cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3949
Views
13
Helpful
26
Replies

No Internet access via LAN clients

Hi All,

I have a Cisco 1841 router that is connected to a switch. I have WAN/LAN configured on the router and the switch is handing out internal IP's.

The issus that none of the client machines can access the Internet. From within the router console, I am able to ping external domain names, my ISP DNS servers.

Once the client machines picks up an IP they are unable to ping any external domain names or IP's and not even the ISP DNS servers, but they can ping the Cisco router IP. As a note I have tried my ISP DNS servers and as a test Google's DNS servers, but neither will allow access to the Internet.

I have checked google looking for an answer on why, but I am missing something I just don't know why. Any help would be helpful.

Thanks,

Ron

Below is the current running config:

Building configuration...

Current configuration : 1440 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname cisco

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$qY4A$6u.zFbIIHacEB51di1Sda.

enable password astec72

!

no aaa new-model

no ip routing

no ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1 10.10.10.14

ip dhcp excluded-address 10.10.10.51 10.10.10.254

!

ip dhcp pool SpyTraer

   import all

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1

   dns-server 8.8.8.8 8.8.4.4

!

!

ip name-server 8.8.8.8

ip name-server 8.8.4.4

!

!

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

no ip route-cache

speed auto

half-duplex

no cdp enable

no mop enabled

!

interface FastEthernet0/1

description $ETH-WAN$

ip address dhcp client-id FastEthernet0/1

ip nat outside

no ip route-cache

duplex auto

speed auto

no cdp enable

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent

!

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit any

snmp-server community public RO

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password astec

login

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

26 Replies 26

Hi Ron,

no ip routing

You might want to enable ip routing, and ip cef.

enable

conf t

ip routing

ip cef

Dan

Also ,

interface FastEthernet0/0

description $ETH-LAN$

ip address 10.10.10.1 255.255.255.0

ip nat inside

no ip route-cache

speed auto

half-duplex

no cdp enable

no mop enabled

Check the duplex configuration of the equipment connected to the router's Fa0/0.

Dan

Hi Dan,

Thanks for the reply. I ran the command you suggested to enable ip routing. After executing the command, I am still unable to get to the Internet and now I am unable to ping any external domains for external IP's from the router. I checked as you asked for the duplex mode on the switch which is set to Auto,

One other piece of information, I am running Cisco Configuration professional and when doing a test check connection, I get an error when testing the connection which fails on pinging the destination host.

Below is the latest running config after enabling routing as you requested.

Thanks for taking the time to help me.

Ron

Building configuration...

Current configuration : 1483 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname cisco

!

boot-start-marker

boot-end-marker

!

no logging buffered

enable secret 5 $1$qY4A$6u.zFbIIHacEB51di1Sda.

enable password astec72

!

no aaa new-model

ip cef

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 10.10.10.1 10.10.10.14

ip dhcp excluded-address 10.10.10.51 10.10.10.254

!

ip dhcp pool SpyTraer

   import all

   network 10.10.10.0 255.255.255.0

   default-router 10.10.10.1

   dns-server 66.18.32.2 66.18.32.3

!

!

ip name-server 66.18.32.2

ip name-server 66.18.32.3

!

!

!

!

!

!

interface FastEthernet0/0

description $ETH-LAN$

ip address 10.10.10.1 255.255.255.0

ip flow ingress

ip flow egress

ip nat inside

speed auto

half-duplex

no cdp enable

no mop enabled

!

interface FastEthernet0/1

description $ETH-WAN$

ip address dhcp client-id FastEthernet0/1

ip flow ingress

ip flow egress

ip nat outside

duplex auto

speed auto

no cdp enable

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1 permanent

!

!

ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet0/1 overload

!

access-list 1 remark CCP_ACL Category=2

access-list 1 permit any

snmp-server community public RO

!

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line vty 0 4

password astec

login

!

scheduler allocate 20000 1000

no process cpu extended

no process cpu autoprofile hog

end

Jeff Van Houten
Level 5
Level 5

You said the switch is handing out ips but the router has dhcp configured. What is the configuration on the switch?

Sent from Cisco Technical Support iPad App

Hi Jeff,

You are correct. I sent the incorrect information.

The Cisco is setup as DHCP and assigning private IP's through the switch to client workstations.

Correction, the switch is not handing out IP's. Sorry for the misleading information before.

Thanks,

Ron

John Blakley
VIP Alumni
VIP Alumni

You'll probably want to tighten your access list for natting and not do everything. Change it to:

Access-list 1 permit 10.10.10.0 0.0.0.255 and see if that helps.

Edit: leave ip routing on like Dan suggested. It's needed.

Sent from Cisco Technical Support iPhone App

HTH, John *** Please rate all useful posts ***

Hi Jblakley,

Did as you suggested - output from command:

access-list 1 remark CCP_ACL Category=2

access-;ist 1 permit any

access-list 1 permit 10.10.10.0 0.0.0.255

still no Internet access or pinging any outside domain via IP including ISP dns servers.

Thanks,

Ron

Ron,

You'll need to get rid of the permit any statement. Try this:

no access-list 1

access-list 1 permit 10.10.10.0 0.0.0.255

HTH, John *** Please rate all useful posts ***

Sorry I misunderstood your previous request change.

New output shows: access-list 1 permit 10.10.10.0 0.0.0.255

Still same issues as before.

The only thing that has changed was that I added to the command for enabling routing, but since then no outside pinging.

Dan is on the right track and you are right on with ACL.

Since I am unable to ping the ISP DNS servers this is not good.

Thanks,

Ron

Show IP Route

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

66.0.0.0/32 is subnetted, 1 subnets

S     66.18.63.164 [254/0] via 108.174.105.1, FastEthernet0/1

     10.0.0.0/24 is subnetted 1 subnets

C     10.10.10.0 is directly connected FastEthernet0/0

     108.0.0.0/24 is subnetted, 1 subnets

C     108.174.105.0 is directly connected, FastEthernet0/1

S*     0.0.0.0/0 is directly connected, FastEthernet0/1

Ron,

Let's try this:

change the default route to:

ip route 0.0.0.0 0.0.0.0 fa0/1 dhcp

Shut your fa0/1 interface and bring it back up.

Once you get this, try to ping:

4.2.2.1

Then try to ping that while sourcing from the inside interface. If that works, you're natting fine. If it doesn't work and the above doesn't work, something else between you and the router isn't working.

ping 4.2.2.1 source fa0/0

If that doesn't work, we'll need to get into debugging because the above looks fine. Your routing table should show a next hop though which is why we're adding the dhcp tag at the end of the default route. If your original default route doesn't go away after adding this one, go ahead and delete it and put the one above. We'll only want the one.

HTH, John *** Please rate all useful posts ***

OK I am now able to ping 4.2.2.1 from the router and from a connected client.

I am also able to ping my ISP DNS servers as well.

Issue now is that I am dropping about 40% of packets to all ping locations.

Browsing is also really, really slow.

Any idea why?

Thanks -Ron

Ron,

That problem probably goes back to the half-duplex setting that you have on your internal interface. Try hard setting that to 100/full:

int fa0/0

speed 100

duple full

John

Please remember to rate all helpful posts...

HTH, John *** Please rate all useful posts ***

John,

Made the changes but still the same amount of % packets are dropping.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco