cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
772
Views
0
Helpful
5
Replies
Mauro Crociara
Beginner

IP NAT inside command doesn't exists

Hello, I just configured DNS server on my cisco 1941. From the router, i can translate google.com and ping the world. As a switch I have the EHWIC-D-8ESG-P and the EHWIC-VA-DSL-A as modem. The machines can comunicate from each other:

  • sun (the default gateway / the router) 192.168.1.1
  • printer (the printer) 192.168.1.5
  • jupiter (the nas) 192.168.1.10
  • venus (a laptop) 192.168.1.11
  • mars (another laptop) 192.168.1.12

The problem is that the machines can't communicate with the router 192.168.1.1 and comunicate with the world. The router can't comunicate with the machines, but can comunicate with the world. I tried to use this commands to set the NAT on the EHWIC-D-8ESG-P:

  • int range gigabitethernet 0/1/0 - 7
  • ip nat inside

The command "ip nat inside" doesn't exists, why? If i have figured out the NAT, I have to set the NAT inside/outside for each interface. In my case the NAT outside is the Dealer0 (my modem) with negotiated IP and all inside NAT are the interfaces on the switch from gigabitethernet 0/1/0 to 7.

Why it doesn't works?

5 REPLIES 5
Mauro Crociara
Beginner

Partially solved... the Cisco EtherSwitch EHWICs support the layer 3 features as NAT, QoS and other services with VSI and not directly. Here fe features list. In other word to use nating on modules you have to create a vlan interface and assign the interface to the gigabitethernet interface of the switch.

 

conf t
vlan 10
exit
int vlan 10
ip address 192.168.1.x 255.255.255.0
no shutdown
exit
int range gi0/1/0 - 7
sw mode access
sw acc vlan 10
no shutdown

Now from the router i'm able to translate all address, ping the machines inside the LAN and outside the WAN. The router can talk with all, but the LAN machines aren't still able to talk with the WAN. A vlan can have the same IP of the gateway?

 

I created an access list like this:

access-list 1 permit 0.0.0.1 192.168.1.254

And natted on it:

ip nat inside source list 1 interface dialer 0 overload

 

Stil looking for the answer to solve the problem. How can contact the WAN from LAN machines?

acampbell
Advocate

Hi,

So it looks to me that you have your pcs printers etc connected to the
EHWIC-D-8ESG-P.

By default these will be layer 2 ports and depend on a virual interface of vlan 1.

So try something like ths

!
interface vlan 1
ip address 192.168.1.254 255.255.255.0
ip nat inside
!
!
ip nat pool MYPOOL 192.168.1.0 192.168.2.0 netmask 255.255.255.0
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!

Regards
Alex

Regards, Alex. Please rate useful posts.

Hi Alex,

 

Firts of all, thanks for the reply. While you answered i was writing :)

 

I tried your suggestions and I edited my config, but I'm still not able to go on the WAN. The first problem is to ping the router 192.168.1.1. How can I assign an IP address to the router?  This is my config: http://dpaste.com/2Z4VHJG

During the config:

ip nat pool MYPOOL 192.168.1.0 192.168.2.0 netmask 255.255.255.0

I obtained two warnings:

pool ovrld mask 255.255.255.0 too small; should be at least 255.255.252.0
start and end addresses on different subnets

Regards,

Mauro

Hi Alex, I have attached my last config, and some test as you can see belove. I'm still not able to reach the WAN from the LAN.

  • The routing table from mars.homenetwork
realnot@mars ~ $ route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     sun.homenetwork 255.255.255.255 UGH   0      0        0 enp0s25
192.168.1.0     *               255.255.255.0   U     0      0        0 enp0s25
  • SSH access from mars.homenetwork (the laptop) to sun.homenetwork(the router)
realnot@mars ~ $ ssh sun
Welcome to SUN. You are connected via SSH to line #132 on sun.homenetwork.
The access is restricted for personal purpose only. All activity are monitored
and logged for secirity reasons.
  • The routing table on the router
sun#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 0.0.0.0 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 0.0.0.0, Dialer0
      79.0.0.0/32 is subnetted, 1 subnets
C        79.8.58.159 is directly connected, Dialer0
 *    192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C*       192.168.1.0/24 is directly connected, Vlan10
L        192.168.1.1/32 is directly connected, Vlan10
      192.168.100.0/32 is subnetted, 1 subnets
C        192.168.100.1 is directly connected, Dialer0
  • Some ping test from the router (to LAN and WAN)
sun#ping google.com
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 149.3.176.20, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms
sun#ping jupiter
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
sun#ping mars
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.12, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
  • Checking IP NAT translations
sun#show ip nat translations
sun#

 

I have attached my last running-config. Thanks for the the support.

Hi Alex, this morning i solved the problem. Was caused by a wrong config of dhcpd.conf, dns, static routing on the end terminals. The router was configured properly.

Thanks for the support.

Mauro