2811 and HWIC routing problem

Unanswered Question

I have a 4-port HWIC in my 2811 that I'm trying to use for two different ISP connections. My lan is connected FastEthernet0/0 and one ISP is connected to FastEthernet0/0/0. I can ping outside from the router, but nothing from the lan side ever gets outside.

I've attached my config file. Any ideas or suggestions would be greatly appreciated. Thanks,

Greg

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Richard Burts Sat, 06/21/2008 - 16:35

Greg

I have looked at the config that you posted and I see at least 2 significant issues that may explain your problem.

First issue is this from your config:

!ip route 0.0.0.0 0.0.0.0 FastEthernet0/0/0

if your default route is commented out then I am surprised that you can ping outside from the router, since it appears that it has no default route. The output of show ip route from the router would be interesting and possibly helpful.

And if the default route becomes not commented out I believe that this configuration is less than optimal. When a static route (and especially a default static route) is pointed to an interface it then forces the router to ARP for every destination address (which puts more load on the router to maintain a much larger ARP table) and it depends on the ISP router to enable proxy ARP. A much better configuration would be:

ip route 0.0.0.0 0.0.0.0 dhcp

which will learn what your router learns via DHCP to set its default route.

The second and probably more significant issue is your nat statement:

ip nat inside source list 15 interface FastEthernet0/0/0 overload

the issue here is that FastEthernet0/0/0 is an access port belonging to vlan 10. And an access port has no IP address on which to overload. To correct this change the nat to point to vlan10 overload.

I will also comment that if FastEthernet0/0/1 (and vlan 20) are your second ISP connection but have no nat configuration that uses them, then the second ISP is not doing you much good.

HTH

Rick

Ah, yes, I had been playing with the config file and the last route had been undefined. show ip route always showed the same thing, in any event. I had the second interface offline because I wanted to get the primary one up and running first.

The ip nat catch seems to be the primary problem :-)

Thanks!

I assume for the vlan 20 nat, I would you the same line, just with the vlan different?

Richard Burts Sun, 06/22/2008 - 01:15

Greg

Doing NAT on 2 different interfaces and to 2 different providers may be a bit more complex. Here is an approach that I would suggest:

interface vlan10

ip address dhcp

ip nat outside

!

interface vlan20

ip address 64.142.xx.xx 255.255.255.0

ip nat outside

!

ip nat inside source route-map ISPa-map interface vlan10 overload

ip nat inside source route-map ISPb-map interface vlan20 overload

!

route-map ISPa-map permit 10

match ip address 15

match interface vlan10

!

route-map ISPb-map permit 10

match ip address 15

match interface vlan20

!

using the route maps allows you to qualify the translation not only by source address but also by outbound interface. Give it a try and let us know how it works.

HTH

Rick

Actions

This Discussion