Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
0
Helpful
4
Replies

I have a problems with the intervlan ( i cant access to the intern from the switch)

Go to solution
eramos
Level 1
Level 1

‎07-22-2013 09:54 AM - edited ‎03-04-2019 08:31 PM

hi everyone , i have the follow problems

i have access from my router to the internet but from my users ( vlan 61 and vlan 60) i can reach the internet .

can you help me what is the problema please

i show you the router

interface Multilink1

no ip address

ppp multilink

ppp multilink group 1

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

duplex auto

speed auto

!

interface GigabitEthernet0/0.62

encapsulation dot1Q 62

ip address 192.168.62.2 255.255.255.0

ip wccp 61 redirect in

h323-gateway voip interface

h323-gateway voip bind srcaddr 192.168.62.2

!

interface GigabitEthernet0/0.63

encapsulation dot1Q 63

ip address 192.168.63.2 255.255.255.0

ip wccp 61 redirect in

!

interface GigabitEthernet0/1

ip address 209.X.X.1 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0:23

no ip address

encapsulation hdlc

isdn switch-type primary-ni

isdn incoming-voice voice

no cdp enable

!

interface Serial0/0/1:0

ip address 172.X.X.X 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip wccp 62 redirect in

ip nbar protocol-discovery

ip flow ingress

ip flow egress

service-policy output WAN

!

!

router eigrp 100

network 172.X.X.X 0.0.0.3

network 192.168.62.0

network 192.168.63.0

network 192.168.120.0

redistribute static

ip nat inside source list ACL-NAT-SERVERS interface GigabitEthernet0/1 overload

ip route 0.0.0.0 0.0.0.0 209.X.X.6

ip route 192.168.17.0 255.255.255.0 192.168.1.14

ip route 192.168.24.0 255.255.255.0 192.168.63.11

!

ip access-list standard WR

!

ip access-list extended ACL-NAT-SERVERS

permit ip 192.168.60.0 0.0.0.255 any

permit ip 192.168.61.0 0.0.0.255 any

deny ip 192.168.60.0 0.0.0.255 192.168.0.0 0.0.255.255

deny ip 192.168.61.0 0.0.0.255 192.168.0.0 0.0.255.255

interface Vlan60

ip address 192.168.60.2 255.255.255.0

!

interface Vlan61

ip address 192.168.61.2 255.255.255.0

ip helper-address 192.168.60.10

!

interface Vlan63

ip address 192.168.63.11 255.255.255.0

!

!

router eigrp 100

eigrp stub connected summary

network 192.168.24.0

network 192.168.60.0

network 192.168.61.0

network 192.168.63.0

!

ip default-gateway 192.168.19.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.61.16

interface Multilink1

no ip address

ppp multilink

ppp multilink group 1

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

duplex auto

speed auto

!

interface GigabitEthernet0/0.62

encapsulation dot1Q 62

ip address 192.168.62.2 255.255.255.0

ip wccp 61 redirect in

h323-gateway voip interface

h323-gateway voip bind srcaddr 192.168.62.2

!

interface GigabitEthernet0/0.63

encapsulation dot1Q 63

ip address 192.168.63.2 255.255.255.0

ip wccp 61 redirect in

!

interface GigabitEthernet0/1

ip address 209.X.X.1 255.255.255.248

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0:23

no ip address

encapsulation hdlc

isdn switch-type primary-ni

isdn incoming-voice voice

no cdp enable

!

interface Serial0/0/1:0

ip address 172.X X.X .255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

ip wccp 62 redirect in

ip nbar protocol-discovery

ip flow ingress

ip flow egress

service-policy output WAN

!

!

router eigrp 100

network 172.X.X.X 0.0.0.3

network 192.168.62.0

network 192.168.63.0

network 192.168.120.0

redistribute static

ip nat inside source list ACL-NAT-SERVERS interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 209.X.X.6
ip route 192.168.17.0 255.255.255.0 192.168.1.14
ip route 192.168.24.0 255.255.255.0 192.168.63.11
!
ip access-list standard WR
!
ip access-list extended ACL-NAT-SERVERS
permit ip 192.168.60.0 0.0.0.255 any
permit ip 192.168.61.0 0.0.0.255 any
deny ip 192.168.60.0 0.0.0.255 192.168.0.0 0.0.255.255
deny ip 192.168.61.0 0.0.0.255 192.168.0.0 0.0.255.255

and my switch

interface Vlan60
ip address 192.168.60.2 255.255.255.0
!
interface Vlan61
ip address 192.168.61.2 255.255.255.0
ip helper-address 192.168.60.10
!
interface Vlan63
ip address 192.168.63.11 255.255.255.0
!
!
router eigrp 100
eigrp stub connected summary
network 192.168.24.0
network 192.168.60.0
network 192.168.61.0
network 192.168.63.0
!
ip default-gateway 192.168.19.1
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.63.2

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Kelvin Willacey
Level 4
Level 4

‎07-22-2013 12:00 PM

Are you saying that users on VLAN 60 and 61 do not have access to the Internet? If so then you will require a 'ip nat inside' configured on the VLAN interfaces. Your NAT ACL and nat statement look fine to me, you should not need to use a NAT pool as Edwin suggested but you could if you wanted to.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Eddie.brown1986
Level 1
Level 1

‎07-22-2013 10:08 AM

Hello Edwin,

I see you have a static NAT entry with an access list enabled on it which is good. However it looks like you didn't specify a pool to use with that static NAT entry. Try this:

ip nat pool EDWIN 209.x.x.1 209.x.x.1 prefix-length 30

ip nat inside source list ACL-NAT-SERVERS pool EDWIN overload

Let me know how it goes.

Regards,

Eddie

0 Helpful

Go to solution
eramos
Level 1
Level 1
In response to Eddie.brown1986

‎07-23-2013 08:02 AM

thank you for your help

0 Helpful

Go to solution
Kelvin Willacey
Level 4
Level 4

‎07-22-2013 12:00 PM

Are you saying that users on VLAN 60 and 61 do not have access to the Internet? If so then you will require a 'ip nat inside' configured on the VLAN interfaces. Your NAT ACL and nat statement look fine to me, you should not need to use a NAT pool as Edwin suggested but you could if you wanted to.

0 Helpful

Go to solution
eramos
Level 1
Level 1
In response to Kelvin Willacey

‎07-23-2013 08:02 AM

awsome thank you .

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card