05-19-2019 02:42 AM
Hello, recently I deployed Cisco 2811 router as CME, I have several phones and computers operating on different vlans (VLAN 10 VOICE 10.111.10.0/24, VLAN 20 DATA 10.111.20.0/24). I created two subinterfaces on the router with dot1q encapsulation and router acts as CME and DHCP server for phones and computers. The main problem is this:
My 2811 router is connected to the ISP's wireless router via f0/0 interfaces and receives DHCP address from it. From the 2811 I can ping 8.8.8.8 without any problems, but, unfortunately my computer which operates on VLAN20 can't reach internet no matter what routes I provide, but, for example if my 2811 router receives DHCP IP 192.168.100.100 my computer can ping it, but it can't ping ISP router which is 192.168.100.1, I searched a lot and only suggestions were using NAT, but it doesn't help if I set "ip nat outside" on f0/0 and ip nat inside on f0/1.20
Currently my setup is this
ISP -> HOME ROUTER -> CISCO 2811 -> CISCO 2960 (with trunkport to 2811) -> CISCO IP PHONE (VLAN10) -> WINDOWS PC (VLAN20)
My main goal is to reach internet from vlans
Current 2811 config:
Building configuration... Current configuration : 1386 bytes ! version 12.4 no service timestamps log datetime msec no service timestamps debug datetime msec no service password-encryption ! hostname cme-vln ! ! ! ! ip dhcp excluded-address 10.111.10.1 10.111.10.10 ip dhcp excluded-address 10.111.20.1 10.111.20.10 ! ip dhcp pool VOICE network 10.111.10.0 255.255.255.0 default-router 10.111.10.1 option 150 ip 10.111.10.1 ip dhcp pool DATA network 10.111.20.0 255.255.255.0 default-router 10.111.20.1 ! ! ! ip cef no ipv6 cef ! ! ! ! ! ! ! ! ! ! ! ! spanning-tree mode pvst ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.100.250 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address duplex auto speed auto ! interface FastEthernet0/1.10 encapsulation dot1Q 10 ip address 10.111.10.1 255.255.255.0 ! interface FastEthernet0/1.20 encapsulation dot1Q 20 ip address 10.111.20.1 255.255.255.0 ! interface Vlan1 no ip address shutdown ! ip classless ! ip flow-export version 9 ! ! ! no cdp run ! ! ! ! ! ! telephony-service no auto-reg-ephone max-ephones 2 max-dn 2 ip source-address 10.111.10.1 port 2000 ! ephone-dn 1 number 101 ! ephone-dn 2 number 102 ! ephone 1 device-security-mode none mac-address 0001.6486.414D type 7960 button 1:1 ! ephone 2 device-security-mode none mac-address 0060.7092.E535 type 7960 button 1:2 ! line con 0 ! line aux 0 ! line vty 0 4 login ! ! ! end
Solved! Go to Solution.
05-19-2019 02:52 AM
Hello R3tas,
you have the C2811 connected to the home router.
First of all, you need a default static route pointing to the Home router LAN address
ip route 0.0.0.0 0.0.0.0 192.168.100.X
Then, you need to configure NAT on your C2811.
access-list 11 permit 10.111.20.0 0.0.0.255
on fas0/0 you add
int fas0/0
ip nat outside
on internal subif you add
interface fas0/1.20
ip nat inside
interface fas0/1.10
ip nat inside
in global config
ip nat inside source list 11 interface fas0/0 overload
Note : CAUTION do you really want the IP phones to go the the internet?
If yes you need a second line in ACL 11
access-list 11 permit 10.111.10.0 0.0.0.255
Hope to help
Giuseppe
05-19-2019 02:52 AM
Hello R3tas,
you have the C2811 connected to the home router.
First of all, you need a default static route pointing to the Home router LAN address
ip route 0.0.0.0 0.0.0.0 192.168.100.X
Then, you need to configure NAT on your C2811.
access-list 11 permit 10.111.20.0 0.0.0.255
on fas0/0 you add
int fas0/0
ip nat outside
on internal subif you add
interface fas0/1.20
ip nat inside
interface fas0/1.10
ip nat inside
in global config
ip nat inside source list 11 interface fas0/0 overload
Note : CAUTION do you really want the IP phones to go the the internet?
If yes you need a second line in ACL 11
access-list 11 permit 10.111.10.0 0.0.0.255
Hope to help
Giuseppe
05-19-2019 03:02 AM
Thank you very much, you saved my day, now it works and yes I think you're right, there is no point in giving access to the internet for IP Phones.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide