06-21-2016 08:47 AM - edited 03-08-2019 06:18 AM
Hi, wondering if someone can help me here.
Ive been setting up extra LANs on my test bench Cisco 2821 router and they do not seem to be working. Im pretty sure its me missing something obvious. I have been using the following settings:
interface GigabitEthernet0/1.210
encapsulation dot1Q 210
ip address 10.2.10.1 255.255.255.0
ip access-group Permit-ACL in
no ip redirects
ip nat inside
ip virtual-reassembly
My device on the network can ping the router but not get out on to the internet and my router cannot ping the device
The router is 10.2.10.1 (obviously) and the device is 10.2.10.2
any advice would be greatly appreciated
Thanks
Solved! Go to Solution.
06-21-2016 11:28 AM
Ok if no nat translations appears for this PC or the router interface itself, it could be the NAT acl that doesn't allow this subnets to go outside.
Could you check this acl and add at the end of acl (before the deny statement if you have one) permit ip 10.2.10.0 0.0.0.255 any ?
Don't forget as well to deny on this NAT acl traffic between your internal networks (to avoid that natting occurs in that specific case, if needed, dependent on your design)
Thanks
PS: Please don't forget to rate and mark as correct answer if this solved your issue
06-21-2016 09:07 AM
Hi
I would be happy to help but there are missing information.
You've already created the lan interface for your hosts. On this interface there is an acl and natting.
Could you please provide a copy of your acl and nat configuration please?
Thanks
06-21-2016 09:55 AM
Hi, the ACL is no longer on the interface and the nat config seems to work on other interfaces so it can't be that.
Thanks for the quick reply
Dan
06-21-2016 10:05 AM
Ok for ACL, let's forget any blocking acl that drops some traffics.
You said that your device can't access the internet but with only the interface configuration is quite difficult. You said that nat is working on other interface, then routing seems to not be an issue. Well, I'm quite sure your using an ACL to match what should be natted or not. Did you add this subnet into that acl?
If Yes, did you tried to ping 8.8.8.8 from this router interface?
When a host on this network is trying to access internet, do you see nat translations?
You also said my router cannot ping the device
If you connect this PC on another network interface, does everything works (Is there a firewall to this pc?)
Is this PC on this network able to reach other hosts? who's providing DHCP? (I'm quite sure you don't have dhcp issue, but just in case to check that quickly)
Thanks
PS: Please don't forget to rate and mark as correct answer if this solved your issue
06-21-2016 10:23 AM
Other interfaces are working fine with the same interface settings. I have not applied a ACL to any of the interfaces as it seemed to let all the traffic through. From the problematic interface i cannot ping 8.8.8.8. The PC was taken from a working environment so i am pretty sure that is alright. An i am setting static addresses on this interface so no need for DHCP
Thanks
Dan
06-21-2016 11:28 AM
Ok if no nat translations appears for this PC or the router interface itself, it could be the NAT acl that doesn't allow this subnets to go outside.
Could you check this acl and add at the end of acl (before the deny statement if you have one) permit ip 10.2.10.0 0.0.0.255 any ?
Don't forget as well to deny on this NAT acl traffic between your internal networks (to avoid that natting occurs in that specific case, if needed, dependent on your design)
Thanks
PS: Please don't forget to rate and mark as correct answer if this solved your issue
06-21-2016 11:39 AM
Thanks very much, that solved it. Knew it was something simple, just needed someone else to go through the steps
Thanks very much
Dan
06-21-2016 12:00 PM
I still however cannot ping the device from the router? but the PC has full connectivity to the internet?
06-21-2016 12:02 PM
And also the device can ping the router successfully
Thanks
06-21-2016 12:17 PM
From the router, you can't ping your laptop?
Have you checked if there is any software firewall?
Just for testing purpose can you shut the windows firewall (netsh command + firewall windows service) if you're running windows and test again?
Otherwise can you plug this pc into another network and do the same test, I mean pinging it from router?
Thanks
PS: Please don't forget to rate and mark as correct answer if this solved your issue
06-21-2016 12:33 PM
Right thank you, this is all working now.
06-21-2016 12:58 PM
you're very welcome
06-21-2016 10:27 AM
There is also no NAT translations when trying to ping 8.8.8.8 from the interface
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide