02-19-2020 02:03 AM - edited 02-19-2020 03:26 AM
dears
i got recently the details from the isp to configure it on my router ( for the internet connection) as below , and i have my configurations already on router and switch ill paste it here :
- on wan interface ( g0/1) i should put this ip 172.19.138.XX 255.255.255.252 ( they ask me to create sub interface with vlan 328 or i can use vlan1 I DUNT KNOW :) )
- for real ip i have free 5 ips from the subnet 196.204.80.xxx/29
so they ask me you can use one for gateway and any one after to be real ip address )
my question is i already have my intervlans on switch with subnets , so how can i make 2 gateway for example my internal gateway for lan (wired) is 192.168.2.207/24 and isp asked me the gateway u will use from 196.204.80.xxx/29 ,.... so im confused that which gateway will goes to users via wifi and wired lan and so on ;
i dunno if i can use secondary gw or what i can do with the dhcp pool ... im confused
i need to know the configurations that i should use in router and switch :)
this is for router :
----------------------------------
**************************************************************************
* Unauthorized access is prohibited *
**************************************************************************
* *
* This system is to be used only by specifically authorized personnel. *
* Any unauthorized use of the system is unlawful, and may be subject *
* to civil and/or criminal penalties. *
* *
* Any use of the system may be logged or monitored without further *
* notice and resulting logs may be used as evidence in court. *
**************************************************************************
User Access Verification
Username:
Password:
CISCO2911-EGCAI01#show run
Building configuration...
Current configuration : 21188 bytes
!
! Last configuration change at 15:34:24 EET Thu Feb 13 2020 by amr
! NVRAM config last updated at 15:34:04 EET Thu Feb 13 2020 by amr
!
version 15.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CISCO2911-EGCAI01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 4096
enable secret 5
!
no aaa new-model
clock timezone EET 2 0
!
!
!
!
!
!
!
!
!
!
!
ip dhcp relay information trust-all
ip dhcp excluded-address 192.168.1.207
ip dhcp excluded-address 192.168.2.207
ip dhcp excluded-address 192.168.3.207
ip dhcp excluded-address 192.168.4.207
ip dhcp excluded-address 192.168.5.207
ip dhcp excluded-address 192.168.6.207
ip dhcp excluded-address 192.168.7.207
ip dhcp excluded-address 192.168.8.207
ip dhcp excluded-address 192.168.9.207
ip dhcp excluded-address 192.168.10.207
ip dhcp excluded-address 192.168.11.207
ip dhcp excluded-address 192.168.7.1
ip dhcp excluded-address 192.168.7.20
ip dhcp excluded-address 192.168.7.10
ip dhcp excluded-address 192.168.7.2
ip dhcp excluded-address 192.168.3.2
ip dhcp excluded-address 192.168.2.20
ip dhcp excluded-address 192.168.2.10
ip dhcp excluded-address 192.168.2.100
ip dhcp excluded-address 192.168.1.2
ip dhcp excluded-address 192.168.3.50
ip dhcp excluded-address 192.168.4.10
ip dhcp excluded-address 192.168.2.88
ip dhcp excluded-address 192.168.12.50
ip dhcp excluded-address 192.168.12.207
ip dhcp excluded-address 192.168.13.207
ip dhcp excluded-address 192.168.7.100
ip dhcp pool LAN
network 192.168.2.0 255.255.255.0
default-router 192.168.2.207
domain-name 000000000000
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool WIFI-OFFICE
network 192.168.4.0 255.255.255.0
default-router 192.168.4.207
domain-name 000000000
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool Voice
network 192.168.6.0 255.255.255.0
default-router 192.168.6.207
option 150 ip 192.168.6.207
dns-server 8.8.8.8 8.8.4.4
!
ip dhcp pool WIFI-GUEST
network 192.168.8.0 255.255.255.0
default-router 192.168.8.207
dns-server 8.8.8.8 8.8.4.4
!
!
!
no ip domain lookup
ip domain name -----------------
ip cef
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
!
!
!
trunk group Mobile
!
!
trunk group pstn
!
cts logging verbose
!
crypto pki trustpoint TP-self-signed-2728187941
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2728187941
revocation-check none
rsakeypair TP-self-signed-2728187941
!
!
crypto pki certificate chain TP-self-signed-2728187941
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32373238 31383739 3431301E 170D3135 30333231 31333235
31375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 37323831
38373934 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C184 ACFFFB46 C4C5B385 CBE1A6C9 0CD5DA07 385B1D99 C8AD86D5 9CFAA109
CACAA786 2AE1D32F CC3AC285 BBA7B419 04B2482A 0B7DD955 99130F92 48B2A075
E8B170CA 230036B1 73D4F8FF 26E2B556 6FD337BE 3A8B341B 0A80C612 6737B714
96CFA520 995A0E45 993F558D 1DFC222A 3F587ABE E3E1F038 3CA3152F F0222271
00330203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14AEA7B2 0A72790D BDCE8BF7 9C2D6CF2 C1C8A393 5B301D06
03551D0E 04160414 AEA7B20A 72790DBD CE8BF79C 2D6CF2C1 C8A3935B 300D0609
2A864886 F70D0101 05050003 81810072 94945FF4 84A78DF0 CF361867 79566C0F
D6FB48FD 3ACB218F 800D5CA1 54F4F4E2 5ED04E26 4A5DC612 097EE5D0 5A26618A
80DB770F 30768D27 C5F7679A D5E81483 C3993CC4 15CFF495 39F11F9D 7EE9054D
DC5CDEEE B3E35F53 09DB553A EACEE590 D128A220 52EE5C32 FCA5A626 BDAD34D5
6DABFE4F F30D63A5 5C92E27A 7E3EE0
quit
voice-card 0
!
!
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
supplementary-service h450.12
fax protocol pass-through g711ulaw
h323
sip
rel1xx disable
min-se 3600 session-expires 3600
registrar server
early-offer forced
midcall-signaling passthru
!
voice class codec 10
codec preference 1 g711alaw
codec preference 2 g711ulaw
codec preference 3 g729br8
codec preference 4 g722-64
!
!
!
!
voice register global
mode cme
source-address 192.168.6.207 port 5060
max-dn 64
max-pool 58
load 7821 sip78xx.12-1-1-12.loads
timezone 25
date-format D/M/Y
phone-mode phone-only
tftp-path flash:
create profile sync 0423461108802816
network-locale GB
!
voice register dn 1
!
voice register dn 3
number 120
!
voice register dn 4
number 116
!
voice register dn 5
number 100
name Inas AlMahalawi
label Inas AlMahalawi
mwi
!
voice register dn 6
number 101
name Meeting Room A
label Meeting Room A
mwi
!
voice register dn 7
number 102
call-forward b2bua noan 5 timeout 20
name Nehal Elsayed
auto-answer
label Nehal Elsayed
mwi
mobility
!
voice register dn 8
translation-profile incoming AMR
translation-profile outgoing AMRALRAZZAZ
number 103
name Amr Al-RaZzAz
auto-answer
label Amr Al-RaZzAz
mwi
mobility
!
voice register dn 9
number 104
name Khaled El Garhy
label Khaled El Garhy
mwi
!
voice register dn 10
number 105
name Meeting Room B
label Meeting Room B
mwi
!
voice register dn 11
number 107
name Maii Elsheikh
label Maii Elsheikh
mwi
!
voice register dn 12
number 108
name Mohammed Abdella
label Mohammed Abdella
mwi
mobility
!
voice register dn 13
number 109
name Nourhan Walid
label Nourhan Walid
mwi
!
voice register dn 14
number 110
name Karim Habib
label Karim Habib
mwi
!
voice register dn 15
number 114
name Tamer Mazen
label Tamer Mazen
mwi
!
voice register dn 16
number 115
name Raghda Kamal
label Rghda Kamal
mwi
!
voice register dn 17
number 106
name Conference Room
label Conference Room
mwi
!
voice register dn 18
number 112
name Sarah Shaker
label Sarah Shaker
mwi
!
voice register dn 19
number 113
name Tarek Aldessouky
label Tarek Aldessouky
mwi
mobility
!
voice register pool 5
busy-trigger-per-button 1
id mac 5067.AE21.4E6E
type 7821
number 1 dn 5
number 2 dn 4
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 6
pin 4100
busy-trigger-per-button 1
id mac 5067.AE21.4EA5
type 7821
number 1 dn 6
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 7
busy-trigger-per-button 1
id mac 5067.AE21.9A74
type 7821
number 1 dn 7
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 8
busy-trigger-per-button 1
id mac 5067.AE21.9A5A
type 7821
number 1 dn 8
number 2 dn 3
no digit collect kpml
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 9
busy-trigger-per-button 1
id mac 5067.AE21.99AC
type 7821
number 1 dn 9
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 10
busy-trigger-per-button 1
id mac 5067.AE21.9A52
type 7821
number 1 dn 10
cor incoming mobile-long default
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 11
busy-trigger-per-button 1
id mac 5067.AE21.9A1D
type 7821
number 1 dn 11
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 12
busy-trigger-per-button 1
id mac 5067.AE21.4F10
type 7821
number 1 dn 12
no digit collect kpml
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 13
busy-trigger-per-button 1
id mac 5067.AE21.4E15
type 7821
number 1 dn 13
cor incoming mobile-long default
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 14
busy-trigger-per-button 1
id mac 5067.AE21.4DF7
type 7821
number 1 dn 14
presence call-list
dtmf-relay sip-kpml sip-notify
voice-class codec 10
!
voice register pool 15
busy-trigger-per-button 1
id mac 5067.AE21.4EAD
type 7821
number 1 dn 15
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 16
busy-trigger-per-button 1
id mac 5067.AE21.4E9D
type 7821
number 1 dn 16
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 17
busy-trigger-per-button 1
id mac 5067.AE21.4DD6
type 7821
number 1 dn 17
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 18
busy-trigger-per-button 1
id mac 5067.AE21.4F96
type 7821
number 1 dn 18
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
!
voice register pool 19
busy-trigger-per-button 1
id mac 5067.AE21.4F9C
type 7821
number 1 dn 19
no digit collect kpml
presence call-list
dtmf-relay rtp-nte
voice-class codec 10
no vad
!
!
!
!
!
license udi pid CISCO2911/K9 sn FCZ190360AM
license accept end user agreement
hw-module pvdm 0/0
!
!
!
file privilege 0
object-group network RFC-PRIVATE
10.0.0.0 255.0.0.0
172.16.0.0 255.240.0.0
192.168.0.0 255.255.0.0
!
username amr privilege 15 secret 9 $yyyyyyyyyyyyy
hOCafvoaptS8f6
!
redundancy
!
process-max-time 50
!
ip ssh time-out 90
ip ssh logging events
ip ssh version 2
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description connected to local NW-INTERVLAN
no ip address
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/0.2
description FACE-client-LAN
encapsulation dot1Q 2
ip address 192.168.2.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.9
description printers
encapsulation dot1Q 9
ip address 192.168.3.207 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.12
description badge-reader
encapsulation dot1Q 12
ip address 192.168.12.207 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.20
description WIFI-OFFICE
encapsulation dot1Q 20
ip address 192.168.4.207 255.255.255.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.50
description Server
encapsulation dot1Q 50
ip address 192.168.13.207 255.255.255.0
!
interface GigabitEthernet0/0.55
description native
encapsulation dot1Q 55 native
ip address 192.168.5.207 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.200
description voice
encapsulation dot1Q 200
ip address 192.168.6.207 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.201
description WAN TRANSIT
encapsulation dot1Q 201
ip address 192.168.10.207 255.255.255.0
ip access-group WAN-in in
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.230
description CCTV
encapsulation dot1Q 230
ip address 192.168.9.207 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.240
description NarrowCasting
encapsulation dot1Q 240
ip address 192.168.11.207 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.250
description MGMT
encapsulation dot1Q 250
ip address 192.168.7.207 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.912
description WIFI-Guest
encapsulation dot1Q 912
ip address 192.168.8.207 255.255.255.0
ip access-group in_guest_traffic in
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1 ------ THIS WILL BE CONNECTED TO ISP
description connected to ISP-WAN
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
ip http path flash:/GUI
ip flow-export source GigabitEthernet0/0
ip flow-export version 9
ip flow-top-talkers
top 60
sort-by packets
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 x.x.x.x
!
ip access-list extended WAN-in
deny ip host 255.255.255.255 any
deny ip 10.0.0.0 0.255.255.255 any
deny ip 192.168.0.0 0.0.255.255 any
deny ip 172.16.0.0 0.15.255.255 any
permit icmp any any
permit tcp any any established
permit udp any any eq isakmp
permit udp any any eq non500-isakmp
permit esp any any
permit udp any any gt 1024
deny ip any any
ip access-list extended in_guest_traffic
deny ip any object-group RFC-PRIVATE
permit ip any any
!
logging trap notifications
logging host 10.189.8.224
!
!
snmp-server community public RO
tftp-server flash:cmterm-78xx.12-1-1-12/kern78xx.12-1-1-12.sbn alias kern78xx.12-1
-1-12.sbn
tftp-server flash:cmterm-78xx.12-1-1-12/rootfs2.78xx.12-1-1-12.sbn alias rootfs2.7
8xx.12-1-1-12.sbn
tftp-server flash:cmterm-78xx.12-1-1-12/rootfs78xx.12-1-1-12.sbn alias rootfs78xx.
12-1-1-12.sbn
tftp-server flash:cmterm-78xx.12-1-1-12/sboot2.78xx.12-1-1-12.sbn alias sboot2.78x
x.12-1-1-12.sbn
tftp-server flash:cmterm-78xx.12-1-1-12/sboot78xx.12-1-1-12.sbn alias sboot78xx.12
-1-1-12.sbn
tftp-server flash:cmterm-78xx.12-1-1-12/sip78xx.12-1-1-12.loads alias sip78xx.12-1
-1-12.loads
tftp-server flash:cmterm-78xx.12-1-1-12/kern2.78xx.12-1-1-12.sbn alias kern2.78xx.
12-1-1-12.sbn
tftp-server flash:Desktops/320x212x16/List.xml
tftp-server flash:Desktops/320x212x16/FRIESLAND.png
tftp-server flash:Desktops/320x212x16/FRICOO.png
tftp-server flash:Desktops/320x212x16/FCTRK.png
tftp-server flash:Desktops/320x212x16/FCT.png
tftp-server flash:Desktops/320x212x16/TN-FRIESLAND.png
tftp-server flash:Desktops/320x212x16/TN-FRICOO.png
tftp-server flash:Desktops/320x212x16/TN-FCTRK.png
tftp-server flash:Desktops/320x212x16/TN-FCT.png
tftp-server flash:cmterm-7945_7965-sccp.9-4-2-1SR3-1/apps45.9-4-2ES26.sbn alias ap
ps45.9-4-2ES26.sbn
tftp-server flash:cmterm-7945_7965-sccp.9-4-2-1SR3-1/cnu45.9-4-2ES26.sbn alias cnu
45.9-4-2ES26.sbn
tftp-server flash:cmterm-7945_7965-sccp.9-4-2-1SR3-1/cvm45sccp.9-4-2ES26.sbn alias
cvm45sccp.9-4-2ES26.sbn
tftp-server flash:cmterm-7945_7965-sccp.9-4-2-1SR3-1/dsp45.9-4-2ES26.sbn alias dsp
45.9-4-2ES26.sbn
tftp-server flash:cmterm-7945_7965-sccp.9-4-2-1SR3-1/jar45sccp.9-4-2ES26.sbn alias
jar45sccp.9-4-2ES26.sbn
tftp-server flash:cmterm-7945_7965-sccp.9-4-2-1SR3-1/SCCP45.9-4-2SR3-1S.loads alia
s SCCP45.9-4-2SR3-1S.loads
tftp-server flash:cmterm-7945_7965-sccp.9-4-2-1SR3-1/term45.default.loads alias te
rm45.default.loads
tftp-server flash:cmterm-7945_7965-sccp.9-4-2-1SR3-1/term65.default.loads alias te
rm65.default.loads
tftp-server flash:music-on-hold.au alias music-on-hold.au
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 1 permit 192.168.9.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.11.0 0.0.0.255
access-list 1 permit 192.168.12.0 0.0.0.255
access-list 1 permit 192.168.13.0 0.0.0.255
!
control-plane
!
!
voice-port 0/0/0
trunk-group Mobile
no battery-reversal
input gain -6
echo-cancel coverage 24
cptone EG
timing hookflash-out 50
timing guard-out 1000
connection plar opx 100
impedance complex2
description Configured by 2911 4 FXO-0/1/0-Custom
caller-id enable
caller-id mode DTMF
caller-id alerting line-reversal
caller-id alerting dsp-pre-allocate
!
voice-port 0/0/1
!
voice-port 0/0/2
!
voice-port 0/0/3
!
voice-port 0/1/0
trunk-group Mobile
no battery-reversal
input gain -6
echo-cancel coverage 24
cptone EG
timing hookflash-out 50
timing guard-out 1000
connection plar opx 116
impedance complex2
description Configured by 2911 4 FXO-0/1/0-Custom
caller-id enable
caller-id mode DTMF
caller-id alerting line-reversal
caller-id alerting dsp-pre-allocate
!
voice-port 0/1/1
!
voice-port 0/1/2
!
voice-port 0/1/3
!
!
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
mgcp profile -long
!
!
!
!
dial-peer cor custom
name internal
name pstn
name long
name mobile
name international
!
!
dial-peer cor list internal
member internal
!
dial-peer cor list mobile-long
member internal
member pstn
member long
member mobile
!
dial-peer cor list manager
member internal
member pstn
member long
member mobile
member international
!
!
dial-peer voice 8 pots
trunkgroup long
trunkgroup Mobile
corlist outgoing mobile-long
destination-pattern 904......T
prefix 04
!
dial-peer voice 9 pots
trunkgroup long
trunkgroup Mobile
corlist outgoing mobile-long
destination-pattern 905......T
prefix 05
!
dial-peer voice 22 pots
service stcapp
port 0/0/2
!
dial-peer voice 10 pots
trunkgroup long
trunkgroup Mobile
trunkgroup Inter
trunkgroup international
corlist outgoing manager
description **Cairo**
destination-pattern 900T
prefix 00
!
dial-peer voice 2 pots
trunkgroup Mobile
trunkgroup PSTN
trunkgroup long
corlist outgoing mobile-long
description **shortcut No**
destination-pattern 91[156789]...
forward-digits 5
!
dial-peer voice 3 pots
trunkgroup long
trunkgroup PSTN
corlist outgoing mobile-long
description ** Services **
destination-pattern 91[1245].
forward-digits 3
prefix 013
!
dial-peer voice 7 pots
trunkgroup long
trunkgroup Mobile
corlist outgoing mobile-long
description **Alex**
destination-pattern 903......T
prefix 03
!
dial-peer voice 15 pots
!
dial-peer voice 2000 voip
corlist outgoing mobile-long
description ** Sedestination-pattern 9013.T
destination-pattern 402
b2bua
session protocol sipv2
voice-class codec 10 offer-all
dtmf-relay sip-notify
no vad
!
dial-peer voice 1 pots
trunkgroup pstn
trunkgroup Mobile
corlist outgoing mobile-long
description ** Inside Cairo **
destination-pattern 902.......T
no digit-strip
forward-digits 8
prefix 02
no register e164
!
dial-peer voice 4 pots
trunkgroup Mobile
corlist outgoing mobile-long
description ** Mobile **
destination-pattern 901[012]........
forward-digits 11
!
dial-peer voice 6 pots
trunkgroup long
trunkgroup Mobile
corlist outgoing mobile-long
description **Kaluobia**
destination-pattern 9013.T
prefix 013
!
dial-peer voice 11 pots
trunkgroup long
trunkgroup Mobile
corlist outgoing manager
destination-pattern 900T
prefix 00
!
dial-peer voice 12 pots
corlist outgoing manager
destination-pattern 900T
prefix 00
!
dial-peer voice 21 pots
service stcapp
port 0/0/1
!
dial-peer voice 13 pots
trunkgroup Mobile
trunkgroup PSTN
trunkgroup long
corlist outgoing mobile-long
description **Vodafone**
destination-pattern 92[47].
forward-digits 3
!
dial-peer voice 5 pots
trunkgroup long
trunkgroup Mobile
corlist outgoing mobile-long
description **sharm alsheikh**
destination-pattern 9069......T
prefix 069
!
!
presence
!
sip-ua
!
!
!
gatekeeper
shutdown
!
!
telephony-service
max-ephones 58
max-dn 64
ip source-address 192.168.6.207 port 2000
url services http://192.168.6.220/voiceview/common/login.do
url authentication http://192.168.6.220/voiceview/authentication/authenticate.do
load 7945 SCCP45.9-4-2SR3-1S
time-zone 25
time-format 24
date-format dd-mm-yy
max-conferences 8 gain -6
moh enable-g711 "flash:music-on-hold.au"
multicast moh 239.0.0.1 port 2000 route 192.168.6.207
web admin system name password
web admin customer name password
dn-webedit
time-webedit
transfer-system full-consult dss
create cnf-files version-stamp 7960 Feb 03 2020 13:25:36
!
!
ephone-dn 1 dual-line
number 111 no-reg primary
label 111
description Mr. Amr Ismaeil
name Mr. Amr Ismaeil
!
!
ephone-dn 2 dual-line
number 117 no-reg primary
label 117
description Walid Hifny
name Walid Hifny
!
!
ephone-dn 3 dual-line
number 122 no-reg primary
label 122
description Amr CIPC
name Amr CIPC
!
!
ephone 1
video
mac-address 1CE8.5DC8.D374
username "aa"
paging-dn 1
type 7945
button 1:1
pin 4100
!
!
!
ephone 2
video
mac-address 7001.B5DD.E0FC
username "walid"
paging-dn 2
type 7945
button 1:2
pin 4100
!
!
!
ephone 3
video
mac-address ECF4.BB3F.0A4D
paging-dn 3
type CIPC
button 1:3
pin 4100
!
!
!
ephone 5
!
!
!
!
SWITCH CONFIG:
---------------------------------------
C2960X-EGCAI01-SW1#show run
Building configuration...
Current configuration : 12966 bytes
!
! Last configuration change at 12:30:44 EET Thu Feb 13 2020 by amr
! NVRAM config last updated at 12:30:38 EET Thu Feb 13 2020 by amr
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname C2960X-EGCAI01-SW1
!
boot-start-marker
boot-end-marker
!
logging buffered 32768 informational
logging rate-limit 10
logging console warnings
enable secret 5 $1$R7V1$.
!
username privilege 15 secret 5 $1$$/
no aaa new-model
clock timezone EET 2 0
switch 1 provision ws-c2960x-24ps-l
!
!
no ip domain-lookup
ip domain-name EGCAI0.local
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree logging
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 4096
!
!
!
!
!
!
vlan internal allocation policy ascending
!
ip ssh time-out 90
ip ssh version 2
ip scp server enable
!
!
!
!
!
interface FastEthernet0
no ip address
shutdown
!
interface GigabitEthernet1/0/1
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/2
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/3
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/4
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/5
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/6
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/7
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/8
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/9
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/10
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/11
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/12
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/13
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/14
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/15
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/16
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/17
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/18
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/19
description Connected-to-SW2
switchport trunk native vlan 55
switchport mode trunk
!
interface GigabitEthernet1/0/20
description Connected-to-CampinaRouter
switchport trunk native vlan 55
switchport mode trunk
!
interface GigabitEthernet1/0/21
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/22
description Access-Printer-Canon-IR3235N
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/23
description LAN-vlan2-vlan200-voice
switchport access vlan 2
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/24
description Printer_Ricoh_SP_4510DN
switchport access vlan 9
switchport mode access
switchport voice vlan 200
switchport port-security maximum 3
switchport port-security
switchport port-security aging time 1
switchport port-security aging type inactivity
no snmp trap link-status
storm-control broadcast level 2.00
storm-control multicast level 2.00
spanning-tree portfast
spanning-tree guard root
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description LAN-SW-ACCESS
ip address 192.168.2.10 255.255.255.0
!
interface Vlan250
description MGMT
ip address 192.168.7.10 255.255.255.0
!
ip default-gateway 192.168.2.100
ip http server
ip http secure-server
!
!
ip access-list standard management
permit 10.189.8.224
permit 172.18.3.200
permit 10.213.12.20
permit 10.215.56.5
permit 10.215.59.1
permit 192.168.7.0 0.0.0.255
deny any
logging trap notifications
logging source-interface Vlan250
logging host 10.189.8.224
!
!
banner motd ^C******************************************************************
********
* Unauthorized access is prohibited *
**************************************************************************
* *
* This system is to be used only by specifically authorized personnel. *
* Any unauthorize
l
02-19-2020 03:19 AM - edited 02-19-2020 03:21 AM
Hi,
WARNING: You config contains plain text password that should be hidden immediately, please review and protect your data.
According to your statement, the IP range 196.204.80.xxx/29 is assigned to you, and that means ISP would route the traffic from/to 196.204.80.xxx/29.
It's not necessary to select 1 IP address as a gateway, it's just one of the options. And according to your scenario, you have existing LAN subnets 192.168.2.0/24. You could simply perform NAT for 192.168.2.0/24 --> 196.204.80.xxx/29, and route it to the Gi0/1 (that is the ISP facing interface). ISP would route the traffic to the Internet accordingly.
With this option, you need the below EXAMPLE configure (for your reference only), which will enable the PAT for your internal user.:
ip access-list extend 192.168.2.0 permit 192.168.2.0 0.0.0.255 interface Gi0/1 ip nat outside interface Gi/0.2 ip nat inside ip nat pool PUBLIC_POOL 196.204.80.xxx 196.204.80.xxx ip nat inside source list 192.168.2.0 pool PUBLIC_POOL ip route 0.0.0.0 0.0.0.0 172.19.138.XX (ISP's router) Gi0/1
For another options, you could create another VLAN(subnet) by using 196.204.80.xxx/29. And all of the DMZ server should placed within this VLAN. And of coz, you could still utilize NAT to let internal user going out to the Internet.
Here is the EXAMPLE configure for your reference:
ip access-list extend 192.168.2.0 permit 192.168.2.0 0.0.0.255 interface Gi0/1 ip nat outside interface Gi/0.999 ip nat inside ip address 196.204.80.Y 255.255.255.248 enc dot1q 999 ip nat pool PUBLIC_POOL 196.204.80.xxx 196.204.80.xxx ip nat inside source list 192.168.2.0 pool PUBLIC_POOL ip route 0.0.0.0 0.0.0.0 172.19.138.XX (ISP's router) Gi0/1
02-19-2020 03:48 AM - edited 02-19-2020 03:53 AM
dear thanks a lot for your great support , if u dont mind to help me on the configuration that i add so ill copy paste directly :)
depending on these full info :
on the g0/1 (wan i/f) i have to put 172.19.138.90 255.255.255.252 as the other side is .89
so should i create vlan 328 as they asked me to do on the g0/1 ?
and for the real ip is 196.204.80.240/29 and i can use gateway from 241 to 246 and gateway i can use 241 )
if no need to get the gateway so as u ur vision please help with the real config so i can directly paste on router :)
also for this subnet 192.168.2.0 this is for wired , so what about wifi and wifi geust ?
thanks
if u dont mind to help with configuration the real configuration so i can just paste it ? and shall i have to make any on the switch ?
02-19-2020 04:17 AM - edited 02-19-2020 04:19 AM
Hello
Your ISP wishes for you to use a primary ip address 172.19.138.XX/30 on gig0/1 for connecting to its wan circuit and you have 5 addtional public ip adddess to from 196.204.80.X/29 which they will advertise for you , For these addtional ip addresses you could use one for a secondary addressing on the wan interface and the others for static nat translations if you desire
Example:
int gig0/1
ip address 172.19.138.X 255.255.255.252
ip address 196.204.80.X 255.255.255.248 secondary
ip nat outside
access-list 1 remark LAN_Subnet_for NAT
access-list 1 permit 192.169.4.0 0.0.0.255
access-list 1 permit 192.169.12.0 0.0.0.255
access-list 1 permit 192.169.13.0 0.0.0.255
etc...
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 172.19.138.X
02-19-2020 04:39 AM
thanks a LOT sir , please check below config before paste on router please
int gig0/1
ip address 172.19.138.90 255.255.255.252
ip address 196.204.80.241 255.255.255.248 secondary
ip nat outside
access-list 1 remark LAN_Subnet_for NAT ----- what is this line shall i keep it ?
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 192.168.4.0 0.0.0.255
access-list 1 permit 192.168.5.0 0.0.0.255
access-list 1 permit 192.168.6.0 0.0.0.255
access-list 1 permit 192.168.7.0 0.0.0.255
access-list 1 permit 192.168.8.0 0.0.0.255
access-list 1 permit 192.168.9.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.11.0 0.0.0.255
access-list 1 permit 192.168.12.0 0.0.0.255
access-list 1 permit 192.168.13.0 0.0.0.255
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 172.19.138.89
also what if i use this as they asked me to do fro isp i mean :(is it important of will not effect and internet will be fine )
interface GigabitEthernet0/1.328 (creat sub-interface ) and if like that so should i create vlan on switch too or no need or what ?
description connected to ISP-WAN
encapsulation dot1Q 328
ip address 172.19.138.90 255.255.255.252
ip address 196 204.80.241 255.255.255.248 secondary
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
02-19-2020 04:48 AM
Hello
@amralrazzaz wrote:
access-list 1 remark LAN_Subnet_for NAT ----- what is this line shall i keep it ?
It only a description for what the access-list is being used for, you can keep it is just for infomrational purposes
Lastly if you create a subinterface that is fine along as the the ISP is aware of you tagging traffic from that interface, if not leave it the addressing on the main interface
02-19-2020 06:26 AM
i made it like this but no internet so any new action to do ? ( i didnt create vlan 328 on switch ) and i tried to use the interface not the sub and same
interface GigabitEthernet0/1
description connected to WAN
no ip address
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1.328
description connected to PRIMARY_ISP
encapsulation dot1Q 328
ip address 196.204.80.241 255.255.255.248 secondary
ip address 172.19.138.90 255.255.255.252
ip nat outside
ip virtual-reassembly in
ip nat inside source list 1 interface GigabitEthernet0/1.328 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1.328 172.19.138.89
02-19-2020 06:35 AM
Hello
Is that port directly connect to the ISP, if it isnt then thats a a reason it isnt connecting,
How is it suppose to connect?
What type of ISP line/circuit do you have?
02-19-2020 06:41 AM
i receive the internet service on copper cable (no isp router device on my location) and its directly connected to g0/1 on my router
02-19-2020 07:12 AM
i made this too
ip nat pool PUBLIC_POOL 196.204.80.241 196.204.80.241 netmask 255.255.255.248
ip nat inside source list 1 pool PUBLIC_POOL overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1.328 172.19.138.89
so should i make any thing else ??? coz its not working also
02-19-2020 07:50 AM
Hello
i dont think you need a dhcp scope of that public address range that is unless you want one for some reason?
Do you have speed-duplex setting correct on that gig0/1 interface.
Remove the sub-interface and assign the ip addressing on the physical interface
02-19-2020 08:12 AM
i back it again as u said sir :)
interface GigabitEthernet0/1
description connected to PRIMARY_ISP
ip address 196.204.80.241 255.255.255.248 secondary
ip address 172.19.138.90 255.255.255.252
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/1 172.19.138.89
!
so now what else do u prefer to do or test and for the duplex speed its auto as per the config above
02-19-2020 08:36 AM - edited 02-19-2020 08:37 AM
Hello
sh int gig0/1
sh ip int brief
sh ip arp
02-19-2020 08:52 AM
CISCO2911-EGCAI01#sh int gig0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is d46d.50bc.49f1 (bia d46d.50bc.49f1)
Description: connected to PRIMARY_ISP
Internet address is 172.19.138.90/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 100Mbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:14, output 00:00:06, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 33
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
101043443 packets input, 671301159 bytes, 0 no buffer
Received 51583 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 499 multicast, 0 pause input
53046037 packets output, 2919701282 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
390 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
20 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
CISCO2911-EGCAI01#sh ip int brief
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down
GigabitEthernet0/0 unassigned YES NVRAM up up
GigabitEthernet0/0.2 192.168.2.207 YES NVRAM up up
GigabitEthernet0/0.9 192.168.3.207 YES NVRAM up up
GigabitEthernet0/0.12 192.168.12.207 YES NVRAM up up
GigabitEthernet0/0.20 192.168.4.207 YES NVRAM up up
GigabitEthernet0/0.50 192.168.13.207 YES manual up up
GigabitEthernet0/0.55 192.168.5.207 YES NVRAM up up
GigabitEthernet0/0.200 192.168.6.207 YES NVRAM up up
GigabitEthernet0/0.201 192.168.10.207 YES NVRAM up up
GigabitEthernet0/0.230 192.168.9.207 YES NVRAM up up
GigabitEthernet0/0.240 192.168.11.207 YES NVRAM up up
GigabitEthernet0/0.250 192.168.7.207 YES NVRAM up up
GigabitEthernet0/0.912 192.168.8.207 YES NVRAM up up
GigabitEthernet0/1 172.19.138.90 YES manual up up
GigabitEthernet0/1.328 unassigned YES manual deleted down
GigabitEthernet0/2 192.168.1.2 YES manual down down
NVI0 unassigned YES unset administratively down down
CISCO2911-EGCAI01(config-if)#do sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.19.138.90 - d46d.50bc.49f1 ARPA GigabitEthernet0/1
Internet 192.168.1.2 - d46d.50bc.49f2 ARPA GigabitEthernet0/2
Internet 192.168.2.7 154 10e7.c672.a657 ARPA GigabitEthernet0/0.2
Internet 192.168.2.10 46 547c.6909.5ac1 ARPA GigabitEthernet0/0.2
Internet 192.168.2.20 42 547c.6905.4a41 ARPA GigabitEthernet0/0.2
Internet 192.168.2.88 197 0000.85db.cb5f ARPA GigabitEthernet0/0.2
Internet 192.168.2.120 179 ecf4.bb14.665f ARPA GigabitEthernet0/0.2
Internet 192.168.2.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.2
Internet 192.168.3.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.9
Internet 192.168.4.10 198 1491.821b.bc39 ARPA GigabitEthernet0/0.20
Internet 192.168.4.28 190 0cdd.246e.fda7 ARPA GigabitEthernet0/0.20
Internet 192.168.4.32 144 d8f2.ca9d.cede ARPA GigabitEthernet0/0.20
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.4.57 189 d8f2.ca9d.ec84 ARPA GigabitEthernet0/0.20
Internet 192.168.4.58 123 e42b.340b.d39c ARPA GigabitEthernet0/0.20
Internet 192.168.4.59 188 0cdd.246e.ec6d ARPA GigabitEthernet0/0.20
Internet 192.168.4.62 177 74e5.f909.a5d3 ARPA GigabitEthernet0/0.20
Internet 192.168.4.64 175 ca8e.831e.0327 ARPA GigabitEthernet0/0.20
Internet 192.168.4.65 180 d8f2.ca99.4409 ARPA GigabitEthernet0/0.20
Internet 192.168.4.66 216 f895.ea95.572c ARPA GigabitEthernet0/0.20
Internet 192.168.4.70 183 a4d1.8c5e.3116 ARPA GigabitEthernet0/0.20
Internet 192.168.4.71 179 d8f2.ca9d.dd7f ARPA GigabitEthernet0/0.20
Internet 192.168.4.72 0 608b.0ee8.e9f8 ARPA GigabitEthernet0/0.20
Internet 192.168.4.73 19 ac7b.a186.e92b ARPA GigabitEthernet0/0.20
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.4.74 200 ac7b.a186.e930 ARPA GigabitEthernet0/0.20
Internet 192.168.4.76 180 d8f2.ca9d.ecde ARPA GigabitEthernet0/0.20
Internet 192.168.4.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.20
Internet 192.168.5.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.55
Internet 192.168.6.2 29 5067.ae21.4f96 ARPA GigabitEthernet0/0.200
Internet 192.168.6.5 43 5067.ae21.4f9c ARPA GigabitEthernet0/0.200
Internet 192.168.6.6 33 5067.ae21.99ac ARPA GigabitEthernet0/0.200
Internet 192.168.6.7 23 5067.ae21.4e9d ARPA GigabitEthernet0/0.200
Internet 192.168.6.9 27 5067.ae21.4ead ARPA GigabitEthernet0/0.200
Internet 192.168.6.10 52 5067.ae21.9a52 ARPA GigabitEthernet0/0.200
Internet 192.168.6.11 51 5067.ae21.4f10 ARPA GigabitEthernet0/0.200
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.6.13 32 7001.b5dd.e0fc ARPA GigabitEthernet0/0.200
Internet 192.168.6.14 49 5067.ae21.9a1d ARPA GigabitEthernet0/0.200
Internet 192.168.6.15 48 5067.ae21.4ea5 ARPA GigabitEthernet0/0.200
Internet 192.168.6.16 14 5067.ae21.4e6e ARPA GigabitEthernet0/0.200
Internet 192.168.6.17 32 5067.ae21.9a74 ARPA GigabitEthernet0/0.200
Internet 192.168.6.18 28 1ce8.5dc8.d374 ARPA GigabitEthernet0/0.200
Internet 192.168.6.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.200
Internet 192.168.7.10 14 547c.6909.5ac2 ARPA GigabitEthernet0/0.250
Internet 192.168.7.20 4 547c.6905.4a42 ARPA GigabitEthernet0/0.250
Internet 192.168.7.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.250
Internet 192.168.8.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.912
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.9.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.230
Internet 192.168.10.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.201
Internet 192.168.11.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.240
Internet 192.168.12.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.12
Internet 192.168.13.207 - d46d.50bc.49f0 ARPA GigabitEthernet0/0.50
Internet 196.204.80.241 - d46d.50bc.49f1 ARPA GigabitEthernet0/1
02-19-2020 12:26 PM - edited 02-20-2020 12:57 AM
Hello
@amralrazzaz wrote:
CISCO2911-EGCAI01#sh int gig0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is d46d.50bc.49f1 (bia d46d.50bc.49f1)
Description: connected to PRIMARY_ISP
Internet address is 172.19.138.90/30
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 100Mbps, media type is RJ45
output flow-control is unsupported, input flow-control is unsupported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:14, output 00:00:06, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 33
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
101043443 packets input, 671301159 bytes, 0 no buffer
Received 51583 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 499 multicast, 0 pause input
53046037 packets output, 2919701282 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
390 unknown protocol drops
0 babbles, 0 late collision, 0 deferred
20 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
GigabitEthernet0/1 172.19.138.90 YES manual up upInternet 172.19.138.90 - d46d.50bc.49f1 ARPA GigabitEthernet0/1
Internet 196.204.80.241 - d46d.50bc.49f1 ARPA GigabitEthernet0/1
It does look like you have connection with the interface status and arp entries and the above interface errors could just be historical,so clear the interface counters and see if you can ping next-hop of the ISP and if not try changing the speed/duplex settings and cabling.
clear counters gig0/1
Have you enabled nat on this interface also?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide