09-26-2010 12:45 AM - edited 03-04-2019 09:53 AM
I understand the question I am about to ask must be a very simple problem. My situation, I have a 2811 router that has two FE ports. 0/0 is WAN and 0/1 is LAN. 0/0 is set for DHCP and 0/1 is xxx.xx.35.225 255.255.255.240. I can ping everything when I am telnet in the router but if I try pinging from the host machine I can ping my routers lan and wan interface but nothing else. When I do a tracert from the host machine it times out after the lan interface. Any suggestions?
Rt1(config)#do show run
Building configuration...
Current configuration : 1056 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Rt1
!
boot-start-marker
boot-end-marker
!
no logging buffered
enable password cisco
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address xxx.xx.35.225 xxx.xx.35.228
!
ip dhcp pool KIT_7_DHCP
network xxx.xx.35.224 255.255.255.240
default-router xxx.xx.35.225
dns-server 8.8.8.8
lease 3
!
!
!
!
!
!
username xxxxxx privilege 15 password 0 xxxxxxxxxxxx
!
!
!
!
interface FastEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address xxx.xx.35.225 255.255.255.240
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
ip classless
ip route 0.0.0.0 0.0.0.0 dhcp
!
ip http server
ip http authentication local
no ip http secure-server
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
scheduler allocate 20000 1000
!
end
Solved! Go to Solution.
09-26-2010 07:36 AM
NAT is provisioned on the interfaces but there are no NAT rules defined. Could it be the LAN traffic is not being translated and the service provider network has no idea what to do with it?
There are may ways to configure NAT but the following may be helpful in this case:
access-list 101 permit ip xxx.xx.35.225 0.0.0.15 any
ip nat inside source list 101 interface fa0/0 overload
Because the outside interface receives it's IP address via DHCP there's nothing wrong with the default gateway next hop being learned via DHCP. With this config remember you'll encounter some of the same problems any DHCP host will encounter in regard to requesting, receiving and renewing DHCP information. It would be worth your while to have a static IP address and default gateway in regard to network infrastructure that all users depend on.
Chris
09-26-2010 01:45 AM
HI Brandon,
Change your ip route statement to
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
Mario
09-26-2010 04:32 AM
HI Brandon,
Change your ip route statement to
ip route 0.0.0.0 0.0.0.0 FastEthernet0/0
Mario
No, that is VERY wrong, NEVER point routes directly to LAN interface, always use next hop address.
However, regarding the problem for the OP, it is due that other device have no routing configuration to go bacjk to router.
09-26-2010 07:36 AM
NAT is provisioned on the interfaces but there are no NAT rules defined. Could it be the LAN traffic is not being translated and the service provider network has no idea what to do with it?
There are may ways to configure NAT but the following may be helpful in this case:
access-list 101 permit ip xxx.xx.35.225 0.0.0.15 any
ip nat inside source list 101 interface fa0/0 overload
Because the outside interface receives it's IP address via DHCP there's nothing wrong with the default gateway next hop being learned via DHCP. With this config remember you'll encounter some of the same problems any DHCP host will encounter in regard to requesting, receiving and renewing DHCP information. It would be worth your while to have a static IP address and default gateway in regard to network infrastructure that all users depend on.
Chris
09-26-2010 03:18 PM
I believe you got it right, I put a Linksys router between the 2811 and the WAN connection I have then put a static route on the Linksys pointing back to the IP address it was giving the 2811 and all traffic started flowing ( i kept the -ip route 0.0.0.0 0.0.0.0 dhcp- and also tried changing dhcp to fasteithernet 0/0 and an IP address, all worked fine).
I little bit more about what my setup is designed for, it is a mobile kit that is to VPN back into my companies network, so the xxx.xx.35.0 network is public IP space. The fix for now was to have access to the device that is giving my WAN connection and put a static route in it, but I will not always have that ability. Maybe it is that once the VPN tunnel was configured it would route properly because it is now back into the xxx.xx.0.0 network?
Regarding the VPN, the "kits" that I am refering to are currently in working condition but the router is a Sonicwall router and the VPN is setup through the sonicwall's gui. We are trying to replace all the equipment in our mobile kits with Cisco products. It is a site-to-site and uses ike and ipsec. Any suggestion on where some good reading matterial for this type of setup can befound so I can figure out how to put those settingins into cli format and into the cisco routers?
Thanks for your help and the quick feedback from everyone, this is a great resource.
Brandon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: