Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Cisco Community
- Technology and Support
- Networking
- Routing
- ISR 4221 cant reach some websites
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
990
Views
25
Helpful
7
Replies
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2021 12:35 PM
2 Accepted Solutions
Accepted Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2021
03:45 PM
- last edited on
12-24-2021
01:44 AM
by
Translator
Hello
can you please append the following and test again?
no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
no ip route 0.0.0.0 0.0.0.0 154.72.215.229
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
no ip route 0.0.0.0 0.0.0.0 dhcp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 154.72.215.229
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2021
12:20 AM
- last edited on
12-24-2021
01:47 AM
by
Translator
Hello,
in some DHCP pools, you have specified a DNS server other than 8.8.8.8., is that on purpose ? Are these 'problem' websites not reachable from specific Vlans, or from anywhere ?
Also, on some interfaces you have changed the MTU and MSS settings, is that on purpose ?
Try and make the changes/adjustments marked in bold:
Building configuration...
Current configuration : 12631 bytes
!
! Last configuration change at 00:25:53 UTC Thu Dec 23 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 75000
!
hostname YH-Cisco-Router
!
boot-start-marker
boot system bootflash:isr4200-universalk9_ias_npe.17.03.04a.SPA.bin
boot system bootflash:isr4200-universalk9_ias_npe.16.09.08.SPA.bin
boot-end-marker
!
enable password 7 062B160368471A4A5440
!
aaa new-model
!
aaa session-id common
clock timezone UTC 3 0
!
ip name-server 154.72.192.21 8.8.8.8
ip dhcp excluded-address 172.10.10.1 172.10.10.9
ip dhcp excluded-address 172.10.3.1 172.10.3.9
ip dhcp excluded-address 172.10.4.1 172.10.4.9
ip dhcp excluded-address 172.10.5.1 172.10.5.9
ip dhcp excluded-address 172.10.6.1 172.10.6.9
ip dhcp excluded-address 172.10.7.1 172.10.7.9
ip dhcp excluded-address 172.10.8.1 172.10.8.9
ip dhcp excluded-address 172.10.9.1 172.10.9.4
ip dhcp excluded-address 172.10.11.1 172.10.11.2
ip dhcp excluded-address 172.10.12.1 172.10.12.4
ip dhcp excluded-address 172.10.2.1 172.10.2.10
!
ip dhcp pool dhcp10
network 172.10.10.0 255.255.255.0
default-router 172.10.10.1
dns-server 154.72.192.21 8.8.8.8
lease 0 12
!
ip dhcp pool X-RAY1
network 172.10.3.0 255.255.255.0
default-router 172.10.3.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool X-Ray2
network 172.10.4.0 255.255.255.0
default-router 172.10.4.1
dns-server 8.8.8.8 154.72.192.21
lease 0 12
!
ip dhcp pool X-Ray3
network 172.10.5.0 255.255.255.0
default-router 172.10.5.1
dns-server 8.8.8.8 154.72.192.21
lease 0 14
!
ip dhcp pool X-Ray4
network 172.10.6.0 255.255.255.0
default-router 172.10.6.1
dns-server 8.8.8.8 154.72.192.21
lease 3 3 3
!
ip dhcp pool 1C-Ground
network 172.10.7.0 255.255.255.0
default-router 172.10.7.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool 1C-1st-Fl
network 172.10.8.0 255.255.255.0
default-router 172.10.8.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Private-Wing1
network 172.10.9.0 255.255.255.0
default-router 172.10.9.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Private-Wing2
network 172.10.11.0 255.255.255.0
default-router 172.10.11.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Admin
network 172.10.12.0 255.255.255.0
default-router 172.10.12.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool YH-Server-Room
network 172.16.0.0 255.255.254.0
default-router 172.16.0.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool vlan2
network 172.10.2.0 255.255.255.0
default-router 172.10.2.1
dns-server 154.72.192.21 8.8.8.8
!
login on-success log
!
subscriber templating
!
multilink bundle-name authenticated
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-4009722129
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4009722129
revocation-check none
rsakeypair TP-self-signed-4009722129
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki certificate chain TP-self-signed-4009722129
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303039 37323231 3239301E 170D3231 31323232 31393039
35315A17 0D333131 32323231 39303935 315A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303937
32323132 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 01009A09 F3041558 EE97705C 4C81F906 08988525 3FF0DC4C 2EF4F500
19F3FB47 49DAEBA5 3A9218ED 676FB8CC 8116B081 836CFEA9 095D0E2E AB1926F6
FD862CC5 70924880 FDA1A9D2 6AF22CA7 EFCE09BD 607BB1FF 60290FB9 56E19FE3
ACA40FF1 65961B35 44409CC8 8140EEC4 82A45527 CC440B72 89F1231F DC99BD30
9D079A3B 747520FE E0F76DBA 863A9465 88360471 9DC26712 5D1FAF37 40DF2F90
EF5EEBFA CB09CE76 2A55F65C 4A2119C0 5D8DBF35 E0B91557 0D5E1FE7 A7F7C817
DB048CDF B9DBF479 91F65C7A 12CE1A2B B2C37A15 AF8DDC02 0FCCDB1C F65B61D1
08A5C452 F66E0DC3 8539581C DCC05FC5 E2547503 CC1FEC18 61AD5456 D09A365D
37879BD3 E0D30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 143D1F47 B8B4CB54 2847AC30 0B43914C AE0C5234
2A301D06 03551D0E 04160414 3D1F47B8 B4CB5428 47AC300B 43914CAE 0C52342A
300D0609 2A864886 F70D0101 05050003 82010100 2B25F2E4 A24B4226 14CB18CF
5A1D6B2A F1CA586B DE3C7075 1954D7FC 55FBFA96 F93E528A 7F612082 F43007A8
D231346A FC27A5AB 7D6A55AD B9C55F31 4638CA08 70209F25 488C45CE 6D4C412B
12C749B5 2F2E6821 29EDC451 4034A5BF 9D93F93D 91BDBFE5 D4E62A15 538C285A
C207D25A 194D357C D67B5C59 714050A7 138D8950 229B62E8 54FEA144 5CFDE715
F19CBA63 EF79A802 7ED12AE0 892C8CEC C543FA5D 860667C9 6D5717D1 24175CBC
71226558 F01112C9 2017198A 547B89AF 4F589DBB CB476A6E 1612AC5D DA8F6EB9
177E1A49 C1660C7A BD306A1C BD40A09A 76A2E849 FD6475D9 9EC338D4 730CF5D0
F2A85029 CE2A7D40 CE4A35B4 C6523486 8144B580
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
!
license udi pid ISR4221/K9 sn FGL2518LU5C
license accept end user agreement
license boot level appxk9
license smart url https://smartreceiver.cisco.com/licservice/license
license smart url smart https://smartreceiver.cisco.com/licservice/license
license smart transport smart
memory free low-watermark processor 69237
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username YH privilege 15 password 7 022B1D792F0F1C721D19
username admin secret 9 $9$3.wD2F.H3lQK4.$SQuAdZUCcXSd1bHs2tZVhF1UW2GKebLAca9cUwacJ8o
username adminitrator privilege 15 secret 9 $9$4/EK2lUI2lML3.$JltHfJh9GbXfjVcVjA2hU9EljdGaZBPsOk8Fdr/4dmo
!
redundancy
mode none
!
lldp run
!
interface GigabitEthernet0/0/0
description YH_LAN
ip address 10.10.0.1 255.255.254.0
ip nat inside
--> no ip tcp adjust-mss 1452
negotiation auto
!
interface GigabitEthernet0/0/0.2
description vlan 2
encapsulation dot1Q 2
ip address 172.10.2.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.3
description vlan 3
encapsulation dot1Q 3
ip address 172.10.3.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.4
description vlan 4
encapsulation dot1Q 4
ip address 172.10.4.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.5
description vlan 5
encapsulation dot1Q 5
ip address 172.10.5.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.6
description vlan 6
encapsulation dot1Q 6
ip address 172.10.6.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.7
description Paediatric
encapsulation dot1Q 7
ip address 172.10.7.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.8
encapsulation dot1Q 8
ip address 172.10.8.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.9
encapsulation dot1Q 9
ip address 172.10.9.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.10
description Radiology
encapsulation dot1Q 10
ip address 172.10.10.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.11
encapsulation dot1Q 11
ip address 172.10.11.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.12
encapsulation dot1Q 12
ip address 172.10.12.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.172
description Voice
encapsulation dot1Q 172
ip address 172.16.0.1 255.255.254.0
ip nbar protocol-discovery
ip nat inside
!
interface GigabitEthernet0/0/1
description YH_Internet
ip address 154.72.215.230 255.255.255.252
--> no ip mtu 1492
ip nat outside
--> no ip tcp adjust-mss 1452
negotiation auto
!
iox
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/1
ip forward-protocol nd
ip ftp source-interface GigabitEthernet0/0/0
ip tftp source-interface GigabitEthernet0/0/0
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
--> no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 154.72.215.229
--> no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
--> no ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list standard Vlan10
10 permit 172.10.10.0 0.0.0.255
ip access-list standard Vlan11
10 permit 172.10.11.0 0.0.0.255
ip access-list standard Vlan12
10 permit 172.10.12.0 0.0.0.255
ip access-list standard Vlan5
10 permit 172.10.5.0 0.0.0.255
ip access-list standard Vlan6
10 permit 172.10.6.0 0.0.0.255
ip access-list standard Vlan7
10 permit 172.10.7.0 0.0.0.255
ip access-list standard Vlan8
10 permit 172.10.8.0 0.0.0.255
ip access-list standard Vlan9
10 permit 172.10.9.0 0.0.0.255
ip access-list standard vlan2
10 permit 172.10.2.0 0.0.0.255
ip access-list standard vlan3
10 permit 172.10.3.0 0.0.0.255
ip access-list standard vlan4
10 permit 172.10.4.0 0.0.0.255
!
ip access-list extended Web_acl
10 permit ip any any
!
ip access-list standard 1
10 permit 10.10.0.0 0.0.1.255
20 permit 172.16.0.0 0.0.1.255
30 permit 172.10.10.0 0.0.0.255
40 permit 172.10.9.0 0.0.0.255
50 permit 172.10.5.0 0.0.0.255
60 permit 172.10.6.0 0.0.0.255
70 permit 172.10.7.0 0.0.0.255
80 permit 172.10.8.0 0.0.0.255
90 permit 172.10.4.0 0.0.0.255
100 permit 172.10.3.0 0.0.0.255
110 permit 172.10.11.0 0.0.0.255
120 permit 172.10.12.0 0.0.0.255
130 permit 172.10.2.0 0.0.0.255
ip access-list standard 2
10 permit 172.16.0.0
20 permit 172.16.0.0 0.0.1.255
ip access-list standard 3
10 permit 172.10.10.0 0.0.0.255
20 permit 172.10.9.0 0.0.0.255
!
control-plane
!
banner login ^CYumbe Hospital^C
!
line con 0
login authentication abc1
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0
exec-timeout 40 0
password 7 143A0B29280D3978757F
logging synchronous
login authentication abc1
length 0
transport input ssh
line vty 1 4
password 7 143A0B29280D3978757F
login authentication abc1
length 0
transport input ssh
line vty 5 15
password 7 143A0B29280D3978757F
login authentication abc1
transport input telnet
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifica
tions.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp server time.google.com prefer
!
netconf-yang
end
7 Replies 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2021 01:55 PM
Hello,
post the running configuration of your router. The most likely reason are the MTU settings...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2021 03:31 PM
YH-Cisco-Router>en
Password:
YH-Cisco-Router#term len 0
YH-Cisco-Router#sh run
Building configuration...
Current configuration : 12631 bytes
!
! Last configuration change at 00:25:53 UTC Thu Dec 23 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 75000
!
hostname YH-Cisco-Router
!
boot-start-marker
boot system bootflash:isr4200-universalk9_ias_npe.17.03.04a.SPA.bin
boot system bootflash:isr4200-universalk9_ias_npe.16.09.08.SPA.bin
boot-end-marker
!
!
enable password 7 062B160368471A4A5440
!
aaa new-model
!
!
!
!
!
!
!
!
aaa session-id common
clock timezone UTC 3 0
!
!
!
!
!
!
!
ip name-server 154.72.192.21 8.8.8.8
ip dhcp excluded-address 172.10.10.1 172.10.10.9
ip dhcp excluded-address 172.10.3.1 172.10.3.9
ip dhcp excluded-address 172.10.4.1 172.10.4.9
ip dhcp excluded-address 172.10.5.1 172.10.5.9
ip dhcp excluded-address 172.10.6.1 172.10.6.9
ip dhcp excluded-address 172.10.7.1 172.10.7.9
ip dhcp excluded-address 172.10.8.1 172.10.8.9
ip dhcp excluded-address 172.10.9.1 172.10.9.4
ip dhcp excluded-address 172.10.11.1 172.10.11.2
ip dhcp excluded-address 172.10.12.1 172.10.12.4
ip dhcp excluded-address 172.10.2.1 172.10.2.10
!
ip dhcp pool dhcp10
network 172.10.10.0 255.255.255.0
default-router 172.10.10.1
dns-server 154.72.192.21 8.8.8.8
lease 0 12
!
ip dhcp pool X-RAY1
network 172.10.3.0 255.255.255.0
default-router 172.10.3.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool X-Ray2
network 172.10.4.0 255.255.255.0
default-router 172.10.4.1
dns-server 8.8.8.8 154.72.192.21
lease 0 12
!
ip dhcp pool X-Ray3
network 172.10.5.0 255.255.255.0
default-router 172.10.5.1
dns-server 8.8.8.8 154.72.192.21
lease 0 14
!
ip dhcp pool X-Ray4
network 172.10.6.0 255.255.255.0
default-router 172.10.6.1
dns-server 8.8.8.8 154.72.192.21
lease 3 3 3
!
ip dhcp pool 1C-Ground
network 172.10.7.0 255.255.255.0
default-router 172.10.7.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool 1C-1st-Fl
network 172.10.8.0 255.255.255.0
default-router 172.10.8.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Private-Wing1
network 172.10.9.0 255.255.255.0
default-router 172.10.9.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Private-Wing2
network 172.10.11.0 255.255.255.0
default-router 172.10.11.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Admin
network 172.10.12.0 255.255.255.0
default-router 172.10.12.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool YH-Server-Room
network 172.16.0.0 255.255.254.0
default-router 172.16.0.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool vlan2
network 172.10.2.0 255.255.255.0
default-router 172.10.2.1
dns-server 154.72.192.21 8.8.8.8
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4009722129
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4009722129
revocation-check none
rsakeypair TP-self-signed-4009722129
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-4009722129
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303039 37323231 3239301E 170D3231 31323232 31393039
35315A17 0D333131 32323231 39303935 315A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303937
32323132 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 01009A09 F3041558 EE97705C 4C81F906 08988525 3FF0DC4C 2EF4F500
19F3FB47 49DAEBA5 3A9218ED 676FB8CC 8116B081 836CFEA9 095D0E2E AB1926F6
FD862CC5 70924880 FDA1A9D2 6AF22CA7 EFCE09BD 607BB1FF 60290FB9 56E19FE3
ACA40FF1 65961B35 44409CC8 8140EEC4 82A45527 CC440B72 89F1231F DC99BD30
9D079A3B 747520FE E0F76DBA 863A9465 88360471 9DC26712 5D1FAF37 40DF2F90
EF5EEBFA CB09CE76 2A55F65C 4A2119C0 5D8DBF35 E0B91557 0D5E1FE7 A7F7C817
DB048CDF B9DBF479 91F65C7A 12CE1A2B B2C37A15 AF8DDC02 0FCCDB1C F65B61D1
08A5C452 F66E0DC3 8539581C DCC05FC5 E2547503 CC1FEC18 61AD5456 D09A365D
37879BD3 E0D30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 143D1F47 B8B4CB54 2847AC30 0B43914C AE0C5234
2A301D06 03551D0E 04160414 3D1F47B8 B4CB5428 47AC300B 43914CAE 0C52342A
300D0609 2A864886 F70D0101 05050003 82010100 2B25F2E4 A24B4226 14CB18CF
5A1D6B2A F1CA586B DE3C7075 1954D7FC 55FBFA96 F93E528A 7F612082 F43007A8
D231346A FC27A5AB 7D6A55AD B9C55F31 4638CA08 70209F25 488C45CE 6D4C412B
12C749B5 2F2E6821 29EDC451 4034A5BF 9D93F93D 91BDBFE5 D4E62A15 538C285A
C207D25A 194D357C D67B5C59 714050A7 138D8950 229B62E8 54FEA144 5CFDE715
F19CBA63 EF79A802 7ED12AE0 892C8CEC C543FA5D 860667C9 6D5717D1 24175CBC
71226558 F01112C9 2017198A 547B89AF 4F589DBB CB476A6E 1612AC5D DA8F6EB9
177E1A49 C1660C7A BD306A1C BD40A09A 76A2E849 FD6475D9 9EC338D4 730CF5D0
F2A85029 CE2A7D40 CE4A35B4 C6523486 8144B580
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
!
license udi pid ISR4221/K9 sn FGL2518LU5C
license accept end user agreement
license boot level appxk9
license smart url https://smartreceiver.cisco.com/licservice/license
license smart url smart https://smartreceiver.cisco.com/licservice/license
license smart transport smart
memory free low-watermark processor 69237
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username YH privilege 15 password 7 022B1D792F0F1C721D19
username admin secret 9 $9$3.wD2F.H3lQK4.$SQuAdZUCcXSd1bHs2tZVhF1UW2GKebLAca9cUwacJ8o
username adminitrator privilege 15 secret 9 $9$4/EK2lUI2lML3.$JltHfJh9GbXfjVcVjA2hU9EljdGaZBPsOk8Fdr/4dmo
!
redundancy
mode none
!
!
!
!
lldp run
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description YH_LAN
ip address 10.10.0.1 255.255.254.0
ip nat inside
ip tcp adjust-mss 1452
negotiation auto
!
interface GigabitEthernet0/0/0.2
description vlan 2
encapsulation dot1Q 2
ip address 172.10.2.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.3
description vlan 3
encapsulation dot1Q 3
ip address 172.10.3.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.4
description vlan 4
encapsulation dot1Q 4
ip address 172.10.4.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.5
description vlan 5
encapsulation dot1Q 5
ip address 172.10.5.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.6
description vlan 6
encapsulation dot1Q 6
ip address 172.10.6.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.7
description Paediatric
encapsulation dot1Q 7
ip address 172.10.7.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.8
encapsulation dot1Q 8
ip address 172.10.8.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.9
encapsulation dot1Q 9
ip address 172.10.9.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.10
description Radiology
encapsulation dot1Q 10
ip address 172.10.10.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.11
encapsulation dot1Q 11
ip address 172.10.11.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.12
encapsulation dot1Q 12
ip address 172.10.12.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.172
description Voice
encapsulation dot1Q 172
ip address 172.16.0.1 255.255.254.0
ip nbar protocol-discovery
ip nat inside
!
interface GigabitEthernet0/0/1
description YH_Internet
ip address 154.72.215.230 255.255.255.252
ip mtu 1492
ip nat outside
ip tcp adjust-mss 1452
negotiation auto
!
iox
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/1
ip forward-protocol nd
ip ftp source-interface GigabitEthernet0/0/0
ip tftp source-interface GigabitEthernet0/0/0
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 154.72.215.229
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
ip route 0.0.0.0 0.0.0.0 dhcp
!
!
ip access-list standard Vlan10
10 permit 172.10.10.0 0.0.0.255
ip access-list standard Vlan11
10 permit 172.10.11.0 0.0.0.255
ip access-list standard Vlan12
10 permit 172.10.12.0 0.0.0.255
ip access-list standard Vlan5
10 permit 172.10.5.0 0.0.0.255
ip access-list standard Vlan6
10 permit 172.10.6.0 0.0.0.255
ip access-list standard Vlan7
10 permit 172.10.7.0 0.0.0.255
ip access-list standard Vlan8
10 permit 172.10.8.0 0.0.0.255
ip access-list standard Vlan9
10 permit 172.10.9.0 0.0.0.255
ip access-list standard vlan2
10 permit 172.10.2.0 0.0.0.255
ip access-list standard vlan3
10 permit 172.10.3.0 0.0.0.255
ip access-list standard vlan4
10 permit 172.10.4.0 0.0.0.255
!
ip access-list extended Web_acl
10 permit ip any any
!
ip access-list standard 1
10 permit 10.10.0.0 0.0.1.255
20 permit 172.16.0.0 0.0.1.255
30 permit 172.10.10.0 0.0.0.255
40 permit 172.10.9.0 0.0.0.255
50 permit 172.10.5.0 0.0.0.255
60 permit 172.10.6.0 0.0.0.255
70 permit 172.10.7.0 0.0.0.255
80 permit 172.10.8.0 0.0.0.255
90 permit 172.10.4.0 0.0.0.255
100 permit 172.10.3.0 0.0.0.255
110 permit 172.10.11.0 0.0.0.255
120 permit 172.10.12.0 0.0.0.255
130 permit 172.10.2.0 0.0.0.255
ip access-list standard 2
10 permit 172.16.0.0
20 permit 172.16.0.0 0.0.1.255
ip access-list standard 3
10 permit 172.10.10.0 0.0.0.255
20 permit 172.10.9.0 0.0.0.255
!
!
!
!
!
!
control-plane
!
banner login ^CYumbe Hospital^C
!
line con 0
login authentication abc1
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0
exec-timeout 40 0
password 7 143A0B29280D3978757F
logging synchronous
login authentication abc1
length 0
transport input ssh
line vty 1 4
password 7 143A0B29280D3978757F
login authentication abc1
length 0
transport input ssh
line vty 5 15
password 7 143A0B29280D3978757F
login authentication abc1
transport input telnet
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifica
tions.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp server time.google.com prefer
!
!
!
!
!
!
netconf-yang
end
YH-Cisco-Router#
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-22-2021
03:45 PM
- last edited on
12-24-2021
01:44 AM
by
Translator
Hello
can you please append the following and test again?
no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
no ip route 0.0.0.0 0.0.0.0 154.72.215.229
no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
no ip route 0.0.0.0 0.0.0.0 dhcp
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1 154.72.215.229
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2021
12:20 AM
- last edited on
12-24-2021
01:47 AM
by
Translator
Hello,
in some DHCP pools, you have specified a DNS server other than 8.8.8.8., is that on purpose ? Are these 'problem' websites not reachable from specific Vlans, or from anywhere ?
Also, on some interfaces you have changed the MTU and MSS settings, is that on purpose ?
Try and make the changes/adjustments marked in bold:
Building configuration...
Current configuration : 12631 bytes
!
! Last configuration change at 00:25:53 UTC Thu Dec 23 2021
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 75000
!
hostname YH-Cisco-Router
!
boot-start-marker
boot system bootflash:isr4200-universalk9_ias_npe.17.03.04a.SPA.bin
boot system bootflash:isr4200-universalk9_ias_npe.16.09.08.SPA.bin
boot-end-marker
!
enable password 7 062B160368471A4A5440
!
aaa new-model
!
aaa session-id common
clock timezone UTC 3 0
!
ip name-server 154.72.192.21 8.8.8.8
ip dhcp excluded-address 172.10.10.1 172.10.10.9
ip dhcp excluded-address 172.10.3.1 172.10.3.9
ip dhcp excluded-address 172.10.4.1 172.10.4.9
ip dhcp excluded-address 172.10.5.1 172.10.5.9
ip dhcp excluded-address 172.10.6.1 172.10.6.9
ip dhcp excluded-address 172.10.7.1 172.10.7.9
ip dhcp excluded-address 172.10.8.1 172.10.8.9
ip dhcp excluded-address 172.10.9.1 172.10.9.4
ip dhcp excluded-address 172.10.11.1 172.10.11.2
ip dhcp excluded-address 172.10.12.1 172.10.12.4
ip dhcp excluded-address 172.10.2.1 172.10.2.10
!
ip dhcp pool dhcp10
network 172.10.10.0 255.255.255.0
default-router 172.10.10.1
dns-server 154.72.192.21 8.8.8.8
lease 0 12
!
ip dhcp pool X-RAY1
network 172.10.3.0 255.255.255.0
default-router 172.10.3.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool X-Ray2
network 172.10.4.0 255.255.255.0
default-router 172.10.4.1
dns-server 8.8.8.8 154.72.192.21
lease 0 12
!
ip dhcp pool X-Ray3
network 172.10.5.0 255.255.255.0
default-router 172.10.5.1
dns-server 8.8.8.8 154.72.192.21
lease 0 14
!
ip dhcp pool X-Ray4
network 172.10.6.0 255.255.255.0
default-router 172.10.6.1
dns-server 8.8.8.8 154.72.192.21
lease 3 3 3
!
ip dhcp pool 1C-Ground
network 172.10.7.0 255.255.255.0
default-router 172.10.7.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool 1C-1st-Fl
network 172.10.8.0 255.255.255.0
default-router 172.10.8.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Private-Wing1
network 172.10.9.0 255.255.255.0
default-router 172.10.9.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Private-Wing2
network 172.10.11.0 255.255.255.0
default-router 172.10.11.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool Admin
network 172.10.12.0 255.255.255.0
default-router 172.10.12.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool YH-Server-Room
network 172.16.0.0 255.255.254.0
default-router 172.16.0.1
dns-server 8.8.8.8 154.72.192.21
lease infinite
!
ip dhcp pool vlan2
network 172.10.2.0 255.255.255.0
default-router 172.10.2.1
dns-server 154.72.192.21 8.8.8.8
!
login on-success log
!
subscriber templating
!
multilink bundle-name authenticated
no device-tracking logging theft
!
crypto pki trustpoint TP-self-signed-4009722129
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4009722129
revocation-check none
rsakeypair TP-self-signed-4009722129
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
crypto pki certificate chain TP-self-signed-4009722129
certificate self-signed 01
30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303039 37323231 3239301E 170D3231 31323232 31393039
35315A17 0D333131 32323231 39303935 315A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303937
32323132 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
0A028201 01009A09 F3041558 EE97705C 4C81F906 08988525 3FF0DC4C 2EF4F500
19F3FB47 49DAEBA5 3A9218ED 676FB8CC 8116B081 836CFEA9 095D0E2E AB1926F6
FD862CC5 70924880 FDA1A9D2 6AF22CA7 EFCE09BD 607BB1FF 60290FB9 56E19FE3
ACA40FF1 65961B35 44409CC8 8140EEC4 82A45527 CC440B72 89F1231F DC99BD30
9D079A3B 747520FE E0F76DBA 863A9465 88360471 9DC26712 5D1FAF37 40DF2F90
EF5EEBFA CB09CE76 2A55F65C 4A2119C0 5D8DBF35 E0B91557 0D5E1FE7 A7F7C817
DB048CDF B9DBF479 91F65C7A 12CE1A2B B2C37A15 AF8DDC02 0FCCDB1C F65B61D1
08A5C452 F66E0DC3 8539581C DCC05FC5 E2547503 CC1FEC18 61AD5456 D09A365D
37879BD3 E0D30203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
301F0603 551D2304 18301680 143D1F47 B8B4CB54 2847AC30 0B43914C AE0C5234
2A301D06 03551D0E 04160414 3D1F47B8 B4CB5428 47AC300B 43914CAE 0C52342A
300D0609 2A864886 F70D0101 05050003 82010100 2B25F2E4 A24B4226 14CB18CF
5A1D6B2A F1CA586B DE3C7075 1954D7FC 55FBFA96 F93E528A 7F612082 F43007A8
D231346A FC27A5AB 7D6A55AD B9C55F31 4638CA08 70209F25 488C45CE 6D4C412B
12C749B5 2F2E6821 29EDC451 4034A5BF 9D93F93D 91BDBFE5 D4E62A15 538C285A
C207D25A 194D357C D67B5C59 714050A7 138D8950 229B62E8 54FEA144 5CFDE715
F19CBA63 EF79A802 7ED12AE0 892C8CEC C543FA5D 860667C9 6D5717D1 24175CBC
71226558 F01112C9 2017198A 547B89AF 4F589DBB CB476A6E 1612AC5D DA8F6EB9
177E1A49 C1660C7A BD306A1C BD40A09A 76A2E849 FD6475D9 9EC338D4 730CF5D0
F2A85029 CE2A7D40 CE4A35B4 C6523486 8144B580
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
!
license udi pid ISR4221/K9 sn FGL2518LU5C
license accept end user agreement
license boot level appxk9
license smart url https://smartreceiver.cisco.com/licservice/license
license smart url smart https://smartreceiver.cisco.com/licservice/license
license smart transport smart
memory free low-watermark processor 69237
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username YH privilege 15 password 7 022B1D792F0F1C721D19
username admin secret 9 $9$3.wD2F.H3lQK4.$SQuAdZUCcXSd1bHs2tZVhF1UW2GKebLAca9cUwacJ8o
username adminitrator privilege 15 secret 9 $9$4/EK2lUI2lML3.$JltHfJh9GbXfjVcVjA2hU9EljdGaZBPsOk8Fdr/4dmo
!
redundancy
mode none
!
lldp run
!
interface GigabitEthernet0/0/0
description YH_LAN
ip address 10.10.0.1 255.255.254.0
ip nat inside
--> no ip tcp adjust-mss 1452
negotiation auto
!
interface GigabitEthernet0/0/0.2
description vlan 2
encapsulation dot1Q 2
ip address 172.10.2.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.3
description vlan 3
encapsulation dot1Q 3
ip address 172.10.3.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.4
description vlan 4
encapsulation dot1Q 4
ip address 172.10.4.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.5
description vlan 5
encapsulation dot1Q 5
ip address 172.10.5.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.6
description vlan 6
encapsulation dot1Q 6
ip address 172.10.6.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.7
description Paediatric
encapsulation dot1Q 7
ip address 172.10.7.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.8
encapsulation dot1Q 8
ip address 172.10.8.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.9
encapsulation dot1Q 9
ip address 172.10.9.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.10
description Radiology
encapsulation dot1Q 10
ip address 172.10.10.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.11
encapsulation dot1Q 11
ip address 172.10.11.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.12
encapsulation dot1Q 12
ip address 172.10.12.1 255.255.255.0
ip nat inside
!
interface GigabitEthernet0/0/0.172
description Voice
encapsulation dot1Q 172
ip address 172.16.0.1 255.255.254.0
ip nbar protocol-discovery
ip nat inside
!
interface GigabitEthernet0/0/1
description YH_Internet
ip address 154.72.215.230 255.255.255.252
--> no ip mtu 1492
ip nat outside
--> no ip tcp adjust-mss 1452
negotiation auto
!
iox
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/1
ip forward-protocol nd
ip ftp source-interface GigabitEthernet0/0/0
ip tftp source-interface GigabitEthernet0/0/0
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
--> no ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 154.72.215.229
--> no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
--> no ip route 0.0.0.0 0.0.0.0 dhcp
!
ip access-list standard Vlan10
10 permit 172.10.10.0 0.0.0.255
ip access-list standard Vlan11
10 permit 172.10.11.0 0.0.0.255
ip access-list standard Vlan12
10 permit 172.10.12.0 0.0.0.255
ip access-list standard Vlan5
10 permit 172.10.5.0 0.0.0.255
ip access-list standard Vlan6
10 permit 172.10.6.0 0.0.0.255
ip access-list standard Vlan7
10 permit 172.10.7.0 0.0.0.255
ip access-list standard Vlan8
10 permit 172.10.8.0 0.0.0.255
ip access-list standard Vlan9
10 permit 172.10.9.0 0.0.0.255
ip access-list standard vlan2
10 permit 172.10.2.0 0.0.0.255
ip access-list standard vlan3
10 permit 172.10.3.0 0.0.0.255
ip access-list standard vlan4
10 permit 172.10.4.0 0.0.0.255
!
ip access-list extended Web_acl
10 permit ip any any
!
ip access-list standard 1
10 permit 10.10.0.0 0.0.1.255
20 permit 172.16.0.0 0.0.1.255
30 permit 172.10.10.0 0.0.0.255
40 permit 172.10.9.0 0.0.0.255
50 permit 172.10.5.0 0.0.0.255
60 permit 172.10.6.0 0.0.0.255
70 permit 172.10.7.0 0.0.0.255
80 permit 172.10.8.0 0.0.0.255
90 permit 172.10.4.0 0.0.0.255
100 permit 172.10.3.0 0.0.0.255
110 permit 172.10.11.0 0.0.0.255
120 permit 172.10.12.0 0.0.0.255
130 permit 172.10.2.0 0.0.0.255
ip access-list standard 2
10 permit 172.16.0.0
20 permit 172.16.0.0 0.0.1.255
ip access-list standard 3
10 permit 172.10.10.0 0.0.0.255
20 permit 172.10.9.0 0.0.0.255
!
control-plane
!
banner login ^CYumbe Hospital^C
!
line con 0
login authentication abc1
transport input none
stopbits 1
line aux 0
stopbits 1
line vty 0
exec-timeout 40 0
password 7 143A0B29280D3978757F
logging synchronous
login authentication abc1
length 0
transport input ssh
line vty 1 4
password 7 143A0B29280D3978757F
login authentication abc1
length 0
transport input ssh
line vty 5 15
password 7 143A0B29280D3978757F
login authentication abc1
transport input telnet
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifica
tions.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp server time.google.com prefer
!
netconf-yang
end
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2021 03:08 PM
@Georg Pauwen and @paul driver
Thanks so much, your solutions worked perfectly.
However, I want to shift dhcp service from this router to one of the switches (the core switch) and it is not cisco, in particular cnMatrix ,
Will this be wise?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-23-2021 11:45 PM
Hello,
the cnMatrix switches have an embedded DHCP server and basically the same functionality as Cisco switches, so shifting the DHCP service to this device should be no problem at ll.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-24-2021 12:47 AM - edited 12-24-2021 06:54 AM
Hello
You will need to plan the migration of DHCP.
Do you have any layer 2 security applied ( DHCP snooping/DAI/IPSG) ?
If you don't then migration will be much simpler.
Download the current dhcp database to a shared repository, decrease the current lease times of the active dhcp scopes, create the new scopes on the new rtr (disabled) and copy the DHCP D/B file onto new server,
When applicable turn off the old service, enable the new service, Then when the client’s need to refresh they should pick up new allocation from the new server. Even better if you can get all your clients to reboot they should pick up allocation from the new server.
If you have Snooping DAI/IPSG applied on the switches make sure you have backups of these (preferably pushing them to a shared repository) also
eg: ip dhcp snooping database tftp://xxxx/snoop.txt
Good luck..
Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.
Kind Regards
Paul
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Customers Also Viewed These Support Documents
