Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1858
Views
5
Helpful
2
Replies

Routing sub-interfaces to the internet

Go to solution
R3Natas
Level 1
Level 1

‎05-19-2019 02:42 AM

Hello, recently I deployed Cisco 2811 router as CME, I have several phones and computers operating on different vlans (VLAN 10 VOICE 10.111.10.0/24, VLAN 20 DATA 10.111.20.0/24). I created two subinterfaces on the router with dot1q encapsulation and router acts as CME and DHCP server for phones and computers. The main problem is this:

My 2811 router is connected to the ISP's wireless router via f0/0 interfaces and receives DHCP address from it. From the 2811 I can ping 8.8.8.8 without any problems, but, unfortunately my computer which operates on VLAN20 can't reach internet no matter what routes I provide, but, for example if my 2811 router receives DHCP IP 192.168.100.100 my computer can ping it, but it can't ping ISP router which is 192.168.100.1, I searched a lot and only suggestions were using NAT, but it doesn't help if I set "ip nat outside" on f0/0 and ip nat inside on f0/1.20

 

Currently my setup is this
ISP -> HOME ROUTER -> CISCO 2811 -> CISCO 2960 (with trunkport to 2811) -> CISCO IP PHONE (VLAN10) -> WINDOWS PC (VLAN20)

 

My main goal is to reach internet from vlans

Current 2811 config:

Building configuration...

Current configuration : 1386 bytes
!
version 12.4
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname cme-vln
!
!
!
!
ip dhcp excluded-address 10.111.10.1 10.111.10.10
ip dhcp excluded-address 10.111.20.1 10.111.20.10
!
ip dhcp pool VOICE
 network 10.111.10.0 255.255.255.0
 default-router 10.111.10.1
 option 150 ip 10.111.10.1
ip dhcp pool DATA
 network 10.111.20.0 255.255.255.0
 default-router 10.111.20.1
!
!
!
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/0
 ip address 192.168.100.250 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.10
 encapsulation dot1Q 10
 ip address 10.111.10.1 255.255.255.0
!
interface FastEthernet0/1.20
 encapsulation dot1Q 20
 ip address 10.111.20.1 255.255.255.0
!
interface Vlan1
 no ip address
 shutdown
!
ip classless
!
ip flow-export version 9
!
!
!
no cdp run
!
!
!
!
!
!
telephony-service
 no auto-reg-ephone
 max-ephones 2
 max-dn 2
 ip source-address 10.111.10.1 port 2000
!
ephone-dn 1
 number 101
!
ephone-dn 2
 number 102
!
ephone 1
 device-security-mode none
 mac-address 0001.6486.414D
 type 7960
 button 1:1
!
ephone 2
 device-security-mode none
 mac-address 0060.7092.E535
 type 7960
 button 1:2
!
line con 0
!
line aux 0
!
line vty 0 4
 login
!
!
!
end
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-19-2019 02:52 AM

Hello R3tas,

you have the C2811 connected to the home router.

 

First of all, you need a default static route pointing to the Home router LAN address

ip route 0.0.0.0 0.0.0.0 192.168.100.X

 

Then, you need to configure NAT on your C2811.

 

access-list 11 permit 10.111.20.0 0.0.0.255

 

on fas0/0 you add

int fas0/0

ip nat outside

 

on internal subif you add

interface fas0/1.20

ip nat inside

interface fas0/1.10

ip nat inside

 

in global config

ip nat inside source list 11 interface fas0/0 overload

 

Note : CAUTION do you really want the IP phones to go the the internet?

If yes you need a second line in ACL 11

access-list 11 permit 10.111.10.0 0.0.0.255

 

Hope to help

Giuseppe

 

 

View solution in original post

2 Replies 2

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame

‎05-19-2019 02:52 AM

Hello R3tas,

you have the C2811 connected to the home router.

 

First of all, you need a default static route pointing to the Home router LAN address

ip route 0.0.0.0 0.0.0.0 192.168.100.X

 

Then, you need to configure NAT on your C2811.

 

access-list 11 permit 10.111.20.0 0.0.0.255

 

on fas0/0 you add

int fas0/0

ip nat outside

 

on internal subif you add

interface fas0/1.20

ip nat inside

interface fas0/1.10

ip nat inside

 

in global config

ip nat inside source list 11 interface fas0/0 overload

 

Note : CAUTION do you really want the IP phones to go the the internet?

If yes you need a second line in ACL 11

access-list 11 permit 10.111.10.0 0.0.0.255

 

Hope to help

Giuseppe

 

 

Go to solution
R3Natas
Level 1
Level 1
In response to Giuseppe Larosa

‎05-19-2019 03:02 AM

Thank you very much, you saved my day, now it works and yes I think you're right, there is no point in giving access to the internet for IP Phones.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card