Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
0
Helpful
3
Replies

Configure HSRP multi-Vlan with NAT

wendellprincipe
Level 1
Level 1

‎08-18-2013 10:35 AM - edited ‎03-07-2019 03:00 PM

Hi,

Kindly

Labels:
0 Helpful
3 Replies 3

wendellprincipe
Level 1
Level 1

‎08-18-2013 10:37 AM

Hsrp one vlan plus stateful nat works but unable to use in multi vlan environment.

Please help.

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to wendellprincipe

‎08-18-2013 11:00 AM

What type of device are you using?

Can you post "sh run" from your device?

0 Helpful

wendellprincipe
Level 1
Level 1
In response to Reza Sharifi

‎08-22-2013 06:21 AM

Hi, here is my topology, and attached are the configs for R1 and R2..

=======   R1   =======

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$n2ON$l.VCLnNtg0vGLyKncWCPk/

!

no aaa new-model

memory-size iomem 5

ip cef

!

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

!

username wendell secret 5 $1$V03R$TRU0vGoOkqdwHwIH.vk.k0

archive

log config

  hidekeys

!

track 10 interface Serial0/1 line-protocol

!

track 20 interface Serial0/1 line-protocol

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

clock rate 2000000

!

interface FastEthernet0/1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.10.2 255.255.255.0

ip nat inside

ip virtual-reassembly

standby 10 ip 192.168.10.1

standby 10 priority 150

standby 10 preempt

standby 10 name GROUP10

standby 10 track 10 decrement 60

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 192.168.20.2 255.255.255.0

ip nat inside

ip virtual-reassembly

standby 20 ip 192.168.20.1

standby 20 preempt

standby 20 name GROUP20

!

interface Serial0/1

ip address 2.2.2.2 255.255.255.0

ip nat outside

ip virtual-reassembly

clock rate 2000000

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 2.2.2.1

!

no ip http server

no ip http secure-server

ip nat Stateful id 10

  redundancy GROUP10

   mapping-id 10

   protocol   udp

ip nat pool NAT_POOL 2.2.2.2 2.2.2.2 prefix-length 24

ip nat inside source list NAT_ADDRESS pool NAT_POOL mapping-id 10

!

ip access-list extended NAT_ADDRESS

permit ip 192.168.10.0 0.0.0.255 any log

permit ip 192.168.20.0 0.0.0.255 any log

!

control-plane

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login local

!

end

=======   R2   =======

!

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$hy/7$TzdG88xM6Nvgv8bYTv3q1/

!

no aaa new-model

memory-size iomem 5

ip cef

!

no ip domain lookup

ip domain name lab.local

ip auth-proxy max-nodata-conns 3

ip admission max-nodata-conns 3

!

multilink bundle-name authenticated

!

username wendell secret 5 $1$sFCW$ze43rU6FkadiLG6X1JcYv.

archive

log config

  hidekeys

!

track 10 interface Serial0/0 line-protocol

!

track 20 interface Serial0/0 line-protocol

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0

ip address 3.3.3.3 255.255.255.0

ip nat outside

ip virtual-reassembly

clock rate 2000000

!

interface FastEthernet0/1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.10

encapsulation dot1Q 10

ip address 192.168.10.3 255.255.255.0

ip nat inside

ip virtual-reassembly

standby 10 ip 192.168.10.1

standby 10 preempt

standby 10 name GROUP10

!

interface FastEthernet0/1.20

encapsulation dot1Q 20

ip address 192.168.20.3 255.255.255.0

ip nat inside

ip virtual-reassembly

standby 20 ip 192.168.20.1

standby 20 priority 150

standby 20 preempt

standby 20 track 20 decrement 60

!

interface Serial0/1

no ip address

shutdown

clock rate 2000000

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 3.3.3.1

!

no ip http server

no ip http secure-server

ip nat Stateful id 10

  redundancy GROUP10

   mapping-id 10

   protocol   udp

ip nat pool NAT_POOL 3.3.3.3 3.3.3.3 prefix-length 24

ip nat inside source list NAT_ADDRESS pool NAT_POOL mapping-id 10

!

ip access-list extended NAT_ADDRESS

permit ip 192.168.10.0 0.0.0.255 any log

permit ip 192.168.20.0 0.0.0.255 any log

!

control-plane

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login local

!

end

=======

R1 is default router for VLAN10

R2 is default router for VLAN20

R1 NAT for VLAN10

R2 NAT for VLAN20

When R2 is down, NAT for VLAN20 is not working, getting unreacheable from PC2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

U.U.U

Thanks,

Wendell

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card