cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1168
Views
0
Helpful
10
Replies

NAT problem?

yskent0423
Level 1
Level 1

My server can send to router 1, router 2 and multilayer switch, the router 2 and multilayer sw can't send to server. The server and router 1 also can't send to pc, same situation pc can't send to server but can send to router 1.

Router 1 configuration

hostname R1

!

!

!

enable secret 5 $1$mERr$NL29xH54hwvZoGzIJj1v40

!

!

!

ip dhcp pool DNSServer

network 192.168.15.0 255.255.255.0

default-router 192.168.15.1

dns-server 100.10.0.1

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree vlan 5,10,15,20,30,40,50,88,90,99 priority 4096

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.15.1 255.255.255.0

ip nat inside

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/3/0

ip address 192.168.90.1 255.255.255.0

ip nat outside

clock rate 128000

!

interface Serial0/3/1

no ip address

clock rate 2000000

shutdown

!

interface Vlan1

no ip address

shutdown

!

router rip

network 192.168.15.0

network 192.168.90.0

!

ip nat inside source static 192.168.15.1 192.168.90.1

ip default-gateway 192.168.99.1

ip classless

ip route 192.168.95.0 255.255.255.0 192.168.90.2

!

ip flow-export version 9

!

!

access-list 1 permit 0.0.0.1 255.255.255.0

!

no cdp run

!

end

Router 2 configuration

hostname R2

!

!

!

enable secret 5 $1$mERr$NL29xH54hwvZoGzIJj1v40

!

!

ip dhcp excluded-address 192.168.5.1 192.168.5.20

ip dhcp excluded-address 192.168.90.1 192.168.90.3

!

ip dhcp pool Voip

network 192.168.5.0 255.255.255.0

default-router 192.168.5.1

option 150 ip 192.168.5.1

ip dhcp pool Wifi

network 192.168.88.0 255.255.255.0

default-router 192.168.88.1

dns-server 100.10.0.1

!

!

!

no ip cef

no ipv6 cef

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree vlan 5,10,15,20,30,40,50,88,99 priority 4096

!

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.95.1 255.255.255.0

ip nat outside

duplex auto

speed auto

!

interface FastEthernet0/0.5

encapsulation dot1Q 5

ip address 192.168.5.1 255.255.255.0

!

interface FastEthernet0/0.10

encapsulation dot1Q 10

ip address 192.168.10.1 255.255.255.0

!

interface FastEthernet0/0.15

encapsulation dot1Q 15

ip address 192.168.15.1 255.255.255.0

!

interface FastEthernet0/0.20

encapsulation dot1Q 20

ip address 192.168.20.1 255.255.255.0

!

interface FastEthernet0/0.30

encapsulation dot1Q 30

ip address 192.168.30.1 255.255.255.0

!

interface FastEthernet0/0.40

encapsulation dot1Q 40

ip address 192.168.40.1 255.255.255.0

!

interface FastEthernet0/0.50

encapsulation dot1Q 50

ip address 192.168.50.1 255.255.255.0

!

interface FastEthernet0/0.88

encapsulation dot1Q 88

ip address 192.168.88.1 255.255.255.0

!

interface FastEthernet0/0.99

encapsulation dot1Q 99 native

ip address 192.168.99.1 255.255.255.0

!

interface FastEthernet0/1

no ip address

duplex auto

speed auto

shutdown

!

interface Serial0/3/0

no ip address

clock rate 2000000

shutdown

!

interface Serial0/3/1

ip address 192.168.90.2 255.255.255.0

ip nat inside

!

interface Vlan1

no ip address

shutdown

!

router rip

network 192.168.90.0

network 192.168.95.0

!

ip default-gateway 192.168.99.1

ip classless

ip route 192.168.15.0 255.255.255.0 192.168.90.1

!

ip flow-export version 9

!

!

!

no cdp run

!

end

Multilayer Switch configuration

hostname MS1

!

!

!

enable secret 5 $1$mERr$NL29xH54hwvZoGzIJj1v40

!

!

!

ip dhcp pool CustomerAndService

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 100.10.0.1

ip dhcp pool Finance

network 192.168.20.0 255.255.255.0

default-router 192.168.20.1

dns-server 100.10.0.1

ip dhcp pool HR

network 192.168.30.0 255.255.255.0

default-router 192.168.30.1

dns-server 100.10.0.1

ip dhcp pool ITSupport

network 192.168.40.0 255.255.255.0

default-router 192.168.40.1

dns-server 100.10.0.1

ip dhcp pool Admin

network 192.168.50.0 255.255.255.0

default-router 192.168.50.1

dns-server 100.10.0.1

!

!

ip routing

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree vlan 5,10,15,20,30,40,50,88,90,99 priority 4096

!

!

!

!

!

!

interface FastEthernet0/1

switchport trunk native vlan 99

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/2

switchport trunk native vlan 99

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/3

switchport trunk native vlan 99

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/4

switchport trunk native vlan 99

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/5

switchport trunk native vlan 99

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/6

switchport trunk native vlan 99

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/7

switchport trunk native vlan 99

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

mac-address 000b.be52.2501

ip address 192.168.10.1 255.255.255.0

!

interface Vlan15

mac-address 000b.be52.2502

ip address 192.168.15.1 255.255.255.0

!

interface Vlan20

mac-address 000b.be52.2503

ip address 192.168.20.1 255.255.255.0

ip access-group 1 in

ip access-group 1 out

!

interface Vlan30

mac-address 000b.be52.2504

ip address 192.168.30.1 255.255.255.0

!

interface Vlan40

mac-address 000b.be52.2505

ip address 192.168.40.1 255.255.255.0

!

interface Vlan50

mac-address 000b.be52.2506

ip address 192.168.50.1 255.255.255.0

!

interface Vlan90

mac-address 000b.be52.2507

ip address 192.168.90.1 255.255.255.0

!

interface Vlan95

mac-address 000b.be52.2508

ip address 192.168.95.1 255.255.255.0

!

interface Vlan99

mac-address 000b.be52.2509

ip address 192.168.99.1 255.255.255.0

!

router rip

network 192.168.95.0

!

ip default-gateway 192.168.99.1

ip classless

ip route 192.168.15.0 255.255.255.0 192.168.90.2

!

ip flow-export version 9

!

end

1 Accepted Solution

Accepted Solutions

There are numerous problems with your configuration. Vlan 15 on the Multilayer switch as network 192.168.15.0 configured, the same network exists on Router 0. Change your addressing so that it does not overlap.

Also, Vlan 99 on the Multilayer switch has the same IP address as the connecting interface on Router 1, 192.168.99.1. Change that duplicate address as well...

View solution in original post

10 Replies 10

Hi

It looks like a routing problem, have you verified if each layer 3 devices have the destination networks into their routing tables? including the networks used to interconnect each device. 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

Hello,

in addition to Julio's post, upload the Packet Tracer file (zip it first to upload), that makes it easier to troubleshoot...

ok

Which of the PCs cannot reach Server 0 ?

all of the PC, Multilayer switch, and Router 2

There are numerous problems with your configuration. Vlan 15 on the Multilayer switch as network 192.168.15.0 configured, the same network exists on Router 0. Change your addressing so that it does not overlap.

Also, Vlan 99 on the Multilayer switch has the same IP address as the connecting interface on Router 1, 192.168.99.1. Change that duplicate address as well...

Also, on R1 you have IP nat inside and outside interfaces configured, but there is nothing configured to be NATted.

What are the requirements for this network ? Is this a lab ?

yes, it's a lab. The requirements is all devices can ping each other, the configure I was done, just the device can't to ping, so I need to troubleshoot it. Thanks for your reply

Hello,

the main problem is that you are using the same IP address space on different devices. Is this what the design is supposed to look like, and is the main purpose of the lab to use NAT ?

Hello

  • You have NAT enabled on RTR1 however at the same time you trying to advertise all networks to each other so why do you need NAT?
  • you have ripv1 enabled on the rtr1-2 and the switch with auto summerisation enabled and as ripv1 is classful it will only advertise prefixes that match the subnet mask of its interface thats one reason why you routing isnt working correctly
  • rtr2 AND the switch are performing intervlan routing not needed on both devices- plus you have duplicate addressing
  • You have nat enabled on rtr1 and rtr2 but looking at your topology rtr and the switch are outside of rtr1 and the server, so just have nat on rtr1 for the server

Try the following for a NAT solution from rtr1

rtr1

no router rip
no ip nat inside source static 192.168.15.1 192.168.90.1
no ip route 192.168.95.0 255.255.255.0 192.168.90.2
no ip default-gateway 192.168.99.1
no access-list 1 permit 0.0.0.1 255.255.255.0

access-list 1 deny  host 192.168.15.2
access-list 1 permit 192.168.15.0

ip nat inside source static tcp 192.168.15.2 80 192.168.90.1 80
ip nat inside source list 1 interface Serial0/3/0

ip route 0.0.0.0 0.0.0.0 192.168.90.2


rtr2
interface FastEthernet0/0
no ip nat outside

no ip route 192.168.15.0 255.255.255.0 192.168.90.1
no ip default-gateway 192.168.99.1

no int fa0/0.5
no int fa0/0.10
no int fa0/0.15
no int fa0/0.20
no int fa0/0.30
no int fa0/0.40
no int fa0/0.50
no int fa0/0.88
no int fa0/0.99
defa int fa0/0

int fa0/0
ip address 192.168.95.2 255.255.255.0

no router rip
router rip
passive interface default
no passive interface fa0/0
ver 2
no auto
network 192.168.95.0
network 192.168.90.0


Switch
no ip default-gateway 192.168.99.1
no ip route 192.168.15.0 255.255.255.0 192.168.90.2
no interface Vlan90

interface Vlan20
no ip access-group 1 in
noip access-group 1 out

int vlan 5
ip address 192.168.5.1 255.255.255.0

no router rip
router rip
passive interface default
no passive interface vlan 95
ver 2
no auto
network 0.0.0.0

res
Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco