02-12-2013 05:11 PM - edited 03-07-2019 11:40 AM
Hi,
Im using a 2801 router with a nat configuration.
The issue im having is the nat seems to be allowing only one machine at a time through the nat.
the range i am testing is 192.168.243.0
The firmware is c2801-spservicesk9-m
The config is as follows
Thanks for you help in advance
Brendon
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname VlanRouter
!
boot-start-marker
boot-end-marker
!
no aaa new-model
!
resource policy
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
ip cef
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.242.1
ip dhcp excluded-address 192.168.240.1
ip dhcp excluded-address 192.168.241.1
ip dhcp excluded-address 192.168.243.1
ip dhcp excluded-address 10.127.0.1 10.127.0.10
!
ip dhcp pool VL211
network 192.168.241.0 255.255.255.0
dns-server 210.18.210.210
default-router 192.168.241.1
!
ip dhcp pool VL210
network 192.168.240.0 255.255.255.0
dns-server 210.18.210.210
default-router 192.168.240.1
!
ip dhcp pool VL212
network 192.168.242.0 255.255.255.0
default-router 192.168.242.1
dns-server 210.18.210.210
!
ip dhcp pool VL213
network 192.168.243.0 255.255.255.0
default-router 192.168.243.1
dns-server 210.18.210.210
!
ip dhcp pool VL200
network 10.127.0.0 255.255.255.0
default-router 10.127.0.253
dns-server 210.18.210.210
!
interface FastEthernet0/0
ip address 203.25.120.202 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 192.168.239.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1.3
encapsulation dot1Q 3
ip address 172.20.255.202 255.255.0.0
ip nat outside
no snmp trap link-status
!
interface FastEthernet0/1.200
encapsulation dot1Q 200
ip address 10.127.0.253 255.255.255.0
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.210
description ATV-Tracey
encapsulation dot1Q 210
ip address 192.168.240.1 255.255.255.0
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.211
description ATV-Tierney
encapsulation dot1Q 211
ip address 192.168.241.1 255.255.255.0
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.212
description ATV-Nitec
encapsulation dot1Q 212
ip address 192.168.242.1 255.255.255.0
ip nat inside
no snmp trap link-status
!
interface FastEthernet0/1.213
description iMac
encapsulation dot1Q 213
ip address 192.168.243.1 255.255.255.0
ip nat inside
no snmp trap link-status
!
interface ATM0/1/0
no ip address
shutdown
no atm ilmi-keepalive
dsl equipment-type CPE
dsl operating-mode GSHDSL symmetric annex A
dsl linerate AUTO
!
ip classless
ip route 0.0.0.0 0.0.0.0 203.25.120.4
!
no ip http server
no ip http secure-server
ip nat inside source list INAT interface FastEthernet0/1.3 overload
ip nat inside source list NAT interface FastEthernet0/0 overload
!
ip access-list standard INAT
permit 192.168.243.0 0.0.0.255
ip access-list standard NAT
permit 10.127.0.0 0.0.0.255
permit 192.168.240.0 0.0.0.255
permit 192.168.241.0 0.0.0.255
permit 192.168.242.0 0.0.0.255
!
control-plane
!
Solved! Go to Solution.
02-12-2013 07:55 PM
Hi,
If I understood you right. You want subnets under NAT access-list to be forwarded f0/0 and INAT f0/1.3
For such thing you could use Policy-based routing(PBR).
route-map PBR permit 10
match ip address INAT
set interface f0/1.3
interface FastEthernet0/1.213
description iMac
encapsulation dot1Q 213
ip address 192.168.243.1 255.255.255.0
ip policy route-map PBR
ip nat inside
Other traffic would go through f0/0.
Hope it will help.
Best regards,
Abzal
02-12-2013 07:55 PM
Hi,
If I understood you right. You want subnets under NAT access-list to be forwarded f0/0 and INAT f0/1.3
For such thing you could use Policy-based routing(PBR).
route-map PBR permit 10
match ip address INAT
set interface f0/1.3
interface FastEthernet0/1.213
description iMac
encapsulation dot1Q 213
ip address 192.168.243.1 255.255.255.0
ip policy route-map PBR
ip nat inside
Other traffic would go through f0/0.
Hope it will help.
Best regards,
Abzal
02-12-2013 08:10 PM
Hi Abzal,
Thanks for your reply.
i set the router up using the PBR you set above and i am not getting a response from my default gateway (172.20.251.3).
The NAT was working although it seemed like it couldn't support multiple machines at the same time.
EDIT: I also can't modify any other router which is why i am using a NAT.
Thanks
Brendon
02-12-2013 08:14 PM
Try this one:
no ip route 0.0.0.0 0.0.0.0 203.25.120.4
route-map PBR2 permit 10
match ip address NAT
set default interface f0/0
route-map PBR1 permit 10
match ip address INAT
set default interface f0/1.3
interface FastEthernet0/1.200
encapsulation dot1Q 200
ip address 10.127.0.253 255.255.255.0
ip nat inside
ip policy route-map PBR2
no snmp trap link-status
!
interface FastEthernet0/1.210
description ATV-Tracey
encapsulation dot1Q 210
ip address 192.168.240.1 255.255.255.0
ip nat inside
ip policy route-map PBR2
no snmp trap link-status
!
interface FastEthernet0/1.211
description ATV-Tierney
encapsulation dot1Q 211
ip address 192.168.241.1 255.255.255.0
ip nat inside
ip policy route-map PBR2
no snmp trap link-status
!
interface FastEthernet0/1.212
description ATV-Nitec
encapsulation dot1Q 212
ip address 192.168.242.1 255.255.255.0
ip nat inside
ip policy route-map PBR2
no snmp trap link-status
interface FastEthernet0/1.213
description iMac
encapsulation dot1Q 213
ip address 192.168.243.1 255.255.255.0
ip policy route-map PBR1
ip nat inside
Hope it will help.
Best regards,
Abzal
02-12-2013 08:39 PM
Hi Abzal,
At this stage I can access everything so i will now do a stress test and get back to you.
Thanks Mate
02-13-2013 05:39 PM
Hi Abzal.
I tried this configuration again. and it Worked!!
Much Appreciated
With Thanks
Brendon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide