vlan and nat together
I have a 2960 switch and 2600 router.
I have configured 4 vlans as follwoing on the 2960 switch:
Vlan2----10.20.0.1/16
fa0/2
Vlan3----10.30.0.1/16
fa0/3
Vlan4----10.40.0.1/16
fa0/4
Vlan5----10.50.0.1/16
fa0/5
The topology is:
Pc
2960
2600
(edge router)
internet
edge router inside interface: 192.168.44.1
I did intervlan routing on the 2600 router. The router's outside interface is 192.168.44.182/24.
From the router, i can reach everywhere.
However, from the pc, i can only reach upto the outside interface of the router which is 192.168.44.182. But, I can not ping 192.168.44.1. I guess, i have something wrong in my routerside configuratin. The config of the router is:
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$fC7x$/OhMDLXT5.oUfgqetXUoV0
enable password line
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip dhcp pool test
network 10.0.0.0 255.0.0.0
default-router 10.0.0.1 255.0.0.0
dns-server 202.125.148.204
!
interface FastEthernet0/0
ip address 192.168.44.182 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1.1
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 10.20.0.1 255.255.0.0
!
interface FastEthernet0/1.3
encapsulation dot1Q 3
ip address 10.30.0.1 255.255.0.0
!
interface FastEthernet0/1.4
encapsulation dot1Q 4
ip address 10.40.0.1 255.255.0.0
!
interface FastEthernet0/1.5
encapsulation dot1Q 5
ip address 10.50.0.1 255.255.0.0
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.44.1
!
!
access-list 1 permit 10.0.0.0 0.0.255.255
access-list 1 permit 10.20.0.0 0.0.255.255
access-list 1 permit 10.30.0.0 0.0.255.255
access-list 1 permit 10.40.0.0 0.0.255.255
access-list 1 permit 10.50.0.0 0.0.255.255
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
!
!
end
Now, i need suggestion on how I can reach to 192.168.44.1 and internet from all the vlan's.
I have configured 4 vlans as follwoing on the 2960 switch:
Vlan2----10.20.0.1/16
fa0/2
Vlan3----10.30.0.1/16
fa0/3
Vlan4----10.40.0.1/16
fa0/4
Vlan5----10.50.0.1/16
fa0/5
The topology is:
Pc
2960
2600
(edge router)
internet
edge router inside interface: 192.168.44.1
I did intervlan routing on the 2600 router. The router's outside interface is 192.168.44.182/24.
From the router, i can reach everywhere.
However, from the pc, i can only reach upto the outside interface of the router which is 192.168.44.182. But, I can not ping 192.168.44.1. I guess, i have something wrong in my routerside configuratin. The config of the router is:
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$fC7x$/OhMDLXT5.oUfgqetXUoV0
enable password line
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
ip dhcp pool test
network 10.0.0.0 255.0.0.0
default-router 10.0.0.1 255.0.0.0
dns-server 202.125.148.204
!
interface FastEthernet0/0
ip address 192.168.44.182 255.255.255.0
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
ip nat inside
duplex auto
speed auto
!
interface FastEthernet0/1.1
!
interface FastEthernet0/1.2
encapsulation dot1Q 2
ip address 10.20.0.1 255.255.0.0
!
interface FastEthernet0/1.3
encapsulation dot1Q 3
ip address 10.30.0.1 255.255.0.0
!
interface FastEthernet0/1.4
encapsulation dot1Q 4
ip address 10.40.0.1 255.255.0.0
!
interface FastEthernet0/1.5
encapsulation dot1Q 5
ip address 10.50.0.1 255.255.0.0
!
ip nat inside source list 1 interface FastEthernet0/0 overload
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.44.1
!
!
access-list 1 permit 10.0.0.0 0.0.255.255
access-list 1 permit 10.20.0.0 0.0.255.255
access-list 1 permit 10.30.0.0 0.0.255.255
access-list 1 permit 10.40.0.0 0.0.255.255
access-list 1 permit 10.50.0.0 0.0.255.255
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
password cisco
login
!
!
!
end
Now, i need suggestion on how I can reach to 192.168.44.1 and internet from all the vlan's.
Comments
-
Netwurk Member Posts: 1,155 ■■■■■□□□□□What default gateway is set up on your PC?
Your dhcp settings on the router shows it should get "default-router 10.0.0.1 255.0.0.0", yet you don't have 10.0.0.1 set up as an ip address anywhere on your router. Also, you don't need a to put a mask in your default-router line. It's probably harmless though, as I think windows would ignore it. -
tech-airman Member Posts: 953dipok,
Questions:- Which VLAN is the PC associated with?
- Where is your 802.1q native VLAN?
-
Netwurk Member Posts: 1,155 ■■■■■□□□□□Just saw something else in your config
You need to add a "ip dhcp excluded-address 10.0.0.1" line
Otherwise your PC might get the same address as your default gateway, especially since it's the first address in the pool -
kryolla Member Posts: 785try these commands and check your nat entries
ip dhcp pool test
network 10.20.0.0 255.255.0.0
default-router 10.20.0.1
dns-server 202.125.148.204
ip dhcp pool test1
network 10.30.0.0 255.255.0.0
default-router 10.30.0.1
dns-server 202.125.148.204
ip dhcp pool test2
network 10.40.0.0 255.255.0.0
default-router 10.40.0.1
dns-server 202.125.148.204
ip dhcp pool test3
network 10.50.0.0 255.255.0.0
default-router 10.50.0.1
dns-server 202.125.148.204
ip dhcp exclude 10.20.0.1
ip dhcp exclude 10.30.0.1
ip dhcp exclude 10.40.0.1
ip dhcp exclude 10.50.0.1Studying for CCIE and drinking Home Brew -
dipok Member Posts: 11 ■□□□□□□□□□sorry everyone. I was away for a while.
Well, now lets talk about the follwoing config:
ip dhcp pool test
network 10.0.0.0 255.0.0.0
default-router 10.0.0.1 255.0.0.0 (u can guess, it was fa0/1, before i configured vlan with no switch port here)
dns-server 202.125.148.204
Infact first i created a dhcp pool with 10.0.0.0/8. It was working fine along with the nat configuration. After that, i was practicing VLAN. I was confused how the new subnets of the vlan's will interact with the "Nat Overload" scenerio. Do you think the following access list is enough for that or it requires additional config:
access-list 1 permit 10.0.0.0 0.0.255.255
access-list 1 permit 10.20.0.0 0.0.255.255
access-list 1 permit 10.30.0.0 0.0.255.255
access-list 1 permit 10.40.0.0 0.0.255.255
access-list 1 permit 10.50.0.0 0.0.255.255
Well, within the vlans, I can interact with the all the vlan gateways through the vlan ports (by putting static ip- next to the gateway, like x.x.x.2 since the gateway is x.x.x.1).
However, i cant get to the internet.
since, i want Nat, Vlan and dhcp to work together, my last question should:
How all the vlan subnets can be translated to to the outside interface ip (192.168.44.182)?
Secondly, suppose, when I will connect to the fa0/2, can the dhcp provide me the ip from 10.20.0.1/16.
Well, kryolla, I will try the config you suggested me tomorrow morning.
However, thanks everyone for your wonderful co-operation.