Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
949
Views
0
Helpful
5
Replies

Can get IP address but no connectivity over port 2

Go to solution
Widget
Level 1
Level 1

‎03-28-2023 06:42 AM

I have the below on a cisco Catalyst C8200L-1N-4T. I can get an IP from the pool VoIP but I get no connectivity to the outside world. This is currently isolated from everything else as it would bring the network down.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
STD_NetWorld
Level 1
Level 1
In response to Widget

‎04-13-2023 04:49 AM

@Widget Got it, Thanks for the update.
I don't see NAT config on device, you may need to do NAT to route local-IP to public-ip for route traffic on internet.

 

!
ip access-list standard LAN_Pool
 permit 10.93.32.128 0.0.0.127
Exit
!
ip nat inside source list LAN_Pool interface Gi 0/0/1 overload
!
Int Gi0/0/2
ip nat inside
exit
!
Int Gi0/0/1
ip nat outside
exit
!

 

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Widget
Level 1
Level 1

‎03-28-2023 07:10 AM - last edited on ‎03-28-2023 09:05 PM by Community Manager

It looks like my config didn't attach. Here is the config I am working on:

 

Current configuration : 8896 bytes
!
! Last configuration change at 12:47:43 CDT Tue Mar 7 2023 by 1203123732
!
version 17.5
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname xxx
!
boot-start-marker
boot system flash:c2600-is-mz.123-25.bin
boot-end-marker
!
!
logging queue-limit 200
logging buffered 16000
!
no aaa new-model
clock timezone CDT -6 0
clock summer-time CDT recurring
!
!
!
!
!
!
!
ip name-server 208.103.92.5
ip dhcp excluded-address 10.93.32.129 10.93.32.135
!
ip dhcp pool VoIP
network 10.93.32.128 255.255.255.128
default-router 10.93.32.129
option 42 ip 10.93.32.129
dns-server 208.67.220.220 75.75.75.75 8.8.8.8
option 156 ascii "configServers=update.sky.shoretel.com,cloudDomain=sky.shoretel.com,layer2tagging=1"
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-1861671135
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1861671135
revocation-check none
rsakeypair TP-self-signed-1861671135
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-1861671135
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31383631 36373131 3335301E 170D3233 30333031 31333434
35365A17 0D333330 32323831 33343435 365A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 38363136
37313133 35308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 01009E8C D188D4F2 FFC16D61 1AAFF093 19DD5D77 FCA09C12 9EE8C8A9
EC681412 767468E1 C541938A F71A9474 97E94A5F 447A5AA7 E6F56792 40739FFC
F7C6C70A AC3DD9D7 9E9CB69C 10CA069D FD92CA86 294B120D B47A659B 8C9E3F4F
391F5606 3D56F620 122EC1BA 88031265 FAF468D3 5D7750B4 076A7BBB 462E6268
CE91825D 320B35FE 30A3E496 5A977E7F 02A6E340 05D6B453 948E7CF9 11757964
F2C52C89 95A99361 6C58D26B D1B31947 992F8424 7319D80C 4E383181 B708FD7C
FE7B1F48 90C5D4C8 94066193 8BB3AC02 958E851C D6FD36CE E0F9F364 9BF0CD98
96311406 199F60E7 EC50E835 9F8187DC A529DDE1 0936545A 6C70EC55 2D8AAE96
2E464234 0BC30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 14664737 A0D7F020 4428AD30 E0DA4708 30E8106B
BF301D06 03551D0E 04160414 664737A0 D7F02044 28AD30E0 DA470830 E8106BBF
300D0609 2A864886 F70D0101 05050003 82010100 39237D48 6364FC62 327FB480
1CB50816 057D4958 B5A61B26 89823871 13FAB09A 5649601C 030DB3D6 14890E39
942020B1 E02FD427 410A7C4D E7647527 426A2D55 E9E82C27 3108FDF5 AE8BDF55
B55A77D9 01208B38 BAA66C3F 80DF7D22 A5908F68 3B3B129D 8462F686 9200AF9C
CFDF1E0E EAFB48EA 4C771D07 CAC6C4BF 3175E58E 4383FC83 2963EBC5 D95257F7
EFE79550 5F09C83B 7B9C8B6B 4B1A803E F2D8BBD5 97FBE27C 14E1CC6B 4BADC4A7
58F76FE5 E6DAF3DC BD38E655 4BF72EA2 E79B54B5 84B6F65B D441191B 7A58B776
371014EA 83A27FC5 F23CEA0B 1ACF1C0A 7AA6DFE1 3887EEFA 2A89A2AB 185ECB02
77F6C026 6FBCA4AF 2AA47F7F B359D5DA 39B9EB4C
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
!
license udi pid C8200L-1N-4T sn FJC27021PD0
memory free low-watermark processor 67976
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username xxx privilege 15 password xxx
!
redundancy
mode none
!
!
!
!
class-map match-all call_signaling
match access-group 102
class-map match-all lan_rtp
match access-group 103
class-map match-all VoIP-RTP
match access-group 101
!
policy-map 1150-Policy
class VoIP-RTP
priority 1150
class class-default
fair-queue
policy-map lan_voip
class lan_rtp
set dscp ef
class call_signaling
set dscp cs3
class class-default
fair-queue
!
!
!
!
!
!
interface Loopback0
ip address 10.56.24.17 255.255.255.255
!
interface GigabitEthernet0/0/0
description Comcast
ip address 173.167.177.83 255.255.255.248
negotiation auto
service-policy output lan_voip
!
interface GigabitEthernet0/0/1
description Vinakom
ip address 208.95.26.147 255.255.255.248
negotiation auto
service-policy output lan_voip
!
interface GigabitEthernet0/0/2
description Uplink to Network
ip address pool VoIP
negotiation auto
!
interface GigabitEthernet0/0/3
no ip address
shutdown
negotiation auto
!
no ip http server
ip http authentication local
ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 208.95.26.145
ip route 0.0.0.0 0.0.0.0 173.167.177.86 200
!
!
!
logging history notifications
logging trap alerts
logging host 207.7.218.21
ip access-list standard 10
10 permit 208.103.94.227
20 permit 208.103.94.228
30 remark SNMP
30 permit 10.50.180.28
40 permit 10.60.98.0 0.0.0.255
50 deny any
ip access-list standard 20
10 remark TELNET
10 permit 207.7.218.21
20 permit 10.11.2.11
30 permit 207.7.218.26
40 permit 208.103.94.229
50 permit 199.101.107.130
60 permit 10.10.100.6
70 permit 199.101.107.73
80 permit 64.124.169.2
90 permit 207.7.218.166
100 permit 208.103.94.83
110 permit 66.11.220.78
120 permit 208.103.94.30
130 permit 172.16.0.0 0.0.0.7
140 permit 10.10.103.0 0.0.0.127
150 permit 10.10.126.0 0.0.1.255
160 permit 192.168.170.0 0.0.1.255
ip access-list extended 101
10 permit ip 10.93.32.128 0.0.0.127 any
20 remark VOIP-IP-CLASSIFICATION
20 permit ip any any precedence critical tos 12
30 permit ip 10.93.1.0 0.0.0.127 any
ip access-list extended 102
10 remark LAN_QOS_SIGNALING
10 permit tcp any eq 5060 any
20 permit udp any eq 5060 any
30 permit tcp any eq 5061 any
40 permit udp any eq 5061 any
ip access-list extended 103
10 remark LAN_QOS_RTP
10 permit udp any range 10000 65535 any
!
snmp-server community xxx
snmp-server trap-source Loopback0
snmp-server source-interface informs Loopback0
snmp-server enable traps tty
snmp-server enable traps syslog
snmp-server host 172.30.148.10 pUbL1c$
!
!
control-plane
!
!
line con 0
password xxx

logging synchronous
login local
stopbits 1
line aux 0
line vty 0 4
access-class 20 in
privilege level 15
password xxx
logging synchronous
login local
transport input ssh
line vty 5 14
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp source Loopback0
ntp server 10.10.100.224
ntp server 132.163.97.5 prefer
!
!
!
!
!
!
end

 

0 Helpful

Go to solution
STD_NetWorld
Level 1
Level 1

‎04-12-2023 01:33 PM

@Widget From DHCP Pool Config, Default gateway is 10.93.32.129. is this IP configured on any of your internal device ?

Either would request you to configure 10.93.32.129 on interface GigabitEthernet0/0/2.

After menitoned change still you facing issue, would request you to share trace-route from end device.

0 Helpful

Go to solution
Widget
Level 1
Level 1

‎04-12-2023 09:07 PM

Gig0/0/2 auto picks up the 129 address from the pool as it finds itself as gateway. When I ping 129 It gets back correctly, any ping to external I.E. 8.8.8.8, 173.167.177.81, 208.95.26.145 comes back as destination host unreachable.

0 Helpful

Go to solution
STD_NetWorld
Level 1
Level 1
In response to Widget

‎04-13-2023 04:49 AM

@Widget Got it, Thanks for the update.
I don't see NAT config on device, you may need to do NAT to route local-IP to public-ip for route traffic on internet.

 

!
ip access-list standard LAN_Pool
 permit 10.93.32.128 0.0.0.127
Exit
!
ip nat inside source list LAN_Pool interface Gi 0/0/1 overload
!
Int Gi0/0/2
ip nat inside
exit
!
Int Gi0/0/1
ip nat outside
exit
!

 

0 Helpful

Go to solution
Widget
Level 1
Level 1

‎04-12-2023 09:09 PM

I am wondering if my static routes:

ip route 0.0.0.0 0.0.0.0 208.95.26.145
ip route 0.0.0.0 0.0.0.0 173.167.177.86 200

are what is messing me up. I pulled the IP addresses from ISP gateways. It looks to me like traffic is not getting from gig0/0/2 to 0/0/0 or 0/0/1 as intended.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents