Solved: Configuration routeur C1111-4P

j.lefebvre · ‎06-30-2023

Bonjour,

Je vous sollicite car je dois mettre en place un routeur C1111-4P pour un client et je rencontre un problème. Il dispose de plusieurs VLAN (DATA, VOIP, PUBLIC, ....).

J'ai pu créer mes VLANs et mettre mon interface LAN en trunk pour les faire passer (DHCP ok). Néanmoins, je ne parviens pas à sortir sur internet.

J'ai passé la route par défaut avec la commande ip route 0.0.0.0 0.0.0.0 192.168.58.1

Merci d'avance pour votre aide !

PS : Voici une copie de mon fichier de configuration :

ip name-server 1.1.1.1
ip dhcp excluded-address 192.168.20.0 192.168.20.99
ip dhcp excluded-address 10.2.130.0 10.2.130.99
ip dhcp excluded-address 10.66.130.0 10.66.130.99
ip dhcp excluded-address 192.168.10.0 192.168.10.9
!
ip dhcp pool Data
network 10.2.130.0 255.255.255.0
default-router 10.2.130.1
dns-server 10.2.130.1
lease infinite
!
ip dhcp pool VoIP
network 10.66.130.0 255.255.255.0
default-router 10.66.130.1
dns-server 10.66.130.1
lease infinite
!
ip dhcp pool IoT
network 192.168.20.0 255.255.255.0
default-router 192.168.20.1
dns-server 192.168.20.1
lease infinite
!
ip dhcp pool Public
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
dns-server 192.168.10.1
lease infinite
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01 nvram:CiscoLicensi#1CA.cer
!
!
license udi pid C1111-4P sn FCZ2711R136
memory free low-watermark processor 65797
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
username episod privilege 15 secret 9 $9$T7wedhXyjJA4Fk$RSEnG/VZzIyfNA58jxcj4zrs0tdJEdqb.5K2uWBcKqw
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip dhcp client client-id ascii cisco-1484.73eb.5800-Gi0/0/0
no ip address
ip nat outside
media-type rj45
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
ip address 192.168.58.100 255.255.255.0
ip nat outside
media-type rj45
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
switchport trunk allowed vlan 1,2,10,20
switchport mode trunk
!
interface Vlan1
description Data
ip address 10.2.130.1 255.255.255.0
ip nat inside
!
interface Vlan2
description VoIP
ip address 10.66.130.1 255.255.255.0
ip nat inside
!
interface Vlan10
description Public
ip address 192.168.10.1 255.255.255.0
ip nat inside
!
interface Vlan20
description IoT
ip address 192.168.20.1 255.255.255.0
ip nat inside
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip forward-protocol nd
ip dns server
ip nat inside source list 197 interface GigabitEthernet0/0/1 overload
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip nat inside source route-map track-secondary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 track 1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
ip route 0.0.0.0 0.0.0.0 192.168.58.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 253
!
!
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
ip sla schedule 1 life forever start-time now
ip access-list extended 197
10 permit ip any any
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/1
!
route-map track-secondary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0

Flavio Miranda · ‎07-03-2023

Enlève ça

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 track 1

no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1

i
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 253

View solution in original post

Flavio Miranda · ‎07-03-2023

Veuillez

noter la question telle qu'elle a été répondue pour aider les autres avec le même problème.

Merci

View solution in original post

Flavio Miranda · ‎06-30-2023

Salut

Changez ce :

ip access-list extended 197
10 permit ip any any

pour ça

ip access-list extended 197
10 permit ip 10.2.130.0 255.255.255.0 any

10 permit ip 10.66.130.0 255.255.255.0 any

10 permit ip 1192.168.10.0 255.255.255.0 any

10 permit ip 192.168.20.0 255.255.255.0 any

NAT doesn´t like permit ip any any

j.lefebvre · ‎07-01-2023

Salur Flavio,

Merci pour votre aide !

Après avoir fait la modification, je sors sur certains sites. Une recherche google passe (parfois) et peux naviguer sur un site mais dès que je mets une URL, impossible d'afficher la page.

J'en ai également profité pour simplifier la configuration pour le moment. Je n'ai laissé que le VLAN 1.

Un grand merci pour votre aide !

Je joints mon fichier à jour :

Using 3708 out of 33554432 bytes
!
! Last configuration change at 17:39:17 GMT Sat Jul 1 2023
!
version 17.9
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname router-levallois-130
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone GMT 1 0
!
!
!
!
!
!
!
ip name-server 8.8.8.8
ip dhcp excluded-address 10.2.130.0 10.2.130.99
!
ip dhcp pool Data
network 10.2.130.0 255.255.255.0
default-router 10.2.130.1
dns-server 8.8.8.8
lease infinite
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
!
crypto pki certificate chain SLA-TrustPoint
certificate ca 01 nvram:CiscoLicensi#1CA.cer
!
!
license udi pid C1111-4P sn FCZ2713R0X8
memory free low-watermark processor 65797
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
track 1 ip sla 1 reachability
!
!
!
!
!
!
interface GigabitEthernet0/0/0
ip dhcp client client-id ascii cisco-1484.73eb.5800-Gi0/0/0
no ip address
ip nat outside
media-type rj45
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/0/1
ip address 192.168.58.100 255.255.255.0
ip nat outside
media-type rj45
negotiation auto
spanning-tree portfast
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
switchport trunk allowed vlan 1
switchport mode trunk
!
interface Vlan1
description Data
ip address 10.2.130.1 255.255.255.0
ip nat inside
!
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/0
ip forward-protocol nd
ip dns server
ip nat inside source list 197 interface GigabitEthernet0/0/1 overload
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip nat inside source route-map track-secondary-if interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 track 1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
ip route 0.0.0.0 0.0.0.0 192.168.58.246
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 253
!
!
!
ip sla 1
icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0/1
ip sla schedule 1 life forever start-time now
ip access-list extended 197
20 permit ip 10.2.130.0 0.0.0.255 any
!
route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/1
!
route-map track-secondary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/0
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0
login
length 0
transport input ssh
line vty 1 4
login
transport input ssh
line vty 5 14
login
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
!
!
end

Flavio Miranda · ‎07-01-2023

Pouvez-vous exécuter "tracert 8.8.8.8" à partir d'un PC, s'il vous plaît ?

aussi, ces deux lignes ne sont pas bonnes
supprimer le premier

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
ip route 0.0.0.0 0.0.0.0 192.168.58.246

j.lefebvre · ‎07-03-2023

J'ai corrigé la ligne ip route

Voici le résultat du tracert

Flavio Miranda · ‎07-03-2023