Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
636
Views
0
Helpful
12
Replies

LAN interface Settings

Go to solution
dpoulter1
Level 1
Level 1

‎06-21-2016 08:47 AM - edited ‎03-08-2019 06:18 AM

Hi, wondering if someone can help me here.

Ive been setting up extra LANs on my test bench Cisco 2821 router and they do not seem to be working. Im pretty sure its me missing something obvious. I have been using the following settings:


interface GigabitEthernet0/1.210
encapsulation dot1Q 210
ip address 10.2.10.1 255.255.255.0
ip access-group Permit-ACL in
no ip redirects
ip nat inside
ip virtual-reassembly

My device on the network can ping the router but not get out on to the internet and my router cannot ping the device

The router is 10.2.10.1 (obviously) and the device is 10.2.10.2

any advice would be greatly appreciated

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to dpoulter1

‎06-21-2016 11:28 AM

Ok if no nat translations appears for this PC or the router interface itself, it could be the NAT acl that doesn't allow this subnets to go outside.

Could you check this acl and add at the end of acl (before the deny statement if you have one) permit ip 10.2.10.0 0.0.0.255 any ?

Don't forget as well to deny on this NAT acl traffic between your internal networks (to avoid that natting occurs in that specific case, if needed, dependent on your design)

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
12 Replies 12

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-21-2016 09:07 AM

Hi 

I would be happy to help but there are missing information.

You've already created the lan interface for your hosts. On this interface there is an acl and natting. 

Could you please provide a copy of your acl and nat configuration please?

Thanks 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
dpoulter1
Level 1
Level 1
In response to Francesco Molino

‎06-21-2016 09:55 AM

Hi, the ACL is no longer on the interface and the nat config seems to work on other interfaces so it can't be that. 

Thanks for the quick reply

Dan

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to dpoulter1

‎06-21-2016 10:05 AM

Ok for ACL, let's forget any blocking acl that drops some traffics.

You said that your device can't access the internet but with only the interface configuration is quite difficult. You said that nat is working on other interface, then routing seems to not be an issue. Well, I'm quite sure your using an ACL to match what should be natted or not. Did you add this subnet into that acl?

If Yes, did you tried to ping 8.8.8.8 from this router interface?

When a host on this network is trying to access internet, do you see nat translations?

You also said my router cannot ping the device

If you connect this PC on another network interface, does everything works (Is there a firewall to this pc?)

Is this PC on this network able to reach other hosts? who's providing DHCP? (I'm quite sure you don't have dhcp issue, but just in case to check that quickly)

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
dpoulter1
Level 1
Level 1
In response to Francesco Molino

‎06-21-2016 10:23 AM

Other interfaces are working fine with the same interface settings. I have not applied a ACL to any of the interfaces as it seemed to let all the traffic through. From the problematic interface i cannot ping 8.8.8.8. The PC was taken from a working environment so i am pretty sure that is alright. An i am setting static addresses on this interface so no need for DHCP

Thanks 

Dan

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to dpoulter1

‎06-21-2016 11:28 AM

Ok if no nat translations appears for this PC or the router interface itself, it could be the NAT acl that doesn't allow this subnets to go outside.

Could you check this acl and add at the end of acl (before the deny statement if you have one) permit ip 10.2.10.0 0.0.0.255 any ?

Don't forget as well to deny on this NAT acl traffic between your internal networks (to avoid that natting occurs in that specific case, if needed, dependent on your design)

Thanks

PS: Please don't forget to rate and mark as correct answer if this solved your issue


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
dpoulter1
Level 1
Level 1
In response to Francesco Molino

‎06-21-2016 11:39 AM

Thanks very much, that solved it. Knew it was something simple, just needed someone else to go through the steps

Thanks very much 

Dan

0 Helpful

Go to solution
dpoulter1
Level 1
Level 1
In response to dpoulter1

‎06-21-2016 12:00 PM

I still however cannot ping the device from the router? but the PC has full connectivity to the internet?

0 Helpful

Go to solution
dpoulter1
Level 1
Level 1
In response to dpoulter1

‎06-21-2016 12:02 PM

And also the device can ping the router successfully

Thanks

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to dpoulter1

‎06-21-2016 12:17 PM

From the router, you can't ping your laptop?

Have you checked if there is any software firewall?

Just for testing purpose can you shut the windows firewall (netsh command + firewall windows service) if you're running windows and test again?

Otherwise can you plug this pc into another network and do the same test, I mean pinging it from router?

Thanks 

PS: Please don't forget to rate and mark as correct answer if this solved your issue 


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
dpoulter1
Level 1
Level 1
In response to Francesco Molino

‎06-21-2016 12:33 PM

Right thank you, this is all working now.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to dpoulter1

‎06-21-2016 12:58 PM

you're very welcome


Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
dpoulter1
Level 1
Level 1
In response to Francesco Molino

‎06-21-2016 10:27 AM

There is also no NAT translations when trying to ping 8.8.8.8 from the interface

Thanks

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card