cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
638
Views
0
Helpful
7
Replies

Need help with Cisco router/switch config for internet

tripline
Level 1
Level 1

I have a Cisco ASR https://pastebin.com/fe0R4AeJ and a Cisco Nexus switch https://pastebin.com/jFs6jRqg
I can console in the ASR and ping the public ISP and pubic gateway. I connect my computer to the Nexus switch and get a private IP. However, I am not on the internet. I am thinking it may be a vlan issue but I am not sure. I am new to this and could use some guidance.

These are the sites I am using to help with initial setup.
Configuring Cisco Router for Internet Access-IP Route Cisco | Configuring Cisco (deltaconfig.com)
Basics to configure a CISCO router to connect to internet. - ICT Magazine - Embracing the ICT World (yourictmagazine.com)

1 Accepted Solution

Accepted Solutions

Hello,

 

your NAT access list does not look right. Make sure you use the one below:

 

ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.255.255

 

View solution in original post

7 Replies 7

Hello
On the isr you will need to add some network address translation (NAT) for the nexus lan then you should be able to reach the internet from the switch

 

example -asr-
int x/x
description WAN
ip nat outside 


int y/y
description LAN
ip nat inside




access-list 10 permit y.y.y.0 0.0.0.255 (lan subnets)

etc..


ip nat inside source list 10 interface x/x
ip route 0.0.0.0 0.0.0.0 x/x  z.z.z. (wan ip nexthop)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

On the ASR, I have nat setup for inside GigabitEthernet0/0/2 and out TenGigabitEthernet0/1/0 NAT. 
I also have the access list setup on the ASR. Is there something wrong with it? The config is in the original PasteBin post.

Hello,

 

your NAT access list does not look right. Make sure you use the one below:

 

ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.255.255

 

Thank you so much.
How come the website used this permit instead of what you suggested? Configuring Cisco Router for Internet Access-IP Route Cisco | Configuring Cisco (deltaconfig.com)

Define a list of internal addresses for translation to the external address.

R-DELTACONFIG (config)#
ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.0.255

 

Hello,

 

that is because the internal network in the document has 192.168.0.0/24 configured. The access list needs to match that:

 

R-DELTACONFIG#conf t
interface Vlan 1
Ip address 192.168.0.1 255.255.255.0
no shutdown

 

Can you take another look and see if there's something I need to change to ssh into the Switch? I can ssh into it from the MGMT port but not from the network.

Hello
TBH I didnt see you had posted any config, your lan interface is in mgt-intf  VRF take it out of any vrf and test again, it should then work.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco