Solved: Configuring HSRP with VLAN and NAT?

John1997 · ‎04-25-2022

Hello,

It's as the title says I need to configure HSRP with VLAN and NAT. Problem is that I don't even know where to start. I can configure HSRP, VLAN and NAT by themselves, but how do I combine them? What is the first thing that I'm supposed to configure and how?

For reference I will add subnets I did, but I will probably need to redo them. Ignore IP's before 192.168.10.176, they have different purpose.

I'm also adding the packet tracer file I'm working with, but empty as it's probably easier to do everything from zero than figure out my mess. Basically ISP1 is the main and ISP2 is a backup. ISP1 should always be the main one and become active once it's fixed. PC1-27, printers and AP's should be VLAN10. PC28-54 and servers should be VLAN20.

Can someone explain how am I supposed to configure all of this?

Flavio Miranda · ‎04-25-2022

I´ll try to give you the basic steps and you try to follow and you can ask question as you are evolving.

It is a lot to configure, so, better you start doing the basics.

First, configure Layer 3 uplink between switch switch0, router 0, switch 1 and router 1. They need to ping each other.

Then, on router, on the interface down to switch, you can configure HSRP.

On the switch, on the interface up to router, you can add the HSRP VIP on the interface vlan.

The NAT need to be placed on the router, on the interface facing the internet.

But, this can be a very complex Lab if you are just starting. Maybe, you can start with something more simple.

View solution in original post

MHM Cisco World · ‎04-25-2022

...

Flavio Miranda · ‎04-25-2022

I´ll try to give you the basic steps and you try to follow and you can ask question as you are evolving.

It is a lot to configure, so, better you start doing the basics.

First, configure Layer 3 uplink between switch switch0, router 0, switch 1 and router 1. They need to ping each other.

Then, on router, on the interface down to switch, you can configure HSRP.

On the switch, on the interface up to router, you can add the HSRP VIP on the interface vlan.

The NAT need to be placed on the router, on the interface facing the internet.

But, this can be a very complex Lab if you are just starting. Maybe, you can start with something more simple.

John1997 · ‎04-25-2022

Unfortunately I'm not 100% beginner, just first time doing something this complex. And as stated before I had configured HSRP, NAT and VLAN but not together and it was just one router/ switch combination instead of mesh network. I will post commands I used, if you could provide info on what more should I do I would appreciate it.

I will start with HSRP and VLAN:

Switches ( more or less same commands used for all 4, just interface modes and vlans change as appropriate):

Switch> en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name 20
Switch(config)#int range g0/1, g1/1, g2/1
Switch(config-if-range)#switch
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1, changed state to up

Switch(config-if-range)#int range g4/1, g3/1
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#end

Router (Again more or less the same commands):

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int g1/0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet1/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up

Router(config-if)#int g1/0.10
Router(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet1/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0.10, changed state to up

Router(config-subif)#encap
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.178 255.255.255.248
Router(config-subif)#standby 10 ip 192.168.10.182
Router(config-subif)#standby 10 priority 110
Router(config-subif)#standby 10 preempt
Router(config-subif)#no shut
Router(config-subif)#int g1/0.20
Router(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet1/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0.20, changed state to up

Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.10.186 255.255.255.248
Router(config-subif)#standby 20 ip 192.168.10.190
Router(config-subif)#no shut
Router(config-subif)#
%HSRP-6-STATECHANGE: GigabitEthernet1/0.20 Grp 20 state Speak -> Standby

Everything seems to work for now. Not sure if this is correct, I also need to redo subnets because I didn't account for the vlans.

John1997 · ‎04-25-2022

And this is for NAT:

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 10 permit 192.168.10.176 0.0.0.7
Router(config)#access-list 20 permit 192.168.10.184 0.0.0.7
Router(config)#ip nat pool test 1.1.1.1 1.1.1.1 netmask 255.255.255.252
Router(config)#ip nat inside source list 10 pool test overload
Router(config)#ip nat inside source list 20 pool test overload
Router(config)#int g0/0
Router(config-if)#ip nat outside
Router(config-if)#int g1/0.10
Router(config-subif)#ip nat inside
Router(config-subif)#int g1/0.20
Router(config-subif)#ip nat inside
Router(config-subif)#
Router(config-subif)#end

For testing I had to change cloud-pt into a router:

This setup seems to work again. Am I doing everything correctly?

MHM Cisco World · ‎04-25-2022

As I understand you use PKT for lab then you will do it in real network ? If yes then there are many command missing from the PKT, I prefer use GNS3 "there is dumy SW" and config interface without sub interface and test NAT.

stateful NAT for HSRP command
ip nat stateful id id-number {redundancy name mapping-id map-number}

ip nat pool name start-ip end-ip prefix-length prefix-length

ip nat inside source {route-map name pool pool-name mapping-id map-number} [overload]

John1997 · ‎04-25-2022

No, this is purely just for PKT

John1997 · ‎04-26-2022

Hello again,

I tried configuring SNAT, but it seems Packet Tracer doesn't support this? I keep getting "Invalid input detected". It this supposed to happen or am I doing something wrong?

MHM Cisco World · ‎04-26-2022

As I mention before PKT have many limitation. this is one of them.

Flavio Miranda · ‎04-25-2022

Looks Ok.

show nat translation should give you the answer if works or not.

Flavio Miranda · ‎04-26-2022

Let me see.

When share script like that, please, put the script in a wordpad or notepad file and attach the file. As you can see, this forum does not hold the format and it is very messy to read.