Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Wanet Telecoms Ltd on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Getting Internal VLAN to see FE1

Status
Not open for further replies.
echang15

echang15

Technical User
Jan 17, 2006
34
US
Hello all,

I've come to annoy with another question. Current setup is a 1811, with DSL on FE0, and T1 on FE1. I can see DSL fine when I overload NAT on the FE0 interface, but I can't seem to get FE1 to access at all, even when I turn off FE0, and overload NAT on the FE1 interface. I've been stuck here for a few days now, so any hints/solutions/tips would be greatly appreciated.

thanks a bunch.




router#write t
Building configuration...

Current configuration : 4130 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret x
enable password x
!
no aaa new-model
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.34 192.168.0.254
ip dhcp excluded-address 192.168.0.2
!
ip dhcp pool Default
import all
network 192.168.0.0 255.255.255.0
dns-server 151.202.0.85 65.106.1.196
default-router 192.168.0.1
lease 5
!
!
ip name-server 151.202.0.85
ip name-server 209.116.241.10
no ip ips deny-action ips-interface
ip sla monitor 1
type echo protocol ipIcmpEcho 67.94.72.x
timeout 1000
threshold 2
frequency 3
ip sla monitor schedule 1 life forever start-time now
!
!
crypto pki trustpoint TP-self-signed-4248908665
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4248908665
revocation-check none
rsakeypair TP-self-signed-4248908665
!
!
crypto pki certificate chain TP-self-signed-4248908665
certificate self-signed 01
x

quit
username echang privilege 15 password 0 x
!
!
track 123 rtr 1 reachability
!
!
!
!
interface FastEthernet0
description $ETH-WAN$
ip address 71.249.227.x 255.255.255.0
ip virtual-reassembly
ip nat outside
duplex auto
speed auto
!
interface FastEthernet1
description $ETH-WAN$
ip address 67.94.72.y 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 67.94.72.x track 123
ip route 0.0.0.0 0.0.0.0 71.249.227.y 100
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat source static tcp 192.168.0.104 5900 71.249.227.155 5900 extendable
ip nat inside source list 1 interface FastEthernet0 overload

!
access-list 1 permit any
snmp-server community x RO
!
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
password x
login local
transport input telnet ssh
!
no scheduler allocate
end

router#
 
Sort by date Sort by votes
Have you disabled IP SLA to confirm if your FE1 interface is working?

You have a default route configured as "ip route 0.0.0.0 0.0.0.0 67.94.72.x track 123" which could be causing your problem if ip sla is not working correctly. Try to get your IP connectivity issue working first then work on the IP SLA, we can tackle that next. Remove that default route and configure a new default route pointing to the ip of Fe1.

Also something else, the static NAT configured is more of a NAT redirector and your NAT overload is configured to overload FE0 which you shutdown at one point. Try re-configuring using "ip nat inside source list 1 interface FastEthernet1 overload" then do a "clear ip nat trans *" to be safe .... then see if connectivity works through FE1?

If you want the ability for IP connectivity to work from possible two interfaces then there are some things you need to change with NAT, and I think some of the IP SLA (first glance at it). It's going to be tricky, but first try those things and see if Fe1 is working.

cf
 
Upvote 0 Downvote
router#sh ip int bri
Interface IP-Address OK? Method Status Protocol
Async1 unassigned YES NVRAM down down
FastEthernet0 71.249.227.154 YES NVRAM up up
FastEthernet1 67.94.72.220 YES NVRAM up up
FastEthernet2 unassigned YES unset up down
FastEthernet3 unassigned YES unset up down
FastEthernet4 unassigned YES unset up down
FastEthernet5 unassigned YES unset up down
FastEthernet6 unassigned YES unset up down
FastEthernet7 unassigned YES unset up up
FastEthernet8 unassigned YES unset up down
FastEthernet9 unassigned YES unset up down
NVI0 unassigned YES unset up up
Vlan1 192.168.0.1 YES NVRAM up up

router#show ip nat trans
Pro Inside global Inside local Outside local Outside global
tcp 71.249.227.155:5900 192.168.0.104:5900 --- ---
tcp 67.94.72.218:5900 192.168.0.218:5900 --- ---

router#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is 67.94.72.193 to network 0.0.0.0 71.0.0.0/24 is subnetted, 1 subnets C 71.249.227.0 is directly connected, FastEthernet0
67.0.0.0/27 is subnetted, 1 subnets C 67.94.72.192 is directly connected, FastEthernet1
C 192.168.0.0/24 is directly connected, Vlan1 S* 0.0.0.0/0 [1/0] via 67.94.72.193
router#


Current config:

router#write t
Building configuration...

Current configuration : 4101 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
logging buffered 52000 debugging
enable secret x
enable password x
!
no aaa new-model
!
resource policy
!
clock timezone NewYork -5
clock summer-time NewYork date Apr 6 2003 2:00 Oct 26 2003 2:00
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
ip subnet-zero
!
!
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.0.1
ip dhcp excluded-address 192.168.0.34 192.168.0.254
ip dhcp excluded-address 192.168.0.2
!
ip dhcp pool Default
import all
network 192.168.0.0 255.255.255.0
dns-server 151.202.0.85 65.106.1.196
default-router 192.168.0.1
lease 5
!
!
ip name-server 151.202.0.85
ip name-server 209.116.241.10
no ip ips deny-action ips-interface
ip sla monitor 1
type echo protocol ipIcmpEcho 67.94.72.193
timeout 1000
threshold 2
frequency 3
ip sla monitor schedule 1 life forever start-time now
!
!
crypto pki trustpoint TP-self-signed-4248908665
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4248908665
revocation-check none
rsakeypair TP-self-signed-4248908665
!
!
crypto pki certificate chain TP-self-signed-4248908665
certificate self-signed 01
x
quit
username x privilege 15 password 0 x
!
!
track 123 rtr 1 reachability
!
!
!
!
interface FastEthernet0
description $ETH-WAN$
ip address 71.249.227.154 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1
description $ETH-WAN$
ip address 67.94.72.220 255.255.255.224
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Vlan1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Async1
no ip address
!
ip classless
ip route 0.0.0.0 0.0.0.0 67.94.72.193
!
!
ip http server
ip http authentication local
ip http secure-server
ip nat inside source list 1 interface FastEthernet0 overload
ip nat inside source static tcp 192.168.0.218 5900 67.94.72.218 5900 extendable
ip nat inside source static tcp 192.168.0.104 5900 71.249.227.155 5900 extendable
!
access-list 1 permit any
snmp-server community x RO
!
!
!
!
control-plane
!
!
line con 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
privilege level 15
password x
login local
transport input telnet ssh
!
no scheduler allocate
end

router#


Thanks again for your help
 
Upvote 0 Downvote
GENIUS AT WORK.

I used a patch cable instead of a crossover. FE1 works now.


Next question:

How do I NAT both interfaces to VLAN1?

Ip nat inside source list 1 interface FastEthernet0 overload

That only works for 1 interface, and IOS refuses to let me add the same command with FE1.


thanks a bunch.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
260
badwolf1686
B
CPM86
  • Locked
  • Question
Cisco isr 4331 with IOS and sip busy fail over to 2nd sip number on pbx?
Replies
0
Views
400
CPM86
CPM86
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
442
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
626
madwok
madwok
PThomp3344
  • Locked
  • Question
Trying to connect to Cisco Unified Controller web interface: UC520W-16U-4FXO-K9
Replies
1
Views
530
nt8d09
nt8d09

Part and Inventory Search

Sponsor

Back
Top