Solved: Re: No internet access from router.

Brenneman2385 · ‎04-18-2018

Hello All,

Let me first start by saying that this is my first post, and after searching for hours, I could not find an answer. I am currently working on my CCNA in a home lab. I am using a 2611XM router. I have fa0/0 configured via dhcp and can ping 8.8.8.8. However I have fa0/1 configured static and it can ping LAN but not internet. I have attached my 2 ping attempts, and running config. Any ideas would be appreciated.

Thank you,

Devin

Router#ping 8.8.8.8 source fa0/0

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.0.16
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/24/24 ms
Router#ping 8.8.8.8 source fa0/1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.1
.....
Success rate is 0 percent (0/5)
Router#sh run
Building configuration...

Current configuration : 1193 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.0 10.0.0.99
!
ip dhcp pool MY_LAN
network 10.0.0.0 255.0.0.0
default-router 192.168.0.1
dns-server 8.8.8.8
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description ## INTERNET ##
ip address dhcp
ip access-group MY_WAN in
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description ## MY LAN ##
ip address 10.0.0.1 255.0.0.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list MY_LAN interface FastEthernet0/0 overload
!
ip access-list extended MY_WAN
permit tcp any any established
deny tcp any any
permit ip any any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

johnd2310 · ‎04-18-2018

Hi,

Where is access-list MY_LAN in you config?

"ip nat inside source list MY_LAN interface FastEthernet0/0 overload" refers to access-list MY_LAN but the access-list is not in the config

Thanks

John

**Please rate posts you find helpful**

View solution in original post

johnd2310 · ‎04-18-2018

HI

The access-list should be

ip access-list standard MY_LAN
permit 10.0.0.0 0.255.255.255
!

With access list we use inverse mask, so a subnet mask of 255.0.0.0 will give you an inverse mask of 0.255.255.255

Thanks

John

**Please rate posts you find helpful**

View solution in original post

Harold Ritter · ‎04-18-2018

Your ACL is incorrect:

ip access-list standard MY_LAN
permit 0.0.0.0 255.0.0.0

should be

ip access-list standard MY_LAN
permit 10.0.0.0 0.255.255.255

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

View solution in original post

johnd2310 · ‎04-18-2018

Hi,

Where is access-list MY_LAN in you config?

"ip nat inside source list MY_LAN interface FastEthernet0/0 overload" refers to access-list MY_LAN but the access-list is not in the config

Thanks

John

**Please rate posts you find helpful**

Brenneman2385 · ‎04-18-2018

Hello John,

Thank you for your help. I have added ip access-list standard MY_LAN 10.0.0.0 255.0.0.0, and am still having the same issue? I thought that this was the correct way? I have attached running config again.

Thank you,

Devin

Current configuration : 1252 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.0 10.0.0.99
!
ip dhcp pool MY_LAN
network 10.0.0.0 255.0.0.0
default-router 192.168.0.1
dns-server 8.8.8.8
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
description ## INTERNET ##
ip address dhcp
ip access-group MY_WAN in
ip nat outside
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
description ## MY LAN ##
ip address 10.0.0.1 255.0.0.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip nat inside source list MY_LAN interface FastEthernet0/0 overload
!
ip access-list standard MY_LAN
permit 0.0.0.0 255.0.0.0
!
ip access-list extended MY_WAN
permit tcp any any established
deny tcp any any
permit ip any any
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

johnd2310 · ‎04-18-2018

HI

The access-list should be

ip access-list standard MY_LAN
permit 10.0.0.0 0.255.255.255
!

With access list we use inverse mask, so a subnet mask of 255.0.0.0 will give you an inverse mask of 0.255.255.255

Thanks

John

**Please rate posts you find helpful**

Brenneman2385 · ‎04-18-2018

Thank you John, this worked perfectly. Still learning.

Harold Ritter · ‎04-18-2018

Your ACL is incorrect:

ip access-list standard MY_LAN
permit 0.0.0.0 255.0.0.0

should be

ip access-list standard MY_LAN
permit 10.0.0.0 0.255.255.255

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Brenneman2385 · ‎04-18-2018

Thank you Harold, This worked. I am still learning.