ISR4200 NOT CONNECTING TO LAN

wanumet · ‎01-19-2022

Hello

Kindly help

I can access this Router from its WAN Side Gi0/0/1 through public ip but i can not reach it through LAN (Gi0/0/0)

even the Immediate device(switch) does not connect on sfp yet i see the interfaces are up

see config

| Welcome!
| YUMBE HOSPITAL
End of banner message from server
Keyboard-interactive authentication prompts from server:
End of keyboard-interactive prompts from server

Attention!
Authorized Access only.


Yumbe-Hospital#term len 0
Yumbe-Hospital#sh run
Building configuration...

Current configuration : 7311 bytes
!
! Last configuration change at 15:58:25 UTC Wed Jan 19 2022 by YH
!
version 17.3
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 75000
!
hostname Yumbe-Hospital
!
boot-start-marker
boot system flash bootflash:isr4200-universalk9_ias.17.03.03.SPA.bin
boot-end-marker
!
!
enable secret 9 $14$VEUi$63B51/zhnPAjE.$c5G/o5Ol0AKKHXg9RaGS0hGGxQV8GgxLY9TCoZ.6MuM
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
!
!
!
!
!
!
aaa session-id common
clock timezone UTC 3 0
!
!
!
!
!
!
!
ip name-server X.X.X.X 8.8.8.8
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
multilink bundle-name authenticated
no device-tracking logging theft
!
!
!
!
!
crypto pki trustpoint TP-self-signed-4009722129
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-4009722129
 revocation-check none
 rsakeypair TP-self-signed-4009722129
!
crypto pki trustpoint SLA-TrustPoint
 enrollment pkcs12
 revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-4009722129
 certificate self-signed 01
  30820330 30820218 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 34303039 37323231 3239301E 170D3232 30313134 31333433
  32305A17 0D333030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30303937
  32323132 39308201 22300D06 092A8648 86F70D01 01010500 0382010F 00308201
  0A028201 0100CDD6 EE880F11 C4B004BB 05C98D3C F587F3E7 164DD1F7 308895E1
  989DC1A6 C63CA21E 13812B49 5F97452A 4546864D CB066106 8284C8FF 342042CC
  47B9AB51 4843430F 1B74E4D5 5DCEF687 4427EA79 1F855054 C62315F8 EA5CCE40
  65DFC742 CD1E87CA CEE5D9E8 A53907B7 19D4318B EAAFF902 BAD94256 2550E912
  A0CC576F C6F84614 71B47698 A99D92CA 4E0312F3 2597CD11 C6D987C1 C6ADAA52
  373E08E7 2BBB1197 3D3CFE30 7A9E54D9 10B8EDD8 D5C79D40 8ABA253E FFEA2DFB
  A93AC068 B36A1A1C AA93FF53 367BE8FB 6D96D8FB 6467729C D1AED177 65F765FA
  D726A664 C4826A4E 669F119C B5F03384 B1C35EA0 EA660B71 4FAFD191 8D4303D8
  C3F2E957 7D1F0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF
  301F0603 551D2304 18301680 148091AE 1AA32EE3 6C0B3DDB 977D9BF5 B1DF63E7
  4E301D06 03551D0E 04160414 8091AE1A A32EE36C 0B3DDB97 7D9BF5B1 DF63E74E
  300D0609 2A864886 F70D0101 05050003 82010100 5609A963 F4730A8A 7130E110
  BD85674A 5D0D1563 1ED7FDFD E994D474 433E47EC 2D10634A 7709096B CA1DD1E8
  571903A2 D06F1D8F 607C54B5 8509333C 209D5E6A B0311419 74243527 B066FC4E
  E3B1E9D2 C1F8284B F31BBC16 D94472BD 866DF8B5 520C44B6 784A3AB6 93926E7E
  76847BD7 F97C9BB3 C2E14595 EB7134E7 120059BC B3E77FC1 BFDFAF85 F1E07FB3
  6C982D14 51EB562A 7BD6AB3A 667E6100 0B10F4E2 755E3945 492D9ACE 80EAB99C
  C3E4545D E8B93BF6 552BF792 A072121F E18DF83B AEF69150 3AD0CB3B DC3EE1F0
  1CE4CBA4 935BA4F0 E8F0D210 CDB58127 37A2B56E 8B8B7CB1 8EF7954F CB738F19
  D
        quit
!
!
no license feature hseck9
license udi pid ISR4221/K9 sn FGL2518LU5C
license accept end user agreement
license boot suite FoundationSuiteK9
license boot level appxk9
memory free low-watermark processor 67153
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username aaa privilege 15 secret 9 $9$MfzN/hxCXgN5vU$/m0W16e05FAViGp0kdBH26n3/WLMyxdupJaU7BjcwSA
username ass secret 9 $9$4/AL3/UF2FQF2.$vU35qeoQlvaPAsSiX0Oj8JWdq6MVJpC5USXUoV00HW2
!
redundancy
 mode none
!
!
!
!
!
!
!
lldp run
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 description YH-Lan
 ip address x.x.x.x 255.255.254.0
 ip nat inside
 negotiation auto
!
interface GigabitEthernet0/0/1
 description YH-Internet
 ip address x.x.x.x 255.255.255.252
 ip nat outside
 media-type rj45
 negotiation auto
!
ip http server
ip http port 8n
ip http authentication local
no ip http secure-server
ip http secure-port 8j
ip forward-protocol nd
ip nat inside source static tcp 172.16.0.254 80 x.x.x.x 80 extendable
ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload
ip nat inside source list 1 interface GigabitEthernet0/0/1 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
!
!
!
ip access-list standard 1
 10 permit 172.16.0.0 0.0.1.255
ip access-list extended 101
 10 permit ip 172.16.0.0 0.0.1.255 172.16.0.0 0.0.1.255
!
route-map track-primary-if permit 1
 match ip address 197
 set interface GigabitEthernet0/0/1
!
!
!
!
!
!
control-plane
!
banner login ^C
Welcome!
YUMBE HOSPITAL^C
banner motd ^C
Attention!
Authorized Access only.
^C
!
line con 0
 password 
 transport input none
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password MyBDis317
 transport input ssh
!
call-home
 ! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
 ! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
 contact-email-addr sch-smart-licensing@cisco.com
 profile "CiscoTAC-1"
  active
  destination transport-method http
ntp server time.google.com prefer
!
!
!
!
!
!
end

Yumbe-Hospital#

balaji.bandi · ‎01-19-2022

Lan side means, is the device directly connected to Gi0/0/0 or connect to switch ?

if this is connected to switch post the switch configuration, what is the end device IP and are you able to ping Lan IP gateway 172.16.0.1

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

wanumet · ‎01-19-2022

I tested both. Laptop directly connected to router and switch connected to router but still the same problem

balaji.bandi · ‎01-19-2022

When you directly connected Laptop, is the port come up ? what cable you used Cross cable or Straight cable ?

what is the device IP address ?

When you connect the switch to port to G0/0/0 is the port come up ?

what is the switch model and config switch having ? (post show run from switch )

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎01-19-2022

I have seen symptoms similar to this when there were problems with NAT and all traffic was being translated. There is a problem with NAT in the posted config and I suspect it may cause the problems with local access. The configuration shows

route-map track-primary-if permit 1
match ip address 197
set interface GigabitEthernet0/0/1

But there is no access list 197. Fix the problem with NAT and tell us if the issue with local access still exists.

HTH

Rick

Flavio Miranda · ‎01-19-2022

Hi

First of all, never let the IP address here. I can access you device. 154.72.215.230 is valid IP address.

Please, delete your question right the way and delete any sensible information.

vencislav.metev · ‎01-21-2022

Hi,

I guess this route should point to your ISP

ip route 0.0.0.0 0.0.0.0 x.x.x.x

and remove this one:

ip nat inside source route-map track-primary-if interface GigabitEthernet0/0/1 overload

Regards,

Ventsi