Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1674
Views
0
Helpful
6
Replies

NAT vlan routing issues

benlemasurier
Level 1
Level 1

‎03-28-2011 11:16 AM - edited ‎03-06-2019 04:18 PM

Hey everyone,

I'm having issues getting clients on interface vlan 10 (GigabitEthernet 0/0/1) properly routing over vlan 1 (GigabitEthernet 0/0/0). Can anyone see any obvious errors in my configuration?

!

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname b-gw

!

boot-start-marker

boot system flash c1900-universalk9-mz.SPA.151-4.M.bin

boot-end-marker

!

!

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

clock timezone GMT -7 0

!

no ipv6 cef

ip source-route

ip cef

!

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.10.1 192.168.10.20

!

ip dhcp pool PRIMARY

    network 192.168.10.0 255.255.255.0

    dns-server 192.168.0.77

    default-router 192.168.10.1

!

ip dhcp pool WIRELESS

    network 192.168.12.0 255.255.255.0

    default-router 192.168.12.1

    dns-server 8.8.8.8

!

!

multilink bundle-name authenticated

!

password encryption aes

crypto pki token default removal timeout 0

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

    ip address 192.168.0.10 255.255.252.0

    ip virtual-reassembly in

    duplex auto

    speed auto

    no mop enabled

!

interface GigabitEthernet0/1

    ip address 192.168.10.1 255.255.255.0

    ip virtual-reassembly in

    duplex auto

    speed auto

!

interface GigabitEthernet0/0/0

    switchport mode trunk

    no ip address

!

interface GigabitEthernet0/0/1

    switchport access vlan 10

    no ip address

!

interface GigabitEthernet0/0/2

    no ip address

!

    interface GigabitEthernet0/0/3

    no ip address

!

interface Vlan1

    ip address 192.168.11.1 255.255.255.0

    ip nat outside

    ip virtual-reassembly in

!

interface Vlan10

    ip address 192.168.12.1 255.255.255.0

    ip nat inside

    ip virtual-reassembly in

!

!

router eigrp 10

    network 192.168.0.0 0.0.3.255

    network 192.168.10.0

    network 192.168.11.0

!

ip default-gateway 192.168.0.1

ip forward-protocol nd

!

ip http server

no ip http secure-server

!

ip nat inside source list NAT interface GigabitEthernet0/0/0 overload

ip route 0.0.0.0 0.0.0.0 192.168.0.1

!

ip access-list extended NAT

    permit ip 192.168.12.0 0.0.0.255 any

!

access-list 23 permit 192.168.0.0 0.0.255.255

!

!

snmp-server community public RO

!

!

!

control-plane

!

!

banner login 

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password 7 0037035216502232

transport input ssh

line vty 5 15

access-class 23 in

transport input ssh

!

scheduler allocate 20000 1000

ntp update-calendar

ntp peer 91.189.94.4

end

Thanks!

Labels:
84029-b-gw-confg.zip
0 Helpful
6 Replies 6

boss.silva
Level 1
Level 1

‎03-28-2011 11:37 AM

the actual command should be:

ip nat inside source list NAT interface vlan 1 overload

please test and let me know.

0 Helpful

mahmoodmkl
Level 7
Level 7

‎03-28-2011 11:38 AM

Hi,

Can you remove the below line and try

ip default-gateway 192.168.0.1

and make u r port gig0/0/0 as part of vlan 1 currently its in trunk mode.

switchport

switchport mode access

in addition to the above post.

Thanks

0 Helpful

benlemasurier
Level 1
Level 1

‎03-28-2011 12:23 PM

Thanks guys,

I've removed the default gateway, set the nat overload to interface vlan 1 and set ge0/0/0 to vlan 1. Still no luck!

Hosts on the 192.168.12.0 network are able to ping all internal interfaces on this router (192.168.[10/11/12].0), as well as the external interface 192.168.0.10.

Here's the current full config:

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname b-gw

!

boot-start-marker

boot system flash c1900-universalk9-mz.SPA.151-4.M.bin

boot-end-marker

!

!

aaa new-model

!

!

!

!

!

!

!

aaa session-id common

clock timezone GMT -7 0

!

no ipv6 cef

ip source-route

ip cef

!

!

!

no ip dhcp use vrf connected

ip dhcp excluded-address 192.168.10.1 192.168.10.20

!

ip dhcp pool PRIMARY

network 192.168.10.0 255.255.255.0

dns-server 192.168.0.77

default-router 192.168.10.1

!

ip dhcp pool WIRELESS

network 192.168.12.0 255.255.255.0

default-router 192.168.12.1

dns-server 8.8.8.8

!

!

ip name-server 192.168.0.77

multilink bundle-name authenticated

!

password encryption aes

crypto pki token default removal timeout 0

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

ip address 192.168.0.10 255.255.252.0

ip flow ingress

ip flow egress

ip virtual-reassembly in

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

ip address 192.168.10.1 255.255.255.0

ip flow ingress

ip flow egress

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/0/0

no ip address

!

interface GigabitEthernet0/0/1

switchport access vlan 10

no ip address

!

interface Vlan1

ip address 192.168.11.1 255.255.255.0

ip nat outside

ip virtual-reassembly in

!

interface Vlan10

ip address 192.168.12.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

!

!

router eigrp 10

network 192.168.0.0 0.0.3.255

network 192.168.10.0

network 192.168.11.0

!

ip forward-protocol nd

!

ip http server

no ip http secure-server

!

ip nat inside source list NAT interface Vlan1 overload

ip route 0.0.0.0 0.0.0.0 192.168.0.1

!

ip access-list extended NAT

permit ip 192.168.12.0 0.0.0.255 any

!

access-list 23 permit 10.10.10.0 0.0.0.63

access-list 23 permit 192.168.0.0 0.0.255.255

!

!

snmp-server community public RO

!

!

!

control-plane

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password 7 0037035216502232

transport input ssh

line vty 5 15

access-class 23 in

transport input ssh

!

scheduler allocate 20000 1000

ntp update-calendar

ntp peer 91.189.94.4

end

0 Helpful

mahmoodmkl
Level 7
Level 7
In response to benlemasurier

‎03-28-2011 12:39 PM

Hi,

Under u r interface gig0/0/1 can u enter switchport command and try it.

Regards.

0 Helpful

benlemasurier
Level 1
Level 1
In response to mahmoodmkl

‎03-28-2011 12:41 PM

No luck there, am I missing something?:

b-gw#config t             

Enter configuration commands, one per line.  End with CNTL/Z.

b-gw(config)#interface gigabitEthernet 0/0/1

b-gw(config-if)#switchport                    

% Incomplete command.

0 Helpful

t_mcwilliams
Level 1
Level 1
In response to benlemasurier

‎03-28-2011 05:13 PM

I believe the issue may be in your default route unless I am missunderstaing the question.  Do you only want to use PAT/NAT when talking to the 192.168.11.0/24 netowrk?

As your config stands, when a host on the 192.168.12.0/24 network wants to reach any other host except one on located on 192.168.11.0/24 it will be directed to 192.168.0.1 and never use NAT/PAT.  If the destination is on the 192168.11.0/24 network, Port Address Translation is used and the 192.168.12.XXX host will be translated to 192.168.11.1 and then connect to that destination.

If you wanted all of your traffic on VLAN10 to route over(out) VLAN1 then your default route should look something like this.

ip route 0.0.0.0 0.0.0.0 192.168.11.XXX

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card