取消
显示结果 
搜索替代 
您的意思是: 
cancel
10426
查看次数
1
有帮助
5
回复

[求助]ISR C1111-4P 配置问题

sampsonlor
Level 1
Level 1
最近准备用ISR C1111-4P作为家庭网关。初次接触Cisco的ISR路由,不是很熟悉。内网网段192.168.1.0/24, 路由器Vlan 1 设置为192.168.1.254作为网桥关联 gig 0/1/0 - 3端口,外网口为小区网静态地址192.168.1218.81/24。按照手册尝试配置完成DHCP,OSPF以及NAT后,内网地址都可以ping通,同时ping测试用gig 0/0/0口的192.168.5.1地址也没有问题。但是仍然无法上外网。
配置是参考原来Cisco RV320的Wan口设置的,除静态地址以外,还设置了一个网关地址为192.168.128.254。不知道是不是这个原因,如果是的话,ISR上应该怎么设置呢?
190146blowk1hyjnelno1w.png
配置的时候本来打算靠IOS-XE的WebUI完成全部设置,但是无奈发现bug很多,不得不转回使用CLI,希望以后WebUI能多多改进。
以下是我的配置,还请各位大牛不吝赐教。谢谢。
Building configuration...
Current configuration : 5304 bytes
!
! Last configuration change at 10:34:03 UTC Thu Jul 2 2020 by admin
!
version 16.9
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname C1111-4P
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
ip name-server 202.101.224.69
ip domain name home.com
ip dhcp excluded-address 192.168.1.0
ip dhcp excluded-address 192.168.1.255 255.255.255.255
!
ip dhcp pool V4List
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 202.101.224.69
!
!
!
login on-success log
ipv6 unicast-routing
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-350757299
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-350757299
revocation-check none
rsakeypair TP-self-signed-350757299
!
!
crypto pki certificate chain TP-self-signed-350757299
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33353037 35373239 39301E17 0D323030 37303131 33333235
375A170D 33303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3335 30373537
32393930 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
82010100 A63CB6E7 9B983F33 D93303CC 39238C3E 22615800 555F3FC2 A3AA1C5B
226971D7 BD3044E2 3846894F 88BA6A99 2F111377 BD0EF799 EC3F14BE 5698893A
80004F20 2E8C122C 9E7BE0A7 72B9B474 0272FEC3 76083918 6099545E 9CA828EB
0AB51439 2C756044 31728E65 AF99132B EA562946 D6B088FD 9C5E0BBF F8666C66
3417B6B9 3C4A819C 1080092A 34C01B4F FBDEA2D6 4C72EA03 EBC8CA25 94620424
48201795 224A3B2F B5DFEC22 0097056A E3B6A638 16CE9384 6C2C37A7 3B61941D
45644BF7 DD7B00BE 3A6B420F 7C9C125F CA76EC2F 9754A841 54ABBAD8 A973AC2D
FCA79443 16DAB48D 05F0DD7B DE9C1A20 0C07D454 9C84BC25 85FE8BDC CA807FBA
6EC56327 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F
0603551D 23041830 1680145A 751D7AA6 95521F55 C91BEC35 65CCF383 070ADE30
1D060355 1D0E0416 04145A75 1D7AA695 521F55C9 1BEC3565 CCF38307 0ADE300D
06092A86 4886F70D 01010505 00038201 010065F0 F395B5F6 0EA7FD50 1162DCF4
DDA8DC8C 7ED3AE69 88756941 8496F2D7 0D395302 7EFCA3FB 860C5AD6 3651C47C
938D88D4 06547DC8 14E3D18A BD7877E6 41DB6CCC 2698BEEB 73A69F9D 9F1B5795
36C35446 00816B6D B4D2D30E 0B4CF0B7 8F7EC3EF F1FDA726 DD5DA91A 158ABB8A
6DDF42D3 21261C54 D61C89AC 70F7C34A A178A0C4 F4E5266B D60E04D0 40007A1C
4864317F 353B1129 DCC7C478 6826105C 96A298A5 D7188188 F87B6C9D 3A7EBDBB
9A479185 05679C39 98571F9A 0A35053F 9D484EBC 878E3EF3 1760DEF1 1BB3AE41
12425815 599B3CD6 5803A849 954880EC 4E6F564A 0853F742 814BA762 3CCEC26D
F5B9448A 75E7C8D5 1B6EA0E2 F9EFA2FC FFC8
quit
!
license udi pid C1111-4P sn FGL2415LMTW
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
username admin privilege 15 password 0 86201172
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
!
!
!
!
!
interface Loopback0
description Management Address
ip address 192.168.254.1 255.255.255.255
!
interface GigabitEthernet0/0/0
ip address 192.168.5.1 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
ip dhcp relay information trusted
ip address 192.168.128.81 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
ip access-group IPV4Inbound in
ip access-group IPV4Outbound out
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip access-group IPV4Inbound in
ip access-group IPV4Outbound out
!
router ospf 1
router-id 192.168.254.1
network 192.168.1.0 0.0.0.255 area 1
network 192.168.5.0 0.0.0.255 area 1
network 192.168.121.0 0.0.0.255 area 1
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 600 requests 25
ip nat pool NAT 192.168.128.81 192.168.128.81 netmask 255.255.255.1
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip nat inside source route-map track-secondary-if interface GigabitEthernet0/0/0 overload
ip nat inside source list 1 pool NAT
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 track 1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 253
!
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
ip sla schedule 1 life forever start-time now
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 permit any
ip access-list extended 197
permit ip any any
!
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/1
!
route-map track-secondary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0
access-class 1 in
login local
length 0
transport input ssh
line vty 1 5
access-class 1 in
login local
transport input ssh
!
ntp server ciscome.pool.ntp.org prefer source GigabitEthernet0/1/0
!
!
!
!
!
end

5 条回复5

sampsonlor
Level 1
Level 1
自己解决了
全局配置 ip route 0.0.0.0 0.0.0.0 192.168.128.254
新问题是,如果我需要用两个WAN口,怎么让上面这条配置只对其中一个WAN生效呢?

jiahao xian
Level 1
Level 1
策略路由咯

sampsonlor
Level 1
Level 1
xjh1108lxn1128 发表于 2020-7-8 14:32
策略路由咯

谢谢~
准备过几天上双WAN,再研究下具体怎么配置负载均衡

xingzhetan
Level 1
Level 1
浮动路由可以吧!

bo chen
Spotlight
Spotlight
sampsonlor 发表于 2020-7-2 23:23
自己解决了
全局配置 ip route 0.0.0.0 0.0.0.0 192.168.128.254

写两条默认路由,然后再第二条默认路由后面加一个优先级就可以了。
快捷链接