Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
2
Replies

VLANs and NAT

Go to solution
ruben.alonso
Level 1
Level 1

‎03-25-2004 09:40 AM - edited ‎03-02-2019 02:33 PM

I have a CISCO 1710 router and a Netgear FS526T Switch.

After a while I've been able to sort most of the configuration out but there´s something that does not quite work properly.

I use the switch to create port-based vlans All the ports but one are untagged. The last port in the switch uses 802.1q vlan tagging and belongs to all the vlans.

That port is connected to the fastethernet interface in the cisco.

Up to here, everything is fine. I can connect machines to different ports and they can all access the router, but when I try to access the internet there is a strange behaviour: The VLAN 1 works normally and at full speed. The other VLANs experience problems accessing some web sites.

I can trace a route, query a dns server, even download web pages from some sites (i.e. microsoft or cocacola), but not others (like google or altavista).

I'll paste a bit of configuration to see if anyone can find my mistake.

(I found a web page with the same problem but no solution:

http://www.groupstudy.com/archives/associate/200104/msg00325.html)

interface Ethernet0

ip address XX.XX.XX.XX 255.255.255.248

ip nat outside

half-duplex

!

interface FastEthernet0

no ip address

ip nat inside

speed 100

full-duplex

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

ip address 192.168.37.1 255.255.255.0

ip nat inside

!

interface FastEthernet0.2

encapsulation dot1Q 2

ip address 172.16.22.1 255.255.255.0

ip nat inside

!

interface FastEthernet0.3

encapsulation dot1Q 3

ip address 172.16.24.1 255.255.255.0

ip nat inside

!

ip nat inside source list 110 interface Ethernet0 overload

ip classless

ip route 0.0.0.0 0.0.0.0 XX.XX.XX.XX

no ip http server

no ip http secure-server

!

access-list 110 permit ip 192.168.37.0 0.0.0.255 any

access-list 110 permit ip 192.168.47.0 0.0.0.255 any

access-list 110 permit ip 172.16.0.0 0.0.255.255 any

access-list 110 permit ip 172.17.0.0 0.0.255.255 any

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
raquresh
Level 1
Level 1

‎03-29-2004 09:37 AM

Ruben,

First of all the translated traffic is going from a full duplex fast ethernet interface through a half duplex 10 MB ethernet interface, so performance issues can be expected.

You can try to disable fast switching on your FE interface to see if it makes any difference (Try this after hours).

no ip route-cache

Also look into CEF, Cisco Express forwarding, if it is avalaible for your IOS and router platform.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
raquresh
Level 1
Level 1

‎03-29-2004 09:37 AM

Ruben,

First of all the translated traffic is going from a full duplex fast ethernet interface through a half duplex 10 MB ethernet interface, so performance issues can be expected.

You can try to disable fast switching on your FE interface to see if it makes any difference (Try this after hours).

no ip route-cache

Also look into CEF, Cisco Express forwarding, if it is avalaible for your IOS and router platform.

0 Helpful

Go to solution
ruben.alonso
Level 1
Level 1
In response to raquresh

‎04-01-2004 08:45 AM

no ip route-cache did the trick

thanks a lot.

performance is not an issue in my network. Anyway the internet connection will only be 2MB.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card