02-19-2016 06:12 AM - edited 03-05-2019 03:23 AM
Been struggling with "https://supportforums.cisco.com/discussion/11282626/nx-7000-configuring-default-gateway" and "https://supportforums.cisco.com/discussion/11691736/cisco-nexus-default-gateway" with no luck.
Nexus is a fairly new beast for me compared to Catalyst.
(1) What is the Nexus way of setting default-gateway? I want to forget all VRF/CEF and want it to act as a dumb L2 switch.
(2) Can hosts connected to the Nexus talk to outside successfully at least?
Thanks.
I have a section of topology where 2911 is acting as an internal NAT router. (We don't have enough private ip addresses to give to all our lab servers and networking equipment. So we have our own reserved addresses that aren't route-able across the corporate network).
2911 is using one private ip to NAT lab ip addresses
I have a section of topology where 2911 is acting as an internal NAT router. (We don't have enough private ip addresses to give to all our lab servers and networking equipment. So we have our own reserved addresses that aren't route-able across the corporate network).
2911 is using one private ip to NAT lab ip addresses
!
interface GigabitEthernet0/0
ip address 192.16.25.94 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2.100
encapsulation dot1Q 100
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/2.200
encapsulation dot1Q 200
ip address 10.1.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.16.25.1
!
access-list 1 permit any
!
!
!
control-plane
!
I have 16 Nexus switches but showing one as a sample here. (If I can get this going, rest should be easy).
vlan 1,100,102-103,200
vrf context management
interface Vlan1
interface Vlan100
no shutdown
ip address 10.0.0.22/24
interface Vlan200
no shutdown
ip address 10.1.0.22/24
interface Ethernet1/1
switchport access vlan 200
interface Ethernet1/40
switchport access vlan 100
interface Ethernet1/48
switchport mode trunk
interface Ethernet1/49
switchport access vlan 200
interface Ethernet1/50
switchport access vlan 200
While Nexus can ping the default gw of each vlan, it can't ping outside of 2911 network.
PING 10.0.0.1 (10.0.0.1): 56 data bytes
64 bytes from 10.0.0.1: icmp_seq=0 ttl=254 time=0.765 ms
64 bytes from 10.0.0.1: icmp_seq=1 ttl=254 time=0.571 ms
64 bytes from 10.0.0.1: icmp_seq=2 ttl=254 time=0.547 ms
64 bytes from 10.0.0.1: icmp_seq=3 ttl=254 time=0.54 ms
64 bytes from 10.0.0.1: icmp_seq=4 ttl=254 time=0.534 ms
--- 10.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.534/0.591/0.765 ms
2# ping 10.1.0.1
PING 10.1.0.1 (10.1.0.1): 56 data bytes
64 bytes from 10.1.0.1: icmp_seq=0 ttl=254 time=0.785 ms
64 bytes from 10.1.0.1: icmp_seq=1 ttl=254 time=0.565 ms
64 bytes from 10.1.0.1: icmp_seq=2 ttl=254 time=0.557 ms
64 bytes from 10.1.0.1: icmp_seq=3 ttl=254 time=0.532 ms
64 bytes from 10.1.0.1: icmp_seq=4 ttl=254 time=0.538 ms
--- 10.1.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.532/0.595/0.785 ms
2# ping 192.16.25.1
PING 192.16.25.1 (192.16.25.1): 56 data bytes
ping: sendto 192.16.25.1 64 chars, No route to host
Thanks again.
What am I missing to make NAT & Routing work? Also is this just the nexus management? Can hosts connected to Nexus talk to outside already?
2911 can ping anything by the way.
[Tried the methods from other psts]
C(config)# vrf context management
C(config-vrf)# ip route 0.0.0.0/0 10.1.0.1 (same result with 10.0.0.1)
C(config-vrf)# ping 192.16.25.94
PING 192.16.25.94 (192.16.25.94): 56 data bytes
ping: sendto 192.16.25.94 64 chars, No route to host
Request 0 timed out
ping: sendto 192.16.25.94 64 chars, No route to host
Solved! Go to Solution.
02-19-2016 08:26 AM
The wildcard, yes I did mean that :)
It may not make a difference but I have seen it not work many times with that.
For your Nexus switches can you pick one of the SVIs on the Nexus and shut the other down, then -
int vlan <x>
management
ip route 0.0.0.0/0 vlan <x> <router subinterface IP for vlan x>
don't put the default route in the management VRF.
I'm not sure whether technically this makes it L3 from a Nexus perspective but as long as the client's default gateways are the router subinterface IPs it shouldn't matter.
Like I say not used Nexus so it may not help but worth a try.
Jon
02-19-2016 07:39 AM
Haven't used Nexus either.
My understanding is there is a dedicated interface for management ie.not an SVI which allows you to connect to the switch but you cannot then run ping etc. from the console.
You can also use an SVI for management which does allow you to ping etc. but not sure if it is supported on all platforms.
What are the Nexus models ?
Your 2911 configuration, are you saying it's not working ?
Jon
02-19-2016 07:42 AM
Nexus are N9K with RJ-45 and some fiber ports.
My 2911 configuration is supposedly working as this is what I do all the time for inter-vlan router-on-stick with Catalyst switches.
I'm messing something up on Nexus though.
02-19-2016 07:45 AM
Can you just clarify.
Are you saying clients cannot get out to the rest of the network ?
Jon
02-19-2016 07:49 AM
Correct, only the default gw of each VLAN can be reached.
02-19-2016 08:16 AM
The most obvious issue with the router configuration is the NAT acl.
NAT generally doesn't like "any" as the source IPs.
Try modifying "any" to "10.0.0.0 0.0.1.255".
I tend to use extended acls with any as the destination IPs which NAT is fine with but then you would need to update your NAT statement as well.
By the way are you happy with setting up the management port or do you want to try the SVI ?
Jon
02-19-2016 08:20 AM
That's the NAT ACL I've used all the time. But I'll try you approach and thanks for the suggestion.
And you mean 0.1.255.255 as wildcard? Since 10.0 and 10.1
I want SVI without management.
For now, I literally want to forget all vPC, VRF, all the fancy NX-OS features and make them act like Catalyst switches.
02-19-2016 08:26 AM
The wildcard, yes I did mean that :)
It may not make a difference but I have seen it not work many times with that.
For your Nexus switches can you pick one of the SVIs on the Nexus and shut the other down, then -
int vlan <x>
management
ip route 0.0.0.0/0 vlan <x> <router subinterface IP for vlan x>
don't put the default route in the management VRF.
I'm not sure whether technically this makes it L3 from a Nexus perspective but as long as the client's default gateways are the router subinterface IPs it shouldn't matter.
Like I say not used Nexus so it may not help but worth a try.
Jon
02-19-2016 10:50 AM
Hosts can connect.
So for now, I'll live with this until I study Nexus in-out.
Thanks for your effort.
02-19-2016 08:14 AM
Clients connected to Nexus in vlans 100 and 200 (with IPs from 10.0.0 and 10.1.0) should be able to ping outside.
Nexus itself won't, if the "ip route 0.0.0.0/0" is configured under "vrf context management" (just put it in the global config).
02-19-2016 08:18 AM
Can that be verified by pinging outside with gig 0/2.100 and 0/2.200 as source?
Thanks.
02-19-2016 08:21 AM
Yes, if I remember correctly the NAT can be verified from the NAT router itself by using the "nat inside" interfaces as sources.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide