969
Views
2
Helpful
3
Replies
ISR 1100 - C1111-4P - NAT inside LAN
Go to solution
PROTECHIT
Level 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-202412:49 AM - last edited on 01-17-202411:33 PM by Translator
Hello,
We created an additional LAN in the already existing local network. To access the Internet on the new LAN, we used NAT on the C1111-4P router.
It all looks like Internet access is there, just.... the connection is not stable, i.e., for example, web pages once load and once do not. Are we missing something in the configuration of the C1111-4P router?
Below are the configurations from the router and a general description of Our Network:
WAN is from CBS350-48X switch:
interface TenGigabitEthernet1/0/1
speed 1000
description WAN-ISR110
switchport access vlan 136C1111-4P configuration:
Building configuration...
Current configuration : 7558 bytes
!
! Last configuration change at 12:17:52 UTC Fri Jan 12 2024 by admin
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname C1111-4P
!
boot-start-marker
boot system bootflash:c1100-universalk9.17.09.04a.SPA.bin
boot system bootflash:c1100-universalk9.17.06.01a.SPA.bin
boot-end-marker
!
!
no aaa new-model
clock timezone UTC -1 0
!
!
!
!
!
!
!
no ip domain lookup
ip domain name LAN.local
ip dhcp excluded-address 192.168.0.0 192.168.0.100
ip dhcp excluded-address 192.168.0.201 192.168.0.255
!
ip dhcp pool POOL_VL99
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 8.8.8.8 1.1.1.1
lease 0 8
!
!
!
username admin privilege 15 secret 9 password
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN from VLAN 136
ip address 192.168.136.2 255.255.255.0
ip nat outside
media-type spf
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0/1/0
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface GigabitEthernet0/1/1
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
!
interface GigabitEthernet0/1/2
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
shutdown
!
interface GigabitEthernet0/1/3
switchport access vlan 99
switchport trunk native vlan 99
switchport mode access
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan99
ip address 192.168.0.1 255.255.255.0
ip nat inside
no autostate
!
ip default-gateway 192.168.0.1
no ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip nat inside source list NAT interface GigabitEthernet0/0/0 overload
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
ip route 0.0.0.0 0.0.0.0 192.168.136.1
ip ssh version 2
!
!
ip access-list standard NAT
10 permit 192.168.0.0 0.0.0.255
!
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
logging synchronous
login local
transport input none
stopbits 1
line vty 0 4
login
length 0
transport input ssh
line vty 5 14
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
end
Solved!Go to Solution.
I have this problem too
Labels:
- Labels:
- ISR 1000 Series
- Routing Protocols
0Helpful
- All forum topics
- Previous Topic
- Next Topic
1 Accepted Solution
Go to solution
MHM Cisco World
VIP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-202406:38 AM - last edited on 01-17-202411:36 PM by Translator
only one command need
ip routing
also
ip route 0.0.0.0 0.0.0.0 192.168.136.1 <<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 <<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1 <<- add this
MHM
View solution in original post
1Helpful
3 Replies 3
Go to solution
balaji.bandi
Hall of Fame
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-202406:34 AM - last edited on 01-17-202411:28 PM by Translator
Configuration seems to be ok
did other LAN working as expected with any trouble that mentioned in the new VLAN.
there are some Lines which you do not need :
no ip default-gateway 192.168.0.1
no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/0 overload
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
how are you testing - connecting directly router and testing ?
check from user able to ping google DNS continous.
- Check connection port have any errors ?
- speed checks ?
- ping gateway Local and next hop see any drops ?
1Helpful
Go to solution
MHM Cisco World
VIP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-15-202406:38 AM - last edited on 01-17-202411:36 PM by Translator
only one command need
ip routing
also
ip route 0.0.0.0 0.0.0.0 192.168.136.1 <<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 <<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1 <<- add this
MHM
1Helpful
Go to solution
PROTECHIT
Level 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-16-202401:31 AM - last edited on 01-17-202411:31 PM by Translator
Thank you very much! This three commands resolved problem:
ip route 0.0.0.0 0.0.0.0 192.168.136.1
<<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0
<<- remove this
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 192.168.136.1
<<- add this
Can I ask what is the difference in adding one line of command instead of two separate lines? Don't they mean the same thing? However, is there a hierarchy here?
As for the
ip routing
command, it is not visible in the configuration file of the C1111-4P router, but we can check its status through the WebUI under Administration -> Device.
Thank You - MHM Cisco World and balaji.bandi - once again for Your help.
0Helpful
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
Quick Links
Knowledge Articles
Customers Also Viewed These Support Documents