Résolu : Routeur Cisco inaccessible au LAN

Translator · ‎16-02-2022

Salut,

Je ne suis pas familier avec la configuration des routeurs et j'ai suivi les étapes récapitulatives du site Cisco pour configurer un nouveau routeur Cisco 4221/K9 avec le logiciel IOS XE, version 16.12.03.

Mon réseau local comporte 2 sous-réseaux, 192.168.0.0/24 et 192.168.1.0/24. Ce dernier est le sous-réseau avec mes périphériques réseau, y compris l'interface orientée LAN du routeur : 192.168.1.1.

Après les configurations de base, j'ai pu envoyer une requête ping aux adresses externes, y compris mon DNS et la passerelle par défaut du routeur sur 196.43.116.49 (toutes deux attribuées par le FAI), mais je ne peux pas envoyer de requête ping aux adresses internes. Je ne peux pas non plus envoyer de requête ping au routeur à partir du réseau local. Je ne suis pas sûr de ma configuration NAT, mais quelque part il doit y avoir une erreur ou une omission.

S'il vous plaît aidez-moi ! ! ! Voici ma configuration en cours :

Router#show run
Building configuration...


Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
!
!
!
!
!
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
ip dhcp excluded-address 192.168.1.0
ip dhcp excluded-address 192.168.1.255 255.255.255.255
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
!
domain permit
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
!
!
!
!
!
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
!
!
no crypto ikev2 diagnose error
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
ip nat inside source list NAT_THESE_ADDRESSES pool net-208 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
!
ip access-list standard NAT_THESE_ADDRESSES
!
!
!
!
!
!
!
control-plane
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
!
!
!
!
!
netconf-yang
netconf-yang feature candidate-datastore
end

Merci pour l'aide

Translator · ‎16-02-2022

Bonjour,

Apportez les modifications indiquées en gras :

Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
--> no ip dhcp excluded-address 192.168.1.0
--> no ip dhcp excluded-address 192.168.1.255 255.255.255.255
--> ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
subscriber templating
!
multilink bundle-name authenticated
!
domain permit
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
no crypto ikev2 diagnose error
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
--> no ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
--> no ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
netconf-yang
netconf-yang feature candidate-datastore
end

Voir la solution dans l'envoi d'origine

Translator · ‎16-02-2022

Bonjour,

Apportez les modifications indiquées en gras :

Current configuration : 5887 bytes
!
! Last configuration change at 06:58:17 UTC Wed Feb 16 2022 by admin
!
version 16.12
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform inspect match-statistics per-filter
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
vrf definition 65528
!
address-family ipv4
exit-address-family
!
logging buffered 262144
no logging rate-limit
!
no aaa new-model
fhrp version vrrp v3
no ip source-route
!
ip name-server 196.43.100.37 41.190.32.21
no ip dhcp use class
--> no ip dhcp excluded-address 192.168.1.0
--> no ip dhcp excluded-address 192.168.1.255 255.255.255.255
--> ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool WEBUIPool
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
no ip igmp ssm-map query dns
login on-success log
ipv6 unicast-routing
!
subscriber templating
!
multilink bundle-name authenticated
!
domain permit
!
crypto pki trustpoint TP-self-signed-157559341
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-157559341
revocation-check none
rsakeypair TP-self-signed-157559341
!
license udi pid ISR4221/K9 sn FGL2521L7FL
no license smart enable
memory free low-watermark processor 67180
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 secret 9 $14$fRWB$mo5V/T24gf8FDk$27FQF0sQFFispPzzmkE8crWP0RpC2.PZy6qKZYmGhCM
username cisco password 7 08705F5C5D4B5746
!
redundancy
mode none
!
no crypto ikev2 diagnose error
!
interface Loopback65528
vrf forwarding 65528
ip address 192.168.1.1 255.255.255.255
!
interface GigabitEthernet0/0/0
description GE interface to WAN
ip address 196.43.116.50 255.255.255.0
ip nat outside
negotiation auto
!
interface GigabitEthernet0/0/1
description GE interface to LAN
ip address 192.168.1.1 255.255.255.252
ip nat inside
negotiation auto
!
--> no ip default-gateway 196.43.116.49
ip forward-protocol nd
ip http server
ip http port 8080
ip http access-class 20
ip http authentication local
ip http secure-server
ip http max-connections 10
ip http timeout-policy idle 60 life 120 requests 100
ip http client source-interface GigabitEthernet0/0/1
ip http client proxy-server server1 proxy-port 52
ip http path slot1:
ip nat route vrf 65528 0.0.0.0 0.0.0.0 global
no ip nat service skinny tcp port 2000
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
no ip nat service H225
no ip nat service ras
no ip nat service rtsp udp
no ip nat service rtsp tcp
no ip nat service dns tcp
no ip nat service dns udp
no ip nat service netbios-ns tcp
no ip nat service netbios-ns udp
no ip nat service netbios-ssn
no ip nat service netbios-dgm
no ip nat service ldap
no ip nat service sunrpc udp
no ip nat service sunrpc tcp
no ip nat service msrpc tcp
no ip nat service tftp
no ip nat service rcmd
no ip nat service pptp
no ip nat service ftp
no ip nat service gatekeeper
no ip nat service dns-reset-ttl
--> no ip nat pool net-208 192.168.0.0 192.168.1.254 netmask 255.255.0.0
ip nat inside source static 192.168.1.1 196.43.116.50
--> ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 196.43.116.49
ip ssh version 2
ip scp server enable
!
--> access-list 1 permit 192.168.1.0 0.0.0.255
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
line con 0
login local
transport input none
stopbits 1
line aux 0
login local
stopbits 1
line vty 0 4
login local
transport input ssh
line vty 5 80
login local
transport input ssh
!
netconf-yang
netconf-yang feature candidate-datastore
end

Translator · ‎16-02-2022

Succès doux. Je peux maintenant envoyer une requête ping à toutes les adresses locales et globales à partir de mon réseau local, à l'exception de la passerelle par défaut de mon adresse IP publique pour une raison quelconque. Je dispose désormais d'un accès Internet via le routeur. Merci beaucoup

Translator · ‎16-02-2022

description GE interface to LAN
ip address 192.168.1.1 255.255.255.252

Vous avez dit que ce réseau était un /24, pourquoi avez-vous configuré l'interface en tant que /30 ?

Avez-vous mélangé les masques pour les interfaces WAN et LAN ?

Translator · ‎22-02-2022

Je dois rectifier ce masque dans la NAT, car je n’utilise que 2 adresses dans ce sous-réseau. Le reste du réseau local se trouve dans le réseau 192.168.0.0. Mais depuis que ça fonctionne, je ne suis pas à l'aise quand il s'agit d'apporter d'autres changements de peur de me retrouver dans une solution

Routeur Cisco inaccessible au LAN

Liens rapides