Solved

Cisco 2900 series router - home setup - can't get to the internet

Posted on 2016-08-25
10
33 Views
Last Modified: 2016-09-02
I have a CIsco 2900 series router.  To start off, I have this set up in my lab at the office and I am able to access the internet, works fine. When I bring it home however, it will not allow me to connect to the internet.  I can ping my ISP's IP address (gi0/0) that I was assigned via DHCP, that is it though.  I have a cable modem, goes to an 8 port CIsco switch, then I have an ASUS router in access point mode.  I have tried to plug a laptop right into the switch to bypass the wireless.  That didn't work.  I have gone through documentation and I think it is set up properly.  Obviously I am missing something.  My first thought was the access list but if it functions properly at my work, then I don't think it could be there.

Below is a show run config...

Cisco2900#show run
Building configuration...


Current configuration : 1984 bytes
!
! Last configuration change at 14:12:34 UTC Thu Aug 25 2016 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco2900
!
boot-start-marker
boot-end-marker
!
!
! card type command needed for slot/vwic-slot 0/0
enable secret 4 IZDofN3ddRqinND7VTvzvvhWZi8Y94l8qIZp1/pdUHY
!
no aaa new-model
!
!
no ipv6 cef
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
ip dhcp excluded-address 192.168.99.1 192.168.99.100
!
ip dhcp pool internal
 import all
 network 192.168.99.0 255.255.255.0
 default-router 192.168.99.2
 dns-server 4.2.2.2
!
!
ip cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
!
license udi pid CISCO2911/K9 sn FTX1726ANBJ
hw-module pvdm 0/0
!
!
!
username admin password 0 **********
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 ip address 192.168.99.2 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface GigabitEthernet0/2
 no ip address
 shutdown
 duplex auto
 speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 101 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0
!
access-list 101 permit ip 192.168.99.0 0.0.0.255 any
!
!
!
control-plane
!
!
voice-port 0/3/0
!
voice-port 0/3/1
!
voice-port 0/3/2
!
voice-port 0/3/3
 !
 !
 !
!
!
!
mgcp profile default
!
!
!
!
!
gatekeeper
 shutdown
!
!
!
line con 0
line aux 0
line 2
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
 stopbits 1
line vty 0 4
 password **********
 login local
 transport input all
!
scheduler allocate 20000 1000
!
end

Cisco2900#
0
Comment
Question by:Greg Franklin
  • 5
  • 3
  • 2
10 Comments
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
What address is assigned to G0/0
Also, most ISP modems cache the mac address of devices they plug to, try flushing out the mac adress by resetting that modem.
0
 

Author Comment

by:Greg Franklin
Comment Utility
Hi, thanks for the reply.  I did reset the modem, should have mentioned that.  That did not work.  I have assigned gi0/0 to pick up an IP Address from my ISP.  The command below was entered...

interface GigabitEthernet0/0
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
0
 
LVL 26

Expert Comment

by:Predrag Jovic
Comment Utility
Are interfaces up, did WAN get IP address from ISP?
What is output from:

# sh ip interf brief
# sh ip route

does ping to 8.8.8.8 is working from router itself, extended ping from Gi0/1
ping 8.8.8.8

and extended ping

ping
Protocol [ip]:
Target IP address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.99.2
*
*
*

than you can check also nat translation
# sh ip nat translat
0
 
LVL 18

Expert Comment

by:Akinsd
Comment Utility
Yes, I meant what IP did the ISP assign to int G0/0
The default route is pointed to the int G0/0 which technically eliminates route issue, unless it's not working.
The NAT translations worked before you location change.

This means the main focus is on the IP address that was dynamically assigned to int gi0/0. My guess is, it's not getting an IP or could be getting a private IP.
0
 

Author Comment

by:Greg Franklin
Comment Utility
Hi yes the WAN did get an IP from the ISP.  I could not ping the Google DNS servers, I could ping the WAN IP and the internal subnet.  I will try provide the output later tonight when I get home.  Thank you!
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Greg Franklin
Comment Utility
Hi, here is the info requested.

Router#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down    
GigabitEthernet0/0         72.38.0.138     YES DHCP   up                    up      
GigabitEthernet0/1         192.168.99.2    YES NVRAM  down                  down    
GigabitEthernet0/2         unassigned      YES NVRAM  administratively down down    
NVI0                       unassigned      YES unset  administratively down down    


Router#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)



Router#show ip route br   
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 is directly connected, GigabitEthernet0/0
      24.0.0.0/32 is subnetted, 1 subnets
S        24.226.22.75 [254/0] via 72.38.0.129, GigabitEthernet0/0
      72.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        72.38.0.128/25 is directly connected, GigabitEthernet0/0
L        72.38.0.138/32 is directly connected, GigabitEthernet0/0




I tried to to an extended ping to 8.8.8.8 from gi0/0 but it didn't like that too much.

Router#ping
Protocol [ip]:
Target IP address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.99.2
% Invalid source. Must use same-VRF IP address or full interface name without spaces (e.g. Serial0/1)
Source address or interface: gi0/0
% Invalid source. Must use same-VRF IP address or full interface name without spaces (e.g. Serial0/1)


I tried using the assigned IP by my ISP as the source address and that seemed to be able to prcess the request however, still no response.

Router#  ping
Protocol [ip]: 8.8.8.8       
Target IP address: 8.8.8.8
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 72.38.0.138
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 72.38.0.138
.....
Success rate is 0 percent (0/5)
0
 
LVL 26

Expert Comment

by:Predrag Jovic
Comment Utility
Something is wrong here.
S*    0.0.0.0/0 is directly connected, GigabitEthernet0/0
      24.0.0.0/32 is subnetted, 1 subnets
S        24.226.22.75 [254/0] via 72.38.0.129, GigabitEthernet0/0
      72.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        72.38.0.128/25 is directly connected, GigabitEthernet0/0
L        72.38.0.138/32 is directly connected, GigabitEthernet0/0
You have no static route to 24.0.0.0 in configuration or dynamic routing and yet there is one in your route table.
The second problem is
GigabitEthernet0/1         192.168.99.2    YES NVRAM down                  down
+
NVI0                       unassigned      YES unset  administratively down down
is typically responsible for natting on new platforms - it is admin down?

Configuration can be slightly different for using NVI0 interface

Interface <type><number>
ip nat enable                                            <--- no inside or outside just enable

! nat statement
ip nat source list 1 interface Gi0/0 overload  <--- no inside keyword

Cisco link - Example: Configuring the NAT Virtual Interface
0
 
LVL 26

Expert Comment

by:Predrag Jovic
Comment Utility
Try to traceroute from router to 8.8.8.8 to check is ISP sending icmp back (if yes, you can configure the first hop's IP address as next hop for default route).
And please again, after ping check NAT table.
# sh ip nat translat

But, anyway, I guess that ping from router should work as it is configured. Try to power cycle upstream device (ISP's device).
0
 

Accepted Solution

by:
Greg Franklin earned 0 total points
Comment Utility
I figured it out, I had to add this...

ip route 0.0.0.0 0.0.0.0 dhcp

Works fine now.
0
 

Author Closing Comment

by:Greg Franklin
Comment Utility
I found the answer elsewhere online.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Have you experienced traffic destined through a Cisco ASA firewall disappears and you do not know if the traffic stops in the firewall or somewhere else? The solution is the capture feature. This feature was released in 6.2(1) and works in all firew…
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now