cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
838
Views
0
Helpful
12
Replies

I am trying to get NAT working on a Cisco 2801 with HWIC-4ESW.

MarkhamBledsoe
Level 1
Level 1

I have a 2801 that had a failed Fe0/1 port.  The Fe0/1 port was used to give sub-interface Fe0/0.200 access to internet.  We installed a HWIC-4ESW into the 2801.  I have successfully moved the sub-interfaces ( 0/0.1 , 0/0.100 , and 0/0.200 ) from the Fe0/0 to the HWIC-4ESW.  I have reconfigured the Fe0/0 to connect to my ISP.  However, I cannot get traffic from vlan200 to pass to the internet over Fe0/0.   I have a guest wireless network set for vlan 200.  Clients get an IP address in the appropriate range (192.168.200.0), but they cannot get to the internet.  Below I have included the results of "sh ip int brief" and some of the "sh run".  I think that it is something simple, but I canot get it working.  

 

Help would be appreciated.

 

Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            ***.**.244.194  YES manual up                    up      
FastEthernet0/0.200        unassigned      YES unset  deleted               down    
Service-Engine0/0          192.168.100.254 YES TFTP   up                    up      
FastEthernet0/1            unassigned      YES NVRAM  administratively down down    
FastEthernet0/1/0          unassigned      YES unset  up                    up      
FastEthernet0/1/1          unassigned      YES unset  up                    up      
FastEthernet0/1/2          unassigned      YES unset  administratively down down    
FastEthernet0/1/3          unassigned      YES unset  administratively down down    
Serial0/3/0:0              unassigned      YES unset  down                  down    
Serial0/3/0:1              unassigned      YES unset  down                  down    
Serial0/3/0:2              unassigned      YES unset  down                  down    
Serial0/3/0:3              unassigned      YES unset  down                  down    
Serial0/3/0:4              unassigned      YES unset  down                  down    
Serial0/3/0:5              unassigned      YES unset  down                  down    
Serial0/3/0:6              unassigned      YES unset  down                  down    
Serial0/3/0:7              unassigned      YES unset  down                  down    
Serial0/3/0:8              unassigned      YES unset  down                  down    
Serial0/3/0:9              unassigned      YES unset  down                  down    
Serial0/3/0:10             unassigned      YES unset  down                  down    
Serial0/3/0:11             unassigned      YES unset  down                  down    
Serial0/3/0:12             unassigned      YES unset  down                  down    
Serial0/3/0:13             unassigned      YES unset  down                  down    
Serial0/3/0:14             unassigned      YES unset  down                  down    
Serial0/3/0:15             unassigned      YES unset  down                  down    
Serial0/3/0:23             unassigned      YES NVRAM  up                    up      
Vlan1                      192.168.1.254   YES NVRAM  up                    up      
Vlan100                    192.168.100.254 YES NVRAM  up                    up      
Vlan200                    192.168.200.254 YES NVRAM  up                    up      
NVI0                       ***.12.244.194  YES unset  administratively down down 
ip source-route
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.100.1 192.168.100.99
ip dhcp excluded-address 192.168.100.200 192.168.100.254
ip dhcp excluded-address 192.168.200.1 192.168.200.99
ip dhcp excluded-address 192.168.200.200 192.168.200.254
!
ip dhcp pool Phones
   network 192.168.100.0 255.255.255.0
   option 150 ip 192.168.100.254 
   default-router 192.168.100.254 
   dns-server 192.168.1.8 
!
ip dhcp pool guestwireless
   network 192.168.200.0 255.255.255.0
   default-router 192.168.200.254 
   dns-server 8.8.8.8 8.8.4.4 
!
!
ip cef
no ip domain lookup
ip domain name pwa.com
ip name-server 8.8.8.8
ip name-server 8.8.4.4
controller T1 0/3/0
 pri-group timeslots 1-16,24
!
controller T1 0/3/1
 shutdown
!
gw-accounting aaa
!
gw-accounting syslog 
!
!
!
!
!
interface FastEthernet0/0
 description Guestwireless route to internet
 ip address ***.**.244.194 255.255.255.240
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface Service-Engine0/0
 ip unnumbered Vlan100
 service-module ip address 192.168.100.200 255.255.255.0
 service-module ip default-gateway 192.168.100.254
 no cdp enable
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface FastEthernet0/1/0
 description trunk to switch
 switchport mode trunk
 duplex full
 speed 100
!
interface FastEthernet0/1/1
 description voice
 switchport access vlan 100
!
interface FastEthernet0/1/2
 shutdown
!
interface FastEthernet0/1/3
 shutdown
!
interface Serial0/3/0:23
 no ip address
 encapsulation hdlc
 isdn switch-type primary-ni
 isdn incoming-voice voice
 isdn supp-service name calling
 no cdp enable
!
interface Vlan1
 description Data
 ip address 192.168.1.254 255.255.255.0
!
interface Vlan100
 description voice vlan
 ip address 192.168.100.254 255.255.255.0
 h323-gateway voip bind srcaddr 192.168.100.254
!
interface Vlan200
 description Guestwireless Data
 ip address 192.168.200.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip forward-protocol nd
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip http path flash:
ip nat inside source list 10 interface FastEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.100.200 255.255.255.255 Service-Engine0/0
ip route 192.168.200.0 255.255.255.0 FastEthernet0/0
!
ip radius source-interface Vlan100 
access-list 10 permit 192.168.200.0 0.0.0.255
1 Accepted Solution

Accepted Solutions

In that case, you'll probably want to segregate the GuestWireless traffic into a vrf. Do GuestWireless or Data ever need to talk to each other? Do they ever use the same interface for internet access?

Something like this, maybe:

ip vrf GuestWireless
!
interface FastEthernet0/0
 description GuestWireless route to internet
 ip vrf forwarding GuestWireless
 ip address 17.12.244.194 255.255.255.240
 ip nat outside
 ip virtual-reassembly
!
interface Vlan200
 description Guest Wireless
 ip vrf forwarding GuestWireless
 ip address 192.168.200.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip route vrf GuestWireless 0.0.0.0 0.0.0.0 17.12.244.195
! You have to use an IP here, I just used .195 as an example.
!
ip nat inside source list 10 interface FastEthernet0/0 vrf GuestWireless overload
!
access-list 10 permit 192.168.200.0 0.0.0.255

View solution in original post

12 Replies 12

Sam Byers
Level 1
Level 1

>ip route 0.0.0.0 0.0.0.0 192.168.1.1

You are routing default traffic to 192.168.1.1. What is that?

Can you post the routing table?

The ip route 0.0.0.0 0.0.0.0 192.168.1.1 points to an ASA5505 for traffic on vlan1 (192.168.1.0/24).

 

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 192.168.1.1
      ***.**.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        ***.**.244.192/28 is directly connected, FastEthernet0/0
L        ***.**.244.194/32 is directly connected, FastEthernet0/0
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan1
L        192.168.1.254/32 is directly connected, Vlan1
      192.168.100.0/24 is variably subnetted, 3 subnets, 2 masks
C        192.168.100.0/24 is directly connected, Vlan100
S        192.168.100.200/32 is directly connected, Service-Engine0/0
L        192.168.100.254/32 is directly connected, Vlan100
      192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.200.0/24 is directly connected, Vlan200
L        192.168.200.254/32 is directly connected, Vlan200

The main issue is that you have two networks that need to send default traffic to two different interfaces. Does that sound right? You want guest internet traffic to go out fa0/0, and all else to go out 192.168.1.1?

 

Just at making sure I understand! :)

 

 

Yes, that is correct.

In that case, you'll probably want to segregate the GuestWireless traffic into a vrf. Do GuestWireless or Data ever need to talk to each other? Do they ever use the same interface for internet access?

Something like this, maybe:

ip vrf GuestWireless
!
interface FastEthernet0/0
 description GuestWireless route to internet
 ip vrf forwarding GuestWireless
 ip address 17.12.244.194 255.255.255.240
 ip nat outside
 ip virtual-reassembly
!
interface Vlan200
 description Guest Wireless
 ip vrf forwarding GuestWireless
 ip address 192.168.200.254 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
ip route vrf GuestWireless 0.0.0.0 0.0.0.0 17.12.244.195
! You have to use an IP here, I just used .195 as an example.
!
ip nat inside source list 10 interface FastEthernet0/0 vrf GuestWireless overload
!
access-list 10 permit 192.168.200.0 0.0.0.255

Guestwireless and Data do not talk to each other.  They also do not use the same interface for internet.

 

I will try your suggestion and post back.

 

Thank you,

Unfortunately, that did not work. I will be resetting the ISP modem after the end users leave.  I will post back if that works.

That's odd. Did you have translations in the NAT table for the guest vrf? 

The guest hosts, do they get the right ip? You'll have to change the dhcp config to work in that vrf.

I am now seeing translations in the vrf NAT table after restarting the ISP modem.  I am waiting to hear from end users now.

 

I appreciate the help.  I will post back with results when I hear from the end users.

I just heard from the end users.  The GuestWireless is up.  I am also seeing NAT translations thru the correct route.

 

Thank you again for the help.

Nice! The ol' reboot fixes all kinds of things. Np!

So, I just built this in the lab, and it seemed to work ok. I attached a sparse config, but it does let my host on the GuestWireless get the internet via NAT.

 

R2#sh ip nat translations vrf GuestWireless
Pro Inside global      Inside local       Outside local      Outside global
icmp 17.12.244.194:5   192.168.200.1:5    1.1.1.1:5          1.1.1.1:5

 

R2#sh ip route vrf GuestWireless

Routing Table: GuestWireless
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 17.12.244.195 to network 0.0.0.0

     17.0.0.0/28 is subnetted, 1 subnets
C       17.12.244.192 is directly connected, FastEthernet0/0
C    192.168.200.0/24 is directly connected, Vlan200
S*   0.0.0.0/0 [1/0] via 17.12.244.195

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco