03-02-2014 04:40 PM - edited 03-07-2019 06:29 PM
Hello all,
Desperate need of help. I'm having trouble NATing from private LAN IPs to WAN. My 2921 router is connected to a cable modem on Gi0/0. The 3750 Network Module is connected through backplane on Router-Gi1/0 to Switch-Gi1/0/2. I plan on adding multiple different subnets and corresponding VLANs to the switch but right now I just started with one to see if I could get it to NAT properly; 10.10.30.0/24 subnet.
DHCP server is running on the router and importing DNS servers and Hostname from the cable modem. DHCP is working fine, I just can't get out to the Internet from the hosts off the switch. I can ping all interfaces on the router and switch from the end host.
When I check 'show ip nat translations' I don't see anything. Please help me figure out why I can't NAT out and access the Internet. I've included configs and routing table info below. Thanks a million in advance to anyone that can help!
ROUTER CONFIG:
version 12.4
no parser cache
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log datetime msec show-timezone year
service password-encryption
!
hostname CPH-RTR-001
!
boot-start-marker
boot-end-marker
!
logging buffered 64000 informational
logging monitor informational
enable secret 5 XXXXXXXXXXXXXX
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
ip cef
ip dhcp use vrf connected
ip dhcp excluded-address 10.10.30.1 10.10.30.5
!
ip dhcp pool TEST
import all
network 10.10.30.0 255.255.255.0
default-router 10.10.30.1
!
!
ip domain name XXXXXXXXX
ip name-server 4.2.2.2
ip ssh time-out 90
ip ssh authentication-retries 2
ip ssh version 2
!
!
!
username XXXXXXXXX
!
!
!
interface Loopback0
description CPH-RTR-001 Main Loopback Interface
ip address 14.1.1.1 255.255.255.255
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet1/0
ip address 10.10.10.1 255.255.255.0
ip nat inside
no cdp enable
!
ip classless
ip route 10.10.0.0 255.255.0.0 GigabitEthernet1/0
ip route 0.0.0.0 0.0.0.0 dhcp
!
no ip http server
no ip http secure-server
ip nat inside source list 102 interface GigabitEthernet0/0 overload
!
access-list 102 permit ip 10.10.0.0 0.0.255.255 any log-input
access-list 102 deny ip any any log-input
!
control-plane
!
privilege exec level 15 ssh
privilege exec level 15 connect
privilege exec level 15 telnet
privilege exec level 15 rlogin
privilege exec level 15 show ip access-lists
privilege exec level 1 show ip
privilege exec level 15 show access-lists
privilege exec level 15 show logging
privilege exec level 1 show
!
line con 0
logging synchronous
login local
line aux 0
exec-timeout 0 1
login local
no exec
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output all
line vty 0 4
exec-timeout 5 0
login local
transport input ssh
transport output none
!
scheduler allocate 20000 1000
!
end
SWITCH CONFIG:
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname CPH-SWT-001
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet1/0/2
switchport access vlan 30
switchport mode access
!
interface FastEthernet1/0/3
description Desktop PC
switchport access vlan 30
switchport mode access
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
no switchport
ip address 10.10.10.2 255.255.255.0
!
interface Vlan1
no ip address
!
interface Vlan30
ip address 10.10.30.1 255.255.255.0
ip helper-address 10.10.10.1
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
no ip http server
!
!
control-plane
!
!
line con 0
logging synchronous
line vty 0 4
logging synchronous
login
line vty 5 15
logging synchronous
login
!
end
ROUTER - Routing Table (ISP IPs replaced with example IPs):
CPH-RTR-001#show ip route
Gateway of last resort is 95.5.5.1 to network 0.0.0.0
95.0.0.0/21 is subnetted, 1 subnets
C 95.5.5.0 is directly connected, GigabitEthernet0/0
135.254.0.0/32 is subnetted, 1 subnets
S 135.254.100.33 [254/0] via 95.5.5.1, GigabitEthernet0/0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
S 10.10.0.0/16 is directly connected, GigabitEthernet1/0
C 10.10.10.0/24 is directly connected, GigabitEthernet1/0
14.0.0.0/32 is subnetted, 1 subnets
C 14.1.1.1 is directly connected, Loopback0
S* 0.0.0.0/0 [1/0] via 95.5.5.1
SWITCH - Routing Table:
CPH-SWT-001#show ip route
Gateway of last resort is 10.10.10.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 2 subnets
C 10.10.10.0 is directly connected, GigabitEthernet1/0/2
C 10.10.30.0 is directly connected, Vlan30
S* 0.0.0.0/0 [1/0] via 10.10.10.1
ROUTER - IP Interface Brief:
CPH-RTR-001#show ip int bri
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 95.5.7.244 YES DHCP up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
GigabitEthernet1/0 10.10.10.1 YES NVRAM up up
NVI0 unassigned YES unset up up
Loopback0 14.1.1.1 YES NVRAM up up
SWITCH - IP Interface Brief:
CPH-SWT-001#show ip int bri
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up down
Vlan30 10.10.30.1 YES NVRAM up up
FastEthernet1/0/2 unassigned YES unset up up
FastEthernet1/0/3 unassigned YES unset down down
FastEthernet1/0/4 unassigned YES unset down down
FastEthernet1/0/5 unassigned YES unset down down
FastEthernet1/0/6 unassigned YES unset down down
FastEthernet1/0/7 unassigned YES unset down down
FastEthernet1/0/8 unassigned YES unset down down
FastEthernet1/0/9 unassigned YES unset down down
FastEthernet1/0/10 unassigned YES unset down down
FastEthernet1/0/11 unassigned YES unset down down
FastEthernet1/0/12 unassigned YES unset down down
FastEthernet1/0/13 unassigned YES unset down down
FastEthernet1/0/14 unassigned YES unset down down
FastEthernet1/0/15 unassigned YES unset down down
FastEthernet1/0/16 unassigned YES unset down down
FastEthernet1/0/17 unassigned YES unset down down
FastEthernet1/0/18 unassigned YES unset down down
FastEthernet1/0/19 unassigned YES unset down down
FastEthernet1/0/20 unassigned YES unset down down
FastEthernet1/0/21 unassigned YES unset down down
FastEthernet1/0/22 unassigned YES unset down down
FastEthernet1/0/23 unassigned YES unset down down
FastEthernet1/0/24 unassigned YES unset down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 10.10.10.2 YES NVRAM up up
Solved! Go to Solution.
03-03-2014 12:45 AM
Hi,
log keyword is not supported in NAT ACLs so just edit your ACL 102 by removing the log-input keyword and it should be working.
One little remark, you don't need a static route for the 10.10.0.0/16 network and you should avoid static routes pointing to an ethernet exit interface.
Regards
Alain
Don't forget to rate helpful posts.
03-03-2014 12:45 AM
Hi,
log keyword is not supported in NAT ACLs so just edit your ACL 102 by removing the log-input keyword and it should be working.
One little remark, you don't need a static route for the 10.10.0.0/16 network and you should avoid static routes pointing to an ethernet exit interface.
Regards
Alain
Don't forget to rate helpful posts.
03-03-2014 05:08 AM
I can't believe it was that simple! Thanks so much for your help.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide