Announcement

Collapse
No announcement yet.

Router on a stick and Nat on a Stick

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Router on a stick and Nat on a Stick

    Hello, is it possible to have Router on a Stick and Nat on a stick? i have a Cisco 2600 router and i can't get this thing working. I have 2 ethernet ports on the router. Do i have to make Nat on the router to give internet to the local network ? On fa0/0 in the port connected to a cisco switch that has 2 vlans in trunk mode, and the fa0/1 is connected to a dlink adsl router. What is the best way to make the vlans comunicate and have internet ?

    Regards
    Kevin

  • #2
    Re: Router on a stick and Nat on a Stick

    Your D-Link ADSL router should provide all the NAT functionality.

    Do you have a default route configured, pointing to the D-Link router? Can you post your config?
    Infrastructure Architect
    CCNA, CCNA Security, MCSE, JNCIS

    Comment


    • #3
      Re: Router on a stick and Nat on a Stick

      Thx for the answer, i'm going to put here the switch and router configs. I can ping from any vlan on the switch to 192.168.1.2 that if the fa0/1 port of the cisco router, but i cannot ping the adsl router that is connected to that port with ip 192.168.1.1.

      Router Config:

      MGLanRouter>enable
      MGLanRouter#show run
      Building configuration...
      Current configuration : 1641 bytes
      !
      version 12.4
      service timestamps debug datetime msec
      service timestamps log datetime msec
      no service password-encryption
      !
      hostname MGLanRouter
      !
      boot-start-marker
      boot-end-marker
      !
      !
      no aaa new-model
      no network-clock-participate slot 1
      no network-clock-participate wic 0
      ip cef
      !
      !
      no ip dhcp use vrf connected
      ip dhcp excluded-address 192.168.101.1 192.168.101.50
      ip dhcp excluded-address 192.168.102.1 192.168.102.50
      ip dhcp excluded-address 192.168.103.1 192.168.103.20
      !
      ip dhcp pool Administracao
      network 192.168.101.0 255.255.255.0
      default-router 192.168.101.1
      dns-server 192.168.1.1
      domain-name administracao.mglan
      !
      ip dhcp pool Servidores
      network 192.168.102.0 255.255.255.0
      default-router 192.168.102.1 255.255.255.0
      dns-server 192.168.1.1
      domain-name servidores.mglan
      !
      ip dhcp pool Jogadores
      network 192.168.103.0 255.255.255.0
      default-router 192.168.103.1 255.255.255.0
      dns-server 192.168.1.1
      domain-name jogadores.mglan
      !
      !
      !
      !
      !
      !
      !
      !
      !
      interface FastEthernet0/0
      no ip address
      duplex auto
      speed auto
      !
      interface FastEthernet0/0.10
      encapsulation dot1Q 10
      ip address 192.168.101.1 255.255.255.0
      !
      interface FastEthernet0/0.20
      encapsulation dot1Q 20
      ip address 192.168.102.1 255.255.255.0
      !
      interface FastEthernet0/0.30
      encapsulation dot1Q 30
      ip address 192.168.103.1 255.255.255.0
      !
      interface FastEthernet0/1
      ip address 192.168.1.2 255.255.255.0
      duplex auto
      speed auto
      !
      ip forward-protocol nd
      ip route 0.0.0.0 0.0.0.0 192.168.1.1
      !
      no ip http server
      no ip http secure-server
      !
      !
      control-plane
      !
      !
      line con 0
      logging synchronous
      line aux 0
      line vty 0 4
      login
      !
      !
      end

      And the Switch config:

      MGLanSwitch#show run
      Building configuration...
      Current configuration:
      !
      version 12.0
      no service pad
      service timestamps debug uptime
      service timestamps log uptime
      no service password-encryption
      !
      hostname MGLanSwitch
      !
      !
      !
      !
      !
      !
      !
      ip subnet-zero
      !
      !
      !
      interface FastEthernet0/1
      description Trunk-Port-Cisco2600
      switchport trunk encapsulation dot1q
      switchport mode trunk
      !
      interface FastEthernet0/2
      !
      interface FastEthernet0/3
      switchport access vlan 10
      !
      interface FastEthernet0/4
      switchport access vlan 10
      !
      interface FastEthernet0/5
      switchport access vlan 10
      !
      interface FastEthernet0/6
      switchport access vlan 10
      !
      interface FastEthernet0/7
      switchport access vlan 10
      !
      interface FastEthernet0/8
      switchport access vlan 10
      !
      interface FastEthernet0/9
      switchport access vlan 10
      !
      interface FastEthernet0/10
      switchport access vlan 10
      !
      interface FastEthernet0/11
      switchport access vlan 10
      !
      interface FastEthernet0/12
      switchport access vlan 10
      !
      interface FastEthernet0/13
      switchport access vlan 10
      !
      interface FastEthernet0/14
      switchport access vlan 10
      !
      interface FastEthernet0/15
      switchport access vlan 10
      !
      interface FastEthernet0/16
      switchport access vlan 10
      !
      interface FastEthernet0/17
      switchport access vlan 20
      !
      interface FastEthernet0/18
      switchport access vlan 20
      !
      interface FastEthernet0/19
      switchport access vlan 20
      !
      interface FastEthernet0/20
      switchport access vlan 20
      !
      interface FastEthernet0/21
      switchport access vlan 20
      !
      interface FastEthernet0/22
      switchport access vlan 20
      !
      interface FastEthernet0/23
      switchport access vlan 20
      !
      interface FastEthernet0/24
      switchport access vlan 20
      !
      interface FastEthernet0/25
      switchport access vlan 20
      !
      interface FastEthernet0/26
      switchport access vlan 20
      !
      interface FastEthernet0/27
      switchport access vlan 20
      !
      interface FastEthernet0/28
      switchport access vlan 20
      !
      interface FastEthernet0/29
      switchport access vlan 20
      !
      interface FastEthernet0/30
      switchport access vlan 20
      !
      interface FastEthernet0/31
      switchport access vlan 20
      !
      interface FastEthernet0/32
      switchport access vlan 20
      !
      interface FastEthernet0/33
      switchport access vlan 30
      !
      interface FastEthernet0/34
      switchport access vlan 30
      !
      interface FastEthernet0/35
      switchport access vlan 30
      !
      interface FastEthernet0/36
      switchport access vlan 30
      !
      interface FastEthernet0/37
      switchport access vlan 30
      !
      interface FastEthernet0/38
      switchport access vlan 30
      !
      interface FastEthernet0/39
      switchport access vlan 30
      !
      interface FastEthernet0/40
      switchport access vlan 30
      !
      interface FastEthernet0/41
      switchport access vlan 30
      !
      interface FastEthernet0/42
      switchport access vlan 30
      !
      interface FastEthernet0/43
      switchport access vlan 30
      !
      interface FastEthernet0/44
      switchport access vlan 30
      !
      interface FastEthernet0/45
      switchport access vlan 30
      !
      interface FastEthernet0/46
      switchport access vlan 30
      !
      interface FastEthernet0/47
      switchport access vlan 30
      !
      interface FastEthernet0/48
      switchport access vlan 30
      !
      interface GigabitEthernet0/1
      switchport access vlan 30
      !
      interface GigabitEthernet0/2
      switchport access vlan 30
      !
      interface VLAN1
      no ip directed-broadcast
      no ip route-cache
      !
      !
      line con 0
      transport input none
      stopbits 1
      line vty 5 15
      !
      end



      Regards
      Kevin Guerreiro

      Comment


      • #4
        Re: Router on a stick and Nat on a Stick

        You have a default route from the 2600 to the ADSL router but it sounds like you do not have a return path.

        The ADSL router is directly connected to the 192.168.1.0 subnet but it has no knowledge of your VLAN subnets.

        On the D-Link ADSL router configure static routes to the 192.168.101.0, 192.168.102.0 and 192.168.103.0 subnets with the next-hop of 192.168.1.2
        Infrastructure Architect
        CCNA, CCNA Security, MCSE, JNCIS

        Comment


        • #5
          Re: Router on a stick and Nat on a Stick

          hello, i thought that it would be that, but the problem is that i dont have access to the adsl router, because it's not mine. Is there any other way ? Probably i can change the vlan 10 to the subnet 192.168.1.0 and connect the adsl modem thernet cable to a fa port available in the switch, at least for one vlan to have internet, is it possible ?

          Comment


          • #6
            Re: Router on a stick and Nat on a Stick

            Yes you could do that and all devices within VLAN 10 would have internet access.

            The only problem being that the internet traffic would trombone up and down the switch-router link.

            Internet traffic from the hosts will be sent to the default gateway (2600) which will then pick up the default route to 192.168.1.1 (ADSL) and then get routed back into the LAN.

            If you did this then you could create a Proxy server within VLAN10 and then the other VLAN hosts could point to this Proxy for internet access
            Infrastructure Architect
            CCNA, CCNA Security, MCSE, JNCIS

            Comment


            • #7
              Re: Router on a stick and Nat on a Stick

              So youre saying i could create a proxy server in a windows machine ? and the connect it to vlan10 to make internet for others ? not a bad idea. I have a Windows 2003 server as a dns server and games server, can i intall the proxy server on that vlan ?

              Comment


              • #8
                Re: Router on a stick and Nat on a Stick

                I have never configured a proxy server but yes it sounds correct to me.

                As the proxy server would be on the same VLAN as the ADSL router, the internet access would be available. All other VLAN hosts would be able to access the proxy so they too would have internet access. You would need to configure each host to point to the proxy address for internet connections.

                It is a lot of extra work that could be solved by statics on the ADSL router. Would the owner of the ADSL router not configure statics on your behalf?
                Infrastructure Architect
                CCNA, CCNA Security, MCSE, JNCIS

                Comment


                • #9
                  Re: Router on a stick and Nat on a Stick

                  Ill tell you what this is, this is going to be a lanparty, and the place where we are going to make the party is not owers, and there is internet there with a router but the owner wint give us the login and password of the router, but will give us internet throw one ethernet cable, not bad now by the way, do you think that 100 pc's connected to vlan3 is to much ?

                  Comment


                  • #10
                    Re: Router on a stick and Nat on a Stick

                    Yes 100 hosts on a VLAN is easily accomodated if you have the interface capacity. As long as you are not using any applications that "broadcast" then you should be ok.

                    Cisco recommend up to 1000 devices per VLAN if used with "normal" IP traffic, being non broadcast.
                    Infrastructure Architect
                    CCNA, CCNA Security, MCSE, JNCIS

                    Comment


                    • #11
                      Re: Router on a stick and Nat on a Stick

                      Well thanx for you time helping me, and other users that may have the same problems. Anyway probably you can help me a little more, now that you have my config, how would you do to block comunication beetween vlan 30 and vlan 10 ?

                      EDIT: Well i'm having a probem. i have connected the adsl router cable to the switch in vlan 10 that is in subnet 192.168.1.0, and if i connect a pc to that vlan i cannot ping the router, but, i have a pc connected directly to the adsl router and i can ping the vlan gateway, that is 192.168.1.10, it so strange, why someone out of the vlan can ping the vlan gateway, and connected directly to the vlan cant ping the router...can anyone help me ?

                      regards
                      Kevin
                      Last edited by kevinguerreiro; 1st October 2009, 11:37.

                      Comment

                      Working...
                      X