取消
显示结果 
搜索替代 
您的意思是: 
cancel
2020
查看次数
0
有帮助
9
回复

2900series路由器无法访问网络

longlong_liu
Spotlight
Spotlight

出口设备---core---接入设备---客户端;现在出口设备需要做一个冷备,设备为CISCO2921/K9,配置后无法访问外网。情况如下:

1:客户端可以ping通出口设备的WAN口;反之,出口设备能ping通下面任意客户端;

2:出口设备开启debug ip nat, 发现客户端的数据有被nat转换;

3:出口设备直接ping电信网关,发现不通(问题应该在这里,不知道为什么不通,在模拟软件上测试结果是正常;)

4:关于Dialer1和Virtual-Template1这两个接口是否需要配置?

谢谢!!!

出口设备配置如下:


NG_route#show run
Building configuration.

Current configuration : 4661 bytes
! Last configuration change at 07:56:17 UTC Fri Jul 28 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NG_route
!
boot-start-marker
boot-end-marker
!
!
interface GigabitEthernet0/1
description WAN
ip address 36.7.84.10 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
description LAN
ip address 192.192.192.2 255.255.255.252
ip nat inside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
!
ip nat pool isp 36.7.84.10 36.7.84.10 netmask 255.255.255.0
ip nat inside source list NG_ACL pool isp overload
ip nat inside source static tcp 192.100.200.5 7500 36.7.84.11 7500 extendable
ip nat inside source static udp 192.100.200.5 7500 36.7.84.11 7500 extendable
ip nat inside source static tcp 192.121.200.171 8000 36.7.84.16 8000 extendable
ip nat inside source static tcp 192.121.200.90 8089 36.7.84.16 8089 extendable
ip nat inside source static tcp 192.121.200.28 9100 36.7.84.16 9100 extendable
ip nat inside source static tcp 192.121.200.247 1433 36.7.84.16 9500 extendable
ip nat inside source static tcp 192.107.200.20 3389 36.7.84.20 3389 extendable
ip nat inside source static tcp 1.1.1.3 4444 36.7.84.20 4444 extendable
ip route 0.0.0.0 0.0.0.0 36.7.84.1
ip route 192.100.200.0 255.255.255.0 192.192.192.1
ip route 192.101.200.0 255.255.255.0 192.192.192.1
ip route 192.102.200.0 255.255.255.0 192.192.192.1
ip route 192.103.200.0 255.255.255.0 192.192.192.1
ip route 192.104.200.0 255.255.255.0 192.192.192.1
ip route 192.105.200.0 255.255.255.0 192.192.192.1
ip route 192.106.200.0 255.255.255.0 192.192.192.1
ip route 192.107.200.0 255.255.255.0 192.192.192.1
ip route 192.108.200.0 255.255.255.0 192.192.192.1
ip route 192.109.200.0 255.255.255.0 192.192.192.1
ip route 192.110.200.0 255.255.255.0 192.192.192.1
ip route 192.111.200.0 255.255.255.0 192.192.192.1
ip route 192.112.200.0 255.255.255.0 192.192.192.1
ip route 192.113.200.0 255.255.255.0 192.192.192.1
ip route 192.114.200.0 255.255.255.0 192.192.192.1
ip route 192.115.200.0 255.255.255.0 192.192.192.1
ip route 192.116.200.0 255.255.255.0 192.192.192.1
ip route 192.117.200.0 255.255.255.0 192.192.192.1
ip route 192.118.200.0 255.255.255.0 192.192.192.1
ip route 192.119.200.0 255.255.255.0 192.192.192.1
ip route 192.120.200.0 255.255.255.0 192.192.192.1
ip route 192.121.200.0 255.255.255.0 192.192.192.1
ip route 192.122.200.0 255.255.255.0 192.192.192.1
!
ip access-list extended NG_ACL
permit ip 192.100.200.0 0.0.0.255 any
permit ip 192.101.200.0 0.0.0.255 any
permit ip 192.102.200.0 0.0.0.255 any
permit ip 192.103.200.0 0.0.0.255 any
permit ip 192.104.200.0 0.0.0.255 any
permit ip 192.105.200.0 0.0.0.255 any
permit ip 192.106.200.0 0.0.0.255 any
permit ip 192.107.200.0 0.0.0.255 any
permit ip 192.108.200.0 0.0.0.255 any
permit ip 192.109.200.0 0.0.0.255 any
permit ip 192.110.200.0 0.0.0.255 any
permit ip 192.111.200.0 0.0.0.255 any
permit ip 192.112.200.0 0.0.0.255 any
permit ip 192.113.200.0 0.0.0.255 any
permit ip 192.114.200.0 0.0.0.255 any
permit ip 192.115.200.0 0.0.0.255 any
permit ip 192.116.200.0 0.0.0.255 any
permit ip 192.117.200.0 0.0.0.255 any
permit ip 192.118.200.0 0.0.0.255 any
permit ip 192.119.200.0 0.0.0.255 any
permit ip 192.120.200.0 0.0.0.255 any
permit ip 192.121.200.0 0.0.0.255 any
permit ip 192.122.200.0 0.0.0.255 any
permit ip 192.123.200.0 0.0.0.255 any
permit ip 192.192.192.1 0.0.0.2 any
!
control-plane
!
end

9 条回复9

Translator
Community Manager
Community Manager

Hello,

您能ping通默认网关36.7.84.1吗?并将网络192.192.192.2 255.255.255.252添加到ACL NG_ACL中。没有它,网络将无法对流量进行NAT。 

BR

路由器接上后,ping不通电信网关(‘’出口路由---核心交换--接入层‘’这部分都是正常,路由能ping通主机,主机也能ping路由),通过show ip nat tra 查看,已经nat出去了,但是不知道为什么网关:36.7.84.1就是不通。  192.192.192.2这个ip已经加入到NG_ACL中(上面忘记写了)。   

Translator
Community Manager
Community Manager

你好@DanielP211,

您已使用IP添加192.100.200.0/24和192.101.200.0/24来配置NG_ACL。它似乎是您的LAN。

您还有Gi0/2(此IP为[192.192.192.0/30]),它似乎是LAN端?

然后,向您的两个LAN添加ip route

ip route 192.100.200.0 255.255.255.0 192.192.192.1

ip route 192.101.200.0 255.255.255.0 192.192.192.1

 

 

下午好。  出口路由---核心交换--接入层  这部分都是通的,就是出不去。   我想知道的是,2921路由器的license到期了,是否会对网络有影响。谢谢

Translator
Community Manager
Community Manager

Hello,

NAT配置也不正确。确保您的配置仅包含以下行:

interface GigabitEthernet0/1
ip address 36.7.84.10 255.255.255.0
ip nat outside
!
interface GigabitEthernet0/2
ip address 192.192.192.2 255.255.255.252
ip nat inside
!
ip nat pool isp 36.7.84.10 36.7.84.10 netmak 255.255.255.0
ip nat inside source list NG_ACL pool isp overload
!
ip access-list extended NG_ACL
permit ip 192.100.200.0 0.0.0.255 any
permit ip 192.101.200.0 0.0.0.255 any
permit ip 192.123.200.0 0.0.0.255 any
!
ip route 0.0.0.0 0.0.0.0 36.7.84.1
ip route 192.0.0.0 255.0.0.0 192.192.192.1

配置如下:麻烦帮看下。谢谢。     我感觉配置没问题,不知道为什么36.7.84.1网关不通:


NG_route#show run
Building configuration...

Current configuration : 4661 bytes
!
! Last configuration change at 07:56:17 UTC Fri Jul 28 2023
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname NG_route
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 $1$F7Il$DqKM8AKRMzQISbOVoFZzo1
!
no aaa new-model
!
!
!
!
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
cts logging verbose
!
!
license udi pid CISCO2921/K9 sn FGL190210A9
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description WAN
no ip address
ip mtu 1400
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description WAN
ip address 36.7.84.10 255.255.255.0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
description LAN
ip address 192.192.192.2 255.255.255.252
ip nat inside
ip nat enable
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
!
ip nat pool isp 36.7.84.10 36.7.84.10 netmask 255.255.255.0
ip nat inside source list NG_ACL pool isp overload
ip nat inside source static tcp 192.100.200.5 7500 36.7.84.11 7500 extendable
ip nat inside source static udp 192.100.200.5 7500 36.7.84.11 7500 extendable
ip nat inside source static tcp 192.121.200.171 8000 36.7.84.16 8000 extendable
ip nat inside source static tcp 192.121.200.90 8089 36.7.84.16 8089 extendable
ip nat inside source static tcp 192.121.200.28 9100 36.7.84.16 9100 extendable
ip nat inside source static tcp 192.121.200.247 1433 36.7.84.16 9500 extendable
ip nat inside source static tcp 192.107.200.20 3389 36.7.84.20 3389 extendable
ip nat inside source static tcp 1.1.1.3 4444 36.7.84.20 4444 extendable
ip route 0.0.0.0 0.0.0.0 36.7.84.1
ip route 192.100.200.0 255.255.255.0 192.192.192.1
ip route 192.101.200.0 255.255.255.0 192.192.192.1
ip route 192.102.200.0 255.255.255.0 192.192.192.1
ip route 192.103.200.0 255.255.255.0 192.192.192.1
ip route 192.104.200.0 255.255.255.0 192.192.192.1
ip route 192.105.200.0 255.255.255.0 192.192.192.1
ip route 192.106.200.0 255.255.255.0 192.192.192.1
ip route 192.107.200.0 255.255.255.0 192.192.192.1
ip route 192.108.200.0 255.255.255.0 192.192.192.1
ip route 192.109.200.0 255.255.255.0 192.192.192.1
ip route 192.110.200.0 255.255.255.0 192.192.192.1
ip route 192.111.200.0 255.255.255.0 192.192.192.1
ip route 192.112.200.0 255.255.255.0 192.192.192.1
ip route 192.113.200.0 255.255.255.0 192.192.192.1
ip route 192.114.200.0 255.255.255.0 192.192.192.1
ip route 192.115.200.0 255.255.255.0 192.192.192.1
ip route 192.116.200.0 255.255.255.0 192.192.192.1
ip route 192.117.200.0 255.255.255.0 192.192.192.1
ip route 192.118.200.0 255.255.255.0 192.192.192.1
ip route 192.119.200.0 255.255.255.0 192.192.192.1
ip route 192.120.200.0 255.255.255.0 192.192.192.1
ip route 192.121.200.0 255.255.255.0 192.192.192.1
ip route 192.122.200.0 255.255.255.0 192.192.192.1
!
ip access-list extended NG_ACL
permit ip 192.100.200.0 0.0.0.255 any
permit ip 192.101.200.0 0.0.0.255 any
permit ip 192.102.200.0 0.0.0.255 any
permit ip 192.103.200.0 0.0.0.255 any
permit ip 192.104.200.0 0.0.0.255 any
permit ip 192.105.200.0 0.0.0.255 any
permit ip 192.106.200.0 0.0.0.255 any
permit ip 192.107.200.0 0.0.0.255 any
permit ip 192.108.200.0 0.0.0.255 any
permit ip 192.109.200.0 0.0.0.255 any
permit ip 192.110.200.0 0.0.0.255 any
permit ip 192.111.200.0 0.0.0.255 any
permit ip 192.112.200.0 0.0.0.255 any
permit ip 192.113.200.0 0.0.0.255 any
permit ip 192.114.200.0 0.0.0.255 any
permit ip 192.115.200.0 0.0.0.255 any
permit ip 192.116.200.0 0.0.0.255 any
permit ip 192.117.200.0 0.0.0.255 any
permit ip 192.118.200.0 0.0.0.255 any
permit ip 192.119.200.0 0.0.0.255 any
permit ip 192.120.200.0 0.0.0.255 any
permit ip 192.121.200.0 0.0.0.255 any
permit ip 192.122.200.0 0.0.0.255 any
permit ip 192.123.200.0 0.0.0.255 any
permit ip 192.192.192.1 0.0.0.2 any
!
!
!
!
control-plane
!
!
end

NG_route#

Translator
Community Manager
Community Manager

不,许可证到期不会影响…… 

Translator
Community Manager
Community Manager

@Translator 

从该路由器Ping 36.7.84.1是否正常?

是否可能在配置了IP 36.7.84.1的设备上转储流量?

问题不是由于许可证到期。

该路由设备ping不通网关36.7.84.1(该ip为运营商机房某ip), 且更换其他路由,访问网络则正常。   该路由器有gi0/0(rj45),0/1(sfp和rj45),gi0/2(rj45),和Aux接口,outside对于接口是否有要求?谢谢

快捷链接