Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
666
Views
0
Helpful
7
Replies

NATTING issue with 877

zaidumer
Level 1
Level 1

‎12-31-2008 03:50 AM - edited ‎03-04-2019 03:17 AM

HI all,

im using Cisco 877 (c870-advipservicesk9-mz.124-2.T2) at a location

this location has a (last mile) radio bridge based internet connection (ethernet port)

i made 2 vlans on the 877

Step 1 : Vlan database

vlan 2

vlan 3

exit

Step 2 : int vlan 2

10.204.100.1 255.255.255.224

ip nat inside

int vlan 3

124.29.12x.2 255.255.255.252

ip nat outside

Step 3 : Int Fastethernet 0

switchport access vlan 2

Int fastethernet 3

switchport access vlan 3

vlan 2 connects the LAN users via Fastethernet0

vlan 3 connects to the internet device via Fastethernet 3

Then made NAT rule

ip nat inside source list 100 interface vlan3 overload

ACL 100

access-list 100 permit ip 10.204.100.0 0.0.0.31 any

Default Route

ip route 0.0.0.0 0.0.0.0 125.29.12x.1

now this config works on an old 2611 with 2 real etehrnet ports

my workstation 10.204.100.2 can connect to the internet just fine with 2611

but i cant seem to have it work with the new 877

any idea where im going wrong ..

i know its gota be a vlan config problem or vlan limitation .. cause the nat works fine with the other router..

plz help

Labels:
0 Helpful
7 Replies 7

rluyster
Level 1
Level 1

‎12-31-2008 09:15 AM

Is the default route you entered here a typo? it is not a part of the network you have defined on VLAN 3

0 Helpful

zaidumer
Level 1
Level 1
In response to rluyster

‎01-01-2009 05:04 AM

it was a typo..

the funny thing is that i installed a 837 (which has 2 etherrnets eth2 mapped on fastethernet4 and ethernet1 mapped on fastethernet 1,2,3)

and it seems to work fine...

877 is giving problems with natting with 2 vlans defined as per my first post..

any resolution ?????????

cisco i need help..

0 Helpful

sridsdale
Level 1
Level 1
In response to zaidumer

‎01-01-2009 07:41 AM

I had a similar issue a while back with overloading to virtual interfaces but I forget the exact details now.

I found that instead of overloading to the interface if I created a NAT pool with the one external address in and overloaded to the NAT pool then it worked.

Worth a shot.

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to sridsdale

‎01-01-2009 11:13 AM

Zaid

I have a suggestion to change your NAT configuration. Since your NAT rule is only checking the source address you do not really need an extended access list in the NAT. I suggest changing the access list from extended to standard.

So the config would look something like this:

ip nat inside source list 10 interface vlan3 overload

access-list 10 permit ip 10.204.100.0 0.0.0.31

Give it a try and let us know if it helps.

HTH

Rick

HTH

Rick
0 Helpful

zaidumer
Level 1
Level 1
In response to Richard Burts

‎01-02-2009 12:10 AM

Hi Rick,

did that as well but doesnt seem to work ..

could it be an ISP issue ??

really gotten me confised now..

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to zaidumer

‎01-02-2009 05:09 AM

Zaid

One way to check on possible issues is to attempt to ping some Internet resources from the router itself. Can you ping www.cisco.com from the router?

HTH

Rick

HTH

Rick
0 Helpful

John Blakley
VIP Alumni
VIP Alumni
In response to Richard Burts

‎01-02-2009 07:28 AM

I would try to change your nat statement to a physical interface (Fa3) instead of the vlan.

HTH,

John

HTH, John *** Please rate all useful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card