Trouble with Cisco 1941 router config

Bjørn Barkved Jørgensen · ‎07-16-2015

Hi all,

I`m pretty new in the Cisco world so I`m hoping someone could help me out with an issue I`m having configuring a Cisco 1941 router.

The thing is I`m having problems with getting any of the clients on my LAN to connect to the Internet. On the router one of the interfaces (gi0/1) is connected to my ISP modem and interface gi0/0 is connected to a cisco switch. Interface gi0/0 on the router and the uplink port on the switch connected to the router are both configured as trunk ports since I am trying to set up multiple vlans.

I get my WAN address assigned from my ISP via DHCP. When I`m logged on to the router(through console in my case) and pinging for example googles dns IP(8.8.8.8) it works. The router are also resolving DNS addresses just fine, so the router itself has access to the Internet.

Multiple DHCP pools have also been configured and the clients connected to the different vlans obtain IP addresses automaticly from the DHCP pools on the router. I can also ping the gateway addresses in the different vlans from the clients.

Here is an example of the config on the router:

RH10C-PE1#sh run
Building configuration...

Current configuration : 3074 bytes
!
! Last configuration change at 19:54:01 UTC Thu Jul 16 2015
version 15.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname RH10C-PE1
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.153-3.M2.bin
boot-end-marker
!
!
no logging buffered
logging console critical
!
no aaa new-model
!
vlan ifdescr detail
!
!
!
ip dhcp excluded-address 10.16.1.249
ip dhcp excluded-address 10.16.2.1 10.16.2.49
ip dhcp excluded-address 10.16.3.1 10.16.3.49
!
ip dhcp pool ###lab1###
network 10.16.1.248 255.255.255.248
default-router 10.16.1.249
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool ###lab2###
network 10.16.2.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 10.16.2.1
!
ip dhcp pool ###lab3###
network 10.16.3.0 255.255.255.0
dns-server 8.8.8.8 8.8.4.4
default-router 10.16.3.1
!
!
!
ip domain name rh10c.local
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
vtp mode transparent
username user privilege 15 secret 5 $1$6F4I$Mgc.5eaFie5NKucPGOwXl/
!
redundancy
!
!
ip finger
ip ssh version 2
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.2
description ###lab1###
encapsulation dot1Q 2
ip address 10.16.1.249 255.255.255.248
!
interface GigabitEthernet0/0.3
description ###lab2###
encapsulation dot1Q 3
ip address 10.16.2.1 255.255.255.0
!
interface GigabitEthernet0/0.4
description ###lab3###
encapsulation dot1Q 4
ip address 10.16.3.1 255.255.255.0
!
interface GigabitEthernet0/1
description ###WAN###
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip default-gateway x.x.x.x <--- IP address from ISP
no ip classless
no ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source list 100 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
!
!
access-list 100 permit ip 10.16.0.0 0.0.255.255 any
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 101 in
exec-timeout 5 0
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end

RH10C-PE1#

Hope anyone can help me out with what I`m missing.

PS: I also tried removing all the vlans and setting up interface 0/0 on the router and the uplink port on the switch as access ports using a similar config shown under on the gi0/0 interface. When I did this the clients on my LAN was able to access the Internett without any problems.

-----------------------------

ip dhcp excluded-address 192.168.1.1 192.168.1.49
!
ip dhcp pool ###lab1###
network 10.16.1.248 255.255.255.248
default-router 192.168.1.1
dns-server 8.8.8.8 8.8.4.4

!
interface GigabitEthernet0/0
description #LAN#
ip address 192.168.1.1 255.255.255.0
ip nat inside
duplex auto
speed auto
!

--------------------------

So I`m only experiencing problems connecting to the internet when using multiple vlans.

Best Regards

Bjørn Jørgensen

johnd2310 · ‎07-16-2015

Hi

You will need the ip nat inside statement on all your sub-interfaces i.e.

interface GigabitEthernet0/0
no ip address
no ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0.2
description ###lab1###
encapsulation dot1Q 2
ip address 10.16.1.249 255.255.255.248
ip nat inside
!
interface GigabitEthernet0/0.3
description ###lab2###
encapsulation dot1Q 3
ip address 10.16.2.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0.4
description ###lab3###
encapsulation dot1Q 4
ip address 10.16.3.1 255.255.255.0
ip nat inside
!

I don't thing you need this ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0. If you know the default gateway from the ISP the the route should be ip route 0.0.0.0 0.0.0.0 X.X.X.X <--- IP address from ISP

Thanks

John

**Please rate posts you find helpful**

Andre Neethling · ‎07-16-2015

I think we posted at the same time John. Just one thing though. He said the WAN IP is assigned via DHCP. If this is the case then wouldn't it be better if the default route statement had the outgoing interface instead of the next hop? Just a thought.

johnd2310 · ‎07-16-2015

Yes, correct. As suggested by Andre use the outgoing interface for the default route.

Thanks

John

**Please rate posts you find helpful**

Bjørn Barkved Jørgensen · ‎07-16-2015

Thank you for your feedback John and Andre. Really appreciate it, will make the necessary changes to the config and let you know.

Another thing, I spoke with my ISP aswell and they said that my WAN address has been reserved to ISP modem`s MAC-address. Not sure if that changes anything in regards to changing the default route to the outgoing interface?

Regards

Bjørn

Andre Neethling · ‎07-16-2015

HI. With a DHCP environment, and ISP's, you'll just be safer using the outgoing interface instead of next hop ip address. Anything can change on the DHCP assignment, even though it's bound to the MAC of the modem.

Bjørn Barkved Jørgensen · ‎07-17-2015

Hi,

Thank you guys for helping me out on this one. I now removed "ip nat inside" from the gi0/0 interface and enabled it on all the sub interfaces and I had internett access on all the vlans. So again thank you both very much.

I also tried changing the default route "0.0.0.0 0.0.0.0 gi0/0" to the outgoing interface(gi0/1), but then I lost the connection again, so I changed it back to the way it was.

Best Regards

Bjørn Jørgensen

Andre Neethling · ‎07-16-2015

Hi. You need to edit your NAT config. Firstly, All your VLAN subinterfaces that you need your clients to connect to the internet from must have the "ip nat inside" command added under the subinterface config. Secondly you need to change your default route statement from "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0" to "ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1"

HTH

Sudeb Das · ‎07-17-2015

remove the command - ip nat inside from g0/0 & put it under g0/0.2, .3 & .4

Change the default route command & put g0/1 as exit interface

Delete the command ip default-gateway. As when your device is routing capable you don't need a gateway. Only u need the route to exit.

Rest everything is right

Bjørn Barkved Jørgensen · ‎07-17-2015

Hi Sudeb,

Thank you for answering. Removed "ip nat inside" from int gi0/0 and enabled the command on the sub interfaces and I now have Internet access. Thank you:)

Also tried removing the ip-default gateway and changing the default route to the outgoing interface(0/1). But as soon as I did that i lost the Internet connection again. So I changed it back to the way it was and then the connection was restored.

Best Regards

Bjørn Jørgensen