07-19-2019 10:53 AM - edited 07-19-2019 11:04 AM
Hello All,
We have an IR829GW router. I need to use it as a typical old school NAT router such that whatever devices are behind it use a NAT IP for the traffic that's going outbound ( For instance Internet access). I have looked in the config guide and couldn't find any instructions regarding this. Secondly, this device has a hyper-visor style architecture. Can someone educate me what is the purpose of creating a VM on such devices ? What would be the use-case ?
My internal devices are connected to a L2 switch which in-turn will have a uplink from one of the interfaces of this IR829. My requirement is that all internet bound traffic originating from these internal devices should be Dynamic NAT'd or PAT based on whatever NAT IP i assign.
THanks
Solved! Go to Solution.
07-19-2019 01:32 PM
Hello,
the below should do it (important parts marked in bold). The IP address assigned to the VLAN 1 interface is arbitrary, if yours is different, you need to change the access list 1 to match the IP address space you are using.
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname 829
!
boot-start-marker
boot system flash:/ir800-universalk9-mz.SPA.156-3.M0a
boot-end-marker
!
no aaa new-model
ethernet lmi ce
service-module wlan-ap 0 bootimage autonomous
!
ignition off-timer 900
!
ignition undervoltage threshold 9
!
no ignition enable
!
no ip domain lookup
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid IR829-2LTE-EA-BK9 sn FGL2032219N
!
redundancy
notification-timer 120000
!
controller Cellular 0
lte sim data-profile 3 attach-profile 1
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
interface GigabitEthernet0
no ip address
shutdown
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface Wlan-GigabitEthernet0
no ip address
!
interface GigabitEthernet5
description Uplink to WAN Router
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string lte
!
interface Cellular1
no ip address
encapsulation slip
!
interface wlan-ap0
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Async0
no ip address
encapsulation scada
!
interface Async1
no ip address
encapsulation scada
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5
!
dialer-list 1 protocol ip permit
!
ipv6 ioam timestamp
!
access-list 1 permit 192.168.1.0
!
control-plane
!
line con 0
stopbits 1
line 1 2
stopbits 1
line 3
script dialer lte
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
!
no scheduler max-task-time
07-19-2019 11:51 AM
Hello,
are you using the IR829 as a cellular Internet router, and are you using the integrated wireless AP as well ? Post the config you currently have...
07-19-2019 12:14 PM
Hello Georg, This is a new device out of the box. Please find attached run config file. I am currently not using it as IR Router or AP. For now we just want to give devices behind it, access to internet using PAT . I will be connecting the Internet Uplink connection to it's WAN interface port. The internal devices that i am referring to are connected to a L2 switch and this Switch is in turn connected to the GE1 (LAN) interface. One dumb question if i may, I need to enable http web UI on this. Do i just run a "ip http-server" from the enable mode ?
Thanks in advance
07-19-2019 01:32 PM
Hello,
the below should do it (important parts marked in bold). The IP address assigned to the VLAN 1 interface is arbitrary, if yours is different, you need to change the access list 1 to match the IP address space you are using.
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service internal
!
hostname 829
!
boot-start-marker
boot system flash:/ir800-universalk9-mz.SPA.156-3.M0a
boot-end-marker
!
no aaa new-model
ethernet lmi ce
service-module wlan-ap 0 bootimage autonomous
!
ignition off-timer 900
!
ignition undervoltage threshold 9
!
no ignition enable
!
no ip domain lookup
ip inspect WAAS flush-timeout 10
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid IR829-2LTE-EA-BK9 sn FGL2032219N
!
redundancy
notification-timer 120000
!
controller Cellular 0
lte sim data-profile 3 attach-profile 1
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
interface GigabitEthernet0
no ip address
shutdown
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface Wlan-GigabitEthernet0
no ip address
!
interface GigabitEthernet5
description Uplink to WAN Router
ip address dhcp
ip nat outside
duplex auto
speed auto
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string lte
!
interface Cellular1
no ip address
encapsulation slip
!
interface wlan-ap0
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
!
interface Async0
no ip address
encapsulation scada
!
interface Async1
no ip address
encapsulation scada
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet5 overload
!
ip route 0.0.0.0 0.0.0.0 GigabitEthernet5
!
dialer-list 1 protocol ip permit
!
ipv6 ioam timestamp
!
access-list 1 permit 192.168.1.0
!
control-plane
!
line con 0
stopbits 1
line 1 2
stopbits 1
line 3
script dialer lte
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
!
no scheduler max-task-time
07-19-2019 05:42 PM
Georg, Thank you very much. I will try it out on Monday and let you know. Really appreciate your help
01-08-2021 01:01 AM
Mr. Pauwen -
I having similar issues with my deployment. In my case I am using the router as a cellular internet router. I have attached my config below. The current config will show the local ports administratively shutdown. I understand that I will need to enable one and/or two and perhaps install a non-addressable switch behind it once I setup DHCP as well. My issue is the NAT and/or PAT. This router wants to see to (2) WAN networks. (1) Hardwire to GE0 and the redundant path to either Cellular 0 or 1. How do we bypass the GE0 and go straight to cellular0 ? This router will always be a cellular router and nothing else. The radio for the cellular 0 is configured and working;(ping test to google DNS) just not able to pass traffic from the LAN portion of router.
Can you help?
Thank you
Giovanni
01-08-2021 01:31 AM
Hello,
I have made some changes and additions to your configuration (marked in bold), see if you can get it to work:
Current configuration : 2889 bytes
!
! Last configuration change at 08:27:30 UTC Fri Jan 8 2021
!
version 15.8
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname IR800
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$vUyn$kmxzxQwKxH41tU0vuUAbT1
enable password 7 08004E4B05150A46405B5D536B
!
no aaa new-model
service-module wlan-ap 0 bootimage autonomous
!
ignition off-timer 900
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
multilink bundle-name authenticated
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
license udi pid IR829B-LTE-EA-BK9 sn FTX2423Z049
!
--> ip dhcp excluded-address 192.168.1.1
!
--> ip dhcp pool LAN
--> network 192.168.1.0 255.255.255.0
--> default-router 192.168.1.1
--> dns-server 8.8.8.8 8.8.4.4
!
redundancy
!
controller Cellular 0
lte sim fast-switchover enable
lte failovertimer 5
no lte gps enable
description VERIZON
!
interface GigabitEthernet0
no ip address
no mop enabled
!
interface GigabitEthernet1
no ip address
shutdown
!
interface GigabitEthernet2
no ip address
shutdown
!
interface GigabitEthernet3
no ip address
shutdown
!
interface GigabitEthernet4
no ip address
shutdown
!
interface Wlan-GigabitEthernet0
no ip address
!
interface GigabitEthernet5
no ip address
shutdown
duplex auto
speed auto
!
interface Cellular0
ip address negotiated
--> ip nat outside
ip virtual-reassembly in
encapsulation slip
dialer in-band
dialer idle-timeout 0
dialer string lte
dialer-group 1
--> no peer default ip address
--> async mode interactive
--> routing dynamic
ipv6 address autoconfig
!
interface Cellular1
no ip address
encapsulation slip
!
interface wlan-ap0
no ip address
shutdown
!
interface Vlan1
--> ip address 192.168.1.1 255.255.255.0
--> ip nat inside
!
interface Async0
no ip address
encapsulation scada
!
interface Async1
no ip address
encapsulation scada
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 Cellular0
!
--> ip nat inside source list 1 interface Cellular0 overload
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipv6 permit
ipv6 ioam timestamp
!
control-plane
!
line con 0
stopbits 1
line 1 2
stopbits 1
line 3
script dialer lte
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
line 4
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 8
no exec
transport preferred lat pad telnet rlogin lapb-ta mop udptn v120 ssh
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
rxspeed 150000000
txspeed 50000000
line 1/3 1/6
transport preferred none
transport output none
stopbits 1
line vty 0 4
password 7 0028401229085A084E
login
transport input none
!
no scheduler max-task-time
no iox hdm-enable
iox client enable interface GigabitEthernet5
iox hypervisor password 7 153E581829797A2A69
no iox recovery-enable
!
end
01-08-2021 01:53 AM
01-08-2021 08:41 PM
Mr. Pauwen - Thank you for your help. Regrettably the router goes nuts with the changes. Not sure if its something within the cellular controller or perhaps the redundancy built in to this router making bounce back and forth. Perhaps I should explain. When plugging a laptop to the Gigabit Eth 1 (member of Vlan1) the laptop receives an IP address on the proper subnet great intended - however the router starts taking done the cellular connection and building it back up and continues to this several times per minute without stopping. When pinging from the laptop to the router at first I get a reply from the vlan1 subnet with the correct ip address provided then it changes to the IP address provided by Verizon normally a 100.x.x.x/8 (and every time it builds the connection it provides a different address) non-routable from the outside -which its expected. I haven't paid the $500 for the public routable IP address on VZW network. I'm getting into the weeds! I've loaded my config below with your recommendations - additionally I've added the Cellular 0 interface going up and down. From provisioning other webUI 4G LTE routers. This one is non-webUI is considerably different. The WAN should stay just the WAN and any and all traffic headed to the internet should traverse through this interface Cellular 0. It appears when pinging vlan 1 that NAT is working and translating LAN to the WAN address this would be called a passthrough. How do we stop it? I've been a significant amount of Cisco switch work - however I'm far from an expert by any means. This router is kicking my butt.
Thank you for your assistance.
Giovanni
01-09-2021 12:00 AM
Hello,
there is a very important mistake in your configuration:
interface Vlan1
ip address 192.168.1.1 255.255.255.0
--> ip nat outside
ip virtual-reassembly in
This needs to be:
interface Vlan1
ip address 192.168.1.1 255.255.255.0
--> ip nat inside
ip virtual-reassembly in
Also, configure the switchports as:
interface GigabitEthernet0
--> switchport mode access
!
interface GigabitEthernet1
--> switchport mode access
!
interface GigabitEthernet2
--> switchport mode access
!
interface GigabitEthernet3
--> switchport mode access
!
interface GigabitEthernet4
--> switchport mode access
01-13-2021 12:17 AM
Mr. Pauwen - I want to thank you for assistance. As you requested, I've added the commons provided and the router is now working as it should.
Once again thank you for all your help.
Giovanni
01-13-2021 12:50 AM
Hello,
good to hear that. Glad that you got it to work.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide