02-21-2021 08:44 PM
Hi,
I have this configuration in my router 892FSP, please help.
Thanks.
Rcmei#show run
Building configuration...
hostname Rcmei
boot-start-marker
boot-end-marker
enable secret 5 $1$cW.E$31y5zTBLNIn1D8BjGV.l1.
enable password 7 125C54474328010123
no aaa new-model
!
ip dhcp excluded-address 190.160.254.1 190.160.254.50
ip dhcp excluded-address 192.168.10.1 192.168.10.50
!
ip dhcp pool LocalDHCP
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.1
!
ip dhcp pool vlan 2
network 190.160.254.0 255.255.255.0
dns-server 190.160.254.1
default-router 190.160.254.1
!
ip domain name cmei.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
cts logging verbose
license udi pid C892FSP-K9 sn FJC2027L16W
license accept end user agreement
license boot module c800 level advsecurity
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
switchport access vlan 2
no ip address
!
interface GigabitEthernet7
switchport access vlan 2
no ip address
!
interface GigabitEthernet8
no ip address
duplex auto
speed auto
!
interface GigabitEthernet9
ip address dhcp
ip access-group SSH in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
ip address 190.160.254.1 255.255.255.0
ip access-group DenyV2 in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet9 overload
ip nat inside source list 2 interface GigabitEthernet9 overload
!
ip access-list extended DenyV2
permit ip host 190.160.254.1 any
deny ip 190.160.254.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip any any
ip access-list extended SSH
permit tcp any any established
permit tcp any any
permit tcp any any eq 22
!
!
snmp-server community public RO
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 permit 190.160.254.0 0.0.0.255
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
vstack
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 125C54474328010123
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
Solved! Go to Solution.
02-22-2021 12:48 PM
that make sense after close look again your config, those config your looking need to be applied in VTY lines if you looking to control SSH connection, not on Interfacing interface..
Do you see any other issues or is this resolved now.
02-22-2021 02:34 AM
Try below changes and test and advise : ( is provider give you this IP range ? 190.160.254.0/24 ?)
ip dhcp pool LocalDHCP
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8
!
ip dhcp pool vlan 2
network 190.160.254.0 255.255.255.0
dns-server 8.8.8.8
default-router 190.160.254.1
!
ip nat inside source list 1 interface GigabitEthernet9 overload <-- (not sure why you need 2 ACL you can club both in same ACL 1)
ip nat inside source list 2 interface GigabitEthernet9 overload
Still not working, is the user able to get DHCP IP ?
post below information along with configuration
show run
show ip interface brief
show ip route
ip route 0.0.0.0 0.0.0.0 GigabitEthernet9 dhcp
02-22-2021 08:36 AM
Thank you for your replay,
The provider give me DHCP address, my initial configuration worked perfectly, it is after when I configured ACL DenyV2 and I configured my SSH server.
Rcmei#show run
Building configuration...
Current configuration : 3076 bytes
!
! Last configuration change at 16:11:08 UTC Mon Feb 22 2021
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Rcmei
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$cW.E$31y5zTBLNIn1D8BjGV.l1.
enable password 7 125C54474328010123
!
no aaa new-model
!
!
!
!
!
!
!
ip dhcp excluded-address 190.160.254.1 190.160.254.50
ip dhcp excluded-address 192.168.10.1 192.168.10.50
!
ip dhcp pool LocalDHCP
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.1
!
ip dhcp pool vlan 2
network 190.160.254.0 255.255.255.0
dns-server 190.160.254.1
default-router 190.160.254.1
!
!
!
ip domain name cmei.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
cts logging verbose
license udi pid C892FSP-K9 sn FJC2027L16W
license accept end user agreement
license boot module c800 level advsecurity
!
!
username MYNAME privilege 15 secret 5 $1$sbDR$yVmwrsO8DcFiJYL3qweBR/
username itm password 7 125C261A17025D547B
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0
no ip address
spanning-tree portfast
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
switchport access vlan 2
no ip address
!
interface GigabitEthernet7
switchport access vlan 2
no ip address
!
interface GigabitEthernet8
no ip address
duplex auto
speed auto
!
interface GigabitEthernet9
ip address dhcp
ip access-group SSH in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
ip address 190.160.254.1 255.255.255.0
ip access-group DenyV2 in
ip nat inside
ip virtual-reassembly in
!
interface Vlan254
no ip address
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet9 overload
ip nat inside source list 2 interface GigabitEthernet9 overload
!
ip access-list extended DenyV2
permit ip host 190.160.254.1 any
deny ip 190.160.254.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip any any
ip access-list extended SSH
permit tcp any any established
permit tcp any any
permit tcp any any eq 22
!
!
snmp-server community public RO
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 permit 190.160.254.0 0.0.0.255
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
vstack
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 125C54474328010123
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
scheduler allocate 20000 1000
!
!
!
end
02-22-2021 08:38 AM
Rcmei#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES unset up up
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset up up
GigabitEthernet8 unassigned YES NVRAM down down
GigabitEthernet9 unassigned YES DHCP up up
NVI0 unassigned YES unset administratively down down
Vlan1 192.168.10.1 YES NVRAM up up
Vlan2 190.160.254.1 YES NVRAM up up
Vlan254 unassigned YES unset down down
Rcmei#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override
Gateway of last resort is not set
190.160.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 190.160.254.0/24 is directly connected, Vlan2
L 190.160.254.1/32 is directly connected, Vlan2
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan1
L 192.168.10.1/32 is directly connected, Vlan1
02-22-2021 09:51 AM
ip access-list extended DenyV2 - remove this and confirm all working
then explain what you looking to do with this ACL, you do not like each other IP address to communicated ?
02-22-2021 10:16 AM
The problem is in this line, once I deleted it, my internet connection returned
ip access-group SSH in
02-22-2021 12:48 PM
that make sense after close look again your config, those config your looking need to be applied in VTY lines if you looking to control SSH connection, not on Interfacing interface..
Do you see any other issues or is this resolved now.
02-23-2021 05:59 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide