Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1684
Views
0
Helpful
2
Replies

Wireless clients cannot get to internet

Go to solution
smorrissey88
Level 1
Level 1

‎04-24-2015 09:08 PM - edited ‎03-07-2019 11:43 PM

Hi All,

 

I'm fairly new to networking and have been trying to troubleshoot an issue with my home lab.

I have a Cisco 2800 router with 2 interfaces, gig0/0 that is the "external" interface and gets an IP via DHCP, and gig0/1 that is the internal interface with IP 10.10.10.1 and a DHCP pool of 10.10.10.100 - 10.10.10.254. A nat pool containing the external interface IP (192.168.1.110) exists.

 

Current configuration : 3229 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

!

ip cef

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1 10.10.10.99

!

ip dhcp pool dpool1

   import all

   network 10.10.10.0 255.255.255.0

   dns-server 8.8.8.8 8.8.4.4 

   default-router 10.10.10.1 

!

!

ip domain name home.local

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

multilink bundle-name authenticated

!

!

interface GigabitEthernet0/0

 ip address dhcp

 ip nat outside

 ip virtual-reassembly

 duplex auto

 speed auto

!

interface GigabitEthernet0/1

 ip address 10.10.10.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly

 duplex auto

 speed auto

 no mop enabled

!

interface FastEthernet0/3/0

 shutdown

!

interface FastEthernet0/3/1

 shutdown

!

interface FastEthernet0/3/2

 shutdown

!

interface FastEthernet0/3/3

 shutdown

!

interface Vlan1

 no ip address

 shutdown

!

!

!

ip http server

ip http authentication local

ip http secure-server

ip nat pool ovrld 192.168.1.110 192.168.1.110 prefix-length 30

ip nat inside source list 1 pool ovrld

!         

access-list 1 permit 10.10.10.0 0.0.0.255

snmp-server community public RO

!

!

!

!

control-plane

!

scheduler allocate 20000 1000

!

end

 

Coming off the internal interface is a 3750, and attached to that 3750 is a 4400 Wireless Lan Controller.

 

I'm able to create a wireless network that uses the router for DHCP and clients can connect to this wireless network and obtain an IP from that DHCP pool. The wireless clients can ping the default gateway (10.10.10.1) as well as every other device on that network, including hard-wired devices on the 3750. The arp table on the router also shows the wireless clients.

However, only clients connected via ethernet can access the outside (internet), wireless clients, who appear to get the exact same network config, are unable to access the internet they can only access other devices on that 10.10.10.0 network.

 

So I'm confused as to why with what appears to be the proper default gateway (10.10.10.1) and a valid IP from the router, what could be broken so hard-wired clients can NAT to the outside while wireless clients can't? I can't find any setting on the WLC 4400 that would be restricting wireless clients from leaving the local network.

 

Any clarification on my issue/my understanding of the problem would be greatly appreciated. Cheers!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
chlupmichal
Level 1
Level 1

‎04-25-2015 05:55 AM

Hello smorrissey,

May I ask, how many end devices do you have connected to the switch? And if you tried to connect wireless clients simultaneously with wired devices?
Because from your config it seems you're using only dynamic NAT:

ip nat inside source list 1 pool ovrld    // this command will translate IP picked by ACL 1 to address in pool named ovrld. Because you have only 1 address in this pool, only 1 inside device will be able to communicate with outside world (Internet) at a time.

I would suggest to add keyword "overload" at the end of this command (ip nat inside source list 1 pool ovrld overload) to enable PAT, which will allow multiple LAN devices to use 1 outside address at the same time thanks to port address translation.

Hope this will help.

Michal

View solution in original post

0 Helpful
2 Replies 2

Go to solution
chlupmichal
Level 1
Level 1

‎04-25-2015 05:55 AM

Hello smorrissey,

May I ask, how many end devices do you have connected to the switch? And if you tried to connect wireless clients simultaneously with wired devices?
Because from your config it seems you're using only dynamic NAT:

ip nat inside source list 1 pool ovrld    // this command will translate IP picked by ACL 1 to address in pool named ovrld. Because you have only 1 address in this pool, only 1 inside device will be able to communicate with outside world (Internet) at a time.

I would suggest to add keyword "overload" at the end of this command (ip nat inside source list 1 pool ovrld overload) to enable PAT, which will allow multiple LAN devices to use 1 outside address at the same time thanks to port address translation.

Hope this will help.

Michal

0 Helpful

Go to solution
smorrissey88
Level 1
Level 1
In response to chlupmichal

‎04-25-2015 06:57 AM

That worked perfectly, I can't believe I left overload off of the overload pool -- doh! Makes perfect sense too. I was looking for another hard-wired device to test with yesterday however device manufacturers seem to think new laptops don't need ethernet ports anymore. A rant for another day :)

 

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card