Solucionado: Re: Roteador Cisco não alcançável para LAN

Translator · ‎02-16-2022

Olá,

Sou novo na configuração do roteador e basicamente tenho seguido as etapas de resumo no site da Cisco para configurar um novo roteador Cisco 4221/K9 com software IOS XE, versão 16.12.03. Minha LAN tem 2 sub-redes, 192.168.0.0/24 e 192.168.1.0/24. Esta última é a sub-rede com meus dispositivos de rede, incluindo a interface do roteador para a LAN: 192.168.1.1. Após as configurações básicas, pude fazer ping em endereços externos, incluindo o DNS e o gateway padrão do roteador em 196.43.116.49 (ambos atribuídos pelo ISP), mas não é possível fazer ping em nenhum endereço interno. Também não consigo fazer ping no roteador a partir da LAN. Não tenho certeza da minha configuração de NAT, mas em algum lugar deve haver um erro ou omissão. Por favor, ajude!! Abaixo está minha configuração atual:

Router#show run
Building configuration...


Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
!
!
!
!
!
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
ip dhcp excluded-address 192.168.1.0
ip dhcp excluded-address 192.168.1.255 255.255.255.255
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
!
domain permit
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
!
!
!
!
!
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
!
!
no crypto ikev2 diagnose error
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
ip nat inside source list NAT_THESE_ADDRESSES pool net-208 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
!
ip access-list standard NAT_THESE_ADDRESSES
!
!
!
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
!
!
!
!
!
netconf-yang
netconf-yang feature candidate-datastore
end

Obrigado pela ajuda

Translator · ‎02-16-2022

Saudação,

faça as alterações marcadas em negrito:

Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
--> no ip dhcp excluded-address 192.168.1.0
--> no ip dhcp excluded-address 192.168.1.255 255.255.255.255
--> ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
subscriber templating
!
multilink bundle-name authenticated
!
domain permit
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
no crypto ikev2 diagnose error
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
--> no ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
--> no ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
netconf-yang
netconf-yang feature candidate-datastore
end

Ver solução na publicação original

Translator · ‎02-16-2022

Saudação,

faça as alterações marcadas em negrito:

Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
--> no ip dhcp excluded-address 192.168.1.0
--> no ip dhcp excluded-address 192.168.1.255 255.255.255.255
--> ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
subscriber templating
!
multilink bundle-name authenticated
!
domain permit
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
no crypto ikev2 diagnose error
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
--> no ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
--> no ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
netconf-yang
netconf-yang feature candidate-datastore
end

Translator · ‎02-16-2022

Sucesso! Agora posso fazer ping em todos os endereços locais e globais de dentro da minha LAN, exceto no gateway padrão do meu IP público por algum motivo. Agora, também tenho acesso à Internet via roteador. Muito obrigado

Translator · ‎02-16-2022

description GE interface to LAN
ip address 192.168.1.1 255.255.255.252

Você disse que essa rede era /24. Por que você configurou a interface como /30?

Você misturou as máscaras para as interfaces WAN e LAN?

Translator · ‎02-22-2022

Precisarei retificar essa máscara no NAT porque tenho apenas dois endereços que uso nessa sub-rede. O restante da LAN está na rede 192.168.0.0. Mas como está funcionando, estou inquieto por fazer mais mudanças, para não me encontrar em conserto de novo

Roteador Cisco não alcançável para LAN

Quick links