Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
795
Views
5
Helpful
3
Replies

Hosts cannot reach internet behind cisco 1841

Go to solution
David6
Level 1
Level 1

‎01-12-2018 11:35 PM - edited ‎03-08-2019 01:24 PM

So I was trying to test my internet connection with a cisco 1841 and a catalyst 3750 as a layer 2 switch

but without much success from the LAN side. It is a simple topology as below:

 

PC -----  3750 switch ----- 1841 ------ internet

 

The 1841 serves as the gateway router and DHCP server for my LAN. It can ping and traceroute public IPs and my LAN devices. NAT has also been verified working, yet when inititated from LAN devices it cannot go beyond the intranet. I tried connecting the PC to 1841 f0/0 and it was still the same as when connected to the switch.

 

Below is a copy of the 1841 config:

 

===============================================================================

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C1841
!
boot-start-marker
boot system flash c1841-adventerprisek9-mz.151-4.M8.bin
boot-end-marker
!
!
enable secret 5 $9$XBm/$.QXWxyAtBCdBsi9quHEgp0
!
no aaa new-model
!
dot11 syslog
no ip source-route
!
!
!
!
ip dhcp pool POOL
network 192.168.0.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.0.1
!
ip dhcp pool HOST01
host 192.168.0.3 255.255.255.0
client-identifier 0174.d02b.21a0.1d
client-name don
!
ip cef
ip domain name local
ip name-server 8.8.8.8
no ipv6 cef
!
multilink bundle-name authenticated
!
!
username don privilege 15 secret 5 $1&6gjq$TbB594thIMNSYOecbMogJC
!
redundancy
!
!
ip ssh version 2
!
interface FastEthernet0/0
description LAN
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/1
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface FastEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 dhcp
!
access-list 1 permit 192.168.0.0 0.0.0.255 log
!
control-plane
!

----------------------------------------------------------------------------------------

C1841#sh ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.0.1 YES NVRAM up up
FastEthernet0/1 218.102.108.203 YES DHCP up up
NVI0 192.168.0.1 YES unset up up

----------------------------------------------------------------------------------------

C1841#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 218.102.108.254 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 218.102.108.254, FastEthernet0/1
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, FastEthernet0/0
L 192.168.0.1/32 is directly connected, FastEthernet0/0
218.102.108.0/24 is variably subnetted, 2 subnets, 2 masks
C 218.102.108.0/24 is directly connected, FastEthernet0/1
L 218.102.108.203/32 is directly connected, FastEthernet0/1

-----------------------------------------------------------------------------------------

C1841#traceroute 8.8.8.8 so 192.168.0.1
Type escape sequence to abort.
Tracing the route to google-public-dns-a.google.com (8.8.8.8)
VRF info: (vrf in name/id, vrf out name/id)
1 10.193.232.75 0 msec 4 msec
10.193.233.75 4 msec
2 10.193.232.85 4 msec 0 msec
10.193.233.85 4 msec
3 * * *
4 72.14.219.16 4 msec 4 msec 4 msec
5 * * *
6 108.170.226.114 4 msec
108.170.233.0 4 msec
72.14.236.166 4 msec
7 108.170.241.108 4 msec 4 msec
108.170.241.79 8 msec
8 74.125.251.11 [MPLS: Label 336773 Exp 4] 4 msec
108.170.232.210 [MPLS: Label 24905 Exp 4] 4 msec
209.85.142.193 [MPLS: Label 25669 Exp 4] 4 msec
9 209.85.142.172 [MPLS: Label 25496 Exp 4] 16 msec
216.239.46.119 [MPLS: Label 467493 Exp 4] 16 msec
209.85.247.124 [MPLS: Label 25758 Exp 4] 16 msec
10 74.125.37.89 16 msec
209.85.252.13 16 msec
216.239.51.219 16 msec
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 google-public-dns-a.google.com (8.8.8.8) 16 msec 16 msec 16 msec


C1841#ping 8.8.8.8 so 192.168.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms


C1841#sh ip nat trans
Pro Inside global Inside local Outside local Outside global
icmp 218.102.108.203:9 192.168.0.1:9 8.8.8.8:9 8.8.8.8:9
udp 218.102.108.203:49280 192.168.0.1:49280 8.8.8.8:33434 8.8.8.8:33434
udp 218.102.108.203:49281 192.168.0.1:49281 8.8.8.8:33435 8.8.8.8:33435
udp 218.102.108.203:49282 192.168.0.1:49282 8.8.8.8:33436 8.8.8.8:33436
udp 218.102.108.203:49283 192.168.0.1:49283 8.8.8.8:33437 8.8.8.8:33437
udp 218.102.108.203:49284 192.168.0.1:49284 8.8.8.8:33438 8.8.8.8:33438
udp 218.102.108.203:49285 192.168.0.1:49285 8.8.8.8:33439 8.8.8.8:33439
udp 218.102.108.203:49286 192.168.0.1:49286 8.8.8.8:33440 8.8.8.8:33440
udp 218.102.108.203:49287 192.168.0.1:49287 8.8.8.8:33441 8.8.8.8:33441
udp 218.102.108.203:49288 192.168.0.1:49288 8.8.8.8:33442 8.8.8.8:33442
udp 218.102.108.203:49289 192.168.0.1:49289 8.8.8.8:33443 8.8.8.8:33443
udp 218.102.108.203:49290 192.168.0.1:49290 8.8.8.8:33444 8.8.8.8:33444
udp 218.102.108.203:49291 192.168.0.1:49291 8.8.8.8:33445 8.8.8.8:33445
udp 218.102.108.203:49292 192.168.0.1:49292 8.8.8.8:33446 8.8.8.8:33446
udp 218.102.108.203:49293 192.168.0.1:49293 8.8.8.8:33447 8.8.8.8:33447

----------------------------------------------------------------------------------------

 

Any advices are much appreciated!

 

Best regards,

 

David

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎01-13-2018 02:17 AM

Hello,

 

the 'log' keyword at the end of your access list kills your NAT. Remove that and see if it works:

 

access-list 1 permit 192.168.0.0 0.0.0.255 log

 

should be:

 

access-list 1 permit 192.168.0.0 0.0.0.255 

View solution in original post

3 Replies 3

Go to solution
Georg Pauwen
VIP
VIP

‎01-13-2018 02:17 AM

Hello,

 

the 'log' keyword at the end of your access list kills your NAT. Remove that and see if it works:

 

access-list 1 permit 192.168.0.0 0.0.0.255 log

 

should be:

 

access-list 1 permit 192.168.0.0 0.0.0.255 

Go to solution
David6
Level 1
Level 1
In response to Georg Pauwen

‎01-13-2018 03:57 AM

Dear Georg,
That solved it for me! You are the man!
Only reason I put log in the end is to troubleshoot, who would have thought it is the cause of the problem!

Thank you again, friend!

Best regards,
David
0 Helpful

Go to solution
paul driver
VIP
VIP

‎01-13-2018 02:17 AM - edited ‎01-13-2018 02:34 AM

Hello

Apologies not sure what you are querying - can you elaborate a bit more please, Do you mean your lan pc cannot access the internet but from the rtr lan interface it can?

 

If so how is the switch configured?

 

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card