Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2058
Views
5
Helpful
7
Replies

cisco router 1921 internet configuration not working

Go to solution
mquevedob
Level 1
Level 1

‎12-10-2014 11:09 AM - edited ‎03-07-2019 09:50 PM

Hi,

I am configuring a cisco 1921 router. 

I have configured GE0/0 and GE0/1 interfaces, as well as DNS and default gateway.

However i cannot connect to the internet.

 

yourname#show running-config
Building configuration...

Current configuration : 5613 bytes
!
! Last configuration change at 17:49:26 UTC Wed Dec 10 2014 by hardrock
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname yourname
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
!
ip dhcp pool ccp-pool
 import all
 network 10.10.10.0 255.255.255.248
 default-router 10.10.10.1
 lease 0 2
!
!
!
ip name-server 200.3.250.1
ip name-server 190.104.163.57
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1725015630
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1725015630
 revocation-check none
 rsakeypair TP-self-signed-1725015630
!
!
crypto pki certificate chain TP-self-signed-1725015630
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31373235 30313536 3330301E 170D3134 30383233 31383434
  30315A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 37323530
  31353633 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100A7DD C3B3451C 24B9F02F 19C53746 FE1D4A78 4561C162 B3A2CD8D F1EF6B53
  D5027463 79176EC9 34FD0E67 DD49AD71 DAF6804E 1C1585D6 CAC7E21D 128F9CC7
  39C44D18 9E8DD6D3 F62EF7EF 9FEC1578 BBEE86F3 7091BBE1 4914AD19 3A5A97C1
  A2138B7B D57CE757 13770128 F5F7F0BA F9AC7BB5 EE7A1313 9FE26D0D AF039803
  0DEB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 14B2814A B906D357 135C375A 2217BA05 ADB64692 3C301D06
  03551D0E 04160414 B2814AB9 06D35713 5C375A22 17BA05AD B646923C 300D0609
  2A864886 F70D0101 05050003 81810015 5C386217 00E587EE 48FF2BE0 503FA9D4
  83BEC9D5 BAE40D06 FBF60288 D3D471B4 3DC5CE3A 77E7F508 B2BAEFB0 F905AE67
  A20F263C 06A09D95 21D08629 90DACD39 C4D0F526 ABD68562 7E0C03B8 3A21DF8E
  AF98096F DE7FF790 C443EEA3 135083BB 929FA5CC 37ACFAAB B133F862 474B6C2F
  E9204DD4 7774B026 6181269F F10C0E
        quit
license udi pid CISCO1921/K9 sn FGL1834240J
!
!
username hardrock privilege 15 secret 5 $1$Yo.4$dxDDN301CejSRxU1etlFb/
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description $ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$$ETH-WAN$
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description $ETH-WAN$
 ip address xxx.xxx.xxx.166 255.255.255.252
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
!
interface GigabitEthernet0/0/1
 no ip address
!
interface GigabitEthernet0/0/2
 no ip address
!
interface GigabitEthernet0/0/3
 no ip address
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.165
!
access-list 1 permit any
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 101 permit tcp any any established
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for  one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE  PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
 login local
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
line vty 5 15
 access-class 23 in
 privilege level 15
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

 

any ideas?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎12-10-2014 11:47 AM

Hi,

Try changing this:

access-list 1 permit any

to this

access-list 1 permit 10.10.10.0 0.0.0.255

and test again.

HTH

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

‎12-10-2014 11:47 AM

Hi,

Try changing this:

access-list 1 permit any

to this

access-list 1 permit 10.10.10.0 0.0.0.255

and test again.

HTH

0 Helpful

Go to solution
mquevedob
Level 1
Level 1
In response to Reza Sharifi

‎12-10-2014 03:31 PM

I appreciate the answers guys.

here is my new configuration (I was trying to narrow down the possibilities)

 

Current configuration : 1785 bytes
!
! Last configuration change at 23:16:12 UTC Wed Dec 10 2014 by hardrock
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname hrc_r01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
ip domain name hrc.com.py
ip name-server 190.104.163.57
ip name-server 200.3.250.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FGL1834240J
!
!
username xxxxxxxx privilege 15 password 0 xxxxxxxx
!
redundancy
!
!
!
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LAN
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description WAN
 ip address xxx.xxx.xxx.166 255.255.255.252
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
!
interface GigabitEthernet0/0/1
 no ip address
!
interface GigabitEthernet0/0/2
 no ip address
!
interface GigabitEthernet0/0/3
 no ip address
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source static 10.10.10.1 190.104.170.166
ip nat outside source static 190.104.170.166 10.10.10.1
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.165
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login local
 transport input all
line vty 5 15
 login local
 transport input all
!
scheduler allocate 20000 1000
!
end

 

now I can ping from both interfaces

 

hrc_r01#ping www.google.com source GigabitEthernet0/0
Translating "www.google.com"...domain server (190.104.163.57) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.42.147, timeout is 2 seconds:
Packet sent with a source address of 10.10.10.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/64 ms
hrc_r01#ping www.google.com source GigabitEthernet0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 173.194.42.147, timeout is 2 seconds:
Packet sent with a source address of 190.104.170.166
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 64/64/64 ms

 

when I connect the LAN interface of the router to my PC, or the LAN interface of the router to a switch and the switch to my PC i can only ping the WAP IP address xxx.xxx.xxx.166

trying to ping xxx.xxx.xxx.165 (the ISP default gateway) fails as well as any other valid IP address

 

Regards,

Martin

 

 

 

 

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mquevedob

‎12-10-2014 04:28 PM

Martin

In your updated configuration you seem to have deleted the following line -

ip nat inside source list 1 interface GigabitEthernet0/0 overload

can you add that line back in and see if it works.

Reza's change in the acl should work. If it doesn't then try modifying the acl to

access-list 101 permit ip 10.10.10.0 0.0.0.255 any

and then modify your nat line to

ip nat inside source list 101 interface gi0/0 overload

as that has always worked for me but like I say try just adding back the line you originally had.

Jon

 

Go to solution
mquevedob
Level 1
Level 1
In response to Jon Marshall

‎12-11-2014 08:56 AM

Hi Jon,

 

Thanks for your directions.

I reseted the router to defaults again and this is the current configuration with which i can now access public IP addresses from my PC

 

Current configuration : 1728 bytes
!
! Last configuration change at 16:40:22 UTC Thu Dec 11 2014
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname hrc_r01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip cef
!
!
!
!
!
!
ip domain name hrc.com.py
ip name-server 190.104.163.57
ip name-server 200.3.250.1
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1921/K9 sn FGL1834240J
!
!
username hardrock privilege 15 xxxxxxxx 0 xxxxxxxx
!
redundancy
!
!
!
!
!
ip ssh version 2
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description LAN
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description WAN
 ip address xxx.xxx.xxx.166 255.255.255.252
 ip nat outside
 no ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
!
interface GigabitEthernet0/0/1
 no ip address
!
interface GigabitEthernet0/0/2
 no ip address
!
interface GigabitEthernet0/0/3
 no ip address
!
interface Vlan1
 no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 xxx.xxx.xxx.165
!
access-list 1 permit 10.10.10.0 0.0.0.255
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 login local
 transport input all
line vty 5 15
 login local
 transport input all
!
scheduler allocate 20000 1000
!
end

 

Now I need the router to be a DNS for my PC

How can I enable it?

 

 

0 Helpful

Go to solution
mquevedob
Level 1
Level 1
In response to mquevedob

‎12-11-2014 09:30 AM

it was simple

 

ip dns server
 

 

0 Helpful

Go to solution
Zach Smith
Level 1
Level 1

‎12-10-2014 11:49 AM

From a client with a valid DHCP address from this router ping 8.8.8.8.  From here issue command on router 'show ip nat translations'  Do you see an entry for this machine?

 

also - the DHCP scope is not issuing a DNS server to your clients.  Under the dhcp-pool configuration enter dns-server x.x.x.x

 

config t

ip dhcp pool ccp-pool

dns-server x.x.x.x

 

 

 

0 Helpful

Go to solution
mquevedob
Level 1
Level 1
In response to Zach Smith

‎12-10-2014 03:37 PM

the result of show ip nat translations executed on the router is

 

hrc_r01#show ip nat translations
Pro Inside global         Inside local          Outside local         Outside global
--- ---                   ---                   10.10.10.1            190.104.170.166
--- 190.104.170.166       10.10.10.1            ---                   ---

 

but i am not sure i understood your recommendations correctly

 

0 Helpful
Customers Also Viewed These Support Documents