Re: Setting up ISR 4431 - WAN Issues

MattBowes · ‎04-25-2018

Hi,

I'm hoping someone here can help, I'll start off by saying that my Cisco knowledge is minimal, though I'd say my general networking knowledge is good.

My employer currently uses a Nomadix gateway router to manage their incoming connection. The main link is a commercial grade IP link with a number of fixed IP addresses.

They've purchased a Cisco ISR 4431 as a replacement for the Nomadix and asked me to configure it. All they've given me is the IP address, subnet, broadcast IP and gateway IP from the ISP.

I've configured GE0/0/0 as a management port to access the GUI, and then done the following:

- Configured GE0/0/1 as a WAN port using the IP address and subnet provided by the provider

- Configured GE0/0/2 as a LAN port with a static IP of 10.10.1.1 and subnet of 255.255.255.0

- Configured a DHCP scope on range 10.10.1.0, with DNS servers specified by the provider

If I use the troubleshooting section in the GUI I can ping 8.8.8.8 through the WAN interface, and if I connect a client device to GE0/0/2 it picks up an IP address via DHCP, but no Internet access. I can ping the LAN interface and WAN interface from my device but nothing else.

Weirdly, if I configure the WAN interface to receive config via DHCP and then connect it to the LAN side of the Nomadix, everything works. The provider are certain the details are correct, which seems to be bourn out by the fact I can ping 8.8.8.8.

I'm confused as to what to do with the broadcast and gateway addresses from the provider. There doesn't seem to be any way for me to enter this information into the 4431's config?

cofee · ‎04-25-2018

- Since you mentioned that you are able to ping 8.8.8.8 from your router then we can say that most likely you have a default route installed on your router. Since the dhcp scope (10.10.1.0/24) you are using is a private range and not routable over the internet you would need to NAT it to the public address assigned by the ISP.

You don't do anything with the broadcast address, but gateway is used to route packets to unknown destination. Are you running any routing protocol between your router and ISP's router?

You could have used gateway address provided by the ISP if you were not receiving a default route by the provider:

ip route 0.0.0.0 0.0.0.0 x.x.x.x (x.x.x.x is gateway or next hop)

To check if you have a default route installed on your router -

run this command " sh ip route" and you should have an output like below and gateway of last resort should match the gateway address provided by the ISP which should be the IP address assigned to ISPs WAN interface.

Gateway of last resort is 10.10.30.2 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.10.30.2

MattBowes · ‎04-25-2018

Many thanks for the reply!

I follow what you're saying, I understand about public/private ranges and I've turned NAT on on both interfaces.

Where/how can I add the gateway address so that traffic is routed correctly? I was leaning toward that being the problem but I was unsure how to proceed.

I assume "ip route 0.0.0.0 0.0.0.0 x.x.x.x" is a terminal command? If I understand 0.0.0.0 0.0.0.0 is basically "everything"?

Apologies if these are stupid questions, I'm not a Cisco guy, though I am looking at starting CCNA next year in tandem with an IT degree.

cofee · ‎04-25-2018

You understanding is correct. Would you be able to provide routing table from the router? can't navigate you how to get it using GUI since I have never used GUI to manage a router, but if you can telnet or ssh then you can use "sh ip route".

But I am wondering how you would you be able to ping 8.8.8.8 if you didn't have a default route on the router or unless you just had a static route for 8.8.8.8/32, but who would put it there if you didn't configure it.

MattBowes · ‎04-25-2018

Hi, here's the IP info from my provider:

IP Pool: 14.142.2.144/29

Network IP: 14.142.2.144

Gateway: 14.142.2.145

The IP allocated for this router: 14.142.2.147

Subnet: 255.255.255.248

Hi, here is the output from "sh ip route":

Gateway of last resort is 14.142.2.145 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 14.142.2.145
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.10.1.0/24 is directly connected, GigabitEthernet0/0/2
L 10.10.1.1/32 is directly connected, GigabitEthernet0/0/2
14.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 14.142.2.144/29 is directly connected, GigabitEthernet0/0/1
L 14.142.2.147/32 is directly connected, GigabitEthernet0/0/1

So if I understand correctly the WAN port (GE0/0/1) can at least see the providers router (14...144).

When I said I could ping 8.8.8.8 I meant from GE0/0/1 through the GUI, I can't ping 8.8.8.8 LAN side.

I just noticed that my DHCP setup isn't dishing out a default gateway, could this be the problem?

cofee · ‎04-26-2018

Yes user machines need to have default gateway of 10.10.1.1 which is your router's Lan interface.

for a quick test you can assign a static ip from the pool range to one of the machines with a default gateway and also the DNS servers and then try accessing internet and pinging that ip address .

MattBowes · ‎04-26-2018

Thanks, I didn't get much time today to check things but it looks like the problem is with NAT.

I spoke to one of our head office network engineers and he said it definitely sounds like it, I've sent the config to him and he's going to check it over and get back to me.

Thank you very much for your help though, it's been very much appreciated!

Aaron Ratcliffe · ‎04-25-2018

As you can ping from WAN interface is sounds like NAT outbound, please paste show run from CLI and make sure your NAT overload ACL and configuration is referencing the correct interfaces

https://www.cisco.com/c/en/us/support/docs/long-reach-ethernet-lre-digital-subscriber-line-xdsl/asymmetric-digital-subscriber-line-adsl/12905-827spat.html