Solved: Router not routing

JustinAustin39980 · ‎02-15-2020

I purchased this used a couple weeks ago, and have trolled all the forums I can find. I have this router connected to my home internet 192.168.1.254 on FastEthernet0/0. Then connected to a laptop on FastEthernet0/1. (I have a switch but I took it out of the loop for troubleshooting) It assigns DHCP as expected, but I'm unable to ping from the laptop to the service provider. 192.168.1.254. One of the tips I found here was to do a extended ping from the inside interface, I did that, and it failed as well, but I'm not finding out why. Any help fixing it is appreciated, and any help showing me how to fix it myself is GREATLY appreciated.

Building configuration...

Current configuration : 4023 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$VAnI$wQsHGam9zGVrQPyzcfXTd0
enable password
!
no aaa new-model
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.24.1.1
ip dhcp excluded-address 10.24.1.2
ip dhcp excluded-address 10.24.1.3
!
ip dhcp pool NET-POOL
network 10.24.1.0 255.255.255.0
default-router 10.24.1.1
domain-name test.com
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
!
no ip domain lookup
ip domain name test.com
ip name-server 8.8.8.8
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
voice-card 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username admin password 0
!
!
ip ssh version 2
!
!
!
!
!
interface FastEthernet0/0
description "LINK TO ROUTER"
ip address 192.168.1.253 255.255.255.0
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description "LINK TO SWITCH"
ip address 10.24.1.1 255.255.255.0
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
mgcp behavior g729-variants static-pt
!
!
!
!
alias exec c configure terminal
alias exec s show ip interface brief
alias exec sr show running-config
alias exec qs copy running-config startup-config
!
line con 0
password
login
line aux 0
line vty 0 4
exec-timeout 10 30
password
logging synchronous
login local
history size 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end

router#

Georg Pauwen · ‎02-15-2020

What type/brand/model is the ISP modem/router ?

Either way, the NAT part of your config is fairly easy. I highlighted what you need to add to get your clients out to the Internet. Provided, of course, that the ISP modem/router has a route back to 10.24.1.0/24...

Building configuration...

Current configuration : 4023 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$VAnI$wQsHGam9zGVrQPyzcfXTd0
enable password
!
no aaa new-model
ip cef
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.24.1.1
ip dhcp excluded-address 10.24.1.2
ip dhcp excluded-address 10.24.1.3
!
ip dhcp pool NET-POOL
network 10.24.1.0 255.255.255.0
default-router 10.24.1.1
domain-name test.com
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
no ip domain lookup
ip domain name test.com
ip name-server 8.8.8.8
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
voice-card 0

username admin password 0
!
ip ssh version 2
!
interface FastEthernet0/0
description "LINK TO ROUTER"
ip address 192.168.1.253 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description "LINK TO SWITCH"
ip address 10.24.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
ip nat inside source list 1 interface FastEhernet0/0 overload
!
access-list 1 permit 10.24.1.0 0.0.0.255
!
no ip http server
no ip http secure-server
!
control-plane
!
mgcp behavior g729-variants static-pt
!
alias exec c configure terminal
alias exec s show ip interface brief
alias exec sr show running-config
alias exec qs copy running-config startup-config
!
line con 0
password
login
line aux 0
line vty 0 4
exec-timeout 10 30
password
logging synchronous
login local
history size 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end

View solution in original post

ss1 · ‎02-15-2020

Hi

I apologize if there's something that I can't understand there but how does your internet router 192.168.1.254 know about 10.24.1.0/24? I believe you have to log into your Provider CPE 192.168.1.254 and create a routing for 10.24.1.0/24 via 192.168.1.253. Also I believe that some of the routers must NAT 10.24.1.0/24 behind itself. Either must your have your new Cisco perform NAT of 10.24.1.0/24 and send the traffic to the Provider CPE sourced as 192.168.1.253, OR you must NAT 10.24.1.0/24 within the Provider CPE and create a routing for that network as well.

I hope I understood the topology clearly and there's nothing I missed. Sorry if not so.

Thank you.

Georg Pauwen · ‎02-15-2020

Hello,

do you have physical connectivity at all between the devices ? You probably need a crossover cable. By default, when you ping 192.168.1.254, interface FastEthernet0/0 is used as the source, so if the ping fails, I would check for physical (cabling) problems first...

JustinAustin39980 · ‎02-15-2020

Great advice. Thank you both. First question how does "internet router" know about 10.24.1.1? short answer is it doesn't. I'm not to the point yet of accepting traffic from the internet as that scares me. I think you are on to something with NAT though. I'm reading up on that now. I had asked my I.T. guy at work (This is a personal project) to look over my config last week and was told that the internet router would be doing NAT, but I'm beginning to suspect that there was a miss communications between us somewhere.

As for physical connectivity, I'm able to ping from 192.168.1.253 to 254. but not from 10.24.1.1 Physical connectivity is what I do for work, so it was my first troubleshooting step as well. Sorry, I should have said up top.

ss1 · ‎02-15-2020

Good point which I seem to have overlooked when commenting.
A possible issue might be a static mac address on the Provider CPE. The service Provider might need to be contacted in order to remedy this.

Georg Pauwen · ‎02-15-2020

What type/brand/model is the ISP modem/router ?

Either way, the NAT part of your config is fairly easy. I highlighted what you need to add to get your clients out to the Internet. Provided, of course, that the ISP modem/router has a route back to 10.24.1.0/24...

Building configuration...

Current configuration : 4023 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
no logging console
enable secret 5 $1$VAnI$wQsHGam9zGVrQPyzcfXTd0
enable password
!
no aaa new-model
ip cef
!
no ip dhcp use vrf connected
ip dhcp excluded-address 10.24.1.1
ip dhcp excluded-address 10.24.1.2
ip dhcp excluded-address 10.24.1.3
!
ip dhcp pool NET-POOL
network 10.24.1.0 255.255.255.0
default-router 10.24.1.1
domain-name test.com
dns-server 8.8.8.8 8.8.4.4
lease infinite
!
no ip domain lookup
ip domain name test.com
ip name-server 8.8.8.8
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
voice-card 0

username admin password 0
!
ip ssh version 2
!
interface FastEthernet0/0
description "LINK TO ROUTER"
ip address 192.168.1.253 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
description "LINK TO SWITCH"
ip address 10.24.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.1.254
!
ip nat inside source list 1 interface FastEhernet0/0 overload
!
access-list 1 permit 10.24.1.0 0.0.0.255
!
no ip http server
no ip http secure-server
!
control-plane
!
mgcp behavior g729-variants static-pt
!
alias exec c configure terminal
alias exec s show ip interface brief
alias exec sr show running-config
alias exec qs copy running-config startup-config
!
line con 0
password
login
line aux 0
line vty 0 4
exec-timeout 10 30
password
logging synchronous
login local
history size 15
transport input telnet ssh
!
scheduler allocate 20000 1000
end

JustinAustin39980 · ‎02-15-2020

It's up and running. I had gotten so close. from searching around the internet I had access-list 1 permit 192.168.1.0 0.0.0.255. I see now why I had it backwards. Thank you again.