cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4726
Views
0
Helpful
24
Replies

Trouble with Cisco 881 connecting to internet

CSCO12052693
Level 1
Level 1

I have a Newly addedCisco 881 connected to a firewall, which is connected to DSL. We added it for wireless and when wireless clients connect to the network  (using standalone APs) they are able to ping everything on the 192.168.88.0 network. They can also ping the firewall 10.0.88.1, but only because it's on the same network as port fa4. It sounds to me like there is a problem with my default routes, but they seem right, and I've tried different methods for this. Here is the running-config on my 881, please help!          

Wireless_881#show run
Building configuration...

Current configuration : 3679 bytes
!
! Last configuration change at 15:45:48 UTC Fri Jul 27 2012
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Wireless_881
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 4 Ng0lbQgI3BKsMMXv78pz6UP80gaDVrhUBQB3XKZMl3M
!
no aaa new-model
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-1620898290
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1620898290
revocation-check none
rsakeypair TP-self-signed-1620898290
!
!
crypto pki certificate chain TP-self-signed-1620898290
certificate self-signed 01
  3082025A 308201C3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31363230 38393832 3930301E 170D3132 30373132 31353431
  30365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36323038
  39383239 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100ED42 50BD2E07 D6A61E1C 7A8C236F 5499F47D 0FF2F1AC 23657162 66769F02
  92921298 C4E68A84 B90B572D 300C6653 ADAB41F2 005F1544 122C99DF 16AA1F01
  D3DC117D B92750F5 F6C2D4CE D6D173C5 A197E9C2 7B5EEF9B 4B2404BD D8243ABB
  14EFF08B 21DE9D0A B11610EB 624E3B22 60212253 17BA1C73 DE86D7B8 EFD5771E
  18B90203 010001A3 8181307F 300F0603 551D1301 01FF0405 30030101 FF302C06
  03551D11 04253023 82215769 72656C65 73735F38 38312E70 616C6D65 74746F63
  6974697A 656E732E 6F726730 1F060355 1D230418 30168014 BDFA0DBF FE8B72A7
  9B2D214C 466C1EDF 33D2FA3F 301D0603 551D0E04 160414BD FA0DBFFE 8B72A79B
  2D214C46 6C1EDF33 D2FA3F30 0D06092A 864886F7 0D010104 05000381 8100E0EF
  6D122A92 75ABE448 620EEDAD 131569D2 05BEB6D9 FA77DF2F 87FD464F 8111454F
  CAE20CC2 580C8DC8 421065CD 00722044 31CF2F79 4B99E26A 5C48FD2D 2DCE835B
  D0ADBD53 B768064B 9E4AB048 F0E9F751 11C9DA51 8EA9C1D3 DCEB136A EE3944D7
  FD7EF038 DE965699 DAC4186F 3AAEBD85 B95F05D1 B3AF0BD5 566498C3 6424
        quit
!
!
!
ip dhcp excluded-address 192.168.88.1 192.168.88.10
!
ip dhcp pool PCFCU
network 192.168.88.0 255.255.255.0
default-router 192.168.88.1
dns-server 208.67.222.222
!
!
!
no ip domain lookup
ip domain name ****************
ip cef
no ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX161080BP
!
!
username mgaskin privilege 15 secret 5 $1$y8..$cCDIZqgRtHqBbsh36XW9d.
username jlivingston privilege 15 secret 5 $1$Qs6L$mhAtoKguqLmzmlfGbMYqW/
!
!
!
!
!
ip ssh authentication-retries 5
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 880
no ip address
!
interface FastEthernet1
switchport access vlan 880
no ip address
!
interface FastEthernet2
switchport access vlan 880
no ip address
!
interface FastEthernet3
switchport access vlan 880
no ip address
!
interface FastEthernet4
ip address 10.0.88.2 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
no ip address
!
interface Vlan880
ip address 192.168.88.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip default-gateway 10.0.88.2
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 10 interface FastEthernet4 overload
ip default-network 0.0.0.0
ip route 0.0.0.0 0.0.0.0 10.0.88.1
!
access-list 10 permit 192.168.88.0 0.0.0.255
no cdp run
!
!
!
line con 0
line aux 0
line vty 0 4
password 7 144F425C5D14292D273D6B657A46
login
transport input telnet
!
scheduler max-task-time 5000
!
end

1 Accepted Solution

Accepted Solutions

and if you disconnect the router ad use pc directly to firewall with ip 10.0.88.2 work?

View solution in original post

24 Replies 24

delete ip default-network 0.0.0.0

and

ip default-gateway 10.0.88.2

regards

I added "ip default-network 0.0.0.0" and "ip default-gateway 10.0.88.2" in hopes that was the problem, still no connection with just "ip route 0.0.0.0 0.0.0.0 10.0.88.1"

show vlan

if you don't see vlan 880

add

vlan 880

It's there,

Wireless_881#show vlan-switch brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
880  wireless                         active    Fa0, Fa1, Fa2, Fa3
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Wireless_881#

but what is the ip address of your firewall?

you need to point the ip address of firewall

ip route 0.0.0.0 0.0.0.0 

and then delete

ip default-network 0.0.0.0

and

ip default-gateway 10.0.88.2

deleted those two lines, and kept "ip route 0.0.0.0 0.0.0.0 10.0.88.1" which is the ip of firewall. still no luck

yes because 10.0.88.1 is an interface of your router instead you need insert the next hop (the ip address interface of your firewall)

but because

ip route 0.0.0.0 0.0.0.0 10.0.88.1 have precedence compared to of ip default-gateway and ip default-network the router use for 0.0.0.0/0 10.0.88.1 and this is incorrect

Correct, 10.0.88.2 is the interface of the router, the firewall's IP is 10.0.88.1

sorry

I traded the final two interfaces....

well the routing it's ok

if you ping from 10.0.88.2 to the internet works?

On the router, it does ping it's own interface 10.0.88.2 and it also pings the firewall 10.0.88.1, only because it is directly connected, but it doesn't ping any internet address like Open DNS's address 208.67.222.222 or google's address 74.125.137.100.

and if you disconnect the router ad use pc directly to firewall with ip 10.0.88.2 work?

Not a full Ping,

Reply from 192.168.88.13: Destination host unreachable.

?

the laptop don't have 10.0.88.2 ?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco