Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1271
Views
12
Helpful
5
Replies

adsl and vlan help

hmagdy088
Level 1
Level 1

‎05-13-2013 04:53 AM - edited ‎03-07-2019 01:19 PM

hello, im new to ccna .

please any expert help me in this sinario,

router 1721 with one wic-1adsl ,i have adsl conection with irb static ip.

the router connect with mannaged switch through a trunk port.

the switch has 2 vlans one for the static IPs and the other for private lan.

i need the private lan to be able to go to internet please any ideas.

the router configuration is as follows:

Building configuration...

Current configuration : 1272 bytes

!

! Last configuration change at 16:50:18 pc Fri May 10 2013 by admin

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname BELCO

!

boot system tftp c1700-k9o3sy7-mz.122-15.T17.bin 62.x.x.7x

logging queue-limit 100

!

username admin privilege 15 password 0 HES2010

clock timezone pc 0

ip subnet-zero

!

!

!

ip cef

!

!

bridge irb

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/35

  encapsulation aal5snap

!

dsl operating-mode auto

bridge-group 1

!

interface ATM1

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet0

no ip address

speed auto

!

interface FastEthernet0.1

description LAN

encapsulation dot1Q 1 native

ip address 192.168.1.10 255.255.255.0

!

interface FastEthernet0.2

description WAN

encapsulation dot1Q 2

ip address 62.x.x.7x 255.255.255.248

!

interface BVI1

mac-address 0000.0cc9.fa98

ip address 10.186.10.106 255.255.255.252

!

ip classless

ip route 0.0.0.0 0.0.0.0 BVI1

ip http server

ip http authentication local

!

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

speed 115200

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

no scheduler allocate

end

so vlan2 can go to internet because it has the same subnet with provider but vlan 1 canot go internet.

so how i can make all vlans go internet(the router has only 1 fastethernet port)

thanks in advanced for any help.

Labels:
0 Helpful
5 Replies 5

blau grana
Level 7
Level 7

‎05-13-2013 06:12 AM

Hello Hesham,

You need to configure NAT on your router. BVI1 is your WAN interafce?

Try add this to your configuration, if it will work ->

ip access-list extend NAT_ACL

  deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255

  permit ip 192.168.1.0 0.0.0.255 any

  deny ip any any

route-map NAT_MAP

  match ip address NAT_ACL

ip nat inside source route-map NAT_MAP interface BVI1 overload

Let us know if some problem occur.

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

antonio.guirado
Level 3
Level 3

‎05-13-2013 07:16 AM

I agree blau grana but I am confusing because your BVI interface have a private IP address. So if you configure NAT with BVI overload I do not think that it works. You also need "ip nat inside" and "ip nat outside" command:

interface FastEthernet0.1

ip nat inside

exit

interface BVI1

ip nat outside

exit

I suppose you need to define a Loopback interface with a public IP address. Can you send us your how you assign your 62.x.x.7x/255.255.255.248 range?.

Thanks

hmagdy088
Level 1
Level 1
In response to antonio.guirado

‎05-14-2013 08:15 AM

thank you guys for help,

but didnt work ,i think i need loopback antonio but im still bigginer and dont know how

can please anyone write me how?.

and the adsl work with me as follow:

one wic-1adsl and the provider give me tow subnets, one for reall IPs 62.135.115.73-78  subnet  255.255.255.248

and i use 73 for the router fastethernet interface.

second is 10.186.10.106  255.255.255.252 for BVI interface

the problem is that the router has one ethernet interface only.

the connection is bridge (irb).

finally i created tow vlans on the switch to be able to use both private and public IPs

but private dont go internet

thanks in advance for any help

0 Helpful

blau grana
Level 7
Level 7
In response to hmagdy088

‎05-14-2013 08:42 AM

OK, so you need to take IP from your public range and assign it to loopback interface.

OR you can use on both subinterfaces private addresses and entire public range use for PAT, statc NAT or what ever, it depends on your reqiurements. How many devices do you have on 62.135.115.72/29 subnet?

If I were you, I would choose second option because in first option you have to lower subnet mask on Fa0.2 from / 29 to /30 which leaves you with only 1 host on this LAN segment!!!

This configuration will ensure that subnet 192.168.1.0/24 will access internet with public IP 62.135.115.72 and subnet 192.168.2.0/24 will access internet with public IP 62.135.115.73.

And you still have 6 more free public IPs for what ever you will need them (static NAT, static portforward. VPN,....)

interface Loopback 72

ip add 62.135.115.72 255.255.255.255

ip nat outside

interface Loopback 73

ip add 62.135.115.73 255.255.255.255

ip nat outside

interface Loopback 74

ip add 62.135.115.74 255.255.255.255

ip nat outside

interface Loopback 75

ip add 62.135.115.75 255.255.255.255

ip nat outside

interface Loopback 76

ip add 62.135.115.76 255.255.255.255

ip nat outside

interface Loopback 77

ip add 62.135.115.77 255.255.255.255

ip nat outside

interface Loopback 78

ip add 62.135.115.78 255.255.255.255

ip nat outside

interface Loopback 79

ip add 62.135.115.79 255.255.255.255

ip nat outside

interface FastEthernet0.1

  description LAN

  encapsulation dot1Q 1 native

  ip nat inside

  ip address 192.168.1.10 255.255.255.0

interface FastEthernet0.2

  description WAN

  encapsulation dot1Q 2

  ip nat inside

  ip address 192.168.2.10 255.255.255.0

ip access-list extend NAT_ACL_1

  deny ip 192.168.1.0 0.0.0.255 192.168.1.0 0.0.0.255

  permit ip 192.168.1.0 0.0.0.255 any

  deny ip any any

ip access-list extend NAT_ACL_2

  deny ip 192.168.2.0 0.0.0.255 192.168.2.0 0.0.0.255

  permit ip 192.168.2.0 0.0.0.255 any

  deny ip any any

route-map NAT_MAP_1

  match ip address NAT_ACL_1

route-map NAT_MAP_2

  match ip address NAT_ACL_2

ip nat inside source route-map NAT_MAP_1 interface Loopback72 overload
ip nat inside source route-map NAT_MAP_2 interface Loopback73 overload

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions

blau grana
Level 7
Level 7
In response to blau grana

‎05-14-2013 12:47 PM

please do not create duplicate posts

https://supportforums.cisco.com/message/3935556

https://supportforums.cisco.com/thread/2216657

Best Regards

Please rate all helpful posts and close solved questions

Best Regards Please rate all helpful posts and close solved questions
0 Helpful
Customers Also Viewed These Support Documents