Router on a stick and Nat on a Stick

Home Forums Networking Cisco Routers & Switches How-to Router on a stick and Nat on a Stick

This topic contains 10 replies, has 2 voices, and was last updated by Avatar BigDeesDad 10 years ago.

Viewing 11 posts - 1 through 11 (of 11 total)
  • Author
    Posts
  • Avatar
    kevinguerreiro
    Participant
    #144819

    Hello, is it possible to have Router on a Stick and Nat on a stick? i have a Cisco 2600 router and i can’t get this thing working. I have 2 ethernet ports on the router. Do i have to make Nat on the router to give internet to the local network ? On fa0/0 in the port connected to a cisco switch that has 2 vlans in trunk mode, and the fa0/1 is connected to a dlink adsl router. What is the best way to make the vlans comunicate and have internet ?

    Regards
    Kevin

    Avatar
    BigDeesDad
    Member
    #366365

    Re: Router on a stick and Nat on a Stick

    Your D-Link ADSL router should provide all the NAT functionality.

    Do you have a default route configured, pointing to the D-Link router? Can you post your config?

    Avatar
    kevinguerreiro
    Participant
    #350486

    Re: Router on a stick and Nat on a Stick

    Thx for the answer, i’m going to put here the switch and router configs. I can ping from any vlan on the switch to 192.168.1.2 that if the fa0/1 port of the cisco router, but i cannot ping the adsl router that is connected to that port with ip 192.168.1.1.

    Router Config:

    MGLanRouter>enable
    MGLanRouter#show run
    Building configuration…
    Current configuration : 1641 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname MGLanRouter
    !
    boot-start-marker
    boot-end-marker
    !
    !
    no aaa new-model
    no network-clock-participate slot 1
    no network-clock-participate wic 0
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 192.168.101.1 192.168.101.50
    ip dhcp excluded-address 192.168.102.1 192.168.102.50
    ip dhcp excluded-address 192.168.103.1 192.168.103.20
    !
    ip dhcp pool Administracao
    network 192.168.101.0 255.255.255.0
    default-router 192.168.101.1
    dns-server 192.168.1.1
    domain-name administracao.mglan
    !
    ip dhcp pool Servidores
    network 192.168.102.0 255.255.255.0
    default-router 192.168.102.1 255.255.255.0
    dns-server 192.168.1.1
    domain-name servidores.mglan
    !
    ip dhcp pool Jogadores
    network 192.168.103.0 255.255.255.0
    default-router 192.168.103.1 255.255.255.0
    dns-server 192.168.1.1
    domain-name jogadores.mglan
    !
    !
    !
    !
    !
    !
    !
    !
    !
    interface FastEthernet0/0
    no ip address
    duplex auto
    speed auto
    !
    interface FastEthernet0/0.10
    encapsulation dot1Q 10
    ip address 192.168.101.1 255.255.255.0
    !
    interface FastEthernet0/0.20
    encapsulation dot1Q 20
    ip address 192.168.102.1 255.255.255.0
    !
    interface FastEthernet0/0.30
    encapsulation dot1Q 30
    ip address 192.168.103.1 255.255.255.0
    !
    interface FastEthernet0/1
    ip address 192.168.1.2 255.255.255.0
    duplex auto
    speed auto
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    !
    no ip http server
    no ip http secure-server
    !
    !
    control-plane
    !
    !
    line con 0
    logging synchronous
    line aux 0
    line vty 0 4
    login
    !
    !
    end

    And the Switch config:

    MGLanSwitch#show run
    Building configuration…
    Current configuration:
    !
    version 12.0
    no service pad
    service timestamps debug uptime
    service timestamps log uptime
    no service password-encryption
    !
    hostname MGLanSwitch
    !
    !
    !
    !
    !
    !
    !
    ip subnet-zero
    !
    !
    !
    interface FastEthernet0/1
    description Trunk-Port-Cisco2600
    switchport trunk encapsulation dot1q
    switchport mode trunk
    !
    interface FastEthernet0/2
    !
    interface FastEthernet0/3
    switchport access vlan 10
    !
    interface FastEthernet0/4
    switchport access vlan 10
    !
    interface FastEthernet0/5
    switchport access vlan 10
    !
    interface FastEthernet0/6
    switchport access vlan 10
    !
    interface FastEthernet0/7
    switchport access vlan 10
    !
    interface FastEthernet0/8
    switchport access vlan 10
    !
    interface FastEthernet0/9
    switchport access vlan 10
    !
    interface FastEthernet0/10
    switchport access vlan 10
    !
    interface FastEthernet0/11
    switchport access vlan 10
    !
    interface FastEthernet0/12
    switchport access vlan 10
    !
    interface FastEthernet0/13
    switchport access vlan 10
    !
    interface FastEthernet0/14
    switchport access vlan 10
    !
    interface FastEthernet0/15
    switchport access vlan 10
    !
    interface FastEthernet0/16
    switchport access vlan 10
    !
    interface FastEthernet0/17
    switchport access vlan 20
    !
    interface FastEthernet0/18
    switchport access vlan 20
    !
    interface FastEthernet0/19
    switchport access vlan 20
    !
    interface FastEthernet0/20
    switchport access vlan 20
    !
    interface FastEthernet0/21
    switchport access vlan 20
    !
    interface FastEthernet0/22
    switchport access vlan 20
    !
    interface FastEthernet0/23
    switchport access vlan 20
    !
    interface FastEthernet0/24
    switchport access vlan 20
    !
    interface FastEthernet0/25
    switchport access vlan 20
    !
    interface FastEthernet0/26
    switchport access vlan 20
    !
    interface FastEthernet0/27
    switchport access vlan 20
    !
    interface FastEthernet0/28
    switchport access vlan 20
    !
    interface FastEthernet0/29
    switchport access vlan 20
    !
    interface FastEthernet0/30
    switchport access vlan 20
    !
    interface FastEthernet0/31
    switchport access vlan 20
    !
    interface FastEthernet0/32
    switchport access vlan 20
    !
    interface FastEthernet0/33
    switchport access vlan 30
    !
    interface FastEthernet0/34
    switchport access vlan 30
    !
    interface FastEthernet0/35
    switchport access vlan 30
    !
    interface FastEthernet0/36
    switchport access vlan 30
    !
    interface FastEthernet0/37
    switchport access vlan 30
    !
    interface FastEthernet0/38
    switchport access vlan 30
    !
    interface FastEthernet0/39
    switchport access vlan 30
    !
    interface FastEthernet0/40
    switchport access vlan 30
    !
    interface FastEthernet0/41
    switchport access vlan 30
    !
    interface FastEthernet0/42
    switchport access vlan 30
    !
    interface FastEthernet0/43
    switchport access vlan 30
    !
    interface FastEthernet0/44
    switchport access vlan 30
    !
    interface FastEthernet0/45
    switchport access vlan 30
    !
    interface FastEthernet0/46
    switchport access vlan 30
    !
    interface FastEthernet0/47
    switchport access vlan 30
    !
    interface FastEthernet0/48
    switchport access vlan 30
    !
    interface GigabitEthernet0/1
    switchport access vlan 30
    !
    interface GigabitEthernet0/2
    switchport access vlan 30
    !
    interface VLAN1
    no ip directed-broadcast
    no ip route-cache
    !
    !
    line con 0
    transport input none
    stopbits 1
    line vty 5 15
    !
    end

    Regards
    Kevin Guerreiro

    Avatar
    BigDeesDad
    Member
    #366366

    Re: Router on a stick and Nat on a Stick

    You have a default route from the 2600 to the ADSL router but it sounds like you do not have a return path.

    The ADSL router is directly connected to the 192.168.1.0 subnet but it has no knowledge of your VLAN subnets.

    On the D-Link ADSL router configure static routes to the 192.168.101.0, 192.168.102.0 and 192.168.103.0 subnets with the next-hop of 192.168.1.2

    Avatar
    kevinguerreiro
    Participant
    #350488

    Re: Router on a stick and Nat on a Stick

    hello, i thought that it would be that, but the problem is that i dont have access to the adsl router, because it’s not mine. Is there any other way ? Probably i can change the vlan 10 to the subnet 192.168.1.0 and connect the adsl modem thernet cable to a fa port available in the switch, at least for one vlan to have internet, is it possible ?

    Avatar
    BigDeesDad
    Member
    #366368

    Re: Router on a stick and Nat on a Stick

    Yes you could do that and all devices within VLAN 10 would have internet access.

    The only problem being that the internet traffic would trombone up and down the switch-router link.

    Internet traffic from the hosts will be sent to the default gateway (2600) which will then pick up the default route to 192.168.1.1 (ADSL) and then get routed back into the LAN.

    If you did this then you could create a Proxy server within VLAN10 and then the other VLAN hosts could point to this Proxy for internet access

    Avatar
    kevinguerreiro
    Participant
    #350489

    Re: Router on a stick and Nat on a Stick

    So youre saying i could create a proxy server in a windows machine ? and the connect it to vlan10 to make internet for others ? not a bad idea. I have a Windows 2003 server as a dns server and games server, can i intall the proxy server on that vlan ?

    Avatar
    BigDeesDad
    Member
    #366369

    Re: Router on a stick and Nat on a Stick

    I have never configured a proxy server but yes it sounds correct to me.

    As the proxy server would be on the same VLAN as the ADSL router, the internet access would be available. All other VLAN hosts would be able to access the proxy so they too would have internet access. You would need to configure each host to point to the proxy address for internet connections.

    It is a lot of extra work that could be solved by statics on the ADSL router. Would the owner of the ADSL router not configure statics on your behalf?

    Avatar
    kevinguerreiro
    Participant
    #350490

    Re: Router on a stick and Nat on a Stick

    Ill tell you what this is, this is going to be a lanparty, and the place where we are going to make the party is not owers, and there is internet there with a router but the owner wint give us the login and password of the router, but will give us internet throw one ethernet cable, not bad 8) now by the way, do you think that 100 pc’s connected to vlan3 is to much ?

    Avatar
    BigDeesDad
    Member
    #366370

    Re: Router on a stick and Nat on a Stick

    Yes 100 hosts on a VLAN is easily accomodated if you have the interface capacity. As long as you are not using any applications that “broadcast” then you should be ok.

    Cisco recommend up to 1000 devices per VLAN if used with “normal” IP traffic, being non broadcast.

    Avatar
    kevinguerreiro
    Participant
    #350491

    Re: Router on a stick and Nat on a Stick

    Well thanx for you time helping me, and other users that may have the same problems. Anyway probably you can help me a little more, now that you have my config, how would you do to block comunication beetween vlan 30 and vlan 10 ?

    EDIT: Well i’m having a probem. i have connected the adsl router cable to the switch in vlan 10 that is in subnet 192.168.1.0, and if i connect a pc to that vlan i cannot ping the router, but, i have a pc connected directly to the adsl router and i can ping the vlan gateway, that is 192.168.1.10, it so strange, why someone out of the vlan can ping the vlan gateway, and connected directly to the vlan cant ping the router…can anyone help me ?

    regards
    Kevin

Viewing 11 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic.