cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1338
Views
0
Helpful
7
Replies

There is no internet access

mekkid
Level 1
Level 1

Hi, 

I have this configuration in my router 892FSP, please help.

 

Thanks.

 

Rcmei#show run

Building configuration...

hostname Rcmei

boot-start-marker

boot-end-marker

enable secret 5 $1$cW.E$31y5zTBLNIn1D8BjGV.l1.

enable password 7 125C54474328010123

no aaa new-model

!

ip dhcp excluded-address 190.160.254.1 190.160.254.50

ip dhcp excluded-address 192.168.10.1 192.168.10.50

!

ip dhcp pool LocalDHCP

 network 192.168.10.0 255.255.255.0

 default-router 192.168.10.1

 dns-server 192.168.10.1

!

ip dhcp pool vlan 2

 network 190.160.254.0 255.255.255.0

 dns-server 190.160.254.1

 default-router 190.160.254.1

!

ip domain name cmei.local

ip name-server 8.8.8.8

ip name-server 8.8.4.4

ip cef

no ipv6 cef

 

cts logging verbose

license udi pid C892FSP-K9 sn FJC2027L16W

license accept end user agreement

license boot module c800 level advsecurity

!

interface GigabitEthernet0

 no ip address

!

interface GigabitEthernet1

 no ip address

!

interface GigabitEthernet2

 no ip address

!

interface GigabitEthernet3

 no ip address

!

interface GigabitEthernet4

 no ip address

!

interface GigabitEthernet5

 no ip address

!

interface GigabitEthernet6

 switchport access vlan 2

 no ip address

!

interface GigabitEthernet7

 switchport access vlan 2

 no ip address

!

interface GigabitEthernet8

 no ip address

 duplex auto

 speed auto

!

interface GigabitEthernet9

 ip address dhcp

 ip access-group SSH in

 ip nat outside

 ip virtual-reassembly in

 duplex auto

 speed auto

!

interface Vlan1

 ip address 192.168.10.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

!

interface Vlan2

 ip address 190.160.254.1 255.255.255.0

 ip access-group DenyV2 in

 ip nat inside

 ip virtual-reassembly in

!

ip forward-protocol nd

ip http server

ip http authentication local

ip http secure-server

!

ip dns server

ip nat inside source list 1 interface GigabitEthernet9 overload

ip nat inside source list 2 interface GigabitEthernet9 overload

!

ip access-list extended DenyV2

 permit ip host 190.160.254.1 any

 deny   ip 190.160.254.0 0.0.0.255 192.168.10.0 0.0.0.255

 permit ip any any

ip access-list extended SSH

 permit tcp any any established

 permit tcp any any

 permit tcp any any eq 22

!

!

snmp-server community public RO

access-list 1 permit 192.168.10.0 0.0.0.255

access-list 2 permit 190.160.254.0 0.0.0.255

!

mgcp behavior rsip-range tgcp-only

mgcp behavior comedia-role none

mgcp behavior comedia-check-media-src disable

mgcp behavior comedia-sdp-force disable

!

mgcp profile default

!

 vstack

!

line con 0

 no modem enable

line aux 0

line vty 0 4

 password 7 125C54474328010123

 login local

 transport input ssh

line vty 5 15

 login local

 transport input ssh

!

1 Accepted Solution

Accepted Solutions

that make sense after close look again your config,  those config your looking need to be applied in VTY lines if you looking to control SSH connection, not on Interfacing interface..

 

Do you see any other issues or is this resolved now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

7 Replies 7

balaji.bandi
Hall of Fame
Hall of Fame

Try below changes  and test and advise :  ( is provider give you this IP range  ? 190.160.254.0/24 ?)

 

ip dhcp pool LocalDHCP
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 8.8.8.8

!

ip dhcp pool vlan 2
network 190.160.254.0 255.255.255.0
dns-server 8.8.8.8
default-router 190.160.254.1

!

ip nat inside source list 1 interface GigabitEthernet9 overload    <-- (not sure why you need 2 ACL you can club both in same ACL 1)
ip nat inside source list 2 interface GigabitEthernet9 overload

 

 

Still not working, is the user able to get DHCP IP ?

 

post below information along with configuration

 

show run

show ip interface brief

show ip route

 

 

ip route 0.0.0.0 0.0.0.0 GigabitEthernet9 dhcp

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thank you for your replay,

The provider give me DHCP address, my initial configuration worked perfectly, it is after when I configured ACL DenyV2 and I configured my SSH server.

 

Rcmei#show run
Building configuration...

Current configuration : 3076 bytes
!
! Last configuration change at 16:11:08 UTC Mon Feb 22 2021
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname Rcmei
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 $1$cW.E$31y5zTBLNIn1D8BjGV.l1.
enable password 7 125C54474328010123
!
no aaa new-model
!
!
!
!
!
!
!
ip dhcp excluded-address 190.160.254.1 190.160.254.50
ip dhcp excluded-address 192.168.10.1 192.168.10.50
!
ip dhcp pool LocalDHCP
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.1
!
ip dhcp pool vlan 2
network 190.160.254.0 255.255.255.0
dns-server 190.160.254.1
default-router 190.160.254.1
!
!
!
ip domain name cmei.local
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip cef
no ipv6 cef
!
!
!
!
!
!
!
!
!
!
!
!
cts logging verbose
license udi pid C892FSP-K9 sn FJC2027L16W
license accept end user agreement
license boot module c800 level advsecurity
!
!
username MYNAME privilege 15 secret 5 $1$sbDR$yVmwrsO8DcFiJYL3qweBR/
username itm password 7 125C261A17025D547B
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0
no ip address
spanning-tree portfast
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
switchport access vlan 2
no ip address
!
interface GigabitEthernet7
switchport access vlan 2
no ip address
!
interface GigabitEthernet8
no ip address
duplex auto
speed auto
!
interface GigabitEthernet9
ip address dhcp
ip access-group SSH in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
ip address 190.160.254.1 255.255.255.0
ip access-group DenyV2 in
ip nat inside
ip virtual-reassembly in
!
interface Vlan254
no ip address
ip access-group 101 in
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip dns server
ip nat inside source list 1 interface GigabitEthernet9 overload
ip nat inside source list 2 interface GigabitEthernet9 overload
!
ip access-list extended DenyV2
permit ip host 190.160.254.1 any
deny ip 190.160.254.0 0.0.0.255 192.168.10.0 0.0.0.255
permit ip any any
ip access-list extended SSH
permit tcp any any established
permit tcp any any
permit tcp any any eq 22
!
!
snmp-server community public RO
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 2 permit 190.160.254.0 0.0.0.255
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
vstack
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 125C54474328010123
login local
transport input ssh
line vty 5 15
login local
transport input ssh
!
scheduler allocate 20000 1000
!
!
!
end

Rcmei#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0 unassigned YES unset up up
GigabitEthernet1 unassigned YES unset down down
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset down down
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset down down
GigabitEthernet6 unassigned YES unset down down
GigabitEthernet7 unassigned YES unset up up
GigabitEthernet8 unassigned YES NVRAM down down
GigabitEthernet9 unassigned YES DHCP up up
NVI0 unassigned YES unset administratively down down
Vlan1 192.168.10.1 YES NVRAM up up
Vlan2 190.160.254.1 YES NVRAM up up
Vlan254 unassigned YES unset down down

 

Rcmei#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override

Gateway of last resort is not set

190.160.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 190.160.254.0/24 is directly connected, Vlan2
L 190.160.254.1/32 is directly connected, Vlan2
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan1
L 192.168.10.1/32 is directly connected, Vlan1

ip access-list extended DenyV2  - remove this and confirm all working

 

then explain what you looking to do with this ACL, you do not like each other IP address to communicated ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

The problem is in this line, once I deleted it, my internet connection returned

 

ip access-group SSH in

 

that make sense after close look again your config,  those config your looking need to be applied in VTY lines if you looking to control SSH connection, not on Interfacing interface..

 

Do you see any other issues or is this resolved now.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks, it working now

Review Cisco Networking for a $25 gift card