06-26-2021 06:29 AM
Hi All, I hoping you can help me out with the NAT below, I can ping 8.8.8.8 so verified that I have external connectivity.
Topology
Cisco Router > Trunk port to Cisco Switch > Trunk to Cisco AP
My laptop on WiFi gets an IP address of 192.168.10.1/24 with a GW of 254 which I can ping, I can not get out to the Internet though, tracing fails at .254, below is my Router config: -
ip dhcp excluded-address 192.168.20.254
ip dhcp excluded-address 192.168.30.254
ip dhcp excluded-address 192.168.40.254
!
ip dhcp pool CAWFC
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 1.1.1.1 8.8.8.8
!
ip dhcp pool FSM
network 192.168.20.0 255.255.255.0
dns-server 1.1.1.1 8.8.8.8
default-router 192.168.20.254
!
ip dhcp pool THERA
network 192.168.30.0 255.255.255.0
dns-server 1.1.1.1 8.8.8.8
default-router 192.168.30.254
!
ip domain lookup source-interface Ethernet0.101
ip domain name CAWFC
ip name-server 8.8.8.8
!
interface Ethernet0
no ip address
!
interface Ethernet0.101
encapsulation dot1Q 101
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
switchport trunk allowed vlan 1,10,20,30,1002-1005
switchport mode trunk
no ip address
!
interface GigabitEthernet7
description LAN LINK
switchport mode trunk
no ip address
spanning-tree portfast
!
interface Vlan10
description CAWFC
ip address 192.168.10.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan20
description FSM
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan30
description THERA
ip address 192.168.30.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan100
description Management
ip address 192.168.100.254 255.255.255.0
!
interface Dialer1
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
ppp ipcp address accept
no cdp enable
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat pool CAWFC 192.168.10.0 192.168.10.254 netmask 255.255.255.0
ip nat pool FSM 192.168.20.0 192.168.20.254 netmask 255.255.255.0
ip nat pool THERA 192.168.30.0 192.168.30.254 netmask 255.255.255.0
ip nat inside source list CAWFC interface Ethernet0.101 overload
ip nat inside source list FSM interface Ethernet0.101 overload
ip nat inside source list THERA interface Ethernet0.101 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list standard SSH_ACCESS
!
ip access-list extended NAT
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any
Could you let me know why this is not working please?
Thanks,
Chet
06-26-2021 06:36 AM
The interface referenced in the nat statement should be the outside interface. In your case, that would Dialer1. You aren't referencing the nat pool's you defined, but those would have to be outside addresses if you were using them.
06-26-2021 07:37 AM
No sure I follow, sorry
06-26-2021 06:38 AM
You've configured nat but the list you are referencing is the NAT pool, change this to your ACL called "NAT".
06-26-2021 06:42 AM
Good catch. I missed that part. If you used that ACL, you would only a single statement of "ip nat".
ip nat inside source list NAT interface Dialer1 overload
06-26-2021 07:36 AM
So this:
ip nat inside source list NAT interface Dialer1 overload
!
ip access-list extended NAT
permit ip 192.168.20.0 0.0.0.255 any
permit ip 192.168.10.0 0.0.0.255 any
permit ip 192.168.30.0 0.0.0.255 any
06-26-2021 10:10 AM
Yes, try that.
06-26-2021 10:18 AM - edited 06-26-2021 10:19 AM
Hello
try the folowing
int dailer 1
ip mtu 1492
ip tcp adjust-mss 1452
ppp ipcp dns request
exit
ip nat inside source list NAT interface dialer1 overload
no ip nat inside source list CAWFC interface Ethernet0.101 overload
no ip nat inside source list FSM interface Ethernet0.101 overload
noip nat inside source list THERA interface Ethernet0.101 overload
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide