03-28-2011 11:16 AM - edited 03-06-2019 04:18 PM
Hey everyone,
I'm having issues getting clients on interface vlan 10 (GigabitEthernet 0/0/1) properly routing over vlan 1 (GigabitEthernet 0/0/0). Can anyone see any obvious errors in my configuration?
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname b-gw
!
boot-start-marker
boot system flash c1900-universalk9-mz.SPA.151-4.M.bin
boot-end-marker
!
!
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
clock timezone GMT -7 0
!
no ipv6 cef
ip source-route
ip cef
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.20
!
ip dhcp pool PRIMARY
network 192.168.10.0 255.255.255.0
dns-server 192.168.0.77
default-router 192.168.10.1
!
ip dhcp pool WIRELESS
network 192.168.12.0 255.255.255.0
default-router 192.168.12.1
dns-server 8.8.8.8
!
!
multilink bundle-name authenticated
!
password encryption aes
crypto pki token default removal timeout 0
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.0.10 255.255.252.0
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 192.168.10.1 255.255.255.0
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
switchport mode trunk
no ip address
!
interface GigabitEthernet0/0/1
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/0/2
no ip address
!
interface GigabitEthernet0/0/3
no ip address
!
interface Vlan1
ip address 192.168.11.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface Vlan10
ip address 192.168.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
!
router eigrp 10
network 192.168.0.0 0.0.3.255
network 192.168.10.0
network 192.168.11.0
!
ip default-gateway 192.168.0.1
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
ip access-list extended NAT
permit ip 192.168.12.0 0.0.0.255 any
!
access-list 23 permit 192.168.0.0 0.0.255.255
!
!
snmp-server community public RO
!
!
!
control-plane
!
!
banner login
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 0037035216502232
transport input ssh
line vty 5 15
access-class 23 in
transport input ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp peer 91.189.94.4
end
Thanks!
03-28-2011 11:37 AM
the actual command should be:
ip nat inside source list NAT interface vlan 1 overload
please test and let me know.
03-28-2011 11:38 AM
Hi,
Can you remove the below line and try
ip default-gateway 192.168.0.1
and make u r port gig0/0/0 as part of vlan 1 currently its in trunk mode.
switchport
switchport mode access
in addition to the above post.
Thanks
03-28-2011 12:23 PM
Thanks guys,
I've removed the default gateway, set the nat overload to interface vlan 1 and set ge0/0/0 to vlan 1. Still no luck!
Hosts on the 192.168.12.0 network are able to ping all internal interfaces on this router (192.168.[10/11/12].0), as well as the external interface 192.168.0.10.
Here's the current full config:
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname b-gw
!
boot-start-marker
boot system flash c1900-universalk9-mz.SPA.151-4.M.bin
boot-end-marker
!
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
clock timezone GMT -7 0
!
no ipv6 cef
ip source-route
ip cef
!
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.10.1 192.168.10.20
!
ip dhcp pool PRIMARY
network 192.168.10.0 255.255.255.0
dns-server 192.168.0.77
default-router 192.168.10.1
!
ip dhcp pool WIRELESS
network 192.168.12.0 255.255.255.0
default-router 192.168.12.1
dns-server 8.8.8.8
!
!
ip name-server 192.168.0.77
multilink bundle-name authenticated
!
password encryption aes
crypto pki token default removal timeout 0
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.0.10 255.255.252.0
ip flow ingress
ip flow egress
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
ip address 192.168.10.1 255.255.255.0
ip flow ingress
ip flow egress
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/0/0
no ip address
!
interface GigabitEthernet0/0/1
switchport access vlan 10
no ip address
!
interface Vlan1
ip address 192.168.11.1 255.255.255.0
ip nat outside
ip virtual-reassembly in
!
interface Vlan10
ip address 192.168.12.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
!
router eigrp 10
network 192.168.0.0 0.0.3.255
network 192.168.10.0
network 192.168.11.0
!
ip forward-protocol nd
!
ip http server
no ip http secure-server
!
ip nat inside source list NAT interface Vlan1 overload
ip route 0.0.0.0 0.0.0.0 192.168.0.1
!
ip access-list extended NAT
permit ip 192.168.12.0 0.0.0.255 any
!
access-list 23 permit 10.10.10.0 0.0.0.63
access-list 23 permit 192.168.0.0 0.0.255.255
!
!
snmp-server community public RO
!
!
!
control-plane
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 0037035216502232
transport input ssh
line vty 5 15
access-class 23 in
transport input ssh
!
scheduler allocate 20000 1000
ntp update-calendar
ntp peer 91.189.94.4
end
03-28-2011 12:39 PM
Hi,
Under u r interface gig0/0/1 can u enter switchport command and try it.
Regards.
03-28-2011 12:41 PM
No luck there, am I missing something?:
b-gw#config t
Enter configuration commands, one per line. End with CNTL/Z.
b-gw(config)#interface gigabitEthernet 0/0/1
b-gw(config-if)#switchport
% Incomplete command.
03-28-2011 05:13 PM
I believe the issue may be in your default route unless I am missunderstaing the question. Do you only want to use PAT/NAT when talking to the 192.168.11.0/24 netowrk?
As your config stands, when a host on the 192.168.12.0/24 network wants to reach any other host except one on located on 192.168.11.0/24 it will be directed to 192.168.0.1 and never use NAT/PAT. If the destination is on the 192168.11.0/24 network, Port Address Translation is used and the 192.168.12.XXX host will be translated to 192.168.11.1 and then connect to that destination.
If you wanted all of your traffic on VLAN10 to route over(out) VLAN1 then your default route should look something like this.
ip route 0.0.0.0 0.0.0.0 192.168.11.XXX
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: