cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
369
Views
0
Helpful
7
Replies
tripline
Beginner

Need help with Cisco router/switch config for internet

I have a Cisco ASR https://pastebin.com/fe0R4AeJ and a Cisco Nexus switch https://pastebin.com/jFs6jRqg
I can console in the ASR and ping the public ISP and pubic gateway. I connect my computer to the Nexus switch and get a private IP. However, I am not on the internet. I am thinking it may be a vlan issue but I am not sure. I am new to this and could use some guidance.

These are the sites I am using to help with initial setup.
Configuring Cisco Router for Internet Access-IP Route Cisco | Configuring Cisco (deltaconfig.com)
Basics to configure a CISCO router to connect to internet. - ICT Magazine - Embracing the ICT World (yourictmagazine.com)

1 ACCEPTED SOLUTION

Accepted Solutions

Hello,

 

your NAT access list does not look right. Make sure you use the one below:

 

ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.255.255

 

View solution in original post

7 REPLIES 7
paul driver
VIP Mentor

Hello
On the isr you will need to add some network address translation (NAT) for the nexus lan then you should be able to reach the internet from the switch

 

example -asr-
int x/x
description WAN
ip nat outside 


int y/y
description LAN
ip nat inside




access-list 10 permit y.y.y.0 0.0.0.255 (lan subnets)

etc..


ip nat inside source list 10 interface x/x
ip route 0.0.0.0 0.0.0.0 x/x  z.z.z. (wan ip nexthop)


kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future

On the ASR, I have nat setup for inside GigabitEthernet0/0/2 and out TenGigabitEthernet0/1/0 NAT. 
I also have the access list setup on the ASR. Is there something wrong with it? The config is in the original PasteBin post.

Hello,

 

your NAT access list does not look right. Make sure you use the one below:

 

ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.255.255

 

View solution in original post

Thank you so much.
How come the website used this permit instead of what you suggested? Configuring Cisco Router for Internet Access-IP Route Cisco | Configuring Cisco (deltaconfig.com)

Define a list of internal addresses for translation to the external address.

R-DELTACONFIG (config)#
ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.0.255

 

Hello,

 

that is because the internal network in the document has 192.168.0.0/24 configured. The access list needs to match that:

 

R-DELTACONFIG#conf t
interface Vlan 1
Ip address 192.168.0.1 255.255.255.0
no shutdown

 

Can you take another look and see if there's something I need to change to ssh into the Switch? I can ssh into it from the MGMT port but not from the network.

Hello
TBH I didnt see you had posted any config, your lan interface is in mgt-intf  VRF take it out of any vrf and test again, it should then work.



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future