Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2102
Views
9
Helpful
21
Replies

Cisco Router - Cannot Get Internet Access (867VAE-K9) via Local Subnet

hasan0242
Level 1
Level 1

‎03-05-2023 06:33 PM

Hi guys 
I'm a newbie and trying to learn to Cisco IOS. I'm unable to get internet access on my router. Any help in debugging the issue will be great. I assume it has something to do with routing and ACL. I'm attaching the network diagram and running configuration as below: 

Router#sh run
Building configuration...

Current configuration : 1474 bytes
!
! Last configuration change at 02:06:35 UTC Mon Mar 6 2023
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
wan mode ethernet
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip dhcp pool Test1
network 192.168.5.0 255.255.255.0
class class1
address range 192.168.5.1 192.168.5.254
!
!
ip dhcp class class1
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
!
!
controller VDSL 0
shutdown
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
ip address 192.168.1.180 255.255.255.0
shutdown
keepalive 5
!
interface FastEthernet0
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
switchport access vlan 10
no ip address
!
interface GigabitEthernet1
no ip address
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.5.1 255.255.255.0
!
ip default-gateway 192.168.1.1
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Ethernet0 overload
ip route 0.0.0.0 0.0.0.0 Ethernet0
!
access-list 1 permit any
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 60000 1000
end

 

Labels:
Preview file
38 KB
0 Helpful
21 Replies 21

Richard Burts
Hall of Fame
Hall of Fame
In response to hasan0242

‎03-05-2023 11:59 PM

One of your issues is your default route

ip route 0.0.0.0 0.0.0.0 Ethernet0

But your path to outside is through G1. So at a minimum you need to change the interface. But there is a better alternative. I would suggest ip route 0.0.0.0 0.0.0.0 192.168.1.1.

Related to that is your question "Do I need to change IP Default Gateway". default gateway is used on devices where ip routing is not enabled. Your router needs ip routing enabled and when ip routing is enabled then the default gateway command is ignored. So no you do not need to change it, and I suggest that you remove it from the config.

HTH

Rick

hasan0242
Level 1
Level 1
In response to Richard Burts

‎03-09-2023 03:14 PM

Thanks a lot @Richard Burts for your suggestion.

I have now changed the Default-Route from Ethernet0 to GigabitEthernet1. 
I have now made following changes to the IP Route: 

 
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1
ip route 0.0.0.0 0.0.0.0 Vlan10
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 1 permit any
!
!

But, I'm still unable to access internet from 192.168.5.2 (laptop). 
I'm unable to ping 192.168.5.2 (laptop connected to GigabitEthernet 0) from 192.168.5.1 (Putty). I'm assuming GigabitEthernet 0 is dropping the ICMP packets sent from 192.168.5.1 due to routing/ NATing/ ACL issues. However, pinging from 192.168.5.2 (laptop connected to GigabitEthernet 0) to 192.168.5.1 (Putty) works. 

This is my current SH RUN exerpt. Any input to resolve this issues will be immensely helpful. 

Router#sh run
Building configuration...

Current configuration : 1430 bytes
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
wan mode ethernet
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip dhcp pool Roobuck
network 192.168.5.0 255.255.255.0
class class1
address range 192.168.5.1 192.168.5.254
!
!
ip dhcp class class1
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
!
!
controller VDSL 0
shutdown
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
keepalive 5
!
interface FastEthernet0
switchport access vlan 10
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
switchport access vlan 10
no ip address
!
interface GigabitEthernet1
ip address 192.168.1.181 255.255.255.0
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.5.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1
ip route 0.0.0.0 0.0.0.0 Vlan10
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
access-list 1 permit any
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 60000 1000
end

0 Helpful

Kasun Bandara
VIP
VIP

‎03-05-2023 07:10 PM

i assume your internet line connected to ethernet0. if so you need to unshut it. use below. also configure interface nat commands.

interface eth 0
no shut
exit

then 

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

mlund
Level 7
Level 7

‎03-14-2023 06:14 AM

According to your latest "show run" there are a few thing that have to be corrected. First you have no nat config, and there are too many ip route statement. I suggest you do following

ip nat inside source list 1 interface GigabitEthernet1 overload

interface gig 1
ip nat outside
exit

interface vlan10
ip nat inside
exit

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet1
no ip route 0.0.0.0 0.0.0.0 Vlan10

hasan0242
Level 1
Level 1
In response to mlund

‎03-14-2023 04:35 PM - edited ‎03-14-2023 05:33 PM

Thank you @mlund for your input. I have followed your commands, but still unable to ping from Router (192.168.5.1) to PC (192.168.5.3). I'm attaching the network diagram with working pings. 

Currently, I'm able to ping from Router to 192.168.1.0/24 network but cannot ping the 192.168.5.0/24 network. The internet connection might have something to do with it I assume. I might be missing something here. Any feedback would be really helpful. 

Network Diagram2-1.jpg

 and also I'm posting latest sh run exerpt. 

Router#sh run
Building configuration...

Current configuration : 1600 bytes
!
! Last configuration change at 22:56:11 UTC Tue Mar 14 2023
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
wan mode ethernet
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip dhcp pool Roobuck
network 192.168.5.0 255.255.255.0
class class1
address range 192.168.5.1 192.168.5.254
!
!
ip dhcp class class1
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
!
!
controller VDSL 0
shutdown
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0
no ip address
shutdown
keepalive 5
!
interface FastEthernet0
switchport access vlan 10
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface GigabitEthernet0
switchport access vlan 10
no ip address
!
interface GigabitEthernet1
ip address 192.168.1.181 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1
ip route 0.0.0.0 0.0.0.0 Vlan10
!
access-list 1 permit any
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 60000 1000
end

Router#
Router#ping 192.168.5.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
0 Helpful

hasan0242
Level 1
Level 1
In response to mlund

‎03-14-2023 08:50 PM

Hi @mlund I have rectified the commands again as I didn't save the config last time. 
Still same issue where the Vlan10 network (192.168.5.1/24) cannot communicate within itself. For example: I have connected two hosts. One on GE0 and Another on FE0. Both have switchport interface Vlan10. Both have IPs  192.168.5.2 and 192.168.5.3. From both hosts, I can ping GE0 which have 192.168.5.1 IP, but can't ping the other way around. Also, I can't ping the hosts from each other. 

This is my latest sh run: 

Router#sh run
Building configuration...

Current configuration : 1478 bytes
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
wan mode ethernet
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip dhcp pool Roobuck
 network 192.168.5.0 255.255.255.0
 class class1
  address range 192.168.5.1 192.168.5.254
!
!
ip dhcp class class1
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
!
!
controller VDSL 0
 shutdown
!
!
!
!
!
!
!
!
!
!
interface ATM0
 no ip address
 shutdown
 no atm ilmi-keepalive
!
interface Ethernet0
 no ip address
 shutdown
 keepalive 5
!
interface FastEthernet0
 switchport access vlan 10
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface GigabitEthernet0
 switchport access vlan 10
 no ip address
!
interface GigabitEthernet1
 ip address 192.168.1.181 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
!
interface Vlan10
 ip address 192.168.5.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet1 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
!
!
!
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 login
 transport input all
!
scheduler allocate 60000 1000
end

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to hasan0242

‎03-15-2023 12:10 AM

Thanks for posting the running config. The main thing that I notice is that your nat uses access list 1 but that there is no access list 1 in the configuration. I suggest that you configure access list 1 to permit 192.168.5.0 and see if the behavior changes.

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card