02-23-2015 01:04 PM - edited 03-07-2019 10:48 PM
Hello, I just configured DNS server on my cisco 1941. From the router, i can translate google.com and ping the world. As a switch I have the EHWIC-D-8ESG-P and the EHWIC-VA-DSL-A as modem. The machines can comunicate from each other:
The problem is that the machines can't communicate with the router 192.168.1.1 and comunicate with the world. The router can't comunicate with the machines, but can comunicate with the world. I tried to use this commands to set the NAT on the EHWIC-D-8ESG-P:
The command "ip nat inside" doesn't exists, why? If i have figured out the NAT, I have to set the NAT inside/outside for each interface. In my case the NAT outside is the Dealer0 (my modem) with negotiated IP and all inside NAT are the interfaces on the switch from gigabitethernet 0/1/0 to 7.
Why it doesn't works?
02-23-2015 05:28 PM
Partially solved... the Cisco EtherSwitch EHWICs support the layer 3 features as NAT, QoS and other services with VSI and not directly. Here fe features list. In other word to use nating on modules you have to create a vlan interface and assign the interface to the gigabitethernet interface of the switch.
conf t vlan 10 exit int vlan 10 ip address 192.168.1.x 255.255.255.0 no shutdown exit int range gi0/1/0 - 7 sw mode access sw acc vlan 10 no shutdown
Now from the router i'm able to translate all address, ping the machines inside the LAN and outside the WAN. The router can talk with all, but the LAN machines aren't still able to talk with the WAN. A vlan can have the same IP of the gateway?
I created an access list like this:
access-list 1 permit 0.0.0.1 192.168.1.254
And natted on it:
ip nat inside source list 1 interface dialer 0 overload
Stil looking for the answer to solve the problem. How can contact the WAN from LAN machines?
02-23-2015 05:28 PM
Hi,
So it looks to me that you have your pcs printers etc connected to the
EHWIC-D-8ESG-P.
By default these will be layer 2 ports and depend on a virual interface of vlan 1.
So try something like ths
!
interface vlan 1
ip address 192.168.1.254 255.255.255.0
ip nat inside
!
!
ip nat pool MYPOOL 192.168.1.0 192.168.2.0 netmask 255.255.255.0
ip nat inside source list 1 interface Dialer0 overload
!
access-list 1 permit 192.168.1.0 0.0.0.255
!
Regards
Alex
02-24-2015 03:08 AM
Hi Alex,
Firts of all, thanks for the reply. While you answered i was writing :)
I tried your suggestions and I edited my config, but I'm still not able to go on the WAN. The first problem is to ping the router 192.168.1.1. How can I assign an IP address to the router? This is my config: http://dpaste.com/2Z4VHJG
During the config:
ip nat pool MYPOOL 192.168.1.0 192.168.2.0 netmask 255.255.255.0
I obtained two warnings:
pool ovrld mask 255.255.255.0 too small; should be at least 255.255.252.0 start and end addresses on different subnets
Regards,
Mauro
02-24-2015 09:42 AM
Hi Alex, I have attached my last config, and some test as you can see belove. I'm still not able to reach the WAN from the LAN.
realnot@mars ~ $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 sun.homenetwork 255.255.255.255 UGH 0 0 0 enp0s25 192.168.1.0 * 255.255.255.0 U 0 0 0 enp0s25
realnot@mars ~ $ ssh sun Welcome to SUN. You are connected via SSH to line #132 on sun.homenetwork. The access is restricted for personal purpose only. All activity are monitored and logged for secirity reasons.
sun#sh ip route Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP + - replicated route, % - next hop override Gateway of last resort is 0.0.0.0 to network 0.0.0.0 S* 0.0.0.0/0 [1/0] via 0.0.0.0, Dialer0 79.0.0.0/32 is subnetted, 1 subnets C 79.8.58.159 is directly connected, Dialer0 * 192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks C* 192.168.1.0/24 is directly connected, Vlan10 L 192.168.1.1/32 is directly connected, Vlan10 192.168.100.0/32 is subnetted, 1 subnets C 192.168.100.1 is directly connected, Dialer0
sun#ping google.com Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 149.3.176.20, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/30/32 ms sun#ping jupiter Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.10, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms sun#ping mars Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.12, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
sun#show ip nat translations sun#
I have attached my last running-config. Thanks for the the support.
02-25-2015 04:08 AM
Hi Alex, this morning i solved the problem. Was caused by a wrong config of dhcpd.conf, dns, static routing on the end terminals. The router was configured properly.
Thanks for the support.
Mauro
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide