Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
834
Views
0
Helpful
7
Replies

Need help with Cisco router/switch config for internet

Go to solution
tripline
Level 1
Level 1

‎11-29-2021 05:39 AM

I have a Cisco ASR https://pastebin.com/fe0R4AeJ and a Cisco Nexus switch https://pastebin.com/jFs6jRqg
I can console in the ASR and ping the public ISP and pubic gateway. I connect my computer to the Nexus switch and get a private IP. However, I am not on the internet. I am thinking it may be a vlan issue but I am not sure. I am new to this and could use some guidance.

These are the sites I am using to help with initial setup.
Configuring Cisco Router for Internet Access-IP Route Cisco | Configuring Cisco (deltaconfig.com)
Basics to configure a CISCO router to connect to internet. - ICT Magazine - Embracing the ICT World (yourictmagazine.com)

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP
In response to tripline

‎11-29-2021 07:49 AM - last edited on ‎11-29-2021 09:14 PM by Community Manager

Hello,

 

your NAT access list does not look right. Make sure you use the one below:

 

ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.255.255

 

View solution in original post

0 Helpful
7 Replies 7

Go to solution
paul driver
VIP
VIP

‎11-29-2021 06:56 AM - last edited on ‎11-29-2021 09:13 PM by Community Manager

Hello
On the isr you will need to add some network address translation (NAT) for the nexus lan then you should be able to reach the internet from the switch

 

example -asr-
int x/x
description WAN
ip nat outside 


int y/y
description LAN
ip nat inside




access-list 10 permit y.y.y.0 0.0.0.255 (lan subnets)

etc..


ip nat inside source list 10 interface x/x
ip route 0.0.0.0 0.0.0.0 x/x  z.z.z. (wan ip nexthop)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
tripline
Level 1
Level 1
In response to paul driver

‎11-29-2021 07:01 AM

On the ASR, I have nat setup for inside GigabitEthernet0/0/2 and out TenGigabitEthernet0/1/0 NAT. 
I also have the access list setup on the ASR. Is there something wrong with it? The config is in the original PasteBin post.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to tripline

‎11-29-2021 07:49 AM - last edited on ‎11-29-2021 09:14 PM by Community Manager

Hello,

 

your NAT access list does not look right. Make sure you use the one below:

 

ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.255.255

 

0 Helpful

Go to solution
tripline
Level 1
Level 1
In response to Georg Pauwen

‎11-29-2021 08:17 AM - last edited on ‎11-29-2021 09:41 PM by Community Manager

Thank you so much.
How come the website used this permit instead of what you suggested? Configuring Cisco Router for Internet Access-IP Route Cisco | Configuring Cisco (deltaconfig.com)

Define a list of internal addresses for translation to the external address.

R-DELTACONFIG (config)#
ip access-list standard ACL_NAT
permit 192.168.0.0 0.0.0.255

 

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to tripline

‎11-29-2021 08:29 AM - last edited on ‎11-29-2021 09:21 PM by Community Manager

Hello,

 

that is because the internal network in the document has 192.168.0.0/24 configured. The access list needs to match that:

 

R-DELTACONFIG#conf t
interface Vlan 1
Ip address 192.168.0.1 255.255.255.0
no shutdown

 

0 Helpful

Go to solution
tripline
Level 1
Level 1
In response to Georg Pauwen

‎11-30-2021 12:14 PM

Can you take another look and see if there's something I need to change to ssh into the Switch? I can ssh into it from the MGMT port but not from the network.

0 Helpful

Go to solution
paul driver
VIP
VIP
In response to tripline

‎11-29-2021 08:14 AM - edited ‎11-29-2021 08:18 AM

Hello
TBH I didnt see you had posted any config, your lan interface is in mgt-intf  VRF take it out of any vrf and test again, it should then work.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card