Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
519
Views
0
Helpful
1
Replies

help for adsl and vlan

MohsenMostafa
Level 1
Level 1

‎07-17-2016 07:24 AM - edited ‎03-03-2019 08:17 AM

hello, im new to ccna .

please any expert help me in this scenario,

router 1721 with one wic-1adsl ,i have adsl connection with irb static ip.

the router connect with managed switch through a trunk port.

the switch has 2 vlans one for the static IPs and the other for private lan.

i need the private lan to be able to go to internet please any ideas.

the router configuration is as follows:

Building configuration...

Current configuration : 1272 bytes

!

! Last configuration change at 16:50:18 pc Fri May 10 2013 by admin

!

version 12.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname BELCO

!

boot system tftp c1700-k9o3sy7-mz.122-15.T17.bin 62.x.x.7x

logging queue-limit 100

!

username admin privilege 15 password 0 HES2010

clock timezone pc 0

ip subnet-zero

!

!

!

ip cef

!

!

bridge irb

!

!

interface ATM0

no ip address

no atm ilmi-keepalive

pvc 0/35

  encapsulation aal5snap

!

dsl operating-mode auto

bridge-group 1

!

interface ATM1

no ip address

shutdown

no atm ilmi-keepalive

dsl operating-mode auto

!

interface FastEthernet0

no ip address

speed auto

!

interface FastEthernet0.1

description LAN

encapsulation dot1Q 1 native

ip address 192.168.1.10 255.255.255.0

!

interface FastEthernet0.2

description WAN

encapsulation dot1Q 2

ip address 62.x.x.7x 255.255.255.248

!

interface BVI1

mac-address 0000.0cc9.fa98

ip address 10.186.10.106 255.255.255.252

!

ip classless

ip route 0.0.0.0 0.0.0.0 BVI1

ip http server

ip http authentication local

!

!

bridge 1 protocol ieee

bridge 1 route ip

!

line con 0

speed 115200

line aux 0

line vty 0 4

privilege level 15

login local

transport input telnet

!

no scheduler allocate

end

so vlan2 can go to internet because it has the same subnet with provider but vlan 1 canot go internet.

so how i can make all vlans go internet(the router has only 1 fastethernet port)

and i tried theses ......

interface fa0.1

ip nat inside

!

interface fa0.2

ip nat outside

!

ip access-list extended MY_NAT

permit ip 192.168.1.0 0.0.0.255 any

!

ip nat inside source list MY_NAT interface fa0.2 overload

!

ip route 0.0.0.0 0.0.0.0 [YOUR Default Gateway IP here]

no ip route 0.0.0.0 0.0.0.0 BVI1

but didnt work

someone told me i need loopback interface but dont know how

thanks in advanced for any help.

Labels:
0 Helpful
1 Reply 1

Luke Oxley
Level 1
Level 1

‎07-27-2016 12:34 PM

MohsenMostafa,
Thanks for the post, I assume that you're still having the same issues and need assistance. I've had a look over your configuration for you and can see some big gaps in what needs to happen. I'm also giving you this advice based on the assumption that you can successfully ping 8.8.8.8 sourced from BVI1 and that you can ping 8.8.8.8 from one of your static public addresses in VLAN2.
The reason that VLAN1 traffic cannot access the internet is because it is a private address range, and what do private addresses rely on to access the internet? NAT. Your configuration is not setup correctly to NAT. I can see from what you've tried you have made a good attempt to get this working, but a few things are just slightly amiss.
To configure NAT for VLAN1 in your scenario you need to follow the steps below:
1. Create an access control list defining the traffic you wish to NAT. 
access-list 100 permit ip 192.168.1.0 255.255.255.0 any
2. Specify the logical role of your interfaces in question, for example, BVI1 is your public facing interface OR "outside" interface and FastEthernet0.1 is your private/LAN facing interface OR "inside".
interface BVI1
 ip nat outside
!
interface FastEthernet0.1
 ip nat inside
3. Lastly, you need to create the NAT statement that ties all of this together.
ip nat inside source list 100 interface bvi1 overload
Everything else in your configuration looks spot on and ready to go. Please make these changes advised above and test by attempting to ping 8.8.8.8 from a machine on VLAN1. Please also ensure this test machine has an IP address in the 192.168.1.0 address space and has its default gateway set to the sub-interface of the router at 192.168.1.10.

Let me know how you get along, we can take further troubleshooting steps if you are still having issues afterwards. I look forward to your response.
Luke
Things to bear in mind:
- The word "overload" in the NAT statement allows the function of PAT'ing. This means that more than one host behind the router can access the internet otherwise known as a many:1 NAT as it allows multiple private IP addresses to all access the internet by sharing the same public IP address.
- Whoever told you that you needed a loopback interface in order to NAT traffic from VLAN1 in your example was very much incorrect.

Please rate helpful posts and mark correct answers.
0 Helpful
Customers Also Viewed These Support Documents