Solved: Connecting my VLANs to internet

Hakim RS · ‎05-04-2017

hi everyone,

I got a cisco router 891f, and i need to connect it to two LANs ( 192.168.8.x and 192.168.20.x) and to another ISP router on the WAN interface GI8

I configured DHCP pools on the GI2 and Gi3 so they can assign ip addresses to the devices that will be connected on them.

The WAN interface is on the DHCP

I tested the configuration i connected an isp router and a Pc on the first LAN, this pc got an IP address but no internet connection

here s what sh runninng-config shows:

C891F#sh running-config
Building configuration...

Current configuration : 3704 bytes
!
! Last configuration change at 09:09:16 UTC Thu May 4 2017
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname C891F
!
boot-start-marker
boot-end-marker
!
!
enable secret
enable password
!
no aaa new-model
!
!
no ip routing
!
!
!
!
!
!
!
!

!
ip dhcp relay information option
ip dhcp excluded-address 192.168.8.1 192.168.8.29
ip dhcp excluded-address 192.168.8.201 192.168.8.254
ip dhcp excluded-address 192.168.20.1 192.168.20.9
ip dhcp excluded-address 192.168.20.251 192.168.20.254
ip dhcp excluded-address 192.168.1.10 192.168.1.254
ip dhcp excluded-address 192.168.8.1 192.168.8.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
ip dhcp excluded-address 192.168.20.250 192.168.20.254
ip dhcp excluded-address 192.168.8.250 192.168.8.254
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool vlan100
network 192.168.8.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.8.1
!
ip dhcp pool vlan200
network 192.168.20.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.20.1
!
ip dhcp pool proximus
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.1
!
!
ip dhcp class Employes
option 60 hex 010203
!
ip dhcp class Etudiants
option 60 hex 010203
!
ip dhcp class proximus
option 60 hex 010203
!
!
no ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C891F-K9 sn FCZ205390HP
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface BRI0
no ip address
encapsulation hdlc
no ip route-cache
shutdown
isdn termination multidrop
isdn point-to-point-setup
!
interface FastEthernet0
ip address dhcp
no ip route-cache
duplex auto
speed auto
!
interface GigabitEthernet0
switchport access vlan 300
no ip address
!
interface GigabitEthernet1
switchport access vlan 100
no ip address
!
interface GigabitEthernet2
switchport access vlan 100
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
no ip address
duplex full
speed 100
!
interface GigabitEthernet3
switchport access vlan 200
ip dhcp relay information option-insert
ip dhcp relay information check-reply
ip dhcp relay information policy-action replace
no ip address
duplex full
speed 100
!
interface GigabitEthernet4
no ip address
shutdown
!
interface GigabitEthernet5
no ip address
shutdown
!
interface GigabitEthernet6
no ip address
shutdown
!
interface GigabitEthernet7
switchport access vlan 400
no ip address
!
interface GigabitEthernet8
ip address dhcp
ip helper-address 192.168.1.1
no ip route-cache
duplex auto
speed auto
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan100
ip address 192.168.8.1 255.255.255.0
ip helper-address 192.168.8.1
!
interface Vlan200
ip address 192.168.20.1 255.255.255.0
ip helper-address 192.168.20.1
!
interface Vlan300
no ip address
!
interface Vlan400
no ip address
!
interface Vlan2000
no ip address
!
interface Async3
no ip address
encapsulation slip
no ip route-cache
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!
dialer-list 1 protocol ip permit
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line 3
modem InOut
speed 115200
flowcontrol hardware
line vty 0 4
password sbpadmin
login
transport input none
!
scheduler allocate 20000 1000
!
!
end

chrihussey · ‎05-04-2017

You probably need to configure NAT so that the PCs use the WAN IP address provided by the ISP. Below is link (not Cisco) that might help:

http://xyfon.com/tech-tips/configure-internet-access-cisco-891/

Also, a couple of things I noticed:

1- You don't need an IP helper on the WAN interface.

2- You may want to change your default route to "ip route 0.0.0.0 0.0.0.0 gigabitEthernet 8 dhcp" for smoother operation. Without the dhcp extension the router may make an ARP request for each connection to the Internet.

Hope this helps.

View solution in original post

chrihussey · ‎05-04-2017

Yes. You have routing turned off on the router. The config shows:

!
no ip routing
!

You need to enable it.

View solution in original post

chrihussey · ‎05-04-2017

You probably need to configure NAT so that the PCs use the WAN IP address provided by the ISP. Below is link (not Cisco) that might help:

http://xyfon.com/tech-tips/configure-internet-access-cisco-891/

Also, a couple of things I noticed:

1- You don't need an IP helper on the WAN interface.

2- You may want to change your default route to "ip route 0.0.0.0 0.0.0.0 gigabitEthernet 8 dhcp" for smoother operation. Without the dhcp extension the router may make an ARP request for each connection to the Internet.

Hope this helps.

Hakim RS · ‎05-04-2017

Now i m facing another issue , the pc that i putted yesterday on the LAN, i can t ping it

when i tape show ip dhcp binding, it doesnt show me the pc, while yesterday it did.

The pc kept the address ip that he got yesterday, but i can t ping it and doesn t exitst n dhcp binding devices

chrihussey · ‎05-04-2017

Strange

You just removed the IP helper from the WAN interface. correct?

Might be a good idea to reboot the PC if you haven't already.

Hakim RS · ‎05-04-2017

yeah i removed the ip helper,

I can t reboot the pc , i don t have access to it. I configure the router from distance

chrihussey · ‎05-04-2017

So the interface is up and you have a recent ARP entry for the PC but you can't ping it even locally?

Is it possible the PC just went into hibernation or sleep mode?

Hakim RS · ‎05-04-2017

No , i just checked, i asked to put it on the GI3 interface and it got another ip addr, but still can t ping it.

What s more strange, is when i tap sh ip route : here all what i got:

C891F#sh ip route
Default gateway is 192.168.1.1

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
C891F#

Strange no ? Did i miss something ?

chrihussey · ‎05-04-2017

Yes. You have routing turned off on the router. The config shows:

!
no ip routing
!

You need to enable it.

Hakim RS · ‎05-04-2017

I activated the ip routing, and when i did that ,

some NAT messages appear and they don t stop apparing

some NAT messages that look like:

*May 4 14:23:40.075: NAT*: s=192.168.20.11->192.168.1.2, d=40.77.229.85 [26042]

*May 4 14:22:19.467: NAT*: s=192.168.20.11->192.168.1.2, d=23.218.187.198 [27452]

...

chrihussey · ‎05-04-2017

Looks like stuff is now working. I assume the 192.168.20.11 is the PC.

You might have logging turned on in some way for the NAT or possibly a debug enabled.

Hakim RS · ‎05-05-2017

Thank you chrihussey, you ve been very helpful.

It s working now after i reloaded the router.

I miss the NAT configuration and activating the ip routing as u said.

Thanks a lot