ISR 1100 - C1111-4P - NAT inside LAN (2024)

969

Views

2

Helpful

3

Replies

ISR 1100 - C1111-4P - NAT inside LAN

Go to solution

ISR 1100 - C1111-4P - NAT inside LAN (1)

ISR 1100 - C1111-4P - NAT inside LAN (2)PROTECHITISR 1100 - C1111-4P - NAT inside LAN (3)

Level 1

Options

  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

‎01-15-202412:49 AM - last edited on ‎01-17-202411:33 PM by ISR 1100 - C1111-4P - NAT inside LAN (4)TranslatorISR 1100 - C1111-4P - NAT inside LAN (5)

Hello,

We created an additional LAN in the already existing local network. To access the Internet on the new LAN, we used NAT on the C1111-4P router.

It all looks like Internet access is there, just.... the connection is not stable, i.e., for example, web pages once load and once do not. Are we missing something in the configuration of the C1111-4P router?

Below are the configurations from the router and a general description of Our Network:

WAN is from CBS350-48X switch:
interface TenGigabitEthernet1/0/1
speed 1000
description WAN-ISR110
switchport access vlan 136

C1111-4P configuration:

Building configuration...
Current configuration : 7558 bytes
!
! Last configuration change at 12:17:52 UTC Fri Jan 12 2024 by admin
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname C1111-4P
!
boot-start-marker
boot system bootflash:c1100-universalk9.17.09.04a.SPA.bin
boot system bootflash:c1100-universalk9.17.06.01a.SPA.bin
boot-end-marker
!
!
no aaa new-model
clock timezone UTC -1 0
!
!
!
!
!
!
!
no ip domain lookup
ip domain name LAN.local
ip dhcp excluded-address 192.168.0.0 192.168.0.100
ip dhcp excluded-address 192.168.0.201 192.168.0.255
!
ip dhcp pool POOL_VL99
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8 1.1.1.1
lease 0 8
!
!
!
username admin privilege 15 secret 9 password
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN from VLAN 136
ip address 192.168.136.2 255.255.255.0
ip nat outside
media-type spf
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface GigabitEthernet0/1/1
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface GigabitEthernet0/1/2
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
shutdown
!
interface GigabitEthernet0/1/3
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.0.1 255.255.255.0
ip nat inside
no autostate
!
ip default-gateway 192.168.0.1
no ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 192.168.136.1
ip ssh version 2
!
!
ip access-list standard NAT
10 permit 192.168.0.0 0.0.0.255
!
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
logging synchronous
login local
transport input none
stopbits 1
line vty 0 4
login
length 0
transport input ssh
line vty 5 14
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
end

Solved!Go to Solution.

I have this problem too

Labels:

  • Labels:
  • ISR 1000 Series
  • Routing Protocols

0Helpful

  • All forum topics
  • Previous Topic
  • Next Topic

1 Accepted Solution


Accepted Solutions

Go to solution

ISR 1100 - C1111-4P - NAT inside LAN (6)

ISR 1100 - C1111-4P - NAT inside LAN (7)ISR 1100 - C1111-4P - NAT inside LAN (8)MHM Cisco World

VIP

Options

  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

‎01-15-202406:38 AM - last edited on ‎01-17-202411:36 PM by ISR 1100 - C1111-4P - NAT inside LAN (9)TranslatorISR 1100 - C1111-4P - NAT inside LAN (10)

only one command need

ip routing

also


ip route 0.0.0.0 0.0.0.0 192.168.136.1 <<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 <<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1 <<- add this

MHM

View solution in original post

1Helpful

3 Replies 3

Go to solution

ISR 1100 - C1111-4P - NAT inside LAN (11)

ISR 1100 - C1111-4P - NAT inside LAN (12)ISR 1100 - C1111-4P - NAT inside LAN (13)balaji.bandi

Hall of Fame

Options

  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

‎01-15-202406:34 AM - last edited on ‎01-17-202411:28 PM by ISR 1100 - C1111-4P - NAT inside LAN (14)TranslatorISR 1100 - C1111-4P - NAT inside LAN (15)

Configuration seems to be ok

did other LAN working as expected with any trouble that mentioned in the new VLAN.

there are some Lines which you do not need :

no ip default-gateway 192.168.0.1
no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

how are you testing - connecting directly router and testing ?

check from user able to ping google DNS continous.

- Check connection port have any errors ?

- speed checks ?

- ping gateway Local and next hop see any drops ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

1Helpful

Go to solution

ISR 1100 - C1111-4P - NAT inside LAN (16)

ISR 1100 - C1111-4P - NAT inside LAN (17)ISR 1100 - C1111-4P - NAT inside LAN (18)MHM Cisco World

VIP

Options

  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

‎01-15-202406:38 AM - last edited on ‎01-17-202411:36 PM by ISR 1100 - C1111-4P - NAT inside LAN (19)TranslatorISR 1100 - C1111-4P - NAT inside LAN (20)

only one command need

ip routing

also


ip route 0.0.0.0 0.0.0.0 192.168.136.1 <<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 <<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1 <<- add this

MHM

1Helpful

Go to solution

ISR 1100 - C1111-4P - NAT inside LAN (21)

ISR 1100 - C1111-4P - NAT inside LAN (22)PROTECHITISR 1100 - C1111-4P - NAT inside LAN (23)

Level 1

Options

  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Subscribe to RSS Feed
  • Permalink
  • Print
  • Report Inappropriate Content

‎01-16-202401:31 AM - last edited on ‎01-17-202411:31 PM by ISR 1100 - C1111-4P - NAT inside LAN (24)TranslatorISR 1100 - C1111-4P - NAT inside LAN (25)

Thank you very much! This three commands resolved problem:

ip route 0.0.0.0 0.0.0.0 192.168.136.1

<<- remove this

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0

<<- remove this

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1

<<- add this

Can I ask what is the difference in adding one line of command instead of two separate lines? Don't they mean the same thing? However, is there a hierarchy here?

As for the

ip routing

command, it is not visible in the configuration file of the C1111-4P router, but we can check its status through the WebUI under Administration -> Device.

Thank You - MHM Cisco World and balaji.bandi - once again for Your help.

0Helpful

ISR 1100 - C1111-4P - NAT inside LAN (26)

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community

Quick Links

Knowledge Articles

Customers Also Viewed These Support Documents

ISR 1100 - C1111-4P - NAT inside LAN (27)

ISR 1100 - C1111-4P - NAT inside LAN (2024)
Top Articles
Latest Posts
Recommended Articles
Article information

Author: Wyatt Volkman LLD

Last Updated:

Views: 5953

Rating: 4.6 / 5 (66 voted)

Reviews: 89% of readers found this page helpful

Author information

Name: Wyatt Volkman LLD

Birthday: 1992-02-16

Address: Suite 851 78549 Lubowitz Well, Wardside, TX 98080-8615

Phone: +67618977178100

Job: Manufacturing Director

Hobby: Running, Mountaineering, Inline skating, Writing, Baton twirling, Computer programming, Stone skipping

Introduction: My name is Wyatt Volkman LLD, I am a handsome, rich, comfortable, lively, zealous, graceful, gifted person who loves writing and wants to share my knowledge and understanding with you.