- Cisco Community
- Technology and Support
- Networking
- Routing
- Re: ISR 4331 - Internet is Not Through on Specific Vlan
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-24-2022 10:37 PM
Dear All,
I have One ISR 4331, Which was managed by Another IT Guy, Unfortunately he left without proper Handover. Well, Coming to the point, I created one DHCP Pool on ISR 4331 /23 Network. I'm Getting an IP address but internet is working.
DHCP Pool name is :
dhcp pool KLD_Labour_CAMP_Pool_VLAN_71
Interface:
interface GigabitEthernet0/0/1.71
Please Note: Rest of the Vlans are working fine. Only Vlan 71 is not getting internet, maybe is it because of ACL or am i missing something?
Anyone can help me in this please ?
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description WAN01_Microwave
ip address 172.16.10.2 255.255.255.252
negotiation auto
spanning-tree portfast
service-policy output WEBUI-QUEUING-OUT
!
interface GigabitEthernet0/0/1
description LAN_Trunk
no ip address
negotiation auto
spanning-tree portfast trunk
!
interface GigabitEthernet0/0/1.6
description THOE_Admin VLAN_6
encapsulation dot1Q 6
ip address 10.6.6.1 255.255.255.0
ip nbar protocol-discovery
ip access-group Admin_VLAN_6_IN in
service-policy input WEBUI-MARKING-IN
!
interface GigabitEthernet0/0/1.55
description IoT_VLAN_55
encapsulation dot1Q 55
ip address 10.6.55.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/0/1.60
description Management_VLAN_60
encapsulation dot1Q 60
ip address 10.6.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/0/1.61
description THOE_Office_VLAN_61
encapsulation dot1Q 61
ip address 10.6.1.1 255.255.255.0
ip helper-address 10.20.6.10
ip nbar protocol-discovery
ip access-group DATA_VLAN_61_IN in
service-policy input WEBUI-MARKING-IN
!
interface GigabitEthernet0/0/1.66
description KLD_Staff_BYON_VLAN_66
encapsulation dot1Q 66
ip address 10.6.66.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/0/1.67
description KLD_Staff_CAMP_VLAN_67
encapsulation dot1Q 67
ip address 10.6.67.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group KLD_Staff_CAMP_VLAN_67_IN in
!
interface GigabitEthernet0/0/1.69
description CCTV_VLAN_69
encapsulation dot1Q 69
ip address 10.6.9.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group CCTV_VLAN_69_IN in
!
interface GigabitEthernet0/0/1.71
description KLD_Labour_CAMP_VLAN_71
encapsulation dot1Q 71
ip address 10.100.70.1 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group KLD_Labour_VLAN_71_IN in
!
interface GigabitEthernet0/0/1.100
description P2P_Access_VLAN_100
encapsulation dot1Q 100
ip address 10.6.100.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/0/1.102
description Sweden_KLD_Employee_VLAN_102
encapsulation dot1Q 102
ip address 10.6.102.1 255.255.255.0
ip helper-address 10.20.6.10
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group Sweden_KLD_Employee_VLAN_102_IN in
!
interface GigabitEthernet0/0/1.172
description NAS_VLAN_172
encapsulation dot1Q 172
ip address 172.16.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group NAS_VLAN_172_IN in
!
interface GigabitEthernet0/0/1.3030
description SERVER FARM_VLAN_3030
encapsulation dot1Q 3030
ip address 10.20.6.1 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group SERVER_FARM_VLAN_3030_IN in
!
interface GigabitEthernet0/0/1.3060
description iLO_VLAN_3060
encapsulation dot1Q 3060
ip address 10.20.18.1 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-group iLO_VLAN_3060_IN in
!
interface GigabitEthernet0/0/2
description WAN02_GSM_Router
ip address 172.16.101.2 255.255.255.248
media-type sfp
negotiation auto
spanning-tree portfast
service-policy output WEBUI-QUEUING-OUT
!
interface GigabitEthernet0
description Management
vrf forwarding Mgmt-intf
ip address 10.6.200.1 255.255.255.0
negotiation auto
!
ip http server
ip http access-class ipv4 99
ip http authentication local
ip http secure-server
ip http secure-port 65443
ip forward-protocol nd
ip dns server
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 172.16.10.1 track 2
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/2 172.16.101.1 10
ip ssh time-out 60
ip ssh authentication-retries 2
ip ssh version 2
!
!
ip access-list extended Admin_VLAN_6_IN
10 remark Access_to_Router
10 deny tcp 10.6.6.0 0.0.0.255 host 10.6.6.1 eq 22 log
20 deny tcp 10.6.6.0 0.0.0.255 host 10.6.6.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.6.6.0 0.0.0.255 172.16.10.0 0.0.0.3
40 permit ip 10.6.6.0 0.0.0.255 172.16.101.0 0.0.0.7
50 remark Internal_Subnet_access
50 permit ip 10.6.6.0 0.0.0.255 10.6.6.0 0.0.0.255
60 remark THOE_External_Subnets_and_Hosts_access
60 permit ip 10.6.6.0 0.0.0.255 10.6.1.0 0.0.0.255
70 permit ip 10.6.6.0 0.0.0.255 10.6.9.0 0.0.0.255
80 permit ip 10.6.6.0 0.0.0.255 10.20.6.0 0.0.1.255
90 remark Concord_External_Subnets_and_Hosts_access
90 permit ip 10.6.6.0 0.0.0.255 10.10.43.0 0.0.0.255
100 permit ip 10.6.6.0 0.0.0.255 10.10.6.0 0.0.1.255
110 permit ip 10.6.6.0 0.0.0.255 host 10.1.50.20
120 remark BLOCK_to_Private_subnets
120 deny ip 10.6.6.0 0.0.0.255 10.0.0.0 0.255.255.255 log
130 deny ip 10.6.6.0 0.0.0.255 172.16.0.0 0.15.255.255 log
140 deny ip 10.6.6.0 0.0.0.255 192.168.55.0 0.0.0.255 log
150 deny ip 10.6.6.0 0.0.0.255 169.254.0.0 0.0.255.255 log
160 deny ip 10.6.6.0 0.0.0.255 224.0.0.0 15.255.255.255 log
170 deny ip 10.6.6.0 0.0.0.255 240.0.0.0 7.255.255.255 log
180 deny ip 10.6.6.0 0.0.0.255 127.0.0.0 0.255.255.255 log
190 remark Access_to_Internet
190 permit ip 10.6.6.0 0.0.0.255 any
200 remark DHCP_request
200 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
210 remark Block_All_Traffic
210 deny ip any any
ip access-list extended CCTV_VLAN_69_IN
10 remark Access_to_Router
10 deny tcp 10.6.9.0 0.0.0.255 host 10.6.9.1 eq 22 log
20 deny tcp 10.6.9.0 0.0.0.255 host 10.6.9.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.6.9.0 0.0.0.255 172.16.10.0 0.0.0.3
40 remark Internal_Subnet_access
40 permit ip 10.6.9.0 0.0.0.255 10.6.9.0 0.0.0.255
50 remark External_Subnets_and_Hosts_access
50 permit ip 10.6.9.0 0.0.0.255 10.6.6.0 0.0.0.255
60 remark Concord_External_Subnets_and_Hosts_access
60 permit ip host 10.6.9.12 10.1.0.0 0.0.0.255
70 permit ip host 10.6.9.12 10.2.20.0 0.0.0.255
80 permit ip host 10.6.9.3 10.1.0.0 0.0.0.255
90 permit ip host 10.6.9.3 10.2.20.0 0.0.0.255
100 remark Remote_VPN_IT_and_Management
100 permit ip 10.6.9.0 0.0.0.255 10.2.99.0 0.0.0.255
110 permit ip host 10.6.9.12 10.2.5.0 0.0.0.255
120 remark BLOCK_to_Private_subnets
120 deny ip 10.6.9.0 0.0.0.255 10.0.0.0 0.255.255.255 log
130 deny ip 10.6.9.0 0.0.0.255 172.16.0.0 0.15.255.255 log
140 deny ip 10.6.9.0 0.0.0.255 192.168.55.0 0.0.0.255 log
150 deny ip 10.6.9.0 0.0.0.255 169.254.0.0 0.0.255.255 log
160 deny ip 10.6.9.0 0.0.0.255 224.0.0.0 15.255.255.255 log
170 deny ip 10.6.9.0 0.0.0.255 240.0.0.0 7.255.255.255 log
180 deny ip 10.6.9.0 0.0.0.255 127.0.0.0 0.255.255.255 log
190 remark DHCP_request
190 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
200 remark Block_All_Traffic
200 deny ip any any
ip access-list extended DATA_VLAN_61_IN
10 remark Access_to_Router
10 deny tcp 10.6.1.0 0.0.0.255 host 10.6.1.1 eq 22 log
20 deny tcp 10.6.1.0 0.0.0.255 host 10.6.1.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.6.1.0 0.0.0.255 172.16.10.0 0.0.0.3
40 permit ip 10.6.1.0 0.0.0.255 172.16.101.0 0.0.0.7
50 remark Admin_Subnet_access
50 permit tcp 10.6.1.0 0.0.0.255 10.6.6.0 0.0.0.255 established
60 permit tcp 10.6.1.0 0.0.0.255 10.1.0.0 0.0.0.255 established
70 permit tcp 10.6.1.0 0.0.0.255 10.2.20.0 0.0.0.255 established
80 remark Internal_Subnet_access
80 permit ip 10.6.1.0 0.0.0.255 10.6.1.0 0.0.0.255
90 remark ISLAND_Subnets_and_Hosts_access
90 permit ip host 10.6.1.10 10.2.50.0 0.0.0.255
100 permit ip 10.6.1.0 0.0.0.255 host 10.20.6.10
110 permit ip 10.6.1.0 0.0.0.255 host 10.20.6.20
120 permit ip host 10.6.1.10 10.6.6.0 0.0.0.255
130 permit ip host 10.6.1.10 10.6.102.0 0.0.0.255
140 remark Concord_External_Subnets_and_Hosts_access
140 permit ip 10.6.1.0 0.0.0.255 host 10.10.6.21
150 permit ip 10.6.1.0 0.0.0.255 host 10.10.6.22
160 permit ip 10.6.1.0 0.0.0.255 host 10.10.6.26
170 permit ip 10.6.1.0 0.0.0.255 host 10.10.6.27
180 permit ip 10.6.1.0 0.0.0.255 host 10.10.43.13
190 permit ip 10.6.1.0 0.0.0.255 host 10.10.6.48
200 permit ip 10.6.1.0 0.0.0.255 host 10.10.6.47
210 permit ip 10.6.1.0 0.0.0.255 host 10.10.43.47
220 permit ip 10.6.1.0 0.0.0.255 host 10.1.50.20
230 permit ip host 10.6.1.10 10.2.0.0 0.0.1.255
240 permit ip host 10.6.1.12 10.2.0.0 0.0.1.255
250 permit ip 10.6.1.0 0.0.0.255 host 10.2.1.14
260 remark Remote_VPN_IT_and_Management
260 permit ip host 10.6.1.10 10.2.99.0 0.0.0.255
270 permit ip host 10.6.1.10 10.2.5.0 0.0.0.25
280 remark BLOCK_to_Private_subnets
280 deny ip 10.6.1.0 0.0.0.255 10.0.0.0 0.255.255.255 log
290 deny ip 10.6.1.0 0.0.0.255 172.16.0.0 0.15.255.255 log
300 deny ip 10.6.1.0 0.0.0.255 192.168.55.0 0.0.0.255 log
310 deny ip 10.6.1.0 0.0.0.255 169.254.0.0 0.0.255.255 log
320 deny ip 10.6.1.0 0.0.0.255 224.0.0.0 15.255.255.255 log
330 deny ip 10.6.1.0 0.0.0.255 240.0.0.0 7.255.255.255 log
340 deny ip 10.6.1.0 0.0.0.255 127.0.0.0 0.255.255.255 log
350 remark Access_to_Internet
350 permit ip 10.6.1.0 0.0.0.255 any
360 remark DHCP_request
360 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
370 remark Block_All_Traffic
370 deny ip any any
ip access-list extended KLD_Labour_VLAN_71_IN
10 remark Access_to_Router
10 deny tcp 10.100.70.0 0.0.1.255 host 10.100.70.1 eq 22 log
20 deny tcp 10.100.70.0 0.0.1.255 host 10.100.70.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.100.70.0 0.0.1.255 172.16.10.0 0.0.0.3
40 remark Internal_Subnet_access
40 permit ip 10.100.70.0 0.0.1.255 10.100.70.0 0.0.1.255
50 remark BLOCK_to_Private_subnets
50 deny ip 10.100.70.0 0.0.1.255 10.0.0.0 0.255.255.255 log
60 deny ip 10.100.70.0 0.0.1.255 172.16.0.0 0.15.255.255 log
70 deny ip 10.100.70.0 0.0.1.255 192.168.54.0 0.0.1.255 log
80 deny ip 10.100.70.0 0.0.1.255 169.254.0.0 0.0.255.255 log
90 deny ip 10.100.70.0 0.0.1.255 224.0.0.0 15.255.255.255 log
100 deny ip 10.100.70.0 0.0.1.255 240.0.0.0 7.255.255.255 log
110 deny ip 10.100.70.0 0.0.1.255 127.0.0.0 0.255.255.255 log
120 remark Access_to_Internet
120 permit ip 10.100.70.0 0.0.1.255 any
130 remark DHCP_request
130 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
140 remark Block_All_Traffic
140 deny ip any any
ip access-list extended KLD_Staff_BYON_VLAN_66_IN
10 remark Access_to_Router
10 deny tcp 10.6.66.0 0.0.0.255 host 10.6.66.1 eq 22 log
20 deny tcp 10.6.66.0 0.0.0.255 host 10.6.66.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.6.66.0 0.0.0.255 172.16.10.0 0.0.0.3
40 remark Internal_Subnet_access
40 permit ip 10.6.66.0 0.0.0.255 10.6.66.0 0.0.0.255
50 remark External_Subnets_and_Hosts_access
50 permit ip 10.6.66.0 0.0.0.255 host 10.10.6.21
60 permit ip 10.6.66.0 0.0.0.255 host 10.10.6.22
70 permit ip 10.6.66.0 0.0.0.255 host 10.10.6.26
80 permit ip 10.6.66.0 0.0.0.255 host 10.1.50.20
90 permit ip 10.6.66.0 0.0.0.255 host 10.20.6.20
100 remark BLOCK_to_Private_subnets
100 deny ip 10.6.66.0 0.0.0.255 10.0.0.0 0.255.255.255 log
110 deny ip 10.6.66.0 0.0.0.255 172.16.0.0 0.15.255.255 log
120 deny ip 10.6.66.0 0.0.0.255 192.168.55.0 0.0.0.255 log
130 deny ip 10.6.66.0 0.0.0.255 169.254.0.0 0.0.255.255 log
140 deny ip 10.6.66.0 0.0.0.255 224.0.0.0 15.255.255.255 log
150 deny ip 10.6.66.0 0.0.0.255 240.0.0.0 7.255.255.255 log
160 deny ip 10.6.66.0 0.0.0.255 127.0.0.0 0.255.255.255 log
170 remark Access_to_Internet
170 permit ip 10.6.66.0 0.0.0.255 any
180 remark DHCP_request
180 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
190 remark Block_All_Traffic
190 deny ip any any
ip access-list extended KLD_Staff_CAMP_VLAN_67_IN
10 remark Access_to_Router
10 deny tcp 10.6.67.0 0.0.0.255 host 10.6.67.1 eq 22 log
20 deny tcp 10.6.67.0 0.0.0.255 host 10.6.67.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.6.67.0 0.0.0.255 172.16.10.0 0.0.0.3
40 remark Internal_Subnet_access
40 permit ip 10.6.67.0 0.0.0.255 10.6.67.0 0.0.0.255
50 remark BLOCK_to_Private_subnets
50 deny ip 10.6.67.0 0.0.0.255 10.0.0.0 0.255.255.255 log
60 deny ip 10.6.67.0 0.0.0.255 172.16.0.0 0.15.255.255 log
70 deny ip 10.6.67.0 0.0.0.255 192.168.55.0 0.0.0.255 log
80 deny ip 10.6.67.0 0.0.0.255 169.254.0.0 0.0.255.255 log
90 deny ip 10.6.67.0 0.0.0.255 224.0.0.0 15.255.255.255 log
100 deny ip 10.6.67.0 0.0.0.255 240.0.0.0 7.255.255.255 log
110 deny ip 10.6.67.0 0.0.0.255 127.0.0.0 0.255.255.255 log
120 remark Access_to_Internet
120 permit ip 10.6.67.0 0.0.0.255 any
130 remark DHCP_request
130 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
140 remark Block_All_Traffic
140 deny ip any any
ip access-list extended NAS_VLAN_172_IN
10 remark Access_to_Router
10 deny tcp 172.16.0.0 0.0.0.255 host 172.16.0.1 eq 22 log
20 deny tcp 172.16.0.0 0.0.0.255 host 172.16.0.1 eq 65443 log
30 remark Internal_Subnet_access
30 permit ip 172.16.0.0 0.0.0.255 172.16.0.0 0.0.0.255
40 remark BLOCK_to_Private_subnets
40 deny ip 172.16.0.0 0.0.0.255 10.0.0.0 0.255.255.255 log
50 deny ip 172.16.0.0 0.0.0.255 172.16.0.0 0.15.255.255 log
60 deny ip 172.16.0.0 0.0.0.255 192.168.55.0 0.0.0.255 log
70 deny ip 172.16.0.0 0.0.0.255 169.254.0.0 0.0.255.255 log
80 deny ip 172.16.0.0 0.0.0.255 224.0.0.0 15.255.255.255 log
90 deny ip 172.16.0.0 0.0.0.255 240.0.0.0 7.255.255.255 log
100 deny ip 172.16.0.0 0.0.0.255 127.0.0.0 0.255.255.255 log
110 remark NO_Access_to_Internet
110 remark DHCP_request
110 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
120 remark Block_All_Traffic
120 deny ip any any
ip access-list extended SERVER_FARM_VLAN_3030_IN
10 remark Access_to_Router
10 deny tcp 10.20.6.0 0.0.1.255 host 10.20.6.1 eq 22 log
20 deny tcp 10.20.6.0 0.0.1.255 host 10.20.6.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.20.6.0 0.0.1.255 172.16.10.0 0.0.0.3
40 permit ip host 10.20.6.10 172.16.101.0 0.0.0.7
50 remark Admin_Subnet_access
50 permit tcp 10.20.6.0 0.0.1.255 10.6.0.0 0.0.0.255 established
60 permit tcp 10.20.6.0 0.0.1.255 10.6.6.0 0.0.0.255 established
70 permit tcp 10.20.6.0 0.0.1.255 10.1.0.0 0.0.0.255 established
80 permit tcp 10.20.6.0 0.0.1.255 10.2.20.0 0.0.0.255 established
90 remark Internal_Subnet_access
90 permit ip 10.20.6.0 0.0.1.255 10.20.6.0 0.0.1.255 log
100 remark External_Subnets_and_Hosts_access
100 permit ip 10.20.6.0 0.0.1.255 10.20.18.0 0.0.1.255
110 permit ip 10.20.6.0 0.0.1.255 host 172.16.0.5
120 permit ip 10.20.6.0 0.0.1.255 host 10.6.1.10
130 permit ip host 10.20.6.10 10.6.6.0 0.0.0.255
140 permit ip host 10.20.6.10 10.6.1.0 0.0.0.255
150 permit ip host 10.20.6.10 10.6.102.0 0.0.0.255
160 remark Concord_External_Subnets_and_Hosts_access
160 permit ip host 10.20.6.20 host 10.1.50.20
170 permit ip 10.20.6.0 0.0.1.255 10.10.6.0 0.0.1.255
180 permit ip 10.20.6.0 0.0.1.255 10.10.43.0 0.0.0.255
190 permit ip 10.20.6.0 0.0.1.255 10.10.32.0 0.0.1.255
200 permit ip 10.20.6.0 0.0.1.255 10.10.18.0 0.0.1.255
210 remark Remote_VPN_IT_and_Management
210 permit ip 10.20.6.0 0.0.1.255 10.2.99.0 0.0.0.255
220 remark BLOCK_to_Private_subnets
220 deny ip 10.20.6.0 0.0.1.255 10.0.0.0 0.255.255.255 log
230 deny ip 10.20.6.0 0.0.1.255 172.16.0.0 0.15.255.255 log
240 deny ip 10.20.6.0 0.0.1.255 192.168.55.0 0.0.0.255 log
250 deny ip 10.20.6.0 0.0.1.255 169.254.0.0 0.0.255.255 log
260 deny ip 10.20.6.0 0.0.1.255 224.0.0.0 15.255.255.255 log
270 deny ip 10.20.6.0 0.0.1.255 240.0.0.0 7.255.255.255 log
280 deny ip 10.20.6.0 0.0.1.255 127.0.0.0 0.255.255.255 log
290 remark Access_to_Internet
290 permit ip 10.20.6.0 0.0.1.255 any
300 remark DHCP_request
300 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
310 remark Block_All_Traffic
310 deny ip any any
ip access-list extended Sweden_KLD_Employee_VLAN_102_IN
10 remark Access_to_Router
10 deny tcp 10.6.102.0 0.0.0.255 host 10.6.102.1 eq 22 log
20 deny tcp 10.6.102.0 0.0.0.255 host 10.6.102.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.6.102.0 0.0.0.255 172.16.10.0 0.0.0.3
40 permit ip 10.6.6.0 0.0.0.255 172.16.101.0 0.0.0.7
50 remark Internal_Subnet_access
50 permit ip 10.6.102.0 0.0.0.255 10.6.102.0 0.0.0.255
60 remark ISLAND_Subnets_and_Hosts_access
60 permit ip 10.6.102.0 0.0.0.255 host 10.20.6.10
70 permit ip 10.6.102.0 0.0.0.255 host 10.20.6.20
80 permit ip 10.6.102.0 0.0.0.255 host 10.6.1.10
90 remark Concord_External_Subnets_and_Hosts_access
90 permit ip 10.6.102.0 0.0.0.255 host 10.10.6.21
100 permit ip 10.6.102.0 0.0.0.255 host 10.10.6.22
110 permit ip 10.6.102.0 0.0.0.255 host 10.10.6.26
120 permit ip 10.6.102.0 0.0.0.255 host 10.10.6.27
130 permit ip 10.6.102.0 0.0.0.255 host 10.10.43.13
140 permit ip 10.6.102.0 0.0.0.255 host 10.10.6.48
150 permit ip 10.6.102.0 0.0.0.255 host 10.10.6.47
160 permit ip 10.6.102.0 0.0.0.255 host 10.10.43.47
170 permit ip 10.6.102.0 0.0.0.255 host 10.1.50.20
180 permit ip 10.6.102.0 0.0.0.255 host 10.2.1.14
190 remark BLOCK_to_Private_subnets
190 deny ip 10.6.102.0 0.0.0.255 10.0.0.0 0.255.255.255 log
200 deny ip 10.6.102.0 0.0.0.255 172.16.0.0 0.15.255.255 log
210 deny ip 10.6.102.0 0.0.0.255 192.168.55.0 0.0.0.255 log
220 deny ip 10.6.102.0 0.0.0.255 169.254.0.0 0.0.255.255 log
230 deny ip 10.6.102.0 0.0.0.255 224.0.0.0 15.255.255.255 log
240 deny ip 10.6.102.0 0.0.0.255 240.0.0.0 7.255.255.255 log
250 deny ip 10.6.102.0 0.0.0.255 127.0.0.0 0.255.255.255 log
260 remark Access_to_Internet
260 permit ip 10.6.102.0 0.0.0.255 any
270 remark DHCP_request
270 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
280 remark Block_All_Traffic
280 deny ip any any
ip access-list extended iLO_VLAN_3060_IN
10 remark Access_to_Router
10 deny tcp 10.20.18.0 0.0.1.255 host 10.20.18.1 eq 22 log
20 deny tcp 10.20.18.0 0.0.1.255 host 10.20.18.1 eq 65443 log
30 remark Routed_Subnet_access
30 permit ip 10.20.18.0 0.0.1.255 172.16.10.0 0.0.0.3
40 remark Admin_Subnet_access
40 permit tcp 10.20.18.0 0.0.1.255 10.6.6.0 0.0.0.255 established
50 remark Internal_Subnet_access
50 permit ip 10.20.18.0 0.0.1.255 10.20.18.0 0.0.1.255
60 remark BLOCK_to_Private_subnets
60 deny ip 10.20.18.0 0.0.1.255 10.0.0.0 0.255.255.255 log
70 deny ip 10.20.18.0 0.0.1.255 172.16.0.0 0.15.255.255 log
80 deny ip 10.20.18.0 0.0.1.255 192.168.55.0 0.0.0.255 log
90 deny ip 10.20.18.0 0.0.1.255 169.254.0.0 0.0.255.255 log
100 deny ip 10.20.18.0 0.0.1.255 224.0.0.0 15.255.255.255 log
110 deny ip 10.20.18.0 0.0.1.255 240.0.0.0 7.255.255.255 log
120 deny ip 10.20.18.0 0.0.1.255 127.0.0.0 0.255.255.255 log
130 remark NO_Access_to_Internet
130 remark DHCP_request
130 permit udp host 0.0.0.0 host 255.255.255.255 eq bootps
140 remark Block_All_Traffic
140 deny ip any any
!
ip sla 1
icmp-echo 8.8.8.8 source-ip 172.16.10.2
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 172.16.10.1 source-ip 172.16.10.2
ip sla schedule 2 life forever start-time now
ip access-list standard 99
10 permit 10.6.0.0 0.0.0.255
20 permit 10.1.0.0 0.0.0.255
30 permit 10.2.99.0 0.0.0.255
!
!
!
!
!
control-plane host
!
!
control-plane
!
configuration mode exclusive
!
line con 0
stopbits 1
line aux 0
exec-timeout 0 1
no exec
transport output none
line vty 0 4
privilege level 15
length 0
transport input ssh
line vty 5 15
privilege level 15
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
ntp server time.nist.gov
!
!
!
!
!
event manager applet 1628509802359storeShowTech
event none sync no maxrun 31536000
action 001 cli command "enable"
action 002 cli command "traceroute vrf Mgmt-intf 172.16.10.2"
action 003 file open TECHFILE bootflash:1628509802359sh_tech.txt w+
action 004 file puts TECHFILE "$_cli_result"
action 005 file close TECHFILE
event manager applet 1658345085176storeShowTech
event none sync no maxrun 31536000
action 001 cli command "enable"
action 002 cli command "traceroute ip 8.8.8.8 source Gi0/0/1.70"
action 003 file open TECHFILE bootflash:1658345085176sh_tech.txt w+
action 004 file puts TECHFILE "$_cli_result"
action 005 file close TECHFILE
!
end
THOE_Router_01#
Solved! Go to Solution.
- Labels:
-
Small Business Routers
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2022 01:42 AM
Hello,
the ISR 4331 has no NAT configuration, so there must be another device in front of this router that does the NAT. Most likely, the IP address range (10.100.70..0/255.255.254.0) is not included in the range of addresses to be translated. Can you find out what device is actually the one externally facing the Internet ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-25-2022 01:42 AM
Hello,
the ISR 4331 has no NAT configuration, so there must be another device in front of this router that does the NAT. Most likely, the IP address range (10.100.70..0/255.255.254.0) is not included in the range of addresses to be translated. Can you find out what device is actually the one externally facing the Internet ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
