Buy or Renew
Buy or Renew
Cisco + Splunk: Itā€™s a new day for your data. Learn more.
Ā 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
320
Views
0
Helpful
4
Replies

NAT

Go to solution
hugozidos
Level 1
Level 1

ā€Ž04-07-2015 07:41 AM - edited ā€Ž03-05-2019 01:11 AM

I configured NAT on my cisco 2811 router but after so many attempts to connect the internet , it failed. i configure the router to server as a DHCP server for different vlans. Tried and tried again but it didn't connect.

below are the configurations for both the switch and router:

ROUTER:

ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.2.1 192.168.2.50
ip dhcp excluded-address 192.168.3.1 192.168.3.50
ip dhcp excluded-address 192.168.4.1 192.168.4.50
ip dhcp excluded-address 192.168.5.1 192.168.5.50
!
ip dhcp pool 2nd_floor
   network 192.168.2.0 255.255.255.0
   default-router 192.168.2.1
   domain-name 2nd_floor
   dns-server 212.100.67.195 212.100.67.196
!
ip dhcp pool 3rd_floor
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
   domain-name 3rd_floor
   dns-server 212.100.67.195 212.100.67.196
!
ip dhcp pool 4th_floor
   network 192.168.4.0 255.255.255.0
   default-router 192.168.4.1
   domain-name 4th_floor
   dns-server 212.100.67.195 212.100.67.196
!
ip dhcp pool 5th_floor
   network 192.168.5.0 255.255.255.0
   default-router 192.168.5.1
   domain-name 5th_floor
   dns-server 212.100.67.195 212.100.67.196
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.0.1 255.255.255.252
 ip nat inside
 duplex auto
 speed auto
!
interface FastEthernet0/0.2
 encapsulation dot1Q 2
 ip address 192.168.2.1 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/0.3
 encapsulation dot1Q 3
 ip address 192.168.3.1 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/0.4
 encapsulation dot1Q 4
 ip address 192.168.4.1 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/0.5
 encapsulation dot1Q 5
 ip address 192.168.5.1 255.255.255.0
 no snmp trap link-status
!
interface FastEthernet0/1
 ip address 172.16.16.32 255.255.255.0
 ip nat outside
 duplex auto
 speed auto
!
router eigrp 90
 network 172.16.16.0 0.0.0.255
 network 192.168.0.0 0.0.0.3

network 192.168.2.0
 network 192.168.3.0
 network 192.168.4.0
 network 192.168.5.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.16.16.1
!
ip http server
ip nat inside source list NOUN interface FastEthernet0/1 overload
!
ip access-list standard NOUN
 permit 192.168.0.0 0.0.0.255
 permit 192.168.2.0 0.0.0.255
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4

 

SWITCH:

hostname Switch
!
!
ip subnet-zero
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
 switchport mode trunk
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
!
interface FastEthernet0/3
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0/4
 switchport access vlan 4
 switchport mode access
!
interface FastEthernet0/5
 switchport access vlan 5
 switchport mode access

interface GigabitEthernet0/2
!
interface Vlan1
 ip address 192.168.0.2 255.255.255.252
 no ip route-cache
!
ip http server
!
line con 0
 exec-timeout 0 0
 password NOUN
 logging synchronous
 login
line vty 0 4
 exec-timeout 0 0
 password NOUN
 logging synchronous
 login
line vty 5 15
 login

 

Please i will appreciate any response, thanks.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

ā€Ž04-07-2015 02:35 PM

Not sure why you have NAT setup for the 192.168.0.0/30 subnet as it only has the router and switch interface in it and your NAT acl doesn't match

However that is not the issue. I assume you need to NAT for the 192.168.2.0/24 clients in which case  you need to add "ip nat inside" under you fa0/0.2 subinterface.

Jon

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Tinashe Ndhlovu
Level 1
Level 1

ā€Ž04-07-2015 02:30 PM

Just quickly glanced over the config and can u specify ip nat inside on all the inside interfaces you want to provide internet access to. The access list NOUN seems to only be covering the second floor and 192.168.0.1 if these are the only subnets you want to access the internet then cool, if more then change the access list NOUN to:

ip access-list standard NOUN
 permit 192.168.0.0 0.0.7.255   (I think that's the WCM.. its been a while..)

 

interface FastEthernet0/0.2
 encapsulation dot1Q 2
 ip address 192.168.2.1 255.255.255.0

ip nat inside
 no snmp trap link-status
!
interface FastEthernet0/0.3
 encapsulation dot1Q 3
 ip address 192.168.3.1 255.255.255.0

ip nat inside
 no snmp trap link-status
!
interface FastEthernet0/0.4
 encapsulation dot1Q 4
 ip address 192.168.4.1 255.255.255.0

ip nat inside
 no snmp trap link-status
!
interface FastEthernet0/0.5
 encapsulation dot1Q 5
 ip address 192.168.5.1 255.255.255.0

ip nat inside
 no snmp trap link-status

Let me know how that goes

0 Helpful

Go to solution
hugozidos
Level 1
Level 1
In response to Tinashe Ndhlovu

ā€Ž04-07-2015 11:17 PM

the corrections worked out perfectly, thanks alot.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

ā€Ž04-07-2015 02:35 PM

Not sure why you have NAT setup for the 192.168.0.0/30 subnet as it only has the router and switch interface in it and your NAT acl doesn't match

However that is not the issue. I assume you need to NAT for the 192.168.2.0/24 clients in which case  you need to add "ip nat inside" under you fa0/0.2 subinterface.

Jon

0 Helpful

Go to solution
hugozidos
Level 1
Level 1
In response to Jon Marshall

ā€Ž04-07-2015 11:21 PM

thanks , made the corrections and it worked perfectly.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card