Solved: Re: ISR 1100 - C1111-4P - NAT inside LAN

PROTECHIT · ‎01-15-2024

Hello,

We created an additional LAN in the already existing local network. To access the Internet on the new LAN, we used NAT on the C1111-4P router.

It all looks like Internet access is there, just.... the connection is not stable, i.e., for example, web pages once load and once do not. Are we missing something in the configuration of the C1111-4P router?

Below are the configurations from the router and a general description of Our Network:

WAN is from CBS350-48X switch:
interface TenGigabitEthernet1/0/1
speed 1000 
description WAN-ISR110
switchport access vlan 136

C1111-4P configuration:
Building configuration...
Current configuration : 7558 bytes
!
! Last configuration change at 12:17:52 UTC Fri Jan 12 2024 by admin
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname C1111-4P
!
boot-start-marker
boot system bootflash:c1100-universalk9.17.09.04a.SPA.bin
boot system bootflash:c1100-universalk9.17.06.01a.SPA.bin
boot-end-marker
!
!
no aaa new-model
clock timezone UTC -1 0
!
!
!
!
!
!
!
no ip domain lookup
ip domain name LAN.local
ip dhcp excluded-address 192.168.0.0 192.168.0.100
ip dhcp excluded-address 192.168.0.201 192.168.0.255
!
ip dhcp pool POOL_VL99
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1 
dns-server 8.8.8.8 1.1.1.1 
lease 0 8
!
!
!
username admin privilege 15 secret 9 password
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN from VLAN 136
ip address 192.168.136.2 255.255.255.0
ip nat outside
media-type spf
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface GigabitEthernet0/1/1
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface GigabitEthernet0/1/2
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
shutdown
!
interface GigabitEthernet0/1/3
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.0.1 255.255.255.0
ip nat inside
no autostate
!
ip default-gateway 192.168.0.1
no ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 192.168.136.1
ip ssh version 2
!
!
ip access-list standard NAT
10 permit 192.168.0.0 0.0.0.255
!
!
!
route-map track-primary-if permit 1 
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
logging synchronous
login local
transport input none
stopbits 1
line vty 0 4
login
length 0
transport input ssh
line vty 5 14
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
end

MHM Cisco World · ‎01-15-2024

only one command need

ip routing

also


ip route 0.0.0.0 0.0.0.0 192.168.136.1 <<- remove this 
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 <<- remove this 
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1 <<- add this

MHM

View solution in original post

balaji.bandi · ‎01-15-2024

Configuration seems to be ok

did other LAN working as expected with any trouble that mentioned in the new VLAN.

there are some Lines which you do not need :

no ip default-gateway 192.168.0.1
no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

how are you testing - connecting directly router and testing ?

check from user able to ping google DNS continous.

- Check connection port have any errors ?

- speed checks ?

- ping gateway Local and next hop see any drops ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎01-15-2024

only one command need

ip routing

also


ip route 0.0.0.0 0.0.0.0 192.168.136.1 <<- remove this 
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 <<- remove this 
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1 <<- add this

MHM

PROTECHIT · ‎01-16-2024

Thank you very much! This three commands resolved problem:

ip route 0.0.0.0 0.0.0.0 192.168.136.1

<<- remove this

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

<<- remove this

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1

<<- add this

Can I ask what is the difference in adding one line of command instead of two separate lines? Don't they mean the same thing? However, is there a hierarchy here?

As for the

ip routing

command, it is not visible in the configuration file of the C1111-4P router, but we can check its status through the WebUI under Administration -> Device.

Thank You - MHM Cisco World and balaji.bandi - once again for Your help.