Re: ISP LAN to WAN connectivity

asfandyar779514494 · ‎09-07-2023

Hi,

I am making a basic topology and got stuck in the routing and need some help,

ISP(Internet) = Cisco RTR 2911 = Cisco 3650 SW = System

I am getting IP on my system and am able to ping 192.168.10.2 that is Router's LAN interface but not able to browse, kindly let me know here I am wrong.

Below config for your reference

RTR config:

ip dhcp excluded-address 192.168.10.1 192.168.10.10
!
ip dhcp pool Treasury_ETI
network 192.168.10.0 255.255.255.0
default-router 192.168.10.2
dns-server 192.168.10.2

interface GigabitEthernet0/0
description *** LAN***
ip address 192.168.10.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description *** WAN - CONNECTED-TO-ISP-ONT***
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto

ip nat inside source list NAT_LIST interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.1 (ISP End ISP)
!
ip access-list standard NAT_LIST
permit 192.168.10.0 0.0.0.255

Switch config:

interface GigabitEthernet2/0/1
description ADSL-TESTING-PORT
switchport access vlan 10
switchport mode access
!

interface GigabitEthernet2/0/48
description UPLINK-CONNECTED-TO-RTR
switchport access vlan 10
switchport mode access

interface Vlan10
ip address 192.168.10.5 255.255.255.0

Giuseppe Larosa · ‎09-07-2023

Hello @asfandyar779514494 ,

your WAN interface is g0/1 not gi0/0 so do the following:

conf t

no ip nat inside source list NAT_LIST interface GigabitEthernet0/0 overload

ip nat inside source list NAT_LIST interface GigabitEthernet0/1 overload

end

wr mem

This should fix your issues

Hope to help

Giuseppe

Vishnu_vs · ‎09-11-2023

thank you for your answer it had helped me

asfandyar779514494 · ‎09-13-2023

Hi Giuseppe,

Thanks man this solved my problem.

Now I am trying to do with 2 vlans (10 & 20) and made RTR LAN interface as Sub interface, I am able to get IP & ping gateway for vlan 10 but not able to browse internet.

What could be the issue, below config for your review,

RTR:

ip dhcp excluded-address 192.168.10.1 192.168.10.10
ip dhcp excluded-address 192.168.20.1 192.168.20.10
!
ip dhcp pool Treasury_ETI
network 192.168.10.0 255.255.255.0
default-router 192.168.10.2
dns-server x.x.x.x
!
ip dhcp pool Treasury_DU
network 192.168.20.0 255.255.255.0
default-router 192.168.20.2
dns-server x.x.x.x

!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.2 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.2 255.255.255.0
!
interface GigabitEthernet0/1
--More-- description *** WAN - CONNECTED-TO-ONT***
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!

ip nat inside source list NAT_LIST interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 192.168.100.1
!ip access-list standard NAT_LIST
permit 192.168.10.0 0.0.0.255

permit 192.168.20.0 0.0.0.255

SW :

interface GigabitEthernet2/0/47
interface GigabitEthernet2/0/48
switchport trunk allowed vlan 10,20
switchport mode trunk
!
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.5 255.255.255.0

Giuseppe Larosa · ‎09-13-2023

Hello @asfandyar779514494 ,

under each router gi0/0 subif you need to add

ip nat inside

as NAT is triggered when going from a nat inside to a nat outside interface.

Hope to help

Giuseppe