08-13-2014 12:22 PM - edited 03-07-2019 08:23 PM
I have a 2801 that had a failed Fe0/1 port. The Fe0/1 port was used to give sub-interface Fe0/0.200 access to internet. We installed a HWIC-4ESW into the 2801. I have successfully moved the sub-interfaces ( 0/0.1 , 0/0.100 , and 0/0.200 ) from the Fe0/0 to the HWIC-4ESW. I have reconfigured the Fe0/0 to connect to my ISP. However, I cannot get traffic from vlan200 to pass to the internet over Fe0/0. I have a guest wireless network set for vlan 200. Clients get an IP address in the appropriate range (192.168.200.0), but they cannot get to the internet. Below I have included the results of "sh ip int brief" and some of the "sh run". I think that it is something simple, but I canot get it working.
Help would be appreciated.
Interface IP-Address OK? Method Status Protocol FastEthernet0/0 ***.**.244.194 YES manual up up FastEthernet0/0.200 unassigned YES unset deleted down Service-Engine0/0 192.168.100.254 YES TFTP up up FastEthernet0/1 unassigned YES NVRAM administratively down down FastEthernet0/1/0 unassigned YES unset up up FastEthernet0/1/1 unassigned YES unset up up FastEthernet0/1/2 unassigned YES unset administratively down down FastEthernet0/1/3 unassigned YES unset administratively down down Serial0/3/0:0 unassigned YES unset down down Serial0/3/0:1 unassigned YES unset down down Serial0/3/0:2 unassigned YES unset down down Serial0/3/0:3 unassigned YES unset down down Serial0/3/0:4 unassigned YES unset down down Serial0/3/0:5 unassigned YES unset down down Serial0/3/0:6 unassigned YES unset down down Serial0/3/0:7 unassigned YES unset down down Serial0/3/0:8 unassigned YES unset down down Serial0/3/0:9 unassigned YES unset down down Serial0/3/0:10 unassigned YES unset down down Serial0/3/0:11 unassigned YES unset down down Serial0/3/0:12 unassigned YES unset down down Serial0/3/0:13 unassigned YES unset down down Serial0/3/0:14 unassigned YES unset down down Serial0/3/0:15 unassigned YES unset down down Serial0/3/0:23 unassigned YES NVRAM up up Vlan1 192.168.1.254 YES NVRAM up up Vlan100 192.168.100.254 YES NVRAM up up Vlan200 192.168.200.254 YES NVRAM up up NVI0 ***.12.244.194 YES unset administratively down down
ip source-route ! ! no ip dhcp use vrf connected ip dhcp excluded-address 192.168.100.1 192.168.100.99 ip dhcp excluded-address 192.168.100.200 192.168.100.254 ip dhcp excluded-address 192.168.200.1 192.168.200.99 ip dhcp excluded-address 192.168.200.200 192.168.200.254 ! ip dhcp pool Phones network 192.168.100.0 255.255.255.0 option 150 ip 192.168.100.254 default-router 192.168.100.254 dns-server 192.168.1.8 ! ip dhcp pool guestwireless network 192.168.200.0 255.255.255.0 default-router 192.168.200.254 dns-server 8.8.8.8 8.8.4.4 ! ! ip cef no ip domain lookup ip domain name pwa.com ip name-server 8.8.8.8 ip name-server 8.8.4.4
controller T1 0/3/0 pri-group timeslots 1-16,24 ! controller T1 0/3/1 shutdown ! gw-accounting aaa ! gw-accounting syslog ! ! ! ! ! interface FastEthernet0/0 description Guestwireless route to internet ip address ***.**.244.194 255.255.255.240 ip nat outside ip virtual-reassembly duplex auto speed auto ! interface Service-Engine0/0 ip unnumbered Vlan100 service-module ip address 192.168.100.200 255.255.255.0 service-module ip default-gateway 192.168.100.254 no cdp enable ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1/0 description trunk to switch switchport mode trunk duplex full speed 100 ! interface FastEthernet0/1/1 description voice switchport access vlan 100 ! interface FastEthernet0/1/2 shutdown ! interface FastEthernet0/1/3 shutdown ! interface Serial0/3/0:23 no ip address encapsulation hdlc isdn switch-type primary-ni isdn incoming-voice voice isdn supp-service name calling no cdp enable ! interface Vlan1 description Data ip address 192.168.1.254 255.255.255.0 ! interface Vlan100 description voice vlan ip address 192.168.100.254 255.255.255.0 h323-gateway voip bind srcaddr 192.168.100.254 ! interface Vlan200 description Guestwireless Data ip address 192.168.200.254 255.255.255.0 ip nat inside ip virtual-reassembly ! ip forward-protocol nd ! ! ip http server ip http authentication local ip http secure-server ip http timeout-policy idle 60 life 86400 requests 10000 ip http path flash: ip nat inside source list 10 interface FastEthernet0/0 overload ip route 0.0.0.0 0.0.0.0 192.168.1.1 ip route 192.168.100.200 255.255.255.255 Service-Engine0/0 ip route 192.168.200.0 255.255.255.0 FastEthernet0/0 ! ip radius source-interface Vlan100 access-list 10 permit 192.168.200.0 0.0.0.255
Solved! Go to Solution.
08-13-2014 03:26 PM
In that case, you'll probably want to segregate the GuestWireless traffic into a vrf. Do GuestWireless or Data ever need to talk to each other? Do they ever use the same interface for internet access?
Something like this, maybe:
ip vrf GuestWireless
!
interface FastEthernet0/0
description GuestWireless route to internet
ip vrf forwarding GuestWireless
ip address 17.12.244.194 255.255.255.240
ip nat outside
ip virtual-reassembly
!
interface Vlan200
description Guest Wireless
ip vrf forwarding GuestWireless
ip address 192.168.200.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route vrf GuestWireless 0.0.0.0 0.0.0.0 17.12.244.195
! You have to use an IP here, I just used .195 as an example.
!
ip nat inside source list 10 interface FastEthernet0/0 vrf GuestWireless overload
!
access-list 10 permit 192.168.200.0 0.0.0.255
08-13-2014 01:07 PM
>ip route 0.0.0.0 0.0.0.0 192.168.1.1
You are routing default traffic to 192.168.1.1. What is that?
Can you post the routing table?
08-13-2014 01:25 PM
The ip route 0.0.0.0 0.0.0.0 192.168.1.1 points to an ASA5505 for traffic on vlan1 (192.168.1.0/24).
Gateway of last resort is 192.168.1.1 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 192.168.1.1 ***.**.0.0/16 is variably subnetted, 2 subnets, 2 masks C ***.**.244.192/28 is directly connected, FastEthernet0/0 L ***.**.244.194/32 is directly connected, FastEthernet0/0 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.1.0/24 is directly connected, Vlan1 L 192.168.1.254/32 is directly connected, Vlan1 192.168.100.0/24 is variably subnetted, 3 subnets, 2 masks C 192.168.100.0/24 is directly connected, Vlan100 S 192.168.100.200/32 is directly connected, Service-Engine0/0 L 192.168.100.254/32 is directly connected, Vlan100 192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.200.0/24 is directly connected, Vlan200 L 192.168.200.254/32 is directly connected, Vlan200
08-13-2014 02:39 PM
The main issue is that you have two networks that need to send default traffic to two different interfaces. Does that sound right? You want guest internet traffic to go out fa0/0, and all else to go out 192.168.1.1?
Just at making sure I understand! :)
08-13-2014 02:41 PM
Yes, that is correct.
08-13-2014 03:26 PM
In that case, you'll probably want to segregate the GuestWireless traffic into a vrf. Do GuestWireless or Data ever need to talk to each other? Do they ever use the same interface for internet access?
Something like this, maybe:
ip vrf GuestWireless
!
interface FastEthernet0/0
description GuestWireless route to internet
ip vrf forwarding GuestWireless
ip address 17.12.244.194 255.255.255.240
ip nat outside
ip virtual-reassembly
!
interface Vlan200
description Guest Wireless
ip vrf forwarding GuestWireless
ip address 192.168.200.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip route vrf GuestWireless 0.0.0.0 0.0.0.0 17.12.244.195
! You have to use an IP here, I just used .195 as an example.
!
ip nat inside source list 10 interface FastEthernet0/0 vrf GuestWireless overload
!
access-list 10 permit 192.168.200.0 0.0.0.255
08-13-2014 03:29 PM
Guestwireless and Data do not talk to each other. They also do not use the same interface for internet.
I will try your suggestion and post back.
Thank you,
08-13-2014 04:25 PM
Unfortunately, that did not work. I will be resetting the ISP modem after the end users leave. I will post back if that works.
08-13-2014 05:09 PM
That's odd. Did you have translations in the NAT table for the guest vrf?
The guest hosts, do they get the right ip? You'll have to change the dhcp config to work in that vrf.
08-14-2014 07:54 AM
I am now seeing translations in the vrf NAT table after restarting the ISP modem. I am waiting to hear from end users now.
I appreciate the help. I will post back with results when I hear from the end users.
08-14-2014 08:16 AM
I just heard from the end users. The GuestWireless is up. I am also seeing NAT translations thru the correct route.
Thank you again for the help.
08-14-2014 08:41 AM
Nice! The ol' reboot fixes all kinds of things. Np!
08-14-2014 06:50 AM
So, I just built this in the lab, and it seemed to work ok. I attached a sparse config, but it does let my host on the GuestWireless get the internet via NAT.
R2#sh ip nat translations vrf GuestWireless
Pro Inside global Inside local Outside local Outside global
icmp 17.12.244.194:5 192.168.200.1:5 1.1.1.1:5 1.1.1.1:5
R2#sh ip route vrf GuestWireless
Routing Table: GuestWireless
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 17.12.244.195 to network 0.0.0.0
17.0.0.0/28 is subnetted, 1 subnets
C 17.12.244.192 is directly connected, FastEthernet0/0
C 192.168.200.0/24 is directly connected, Vlan200
S* 0.0.0.0/0 [1/0] via 17.12.244.195
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide