cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1889
Views
5
Helpful
10
Replies

Configuring HSRP with VLAN and NAT?

John1997
Level 1
Level 1

Hello,

 

It's as the title says I need to configure HSRP with VLAN and NAT. Problem is that I don't  even know where to start. I can configure HSRP, VLAN and NAT by themselves, but how do I combine them? What is the first thing that I'm supposed to configure and how?

For reference I will add subnets I did, but I will probably need to redo them. Ignore IP's before 192.168.10.176, they have different purpose.

image.png

 

 

 

 

I'm also adding the packet tracer file I'm working with, but empty as it's probably easier to do everything from zero than figure out my mess. Basically ISP1 is the main and ISP2 is a backup. ISP1 should always be the main one and become active once it's fixed. PC1-27, printers and AP's should be VLAN10. PC28-54 and servers should be VLAN20.

 

Can someone explain how am I supposed to configure all of this?

1 Accepted Solution

Accepted Solutions

I´ll try to give you the basic steps and you try to follow and you can ask question as you are evolving.

It is a lot to configure, so, better you start doing the basics.

 

First, configure Layer 3 uplink between switch switch0, router 0, switch 1 and router 1. They need to ping each other. 

Then, on router, on the interface down to switch, you can configure HSRP.

On the switch, on the interface up to router, you can add the HSRP VIP on the interface vlan. 

The NAT need to be placed on the router, on the interface facing the internet.

 

But, this can be a very complex Lab if you are just starting. Maybe, you can start with something more simple.

View solution in original post

10 Replies 10

...

I´ll try to give you the basic steps and you try to follow and you can ask question as you are evolving.

It is a lot to configure, so, better you start doing the basics.

 

First, configure Layer 3 uplink between switch switch0, router 0, switch 1 and router 1. They need to ping each other. 

Then, on router, on the interface down to switch, you can configure HSRP.

On the switch, on the interface up to router, you can add the HSRP VIP on the interface vlan. 

The NAT need to be placed on the router, on the interface facing the internet.

 

But, this can be a very complex Lab if you are just starting. Maybe, you can start with something more simple.

Unfortunately I'm not 100% beginner, just first time doing something this complex. And as stated before I had configured HSRP, NAT and VLAN but not together and it was just one router/ switch combination instead of mesh network. I will post commands I used, if you could provide info on what more should I do I would appreciate it.

 

I will start with HSRP and VLAN:

Switches ( more or less same commands used for all 4, just interface modes and vlans change as appropriate):

Switch> en
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#name 10
Switch(config-vlan)#vlan 20
Switch(config-vlan)#name 20
Switch(config)#int range g0/1, g1/1, g2/1
Switch(config-if-range)#switch
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet2/1, changed state to up

Switch(config-if-range)#int range g4/1, g3/1
Switch(config-if-range)#switchport access vlan 10
Switch(config-if-range)#end

Router (Again more or less the same commands):

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#int g1/0
Router(config-if)#no shut

Router(config-if)#
%LINK-5-CHANGED: Interface GigabitEthernet1/0, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0, changed state to up

Router(config-if)#int g1/0.10
Router(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet1/0.10, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0.10, changed state to up

Router(config-subif)#encap
Router(config-subif)#encapsulation dot1q 10
Router(config-subif)#ip address 192.168.10.178 255.255.255.248
Router(config-subif)#standby 10 ip 192.168.10.182
Router(config-subif)#standby 10 priority 110
Router(config-subif)#standby 10 preempt
Router(config-subif)#no shut
Router(config-subif)#int g1/0.20
Router(config-subif)#
%LINK-5-CHANGED: Interface GigabitEthernet1/0.20, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0.20, changed state to up

Router(config-subif)#encapsulation dot1q 20
Router(config-subif)#ip address 192.168.10.186 255.255.255.248
Router(config-subif)#standby 20 ip 192.168.10.190
Router(config-subif)#no shut
Router(config-subif)#
%HSRP-6-STATECHANGE: GigabitEthernet1/0.20 Grp 20 state Speak -> Standby

Everything seems to work for now. Not sure if this is correct, I also need to redo subnets because I didn't account for the vlans.

And this is for NAT:

 

Router>en
Router#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 10 permit 192.168.10.176 0.0.0.7
Router(config)#access-list 20 permit 192.168.10.184 0.0.0.7
Router(config)#ip nat pool test 1.1.1.1 1.1.1.1 netmask 255.255.255.252
Router(config)#ip nat inside source list 10 pool test overload
Router(config)#ip nat inside source list 20 pool test overload
Router(config)#int g0/0
Router(config-if)#ip nat outside
Router(config-if)#int g1/0.10
Router(config-subif)#ip nat inside
Router(config-subif)#int g1/0.20
Router(config-subif)#ip nat inside
Router(config-subif)#
Router(config-subif)#end

For testing I had to change cloud-pt into a router:

image.png

 

 

 

 

 

 

 

 

 

This setup seems to work again. Am I doing everything correctly?

As I understand you use PKT for lab then you will do it in real network ? If yes then there are many command missing from the PKT, I prefer use GNS3 "there is dumy SW" and config interface without sub interface and test NAT.

stateful NAT for HSRP command 
ip nat stateful id id-number {redundancy name mapping-id map-number} 

ip nat pool name start-ip end-ip prefix-length prefix-length 

ip nat inside source {route-map name pool pool-name mapping-id map-number} [overload]

No, this is purely just for PKT

Hello again,

I tried configuring SNAT, but it seems Packet Tracer doesn't support this? I keep getting "Invalid input detected". It this supposed to happen or am I doing something wrong?

As I mention before PKT have many limitation. this is one of them.

Looks Ok. 

 

show nat translation  should give you the answer if works or not. 

Let me see.  

 

When share script like that, please, put the script in a wordpad or notepad file and attach the file. As you can see, this forum does not hold the format and it is very messy to read.

Review Cisco Networking for a $25 gift card