08-25-2014 05:32 PM - edited 03-04-2019 11:36 PM
The business that I am consulting for just got Charter Business Class internet (80M vs. 6M supplied by AT&T). Charter provide their SMC MIR (managed internet router)<---Meaning I cant change any settings in the modem. The company has a block of 5 static ips. 71.85.77.192/29. They told me that 71.85.77.193 was my gateway and the usable were .194-.198, but this is also not true...After 2 tech calls I finally was told .193 is the gateway for the modem and .194 was for the router portion of the modem/router combo. So, the usable is only .195-.198. That all was just background information.
The physical setup is CHARTER -- CISCO 2801 Router -- CISCO 2950 Switch
So far I have 4 Vlans (not including Vlan 1) setup on the 2950 (Vlan 5, 6, 7, 8). It is trunked from G0/1 on the 2950 to Fa0/1 on the 2801. I am using subinterfaces on the 2801 for all the Vlans (and before you ask, all the encapsulations are there and I can ping from a device on each Vlan to its default gateway on the router). Vlan 8 is the server vlan (10.0.0.0/24). The server is acting a dhcp server for Vlan 5 (192.168.10.0/24) and 6 (192.168.11.0/24). The actual IP address of the server is 10.0.0.3. All of the subinterfaces of the router is x.x.x.1
I have 71.85.77.196 set on Fa0/0 on the router and it is set as ip nat outside. I have all of the other subinterfaces on Fa0/1 set to ip nat inside. I am using static and dynamic nat. I have the server ip address 10.0.0.3 nat'ed to 71.85.77.195 going out and the other way around coming in. I have an access list for the the dynamic nat for the other vlans going out.
I have the default gateway set at 71.85.77.193.
I have a static route set to exit on Fa0/0
I have the dns servers set on the router and i have issued the ip domain-lookup.
From the server I can ping 71.85.77.193 and see the correct nat translation on the router but the ping fails.
I can ping 71.85.77.193 from the router and it succeeds.
BUT I CANNOT PING ANYTHING ON THE INTERNET FROM THE ROUTER. My server says I have internet access, but I cannot browse to any website.
I am literally about to pull my friggin' hair out. I am running out of time on this project, and Charter seems to believe it is a problem with my equipment. I have literally reset the router and ONLY set the static ip on the router and still cannot browse....One note though...I can plug a laptop in on any of the ports on the charter router and set a static ip and I can instantly browse the internet.
What am I missing/what am I doing wrong? HELP! :(
Solved! Go to Solution.
08-25-2014 07:21 PM
Post your running config and you will get better help. From your description I would remove the static route to Fa0/0 and set it as the ISP IP instead. I have seen some instances where setting to the interface provides quirky behavior. Are you sure you put outside interface overload? Sounds like it's getting to the outside interface and dying from a NAT configuration. I will attach a config from a working router maybe that will help:
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/0.14
description (Inside Private Interface)
encapsulation dot1Q 14
ip address 192.168.14.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
ip nat inside source list NAT interface GigabitEthernet0/1 overload
!
ip access-list standard NAT
permit 192.168.1.0 0.0.0.255
permit 177.1.10.0 0.0.0.255
permit 177.1.20.0 0.0.0.255
permit 10.254.254.0 0.0.0.255
08-25-2014 07:21 PM
Post your running config and you will get better help. From your description I would remove the static route to Fa0/0 and set it as the ISP IP instead. I have seen some instances where setting to the interface provides quirky behavior. Are you sure you put outside interface overload? Sounds like it's getting to the outside interface and dying from a NAT configuration. I will attach a config from a working router maybe that will help:
interface GigabitEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.1.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/0.14
description (Inside Private Interface)
encapsulation dot1Q 14
ip address 192.168.14.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
interface GigabitEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
ip nat inside source list NAT interface GigabitEthernet0/1 overload
!
ip access-list standard NAT
permit 192.168.1.0 0.0.0.255
permit 177.1.10.0 0.0.0.255
permit 177.1.20.0 0.0.0.255
permit 10.254.254.0 0.0.0.255
08-25-2014 08:06 PM
michael
thanks for your reply and the suggestion!
I will try setting the route to the ISP IP tomorrow as well as post the config for the router and the switch...should have done that when I posted...but I wasn't at the site.
Yes the dynamic nat for vlans 5,6 & 7 are overloaded on the outside interface like the config you have shown and the networks for those vlans are in the access-list with the correct wildcard mask...I think ;)
Vlan 8 has 1 server in it (for now) and I have static nat set for it, both going out and coming in...
once again thanks for your insight.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: