cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
127
Views
0
Helpful
2
Replies
Highlighted
Beginner

Help with Lab Networking config

Hey All,

             I am new to Cisco networking,I am wondering if you could assist me with a couple questions/issues i am having. I will start by uploading a network diagram (please see photo). I am going to explain what i have setup. In this lab, i have an ISP modem(WAN), it then plugs into PFsense(gateway/firewall), which converts it to LAN, from there I have an Ethernet run going to a cisco switch into a port as uplink(Gi2/1/1). Here is where my confusion comes into place. My issues right now are how to route when dealing with multiple VLANS(inter vlan communication, i kind of got this working, but can't communicate to physical gateway IE my pfsense out to the world), and also i suppose i need help on how to configure the uplink port from the start. I just might have mis-configured that which is why I am having issues to start with. So i guess to start would be, what would be the recommended way of configuring an uplink port to the switch from a physical gateway. The next problem i have is, i have configured a trunk port (Gi2/0/48) to allow vlan 1-5 (see screen shot). I can ping all of the vlans i created as i am routing them/gave them an ip. Again the issue arises, I am unable to ping my physical gateway IP, thus unable to real the outside world. I am able to ping the gateway from inside the switch when connected via serial. 

genericNetwork.jpg

 

pinggateway.png

 

2 REPLIES 2
Beginner

Re: Help with Lab Networking config

Adding to this. I have a physical laptop on Gi2/0/4 which is a trunk port to allow VLAN 1-5. I ping vlan 2-5 and get no response, i then go to the physical NIC on the laptop and add the VLAN gateways and BOOM i am able to ping the VLANs in which i specify. I clearly have something misconfigured here.

Hall of Fame Expert

Re: Help with Lab Networking config

Hello Zkcetam,

the switch uplink to the PF sense internal interface only needs to carry Vlan 1 untagged (native) so you can configure it as an access port ( no trunk) in Vlan 1

int gi2/1/4

description to PF sense

switchport

switchport mode access

switchport access vlan 1

 

Information about Vlan2- Vlan 5 subnets is provided by using static routes on the PF sense

I write down the IOS commands for this task you need to convert to appropriate commands on PF sense device

ip route 10.2.2.0 255.255.255.0 10.2.1.2

ip route 10.2.3.0 255.255.255.0 10.2.1.2

ip route 10.2.4.0 255.255.255.0 10.2.1.2

ip route 10.2.5.0 255.255.255.0 10.2.1.2

 

on the Catalyst device you just need to configure a default route

 

ip route 0.0.0.0 0.0.0.0 10.2.1.1

 

Note:

ip routing has to be enabled at global level on catalyst

using

ip routing

 

 

B ) NAT

All your addresses are Private addresses in 10/8 network following RFC 1918

 

To be able to access the internet and to ping the public IP address 73.xx.xx.xx the internal addresses have to be translated when going via the PF sense device.

This translation is performed by NAT feature .

 

I provide to you a sample configuration for an IOS device

 

interface WAN

ip nat outside

 

interface LAN

ip nat inside

 

access-list 11 permit 10.2.1.0 0.0.0.255

access-list 11 permit 10.2.2.0 0.0.0.255

access-list 11 permit 10.2.3.0 0.0.0.255

access-list 11 permit 10.2.4.0 0.0.0.255

access-list 11 permit 10.2.5.0 0.0.0.255

 

ip nat inside source list 11 interface WAN overload

 

When a packet coming from inside network with a source address that matches one of the lines of ACL 11 the source address is converted to the public address of the WAN interface and PAT port address translation is performed

multiple hosts can access internet at the same time using different TCP or UDP ports that are translated on NAT device.

 

Hope to help

Giuseppe

 

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards