TrustGroup-UAE
asked on
Cisco Router NAT with DHCP on VLAN's
Hi All,
Hope everyone is well. I have something which im banging my head against a wall with.
I have a Linksys Router connected to my ISP. This router is configured and working. If i connect a client up to it it allocated DHCP on a 192.168.1.xxx /24 Range.
We have recently implemented VLAN's onsite and these are all sat on the Cisco Router. All this is working fine and VLAN to VLAN IP's can be pinged. Im now trying to connect the Cisco Router to the Linksys Router so all VLAN's can have internet access. Unfortunatly i cannot do PPPoE from the Cisco to the ISP as there Service Agreement will not allow me to do this for a couple of reasons.
I cannot seem to get internet access working from any of the VLAN's though. Here is my router config:-
version 12.4
no parser cache
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
no logging console
enable secret 5 1234567890
!
aaa new-model
!
!
!
!
aaa session-id common
no ip source-route
no ip routing
!
!
no ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name trustgroup.local
multilink bundle-name authenticated
!
!
!
username sysadmin privilege 15 password 7 1234567890
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description ** Connected to ISP **
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
description ** Connected to Local LAN **
no ip address
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 10.1.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip address 10.1.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/1.104
encapsulation dot1Q 104
ip address 10.1.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/1.110
encapsulation dot1Q 110
ip address 10.1.110.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
!
!
ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
password 7 046F19131C351D1C5A5D41
logging synchronous
line aux 0
line vty 0 4
password 7 053F141A32581F5B4A4153
line vty 5 15
password 7 15261919173E7A767B7771
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp master
!
end
Could anybody Help?
Cheers
TME
Hope everyone is well. I have something which im banging my head against a wall with.
I have a Linksys Router connected to my ISP. This router is configured and working. If i connect a client up to it it allocated DHCP on a 192.168.1.xxx /24 Range.
We have recently implemented VLAN's onsite and these are all sat on the Cisco Router. All this is working fine and VLAN to VLAN IP's can be pinged. Im now trying to connect the Cisco Router to the Linksys Router so all VLAN's can have internet access. Unfortunatly i cannot do PPPoE from the Cisco to the ISP as there Service Agreement will not allow me to do this for a couple of reasons.
I cannot seem to get internet access working from any of the VLAN's though. Here is my router config:-
version 12.4
no parser cache
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname ROUTER
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
no logging console
enable secret 5 1234567890
!
aaa new-model
!
!
!
!
aaa session-id common
no ip source-route
no ip routing
!
!
no ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name trustgroup.local
multilink bundle-name authenticated
!
!
!
username sysadmin privilege 15 password 7 1234567890
archive
log config
hidekeys
!
!
ip tcp synwait-time 10
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description ** Connected to ISP **
ip address dhcp
ip nat outside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
description ** Connected to Local LAN **
no ip address
ip nat inside
ip virtual-reassembly
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 10.1.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip address 10.1.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/1.104
encapsulation dot1Q 104
ip address 10.1.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
interface FastEthernet0/1.110
encapsulation dot1Q 110
ip address 10.1.110.1 255.255.255.0
ip nat inside
ip virtual-reassembly
no ip route-cache
!
!
!
ip http server
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
!
!
control-plane
!
!
line con 0
password 7 046F19131C351D1C5A5D41
logging synchronous
line aux 0
line vty 0 4
password 7 053F141A32581F5B4A4153
line vty 5 15
password 7 15261919173E7A767B7771
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp master
!
end
Could anybody Help?
Cheers
TME
ASKER
Hi there,
I have added the above but still no joy.
I can ping all 10.1.xxx.xxx from the client no problems but cannot get anothing out on the internet. From the router i can Ping Internet Addresses.
Cheers
Si
I have added the above but still no joy.
I can ping all 10.1.xxx.xxx from the client no problems but cannot get anothing out on the internet. From the router i can Ping Internet Addresses.
Cheers
Si
Is the port on the switch that connects to the router configured as a trunk with dot1q encapsulation?
Can you also post the output of:
sh ip nat translations
sh ip route
sh ip access-lists
Thanks!
Can you also post the output of:
sh ip nat translations
sh ip route
sh ip access-lists
Thanks!
ASKER
Hi,
Thanks for your Response. Please see details below:-
Switch Config is:-
interface FastEthernet0/2
description ** Service Router Uplink - FA0/1 **
switchport mode trunk
Sh IP Nat Translation - Shows nothing
Default Gateway shows:-
Default gateway is 192.168.1.1
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
Show Access List shows:
Access list:-
Extended IP access list 101
10 permit ip any any (15 matches)
I have also updated my IOS from 12.4 to 15.1. Below is the Config:
version 15.1
no parser cache
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname TMES1RT001
!
boot-start-marker
boot system flash:c2800nm-adventerpris
boot-end-marker
!
!
logging buffered 51200
no logging console
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
no ip routing
!
!
no ip cef
!
!
!
no ip bootp server
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811
archive
log config
hidekeys
!
redundancy
!
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description ** Connected to Etisalat **
ip address dhcp
ip nat outside
no ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
description ** Connected to Local LAN **
no ip address
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 10.1.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip address 10.1.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface FastEthernet0/1.104
encapsulation dot1Q 104
ip address 10.1.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface FastEthernet0/1.110
encapsulation dot1Q 110
ip address 10.1.110.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip any any
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
transport input all
line vty 5 15
transport input all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp master
end
Cheers Again for you help
TME
Thanks for your Response. Please see details below:-
Switch Config is:-
interface FastEthernet0/2
description ** Service Router Uplink - FA0/1 **
switchport mode trunk
Sh IP Nat Translation - Shows nothing
Default Gateway shows:-
Default gateway is 192.168.1.1
Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty
Show Access List shows:
Access list:-
Extended IP access list 101
10 permit ip any any (15 matches)
I have also updated my IOS from 12.4 to 15.1. Below is the Config:
version 15.1
no parser cache
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
no service dhcp
!
hostname TMES1RT001
!
boot-start-marker
boot system flash:c2800nm-adventerpris
boot-end-marker
!
!
logging buffered 51200
no logging console
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
no ip routing
!
!
no ip cef
!
!
!
no ip bootp server
no ip domain lookup
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2811
archive
log config
hidekeys
!
redundancy
!
!
ip tcp synwait-time 10
!
!
!
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description ** Connected to Etisalat **
ip address dhcp
ip nat outside
no ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1
description ** Connected to Local LAN **
no ip address
ip nat outside
ip virtual-reassembly in
no ip route-cache
duplex auto
speed auto
!
interface FastEthernet0/1.101
encapsulation dot1Q 101
ip address 10.1.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface FastEthernet0/1.102
encapsulation dot1Q 102
ip address 10.1.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface FastEthernet0/1.103
encapsulation dot1Q 103
ip address 10.1.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface FastEthernet0/1.104
encapsulation dot1Q 104
ip address 10.1.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
interface FastEthernet0/1.110
encapsulation dot1Q 110
ip address 10.1.110.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
no ip route-cache
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
!
ip nat inside source list 101 interface FastEthernet0/0 overload
!
access-list 101 permit ip any any
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
logging synchronous
line aux 0
line vty 0 4
transport input all
line vty 5 15
transport input all
!
scheduler max-task-time 5000
scheduler allocate 20000 1000
ntp master
end
Cheers Again for you help
TME
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Also if you want the vlan to talk to one another you want to add to your NAT ACL to deny vlan to vlan traffic
i.e.
deny ip 10.1.1.0 0.0.0.255 10.1.4.0 0.0.0.255
i.e.
deny ip 10.1.1.0 0.0.0.255 10.1.4.0 0.0.0.255
ASKER
Excellent!
That worked a treat!
Thanks for your Help!
That worked a treat!
Thanks for your Help!
ASKER
Awsome! Stuck with the probelm and worked to cpmletion! Full Credits!
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
consider adding the following:
access-list 101 permit ip 10.1.0.0 0.0.255.255 any
hope this helps