Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
706
Views
0
Helpful
6
Replies

Routing help for inter VLAN...

frederick.mercado
Spotlight
Spotlight

‎05-18-2022 07:32 AM - edited ‎10-19-2023 11:37 AM

Ok, so after issues with VRF and NAT I have decided to make a configuration to our ISP. The goal it to provide Wireless users on their own VLAN to get out to the internet. We have a simple network layout, with Clients > APs > Distribution (L2 VLAN) WLC > CORE 2 > Boundary NAT Router/SW > ISP....

 

From a wireless client I can ping other clients, the WLC, the CORE 2, and the Boundary NAT Router GW . I cannot however ping out to ISP NAT IP....so evidently there is a route all the way up to the boundary L3 device but I cannot get out? 

 

I can ping 8.8.8.8 using a source interface from VLAN on the boundary device and in the main CLI itself. So I believe its a routing issue. 

 

ip nat outside statement with overload on VLAN as well. But I would just like to get clients to be able to get a path out to ping the ISP.

 

Help is appreciated.

 

0 Helpful
6 Replies 6

balaji.bandi
Hall of Fame
Hall of Fame

‎05-18-2022 07:44 AM - edited ‎05-18-2022 07:46 AM

On the Router what ACL you have for NAT ? Any IP or VLAN 126 as access list ?

 

what kind of config you have on all router ? p2p link layer 2 extention  ?

what is Core 2 ?  what config it got ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to balaji.bandi

‎05-18-2022 07:50 AM - edited ‎10-19-2023 11:40 AM

The router is a 9300 L3 switch doing IP routing. Not ideal. But at an edge device I attached the current config. Just a simple access list for permitting IPs from my internal to overload. (Config is attached)

 

Client connecting to the WLC get DHCP and have GW to CORE 2, and then DNS of 8.8.8.8. (Config is attached)

 

On the Core 2, we host the internal VLAN in a layer 3 environment for internal network. We have just a route map on there right now (since it has a ip default gateway already not pointing to the ISP or NAT edge router)...pointing to the GW of the edge.

 

 

0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to balaji.bandi

‎05-18-2022 08:07 AM - edited ‎10-19-2023 11:41 AM

From Core 2 L3 switch can ping around fine. Cell phone client can as well up to NAT router. Cannot reach ISP connection on VLAN or GW.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to frederick.mercado

‎05-18-2022 09:51 AM

 

The problem may be because PBR is having to send the traffic back out of the same interface it is received on because you have used vlan 126 to connect the core switch to the NAT router and PBR sometimes does not work with that (no idea if that applies to the switch you are using). 

 

Can you not connect the core switch to the router on a different subnet using another vlan or even a L3 routed connection. 

 

Jon

0 Helpful

frederick.mercado
Spotlight
Spotlight
In response to Jon Marshall

‎05-18-2022 01:48 PM - edited ‎10-19-2023 11:42 AM

Right now the NAT rooute is switchport trunk via port

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to frederick.mercado

‎05-18-2022 11:41 PM

 

That doesn't really address the point I was making. 

 

Jon

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card