Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3784
Views
0
Helpful
15
Replies

Router on a stick configuration with NAT

Go to solution
Knabbel
Level 1
Level 1

‎10-07-2017 12:46 PM - edited ‎03-08-2019 12:17 PM

Hi :)

 

I'm new to this and i'm trying to build a vlan network based on the router on a stick principle. When i first created the vlans and stuff it worked.. and i could'nt ping from vlan 10 to vlan 20. But when i added nat overload to vlan 10 and 20 it all went wrong :P I'm able to send packages from vlan 10 and 20 with the wan ip and i can reach the webserver on the other side but im also able to contact the vlan 20 network. I'm not sure what id did wrong.. it could easily be a stupid mistake....  

 

I attached the pkt file. I hope somebody can help me out with this..

Labels:
hi.tar
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Julio E. Moisa
VIP
VIP
In response to Knabbel

‎10-08-2017 05:44 AM - edited ‎10-08-2017 05:49 AM

Thank you, please let me take a look. 

At simple sight the Router0 and Switches configs are fine, but I suggest use trunks between switches and create the vlans on the switches as well.

Also on the router 0 the default route can be pointing to the local interface s0/0/0 but I suggest change it by the IP of next hop.

So it should be: 0.0.0.0 0.0.0.0 200.10.0.2   otherwise it will be doing ARP each time it is using the default route. 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<

View solution in original post

0 Helpful
15 Replies 15

Go to solution
Julio E. Moisa
VIP
VIP

‎10-07-2017 06:08 PM

Hi

Im trying to open the file but no topology is displayed, could you please upload it again, thank you in advance.

Also could you please provide more details about the issue. 

 

Thank you




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
Knabbel
Level 1
Level 1
In response to Julio E. Moisa

‎10-07-2017 11:46 PM

Thanks Julio for replying, that’s weird I tested it before I uploaded it. Maybe it’s because I am working on OSX and setted packettracer with wine up… As you probably mentioned my English isn’t very good so I avoided to talk about details. But I’m going to give it a shot :D. I will upload the file again, that will probably fail so I will upload the commands and a picture for more clarity.

 

I’m in my exam year we will have to build a network like these. I started with vlans. So, I created and configured vlan 10 and 20 with a router on a stick principle. With the sub interfaces. Vlan 10 and 20 couldn’t reach each other so in my eyes the vlan’s worked properly. 

 

The next thing I configured was a static NAT route for the webserver I added to the topology. It all still worked. Vlan 10 and 20 couldn’t reach each other but can access the webserver.

 

I think it went wrong when I configured NAT overload for the vlan sub interfaces.. After configuring, the NAT overload worked for the sub interfaces. I could see in simulation that the packages destination address was changing to the WAN address. But then I could somehow also access vlan 20 from vlan 10 and the other way around.

 

I have no clue what I did wrong.. Maybe you cant use NAT overload on sub interfaces that uses vlans?

49 KB
hi.tar
116 KB
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Knabbel

‎10-08-2017 05:00 AM

Hello,

there is something wrong with you TAR file. Save the Packet Tracer file as a .pkt file and rename it to .jpg, you can the upload the jpg file.

0 Helpful

Go to solution
Knabbel
Level 1
Level 1
In response to Georg Pauwen

‎10-08-2017 05:13 AM

Thanks! I changed pkg to jpg :)

84 KB
0 Helpful

Go to solution
Georg Pauwen
VIP
VIP
In response to Knabbel

‎10-08-2017 05:22 AM

Hello,

the file is saved in which version of Packet Tracer ? I cannot open it, content is not compatible with version 7...

0 Helpful

Go to solution
Knabbel
Level 1
Level 1
In response to Georg Pauwen

‎10-08-2017 05:25 AM

It's a version 7, but running packettracer with wine. Because the isn't a packettracer for osx. Maybe thats the reason.. 

1285 KB
0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to Knabbel

‎10-08-2017 05:30 AM

Hi,

Thank you, is possible to share the config on text block or paste the config here?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
Knabbel
Level 1
Level 1
In response to Julio E. Moisa

‎10-08-2017 05:38 AM

Router(config)#do show run
Building configuration...

Current configuration : 1182 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2901/K9 sn FTX15240747
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0

Router(config)#do show run
Building configuration...

Current configuration : 1182 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2901/K9 sn FTX15240747
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.1.1 255.255.255.248
ip nat inside
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.1.9 255.255.255.248
ip nat inside
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 200.10.0.1 255.0.0.0
ip nat outside
clock rate 2000000
!
interface Serial0/0/1
no ip address
clock rate 2000000
!
interface Vlan1
no ip address
shutdown
!
router rip
!
ip nat inside source list 1 interface Serial0/0/0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
ip flow-export version 9
!
!
access-list 1 permit 192.168.1.0 0.0.0.7
access-list 1 permit 192.168.1.8 0.0.0.7
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

 

Router1(config)#do show run
Building configuration...

Current configuration : 868 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
!
!
no ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2901/K9 sn FTX1524R303
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 172.16.1.1 255.255.0.0
ip nat inside
duplex auto
speed auto
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
interface Serial0/0/0
ip address 200.10.0.2 255.0.0.0
ip nat outside
!
interface Serial0/0/1
no ip address
clock rate 2000000
shutdown
!
interface Vlan1
no ip address
shutdown
!
ip nat inside source static 172.16.1.254 200.10.0.2
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

 

Switch0
Building configuration...

Current configuration : 1343 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 20
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode trunk
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
mac-address 0009.7ceb.ea01
no ip address
!
interface Vlan20
mac-address 0009.7ceb.ea02
no ip address
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
!
end

 

Switch1

Switch(config)#do show run
Building configuration...

Current configuration : 1343 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 20
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode trunk
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport mode trunk
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
mac-address 0009.7ceb.ea01
no ip address
!
interface Vlan20
mac-address 0009.7ceb.ea02
no ip address
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
!
end

 

Switch 2

Switch(config)#do show run
Building configuration...

Current configuration : 1300 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
no ip domain-lookup
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
!
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
!
end

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to Knabbel

‎10-08-2017 05:44 AM - edited ‎10-08-2017 05:49 AM

Thank you, please let me take a look. 

At simple sight the Router0 and Switches configs are fine, but I suggest use trunks between switches and create the vlans on the switches as well.

Also on the router 0 the default route can be pointing to the local interface s0/0/0 but I suggest change it by the IP of next hop.

So it should be: 0.0.0.0 0.0.0.0 200.10.0.2   otherwise it will be doing ARP each time it is using the default route. 

 




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to Julio E. Moisa

‎10-08-2017 05:57 AM

Just to be on the same page, there is no communication between the VLANs if the NAT is applied on the router 0, is that correct?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
Knabbel
Level 1
Level 1
In response to Julio E. Moisa

‎10-08-2017 06:01 AM

Thanks ! There is communication. Vlan 10 and 20 can ping each other. 

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to Knabbel

‎10-08-2017 06:13 AM

Hi Beau,

Is everything working now?




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful

Go to solution
Knabbel
Level 1
Level 1
In response to Julio E. Moisa

‎10-08-2017 07:29 AM - edited ‎10-08-2017 07:30 AM

Yeah everything is working for so far haha. Still have a lot to do(and learn) to complete the whole network topology :) Thanks for asking!

0 Helpful

Go to solution
Julio E. Moisa
VIP
VIP
In response to Knabbel

‎10-08-2017 07:44 AM

Im happy to hear that is working   :-)

Everyday we learn new things 

Have a great day Beau

:-)




>> Marcar como útil o contestado, si la respuesta resolvió la duda, esto ayuda a futuras consultas de otros miembros de la comunidad. <<
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card