Solved: I did configure NAT in a new

papathimiu · ‎06-23-2014

I am building a home lab. I have a 1841 router connected to the ISP router and is configured and works good. I have 3550 switch inside my network. I can ping as far as the outside interface on the router, but not further then that. No idea why. I have enabled IP routing on the switch and I have redirected all unknown traffic out of the routers interface. Can anyone suggest something. I have no idea why is not working. I configure the interface fa0/1 on the router with sub-interface and I used the encapsulation dot1q. On the switch I configured the interface that I have the PC as access and the interface that goes to the router as a trunking. But still the same problem.

SANTHOSHKUMAR SARAVANAN · ‎06-24-2014

Hi ,

Apply below commands on your router , After that you can ping to any destination from your switch and Host connected to switch .

interface FastEthernet0/0
ip nat outside
!
interface FastEthernet0/1
ip nat inside

access-list 1 permit 40.0.0.0 0.255.255.255

ip nat inside source list 1 interface FastEthernet0/0 overload

HTH

Sandy

View solution in original post

SANTHOSHKUMAR SARAVANAN · ‎06-23-2014

Hi ,

Sub-interface configuration on your router and trunk port configuration on your switch should have proper dot1q encapsulation set .

If you are using private non-routable IP address for your LAN segement

ip nat inside (router sub-interface ) & ip nat outside (router wan interface) must be set on router with corresponding NAT interface overloading your WAN interface .

share your switch & router config

HTH

Sandy

papathimiu · ‎06-24-2014

Hi SantoshKumar S

I created acces-list extended 101

After I started ip nat source and the interface global

When I try to do it on the interface I got this strange message and the router stoped responding:

*Jun 24 12:33:52.215: %SYS-2-MALLOCFAIL: Memory allocation of 32768 bytes failed from 0x602D2F44, alignment 0
Pool: Processor Free: 22372 Cause: Not enough free memory
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Exec", ipl= 0, pid= 99, -Traceback= 0x6029C8CCz 0x602BA054z 0x602D226Cz 0x60F81C78z 0x60F81CF0z 0x60F81D88z 0x60F85704z 0x60FAC2E8z 0x625B2DA8z 0x625B2D8Cz

I have never seen this before

Any Idea why this happened?

SANTHOSHKUMAR SARAVANAN · ‎06-24-2014

Hi ,

After I started ip nat source and the interface global , what do you mean by global her ?? your WAN interface .

Kindly share me your router config .

HTH

Sandy

papathimiu · ‎06-24-2014

Yes. The inteface that is connected to the isp router.

Below is my switch configuration and router configuration:

SW-A#show configuration
Using 2303 out of 393216 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SW-A
!
enable secret 5 $1$xDZm$LLcViCdbcXDWmPlfk.2VD.
!
ip subnet-zero
ip routing
!
no ip domain-lookup
ip domain-name papa.com
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport mode dynamic desirable
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
switchport voice vlan 1
spanning-tree portfast
!
interface FastEthernet0/24
switchport mode dynamic desirable
switchport voice vlan 1
spanning-tree portfast
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
ip address 40.0.0.2 255.0.0.0
!
ip default-gateway 40.0.0.1
ip classless
ip route 0.0.0.0 0.0.0.0 40.0.0.1
ip http server
!
!
line con 0
line vty 0 4
password papa
login
line vty 5 15
login
!
!
end

and router:

Router#show configuration
Using 913 out of 196600 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.0.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 40.0.0.1 255.0.0.0
duplex auto
speed auto
!
interface Serial0/0/0
no ip address
shutdown
clock rate 2000000
!
interface Serial0/0/1
no ip address
shutdown
clock rate 2000000
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.0.1
no ip http server
no ip http secure-server
!
!
!
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
scheduler allocate 20000 1000
end

Thank you

SANTHOSHKUMAR SARAVANAN · ‎06-24-2014

Hi ,

Apply below commands on your router , After that you can ping to any destination from your switch and Host connected to switch .

interface FastEthernet0/0
ip nat outside
!
interface FastEthernet0/1
ip nat inside

access-list 1 permit 40.0.0.0 0.255.255.255

ip nat inside source list 1 interface FastEthernet0/0 overload

HTH

Sandy

papathimiu · ‎06-24-2014

Thank you.

I will try this as soon as I go home. i just got at work.

What I dont understand is why the router give me the above error when i try to enable nat on the global interface. At the interface connected to wan. I had to restart the router because it was not taking any commands anymore.

Thanks again.

papathimiu · ‎06-24-2014

I think my router has a problem. I dont think is the configuration. I try what you sad up and this is what happened:

Router(config-if)#ip nat outside
% NBAR ERROR: due to memory problem, parsing stopped
% NBAR Error : Activation failed due to insufficient dynamic memory
% NBAR Error: Stile could not add protocol node
%NAT: Error activating CNBAR on the interface FastEthernet0/0
Router(config-if)#
*Jun 25 02:50:08.192: %SYS-2-MALLOCFAIL: Memory allocation of 10260 bytes failed from 0x6246BDC0, alignment 0
Pool: Processor Free: 54504 Cause: Memory fragmentation
Alternate Pool: None Free: 0 Cause: No Alternate pool
-Process= "Exec", ipl= 0, pid= 3, -Traceback= 0x6029C8CCz 0x602B57A8z 0x631414B4z 0x6246B468z 0x6246B5CCz 0x6244680Cz 0x624468E4z 0x624469E0z 0x62446884z 0x624469E0z 0x62446884z 0x624469E0z 0x62447548z 0x6247FC0Cz 0x6248AC50z 0x62476FC4z
*Jun 25 02:50:08.196: %NBAR-2-NOMEMORY: No memory available for StILE lmalloc, -Traceback= 0x6246B490z 0x6246B5CCz 0x6244680Cz 0x624468E4z 0x624469E0z 0x62446884z 0x624469E0z 0x62446884z 0x624469E0z 0x62447548z 0x6247FC0Cz 0x6248AC50z 0x62476FC4z 0x62496338z 0x624966D0z 0x6170DC78z
*Jun 25 02:50:08.664: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up$gon 2

I will try the same in another router. I have 2811 and I wil do it in a moment and let you know what hapened

papathimiu · ‎06-24-2014

I did configure NAT in a new router. If i connect the pc straight to the routers fa0/1 interface, everything works perfect. But when I connected through the switch, nothing works.

Any suggestions please?

SANTHOSHKUMAR SARAVANAN · ‎06-24-2014

Hi ,

Are you using straight cable between your router & switch ?? if so use cross cable old model router and switch dont have auto MDIX

check following thing

1) from the switch ping locally the IP address assigned for Vlan 1 40.0.0.2

2) From the host ping to switch VLAN IP address 40.0.0.2

3) From the switch see you are able to switch host MAC address and arp table

if all three statement matches , then check for speed & duplex settings from router to switch ensure both side are same . After fine tuning speed & duplex settings if it doesnt work then you need to change it cross cable .

HTH

Sandy

papathimiu · ‎08-08-2014

I am sorry I had to time to log in here and update my post. Tha problem was my routers memory. I update the IOS and everything is good now. Thank you Santosh

Help with a home lab