I'm having the same issue with no connectivity....I'm using a 2901 connecting directly to my PC...

BUT I think it has something to do with my ISP more than anything....I have Brighthouse and I had to clone my MAC Address to get connectivity before on my OLD Linksys WRT54G

I was able to ping 4.2.2.2 and 8.8.8.8

Even if I clone my MAC-Address from my laptop and reboot the modem it still does not get internet....

I feel like I am missing something simple...

SE_2901#sho run

Building configuration...

Current configuration : 2452 bytes

!

! Last configuration change at 00:40:25 UTC Tue Jun 4 2013

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SE_2901

!

boot-start-marker

boot-end-marker

!

!

! card type command needed for slot/vwic-slot 0/1

no logging console

enable secret 4 NJLpwJfYchJs0GNgXWRcVid4ApT9T34xgDE86XDadU2

enable password cisco123

!

no aaa new-model

!

ip cef

!

!

!

ip dhcp excluded-address 192.168.1.0 192.168.1.99

!

ip dhcp pool MY_LAN

import all

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

!

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

!

license udi pid CISCO2901/K9 sn FTX164982S5

hw-module pvdm 0/0

!

!

!

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

!

interface GigabitEthernet0/0

description WAN

ip address dhcp

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

description LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface BRI0/0/0

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/1

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/2

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/3

no ip address

encapsulation hdlc

shutdown

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list MY_LAN interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 192.168.0.1

!

ip access-list standard MY_LAN

permit 192.168.1.0 0.0.0.255

!

ip access-list extended MY_WAN

permit tcp any any established

deny   tcp any any

permit ip any any

!

!

!

!

control-plane

!

!

!

!

!

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

!

!

!

!

gatekeeper

shutdown

!

!

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password C!sc0123

login

transport input all

!

scheduler allocate 20000 1000

!

end

Any help would be appreciated

It would be helpful if you would post the output of show ip interface brief. This will give us confirmation of the addresses being used and the status of the interfaces.  And it will answer the first important question - is the interface to the Internet up and is the router learning an IP address?

I will point out a couple of things:

- your static default route is

ip route 0.0.0.0 0.0.0.0 192.168.0.1

so where is the next hop of 192.168.0.1? The next hop for the default route should be the ISP device. Is 192.168.0.1 the address of the ISP device?

- you have configured NAT and that is something that many people miss. However your NAT is using the address of the inside interface.ip nat inside source list MY_LAN interface GigabitEthernet0/1 overload

that would certainly be a problem that would prevent access to the Internet.

- your outside interface has this access list applied MY_WAN. But the logic of the access list is puzzling. It permits response traffic for TCP sessions initiated from inside but then denies any TCP session initiated from outside. That would prevent things like someone in the Internet sending Email into your network.

HTH

Rick

SE_2901#sho ip int brief

Interface                  IP-Address      OK? Method Status                Protocol

Embedded-Service-Engine0/0 unassigned      YES NVRAM  initializing          down

GigabitEthernet0/0         184.90.95.175   YES DHCP   up                    up

GigabitEthernet0/1         192.168.1.1     YES NVRAM  up                    up

I have my GE0/0 plugged into my Cable modem...

Thanks for the additional information. the good news is that the interface to the ISP is up and is learning an address. Which should mean that when you have addressed the issues in your config that you should be able to get Internet access.

This information confirms my suggestion that your default route is not correct. That is a big issue preventing your Internet access. It also confirms my suggestion that your address translation is not right.

I think that the access list is odd. But it should not prevent Internet access.

HTH

Rick

Hello Joe,

There is a problem in that the router does not present its MAC address in the appropriate manner. You can see the last three posts here on this: https://supportforums.cisco.com/thread/2215481

Please follow this and change config to the below. Then let us know if it works for you.

hostname SE_2901

!

boot-start-marker

boot-end-marker

!

ip cef

!

!

!

ip dhcp excluded-address 192.168.1.0 192.168.1.99

!

ip dhcp pool MY_LAN

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

interface GigabitEthernet0/0

description WAN

ip address dhcp

ip dhcp client-id hex [YOUR INTERFACE MAC ADDRESS of your router]

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description LAN

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface BRI0/0/0

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/1

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/2

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/3

no ip address

encapsulation hdlc

shutdown

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list MY_LAN interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 dhcp

!

ip access-list standard MY_LAN

permit 192.168.1.0 0.0.0.255

!

ip access-list extended MY_WAN

permit tcp any any established

deny   tcp any any

permit ip any any

Hope this helps

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Here is my current confi with the changes....

Still not able to get an IP Address, I get a 169.xx even after doing a reboot etc...

SE_2901#sho run

Building configuration...

Current configuration : 3189 bytes

!

! Last configuration change at 19:53:32 UTC Wed Jun 5 2013

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SE_2901

!

boot-start-marker

boot-end-marker

!

!

! card type command needed for slot/vwic-slot 0/1

no logging console

enable password C!sc0123

!

no aaa new-model

!

no ip cef

!

!

!

!

ip dhcp pool MY_LAN

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

!

!

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

!

license udi pid CISCO2901/K9 sn FTX164982S5

hw-module pvdm 0/0

!

!

!

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description LAN

ip address 192.168.1.1 255.255.255.0

ip access-group MY_LAN in

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description WAN

mac-address d4be.d985.1d75

ip address dhcp

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface BRI0/0/0

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/1

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/2

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/3

no ip address

encapsulation hdlc

shutdown

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list MY_LAN interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 dhcp

!

ip access-list standard MY_LAN

permit 192.168.1.0 0.0.0.255

!

ip access-list extended MY_WAN

permit tcp any any established

permit ip any any

!

!

!

!

control-plane

!

!

!

!

!

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

!

!

!

!

gatekeeper

shutdown

!

!

banner login ^C

*************************************************

________4$$$$`_____________________________,,,_

_______4$$$$$$$`_________________________4$$$`

________`$$$$$$$`______,,________,,_______4$$$$4

_________`$$$$$$$`____4$$`_____4$$`____4$$$$$4

__________`$$$$$$$`_4$$$$$`_4$$$$$`__4$$$$$$$4

___________`$$$$$$$_$$$$$$$_$$$$$$$_4$$$$$$$4_

____________`$$$$$$_$$$$$$$_$$$$$$$`4$$$$$$4_

___,,,,,,______`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$4_

_4$$$$$`____`$$$$$$_$$$$$$$_$$$$$$$_$$$$$$4_

4$$$$$$$$$`4$$$$$$$_$$$$$$$_$$$$$$$_$$$$$4_

4$$$$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$$_$$$$$4_

___`$$$$$$$$$$$$$$$_$$$$$$$_$$$$$$_$$$$$$4_

______`$$$$$$$$$$$$$_$$$$$__$$_$$$$$$_$$4_

_______`$$$$$$$$$$$$,___,$$$$,_____,$$$$$4_

_________`$$$$$$$$$$$$$$$$$$$$$$$$$$$$$4_

__________`$$$$$$$$$$$$$$$$$$$$$$$$$$$4_

____________`$$$$$$$$$$$$$$$$$$$$$$$$4_

_______________`$$$$$$$$$$$$$$$$$$$$4_

                2901 Likes to Party

************************************************

^C

!

line con 0

password C!sc0123

login

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password C!sc0123

login

transport input all

!

scheduler allocate 20000 1000

!

end

I am not clear why you are not getting an IP address and perhaps that is the first problem to solve. Can you tell us the details about how your PC is connected to the router? Is it a direct connection PC to router or is it connected through a switch?

Can you post the output of show ip interface brief from the router?

HTH

Rick

Hello Joe - I've realised you have changed your interfaces around (LAN and WAN), please stick with one configuration so we do not confuse matters.

Also you didn't complete my request to change the configuration to exactly the way I requested for you to change it.

Another thing I'd like to mention is you are using the wrong MAC address for your interface. The MAC address you have specified is for a DELL device and not the Cisco interface.

And its the wrong command anyway so it's pretty useless.

As I stated previously please see my other post to which I gave a link to. You also stated that GE0/0 was connected to your cable modem. But your latest configuration suggests its connected to the LAN.

I stated this:

interface GigabitEthernet0/0

description WAN

ip address dhcp

ip dhcp client-id hex [YOUR INTERFACE MAC ADDRESS of your router in hex format i.e. no dots]

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

You configured this:

interface GigabitEthernet0/1

description WAN

mac-address d4be.d985.1d75 - remove this

ip address dhcp

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

Thank you,

I am still getting a 169.XX but I can ping out to 8.8.8.8 on the router at least, so it has to still be an internal thing...

Here is my config and my sho ip int brief as well as my pings

SE_2901#sho run

Building configuration...

Current configuration : 2244 bytes

!

! Last configuration change at 13:03:57 UTC Thu Jun 6 2013

version 15.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname SE_2901

!

boot-start-marker

boot-end-marker

!

!

! card type command needed for slot/vwic-slot 0/1

no logging console

!

no aaa new-model

!

ip cef

!

!

!

!

ip dhcp pool MY_LAN

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

!

!

!

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

voice-card 0

!

!

!

!

!

!

!

!

license udi pid CISCO2901/K9 sn FTX164982S5

hw-module pvdm 0/0

!

!

!

!

redundancy

!

!

!

!

!

!

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description WAN

ip dhcp client client-id hex E4D3F1459CD0

ip address dhcp

ip access-group MY_WAN in

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

description LAN

ip address 192.168.1.1 255.255.255.0

ip access-group MY_LAN in

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface BRI0/0/0

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/1

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/2

no ip address

encapsulation hdlc

shutdown

!

interface BRI0/0/3

no ip address

encapsulation hdlc

shutdown

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list MY_LAN interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 dhcp

!

ip access-list standard MY_LAN

permit 192.168.1.0 0.0.0.255

!

ip access-list extended MY_WAN

permit tcp any any established

permit ip any any

!

!

!

!

control-plane

!

!

!

!

!

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

!

!

!

!

gatekeeper

shutdown

!

!

!

line con 0

exec-timeout 2 0

password C!sc0123

login

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password C!sc0123

login

transport input all

!

scheduler allocate 20000 1000

!

end

SE_2901#sho ip int brief

Interface                  IP-Address      OK? Method Status                Protocol

Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down

GigabitEthernet0/0         184.90.79.176   YES DHCP   up                    up

GigabitEthernet0/1         192.168.1.1     YES NVRAM  up                    up

BRI0/0/0                   unassigned      YES NVRAM  administratively down down

BRI0/0/1                   unassigned      YES NVRAM  administratively down down

BRI0/0/2                   unassigned      YES NVRAM  administratively down down

BRI0/0/3                   unassigned      YES NVRAM  administratively down down

BRI0/0/0:1                 unassigned      YES unset  administratively down down

BRI0/0/0:2                 unassigned      YES unset  administratively down down

BRI0/0/1:1                 unassigned      YES unset  administratively down down

BRI0/0/1:2                 unassigned      YES unset  administratively down down

BRI0/0/2:1                 unassigned      YES unset  administratively down down

BRI0/0/2:2                 unassigned      YES unset  administratively down down

BRI0/0/3:1                 unassigned      YES unset  administratively down down

BRI0/0/3:2                 unassigned      YES unset  administratively down down

NVI0                       unassigned      YES unset  administratively down down

SE_2901#ping 8.8.8.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/28 ms

SE_2901#

SE_2901#ping 192.168.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

SE_2901#

SE_2901#ping 4.2.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/36/40 ms

SE_2901#

So I think you mean you got access to the internet now on your router and you have picked up an IP address.

Its your PC/Laptop that is not getting IP from DHCP..... right?

interface GigabitEthernet0/1

description LAN

ip address 192.168.1.1 255.255.255.0

ip access-group MY_LAN in   <----------------Remove this please

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

ip dhcp pool MY_LAN

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 4.2.2.2 8.8.8.8 <------------------ Add this please

ip dhcp excluded-address 192.168.1.0 192.168.1.100 <--------------------- Add this please

================================================

So the actions are here:

Conf t

!

interface GigabitEthernet0/1

no ip access-group MY_LAN in

!

ip dhcp pool MY_LAN

dns-server 4.2.2.2 8.8.8.8

!

ip dhcp excluded-address 192.168.1.0 192.168.1.100

!

end

copy run start

Then try to get an ip address again. Perhaps take out the cable for the LAN and reconnect.

Hope this helps

Please rate useful posts & remember to mark any solved questions as answered. Thank you.

As I look at the config that was posted I realize why the PC was not getting an IP address from DHCP. The access list applied was permitting only traffic from source addresses in the network 192.168.1.0, which seems logical since that would be the address of hosts on that network segment. However the DHCP request would have source address of 0.0.0.0 and that would be denied by the ACL. So Bilal's suggestion to remove the ACL will allow DHCP. I might suggest modifying the ACL rather than removing it. If you add a permit host 0.0.0.0 it would enforce some security on the traffic arriving on the interface and would allow DHCP to work.

HTH

Rick

That worked removing the access group on the LAN interface - I'm online now

Thanks for all your help!!

Hello!, My conf looks similar but I cannot connect to the internet

I get an External IP address via DHCP from the Cable modem
Clients inside the network get an IP address from Router's DHCP server
I can ping that the external IP address from a client inside my network
I cannot ping 8.8.8.8
Did a traceroute and ping dies at router's internal IP (GigabitEthernet0/1)

I think the issue might be at the NAT configuration, any ideas are very welcome!

This is my config:

ip dhcp excluded-address 10.0.0.1 10.0.0.25

ip dhcp pool 10
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 10.0.0.1

interface GigabitEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto

ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip nat inside source list LAN interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip access-list standard LAN
permit 10.0.0.0 0.0.255.255
!
ip access-list extended WAN

permit tcp any any established
permit ip any any

Hello!, My conf looks similar but I cannot connect to the internet

I get an External IP address via DHCP from the Cable modem
Clients inside the network get an IP address from Router's DHCP server
I can ping that the external IP address from a client inside my network
I cannot ping 8.8.8.8
Did a traceroute and ping dies at router's internal IP (GigabitEthernet0/1)

I think the issue might be at the NAT configuration, any ideas are very welcome!

This is my config:

ip dhcp excluded-address 10.0.0.1 10.0.0.25

ip dhcp pool 10
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 10.0.0.1

interface GigabitEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 10.0.0.1 255.255.255.0
ip nat inside
duplex auto
speed auto

ip classless
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
ip nat inside source list LAN interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
ip access-list standard LAN
permit 10.0.0.0 0.0.255.255
!
ip access-list extended WAN

permit tcp any any established
permit ip any any