

ip nat inside source static udp 192.168.0.12 3074 interface Ethernet0 3074

The 192.168.0.12 address is being used for DNS. Do you have an internal DNS server? If so, you may already have that set as a forwarder, but if you don't you'll need to do that as well. Otherwise, what is 192.168.0.12, and where are you doing your testing? If it's from .12, it's not going to work until you get your nat line changed.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

stevenr_robins · ‎10-07-2013

Hi John. The excluded address 192.168.0.12 is for my xbox. Hence the forwarding rules on that IP.

I just want the router to act as the DNS server.

The testing is being done from command prompt on a windows 7 laptop connected to FE0 on the cisco.

John Blakley · ‎10-07-2013

Okay. You'll still need to fix those nat statements if you haven't already. The next thing to do to get it to work as a dns server is to enable it and then assign your clients the router address for dns. In your dhcp pool, change your dns server from what it is to 192.168.0.1. Keep the "ip name-server" commands, and then issue the command "ip dns server".

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

stevenr_robins · ‎10-10-2013

Hi John. Thanks.

I made the changes you said, however I am still unable to resolve websites from the LAN. The laptop connected to FE3 on the cisco can ping 8.8.8.8 but not google.co.uk. please see latest config below:

Building configuration...

Current configuration : 2444 bytes

!

! Last configuration change at 09:39:17 UTC Tue Oct 8 2013

! NVRAM config last updated at 09:40:03 UTC Tue Oct 8 2013

version 15.1

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname TheBeast

!

boot-start-marker

boot system flash:c880data-universalk9-mz.151-4.M4.bin

boot-end-marker

!

enable secret 4 ##################################

!

no aaa new-model

memory-size iomem 10

crypto pki token default removal timeout 0

!

ip source-route

!

ip dhcp excluded-address 192.168.0.12

ip dhcp excluded-address 192.168.0.1

!

ip dhcp pool HomeNetwork

network 192.168.0.0 255.255.255.0

default-router 192.168.0.1

dns-server 192.168.0.1

lease 0 2

!

ip cef

ip name-server 62.24.199.13

ip name-server 62.24.199.23

no ipv6 cef

!

license udi pid CISCO887VA-K9 sn FCZ17119094

!

vtp mode transparent

!

controller VDSL 0

firmware filename flash:vdsl.bin-A2pv6C035d_d23j

!

vlan 10

!

interface Ethernet0

no ip address

ip virtual-reassembly in

!

interface Ethernet0.101

encapsulation dot1Q 101

ip address dhcp

ip nat outside

ip virtual-reassembly in

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

pvc 0/38

pppoe-client dial-pool-number 1

!

interface FastEthernet0

no ip address

!

interface FastEthernet1

no ip address

!

interface FastEthernet2

no ip address

!

interface FastEthernet3

no ip address

!

interface Vlan1

ip address 192.168.0.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

interface Dialer0

no ip address

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

ip dns server

ip nat inside source list 101 interface Ethernet0.101 overload

ip nat inside source static tcp 192.168.0.12 53 interface Ethernet0.101 53

ip nat inside source static udp 192.168.0.12 53 interface Ethernet0.101 53

ip nat inside source static tcp 192.168.0.12 80 interface Ethernet0.101 80

ip nat inside source static udp 192.168.0.12 88 interface Ethernet0.101 88

ip nat inside source static tcp 192.168.0.12 3074 interface Ethernet0.101 3074

ip nat inside source static udp 192.168.0.12 3074 interface Ethernet0.101 3074

ip route 0.0.0.0 0.0.0.0 Ethernet0

!

access-list 101 permit ip 192.168.0.0 0.0.0.255 any

dialer-list 1 protocol ip permit

!

line con 0

line aux 0

line vty 0 4

login

transport input all

!

end

cadet alain · ‎10-10-2013

Hi,

Have you tried flushing the DNS cache on the host ?

Regards

Alain

Don't forget to rate helpful posts.