cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
477
Views
0
Helpful
2
Replies

C2921 NAT issue using 3750 Network Module

chadpharris
Level 1
Level 1

Hello all,

Desperate need of help. I'm having trouble NATing from private LAN IPs to WAN. My 2921 router is connected to a cable modem on Gi0/0. The 3750 Network Module is connected through backplane on Router-Gi1/0 to Switch-Gi1/0/2. I plan on adding multiple different subnets and corresponding VLANs to the switch but right now I just started with one to see if I could get it to NAT properly; 10.10.30.0/24 subnet.

DHCP server is running on the router and importing DNS servers and Hostname from the cable modem. DHCP is working fine, I just can't get out to the Internet from the hosts off the switch. I can ping all interfaces on the router and switch from the end host.

When I check 'show ip nat translations' I don't see anything. Please help me figure out why I can't NAT out and access the Internet. I've included configs and routing table info below. Thanks a million in advance to anyone that can help!

ROUTER CONFIG:

version 12.4

no parser cache

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug uptime

service timestamps log datetime msec show-timezone year

service password-encryption

!

hostname CPH-RTR-001

!

boot-start-marker

boot-end-marker

!

logging buffered 64000 informational

logging monitor informational

enable secret 5 XXXXXXXXXXXXXX

!

no aaa new-model

!

resource policy

!

ip subnet-zero

!

!

ip cef

ip dhcp use vrf connected

ip dhcp excluded-address 10.10.30.1 10.10.30.5

!

ip dhcp pool TEST

   import all

   network 10.10.30.0 255.255.255.0

   default-router 10.10.30.1

!

!

ip domain name XXXXXXXXX

ip name-server 4.2.2.2

ip ssh time-out 90

ip ssh authentication-retries 2

ip ssh version 2

!

!

!

username XXXXXXXXX

!

!

!

interface Loopback0

description CPH-RTR-001 Main Loopback Interface

ip address 14.1.1.1 255.255.255.255

!

interface GigabitEthernet0/0

ip address dhcp

ip nat outside

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet1/0

ip address 10.10.10.1 255.255.255.0

ip nat inside

no cdp enable

!

ip classless

ip route 10.10.0.0 255.255.0.0 GigabitEthernet1/0

ip route 0.0.0.0 0.0.0.0 dhcp

!

no ip http server

no ip http secure-server

ip nat inside source list 102 interface GigabitEthernet0/0 overload

!

access-list 102 permit ip 10.10.0.0 0.0.255.255 any log-input

access-list 102 deny   ip any any log-input

!

control-plane

!

privilege exec level 15 ssh

privilege exec level 15 connect

privilege exec level 15 telnet

privilege exec level 15 rlogin

privilege exec level 15 show ip access-lists

privilege exec level 1 show ip

privilege exec level 15 show access-lists

privilege exec level 15 show logging

privilege exec level 1 show

!

line con 0

logging synchronous

login local

line aux 0

exec-timeout 0 1

login local

no exec

line 66

no activation-character

no exec

transport preferred none

transport input all

transport output all

line vty 0 4

exec-timeout 5 0

login local

transport input ssh

transport output none

!

scheduler allocate 20000 1000

!

end

SWITCH CONFIG:

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname CPH-SWT-001

!

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet1/0/2

switchport access vlan 30

switchport mode access

!

interface FastEthernet1/0/3

description Desktop PC

switchport access vlan 30

switchport mode access

!

interface FastEthernet1/0/4

!

interface FastEthernet1/0/5

!

interface FastEthernet1/0/6

!

interface FastEthernet1/0/7

!

interface FastEthernet1/0/8

!

interface FastEthernet1/0/9

!

interface FastEthernet1/0/10

!

interface FastEthernet1/0/11

!

interface FastEthernet1/0/12

!

interface FastEthernet1/0/13

!

interface FastEthernet1/0/14

!

interface FastEthernet1/0/15

!

interface FastEthernet1/0/16

!

interface FastEthernet1/0/17

!

interface FastEthernet1/0/18

!

interface FastEthernet1/0/19

!

interface FastEthernet1/0/20

!

interface FastEthernet1/0/21

!

interface FastEthernet1/0/22

!

interface FastEthernet1/0/23

!

interface FastEthernet1/0/24

!

interface GigabitEthernet1/0/1

!

interface GigabitEthernet1/0/2

no switchport

ip address 10.10.10.2 255.255.255.0

!

interface Vlan1

no ip address

!

interface Vlan30

ip address 10.10.30.1 255.255.255.0

ip helper-address 10.10.10.1

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.10.1

no ip http server

!

!

control-plane

!

!

line con 0

logging synchronous

line vty 0 4

logging synchronous

login

line vty 5 15

logging synchronous

login

!

end

ROUTER - Routing Table (ISP IPs replaced with example IPs):

CPH-RTR-001#show ip route

Gateway of last resort is 95.5.5.1 to network 0.0.0.0

     95.0.0.0/21 is subnetted, 1 subnets

C       95.5.5.0 is directly connected, GigabitEthernet0/0

     135.254.0.0/32 is subnetted, 1 subnets

S       135.254.100.33 [254/0] via 95.5.5.1, GigabitEthernet0/0

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

S       10.10.0.0/16 is directly connected, GigabitEthernet1/0

C       10.10.10.0/24 is directly connected, GigabitEthernet1/0

     14.0.0.0/32 is subnetted, 1 subnets

C       14.1.1.1 is directly connected, Loopback0

S*   0.0.0.0/0 [1/0] via 95.5.5.1

SWITCH - Routing Table:

CPH-SWT-001#show ip route

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 2 subnets

C       10.10.10.0 is directly connected, GigabitEthernet1/0/2

C       10.10.30.0 is directly connected, Vlan30

S*   0.0.0.0/0 [1/0] via 10.10.10.1

ROUTER - IP Interface Brief:

CPH-RTR-001#show ip int bri

Interface                  IP-Address      OK? Method Status                Protocol

GigabitEthernet0/0         95.5.7.244    YES DHCP   up                    up

GigabitEthernet0/1         unassigned      YES NVRAM  administratively down down

GigabitEthernet1/0         10.10.10.1      YES NVRAM  up                    up

NVI0                       unassigned      YES unset  up                    up

Loopback0                  14.1.1.1        YES NVRAM  up                    up

SWITCH - IP Interface Brief:

CPH-SWT-001#show ip int bri

Interface              IP-Address      OK? Method Status                Protocol

Vlan1                  unassigned      YES NVRAM  up                    down

Vlan30                 10.10.30.1      YES NVRAM  up                    up

FastEthernet1/0/2      unassigned      YES unset  up                    up

FastEthernet1/0/3      unassigned      YES unset  down                  down

FastEthernet1/0/4      unassigned      YES unset  down                  down

FastEthernet1/0/5      unassigned      YES unset  down                  down

FastEthernet1/0/6      unassigned      YES unset  down                  down

FastEthernet1/0/7      unassigned      YES unset  down                  down

FastEthernet1/0/8      unassigned      YES unset  down                  down

FastEthernet1/0/9      unassigned      YES unset  down                  down

FastEthernet1/0/10     unassigned      YES unset  down                  down

FastEthernet1/0/11     unassigned      YES unset  down                  down

FastEthernet1/0/12     unassigned      YES unset  down                  down

FastEthernet1/0/13     unassigned      YES unset  down                  down

FastEthernet1/0/14     unassigned      YES unset  down                  down

FastEthernet1/0/15     unassigned      YES unset  down                  down

FastEthernet1/0/16     unassigned      YES unset  down                  down

FastEthernet1/0/17     unassigned      YES unset  down                  down

FastEthernet1/0/18     unassigned      YES unset  down                  down

FastEthernet1/0/19     unassigned      YES unset  down                  down

FastEthernet1/0/20     unassigned      YES unset  down                  down

FastEthernet1/0/21     unassigned      YES unset  down                  down

FastEthernet1/0/22     unassigned      YES unset  down                  down

FastEthernet1/0/23     unassigned      YES unset  down                  down

FastEthernet1/0/24     unassigned      YES unset  down                  down

GigabitEthernet1/0/1   unassigned      YES unset  down                  down

GigabitEthernet1/0/2   10.10.10.2      YES NVRAM  up                    up

1 Accepted Solution

Accepted Solutions

cadet alain
VIP Alumni
VIP Alumni

Hi,

log keyword is not supported in NAT ACLs so just edit your ACL 102 by removing the  log-input keyword and it should be working.

One little remark, you don't need a static route for the 10.10.0.0/16 network  and you should avoid  static routes pointing to an ethernet exit interface.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

2 Replies 2

cadet alain
VIP Alumni
VIP Alumni

Hi,

log keyword is not supported in NAT ACLs so just edit your ACL 102 by removing the  log-input keyword and it should be working.

One little remark, you don't need a static route for the 10.10.0.0/16 network  and you should avoid  static routes pointing to an ethernet exit interface.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

I can't believe it was that simple! Thanks so much for your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: