cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
15313
Views
40
Helpful
27
Replies

ISR4331 port forwarding problem

Hello everyone.

I've a small problem here, can not forward any port from outside to internal web server.

My server is listening on 1000. I want to forward <external IP>:80 to <internal IP>:1000.

 

I've tried without luck:

# ip nat inside source static tcp 192.168.11.3 1000 92.255.###.### 80 extendable

But still, 80 port remains closed from outside.

 

What do I miss?

Thanks.

 

 


Sat May 01 2021 13:14:13 GMT+0500 (GMT+05:00)
===================================================================================
#show config
Using 4054 out of 33554432 bytes
!
! Last configuration change at 07:17:16 UTC Sat May 1 2021
!
version 17.2
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname ISR4331
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging console emergencies
enable secret 9 ####bFGeXeOWIV7CFk$xf1pg/6wu50iZKLlgJvTBcYdUw8a.WB29z4nk/RSKXk
enable password ###
!
no aaa new-model
!
ip name-server 109.194.###.### 5.3.3.3
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-108830138
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-108830138
revocation-check none
rsakeypair TP-self-signed-108830138
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-108830138
certificate self-signed 01 nvram:IOS-Self-Sig#3.cer
crypto pki certificate chain SLA-TrustPoint
certificate ca 01 nvram:CiscoLicensi#1CA.cer
!
!
license udi pid ISR4331/K9 sn FDO24370Y1Q
memory free low-watermark processor 67926
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 password 0 Z#####n2
!
redundancy
mode none
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description wan
no ip address
ip mtu 1452
ip access-group 1 in
ip access-group 1 out
ip tcp adjust-mss 1412
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
ip dhcp client client-id ascii JTV2443B057
ip address 192.168.11.5 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Dialer1
ip address 92.255.###.### 255.255.255.0
ip mtu 1452
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1412
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname v1830552
ppp chap password 0 rht46kyd
ppp pap sent-username v1####552 password 0 rh#####kyd
ppp ipcp dns request
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http client source-interface GigabitEthernet0/0/1
ip nat pool real-hosts 192.168.11.1 192.168.11.255 prefix-length 24 type rotary
ip nat inside source static tcp 192.168.11.3 1000 92.255.###.### 80 extendable
ip nat inside source list 1 interface Dialer1 overload
ip nat inside destination list 2 pool real-hosts
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
!
ip access-list standard 1
10 permit 192.168.11.0 0.0.0.255
ip access-list standard 2
ip access-list extended 197
dialer-list 1 protocol ip permit
!
!
route-map track-primary-if permit 1
match ip address 197
set interface Dialer1
!
!
!

 

27 Replies 27

wow, I can see some progress

I did what you told me, and disabled every ACL. even the one without which my internet wasn't working. and I'm still online!

 

but still, port forwarding doesn't work yet.

but now, telnet <external ip> 80 says that connection is refused by remote host instead of usual timeout.

 

that "standard 1" ACL that we've created, should it be applied somewhere? because now, as I see it on webui, it's not applied to any interface.

 

here is running-config after recent changes.

 


Wed May 05 2021 21:00:33 GMT+0500 (GMT+05:00)
===================================================================================
#show running-config
Building configuration...
Current configuration : 7863 bytes
!
! Last configuration change at 16:01:19 UTC Wed May 5 2021
!
version 17.2
service config
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
!
hostname ISR4331
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
logging console emergencies
enable secret 9 $9$bFGeXeOWIV7CFk$xf1pg/6wu50iZKLlgJvTBcYdUw8a.WB29z4nk/RSKXk
enable password ***
!
no aaa new-model
!
ip name-server 109.194.160.1 5.3.3.3
!
!
!
login on-success log
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-108830138
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-108830138
revocation-check none
rsakeypair TP-self-signed-108830138
!
crypto pki trustpoint SLA-TrustPoint
enrollment pkcs12
revocation-check crl
!
!
crypto pki certificate chain TP-self-signed-108830138
certificate self-signed 01
3082032E 30820216 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303838 33303133 38301E17 0D323130 34323430 38343532
325A170D 33303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3130 38383330
31333830 82012230 0D06092A 864886F7 0D010101 05000382 010F0030 82010A02
82010100 D04A7999 B48B9258 AC62F1A9 09F76D80 1D814995 95407409 A1AE6206
48F60B35 DC395055 02728A71 2EE6C831 7C38FEAA D799F9D3 6D9C35F7 0DBB3E03
7BA21E00 D1E5B86F A531821B C7585195 58A45D6A D9F9682C CAF78255 1459399C
BF95A684 FE5BE6B0 CDCA697E 4D1BB350 B834B474 1DA3EE4C 8D585CF4 DFADADA5
CF54F8E4 0697BE74 4FCAF5C7 21A9F648 FAB20287 9F68C1CA 82DA43C4 95AE32BA
82FA19D6 EA1B1134 67E85309 8A6A7815 68FC4250 D30F66AC 5B44A6FE 97F3D666
565D824A 7F917638 BD82D5CC BAC6F35A 20FED268 F7CA6975 6755D4B6 4FB5EFA2
C1B40999 D5242A81 D8C960B5 ADE4E56E 7A56AF48 82E73563 5AF19CEF DEE42602
B1E92D65 02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F
0603551D 23041830 168014E3 98F89741 56AD0441 3A453892 6946CA6E EEBE6830
1D060355 1D0E0416 0414E398 F8974156 AD04413A 45389269 46CA6EEE BE68300D
06092A86 4886F70D 01010505 00038201 01008AEB 491CFCA8 AB8ACE5A 8CC4B011
CA23DAF4 F1EA7E63 4B6BBE07 35B56019 9E4262D1 A43126C5 BE10DCEB B6C989C9
43F0906A BE76F1A3 7D812B33 86A6C755 3747730B 36D9E18B F4029082 25EB43D3
B1EDCC93 3C6E9239 D726A907 C613BEAB 51E2D9CA A5AFB99B 89B97BC8 5B6073E9
688BF6E9 8CBAED64 0BCE15A5 BA3B077B 98B906E5 94CF9450 141027D7 E4001CA8
5E6AF3D0 FE337FC8 45C5CA63 E5EEBEEA 500CFDC1 DD7F1EA3 877B5E8F 608B1DC9
A98DD5BC C2090A82 0B845EA3 D3A91CEC 5A8CDC97 798C0F5A FC7D224B 75C2C3A6
1A2303D6 71D8D2F8 3747B5BA 2F823BAE CD72A929 EE1DBD05 25A21A06 688D671F
46EE538E 08EC64F4 01374A4A A4534E6E 5A69
quit
crypto pki certificate chain SLA-TrustPoint
certificate ca 01
30820321 30820209 A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
32310E30 0C060355 040A1305 43697363 6F312030 1E060355 04031317 43697363
6F204C69 63656E73 696E6720 526F6F74 20434130 1E170D31 33303533 30313934
3834375A 170D3338 30353330 31393438 34375A30 32310E30 0C060355 040A1305
43697363 6F312030 1E060355 04031317 43697363 6F204C69 63656E73 696E6720
526F6F74 20434130 82012230 0D06092A 864886F7 0D010101 05000382 010F0030
82010A02 82010100 A6BCBD96 131E05F7 145EA72C 2CD686E6 17222EA1 F1EFF64D
CBB4C798 212AA147 C655D8D7 9471380D 8711441E 1AAF071A 9CAE6388 8A38E520
1C394D78 462EF239 C659F715 B98C0A59 5BBB5CBD 0CFEBEA3 700A8BF7 D8F256EE
4AA4E80D DB6FD1C9 60B1FD18 FFC69C96 6FA68957 A2617DE7 104FDC5F EA2956AC
7390A3EB 2B5436AD C847A2C5 DAB553EB 69A9A535 58E9F3E3 C0BD23CF 58BD7188
68E69491 20F320E7 948E71D7 AE3BCC84 F10684C7 4BC8E00F 539BA42B 42C68BB7
C7479096 B4CB2D62 EA2F505D C7B062A4 6811D95B E8250FC4 5D5D5FB8 8F27D191
C55F0D76 61F9A4CD 3D992327 A8BB03BD 4E6D7069 7CBADF8B DF5F4368 95135E44
DFC7C6CF 04DD7FD1 02030100 01A34230 40300E06 03551D0F 0101FF04 04030201
06300F06 03551D13 0101FF04 05300301 01FF301D 0603551D 0E041604 1449DC85
4B3D31E5 1B3E6A17 606AF333 3D3B4C73 E8300D06 092A8648 86F70D01 010B0500
03820101 00507F24 D3932A66 86025D9F E838AE5C 6D4DF6B0 49631C78 240DA905
604EDCDE FF4FED2B 77FC460E CD636FDB DD44681E 3A5673AB 9093D3B1 6C9E3D8B
D98987BF E40CBD9E 1AECA0C2 2189BB5C 8FA85686 CD98B646 5575B146 8DFC66A8
467A3DF4 4D565700 6ADF0F0D CF835015 3C04FF7C 21E878AC 11BA9CD2 55A9232C
7CA7B7E6 C1AF74F6 152E99B7 B1FCF9BB E973DE7F 5BDDEB86 C71E3B49 1765308B
5FB0DA06 B92AFE7F 494E8A9E 07B85737 F3A58BE1 1A48A229 C37C1E69 39F08678
80DDCD16 D6BACECA EEBC7CF9 8428787B 35202CDC 60E4616A B623CDBD 230E3AFB
418616A9 4093E049 4D10AB75 27E86F73 932E35B5 8862FDAE 0275156F 719BB2F0
D697DF7F 28
quit
!
crypto pki certificate pool
cabundle nvram:ios_core.p7b
!
!
license udi pid ISR4331/K9 sn FDO24370Y1Q
memory free low-watermark processor 67926
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
username admin privilege 15 password 0 ***
!
redundancy
mode none
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0/0
description wan
no ip address
ip mtu 1452
ip tcp adjust-mss 1412
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
ip dhcp client client-id ascii JTV2443B057
ip address 192.168.11.5 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Dialer1
ip address 92.255.***.* 255.255.255.0
ip mtu 1452
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1412
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname v1830552
ppp chap password 0 r***
ppp pap sent-username v1830552 password 0 ***
ppp ipcp dns request
!
ip forward-protocol nd
ip http server
ip http port 10500
ip http authentication local
ip http secure-server
ip http secure-port 11000
ip http client source-interface GigabitEthernet0/0/1
ip nat inside source static udp 192.168.11.3 500 92.255.***.* 500 extendable
ip nat inside source static tcp 192.168.11.3 1723 92.255.***.* 1723 extendable
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip access-list extended nACL
5 deny ip host 192.168.11.3 any
10 permit tcp 192.168.11.0 0.0.0.255 any
20 permit udp 192.168.11.0 0.0.0.255 any
30 permit tcp host 92.255.***.* eq www 192.168.11.0 0.0.0.255 eq www
!
ip access-list standard 1
5 deny 192.168.11.3
10 permit 192.168.11.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
route-map track-primary-if permit 1
match ip address 197
set interface Dialer1
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
password *****
login
length 0
transport input ssh
!
call-home
! If contact email address in call-home is configured as sch-smart-licensing@cisco.com
! the email address configured in Cisco Smart License Portal will be used as contact email address to send SCH notifications.
contact-email-addr sch-smart-licensing@cisco.com
profile "CiscoTAC-1"
active
destination transport-method http
!
!
!
!
event manager applet 1619495654227storeShowTech
event none sync no maxrun 31536000
action 001 cli command "enable"
action 002 cli command "traceroute google.com"
action 003 file open TECHFILE bootflash:1619495654227sh_tech.txt w+
action 004 file puts TECHFILE "$_cli_result"
action 005 file close TECHFILE
!
end

Hello

ypu are now missing the static nat statement 

ip nat inside source static tcp 192.168.11.3 1000 interface diailer1 80


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

 

 

Thu May 06 2021 11:14:39 GMT+0500 (GMT+05:00)
===================================================================================
#show ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 92.255.***.*:80 192.168.11.3:1000 --- ---
udp 92.255.***.*:500 192.168.11.3:500 --- ---
tcp 92.255.***.*:1723 192.168.11.3:1723 --- ---

...

 

 

telnet 92.255.***.* 80
Trying 92.255.***.*, 80 ...
Connection timed out; remote host not responding

 

 

seems like none of the nat entries work, I can't connect to vpn via other open ports neither.

I've triple checked that local server is listening on 1000 port and is available from local network.

Hello
Lets step back one then, Do you have any dynamic PAT translation working for internet access?

I see your public ip space is a /24 subnet and you are using a static addressing on a dialer interface, is this correct

Have you tried changing that dialer interface to negociate the public ip address then change all you static pat statments to the dialer interface and not a specfic ip address.

 

int dailer 1
ip address negotiated
shut
no shut

ip nat inside source static tcp 192.168.11.3 1000 interface diailer1 80
ip nat inside source static udp 192.168.11.3 500 interface diailer1 500
ip nat inside source static tcp 192.168.11.3 1723 interface diailer1 1723

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Yes, I do use PAT assosiated with Dialer1 interface (see first screenshot attached).

I do use static addressing on Dialer1, my public IP is always the same, whether it's negotiated or clearly stated on Dialer1 interface (screenshot 2).

I entered the NAT enties that you listed (screenshot 3), though webui didn't accept this statements, asking for IP address instead of interface, so I had to enter them via the CLI.

 

Still, telnet says timeout.

 

 

running-config after changes:


!
interface GigabitEthernet0/0/0
description wan
no ip address
ip mtu 1452
ip tcp adjust-mss 1412
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0/1
ip dhcp client client-id ascii JTV2443B057
ip address 192.168.11.5 255.255.255.0
ip nat inside
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
interface Dialer1
ip address negotiated
ip mtu 1452
ip nat outside
encapsulation ppp
ip tcp adjust-mss 1412
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp mtu adaptive
ppp authentication chap pap callin
ppp chap hostname v1830552
ppp chap password 0 ****
ppp pap sent-username v1830552 password 0 ***
ppp ipcp dns request
!
ip forward-protocol nd
ip http server
ip http port 10500
ip http authentication local
ip http secure-server
ip http secure-port 11000
ip http client source-interface GigabitEthernet0/0/1
ip nat inside source static tcp 192.168.11.86 8077 92.255.***.* 8077 extendable
ip nat inside source static tcp 192.168.11.3 1723 interface Dialer1 1723
ip nat inside source static udp 192.168.11.3 500 interface Dialer1 500
ip nat inside source static tcp 192.168.11.3 1000 interface Dialer1 80
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
!
ip access-list extended nACL
5 deny ip host 192.168.11.3 any
10 permit tcp 192.168.11.0 0.0.0.255 any
20 permit udp 192.168.11.0 0.0.0.255 any
30 permit tcp host 92.255.***.* eq www 192.168.11.0 0.0.0.255 eq www
!
ip access-list standard 1
5 deny 192.168.11.3
10 permit 192.168.11.0 0.0.0.255
ip access-list extended 197
dialer-list 1 protocol ip permit
!
!
route-map track-primary-if permit 1
match ip address 197
set interface Dialer1
!
!
!

Hello
So now your nat statements and acl looks okay, Can you enable nat on the physcal interface and then test

int gig0/0/0
ip nat outside


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

alright, done (screenshot)

telnet says timeout.

should I do:

int dialer1

no ip nat outside

?

Yes you can do and if possible save your changes and reload the rtr


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I saved configuration before running the last command, and the internet disappeared as soon as I did

int Dialer1

no ip nat outside.

the router will self reboot in 10 minutes (thanks to reload in 5 command)

 

maybe this happened because PAT using Dialer1 instead of gig0/0/0?

 

 

Hello
Reapply nat to the dailer interface - 

Are you trying to reach that internal host via its public nat address from within your network or externally?

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hello.

Already reapplied. 

Both, I've tried to reach external IP from within local network and also from outside using smartphone.

Plus, I used port checking services from internet, and they also shown that port is closed.

Hello
It won’t work from an internal host trying to connect with the public ip address as you will need to apply hairpining
Your nat statements from what you have posted recently are now okay

So what you may be able to test is to used dominless nat if it’s supported 

can you post:
sh ip int brief 
sh ip nat translations
sh arp
sh version 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Fri May 07 2021 12:08:05 GMT+0500 (GMT+05:00)
===================================================================================
#sh ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0/0 unassigned YES NVRAM up up
GigabitEthernet0/0/1 192.168.11.5 YES NVRAM up up
GigabitEthernet0/0/2 unassigned YES NVRAM administratively down down
GigabitEthernet0 unassigned YES NVRAM administratively down down
Dialer1 92.255.***.* YES IPCP up up
Virtual-Access1 unassigned YES unset up up
Virtual-Access2 unassigned YES TFTP up up

 

#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 92.255.*.*:80 192.168.11.3:1000 --- ---
tcp 92.255.*.*:6155 192.168.11.59:47726 87.240.190.72:443 87.240.190.72:443
tcp 92.255.*.*:6531 192.168.11.100:53391 185.44.0.124:443 185.44.0.124:443
tcp 92.255.*.*:6885 192.168.11.184:44219 173.194.222.95:443 173.194.222.95:443
tcp 92.255.***.*:5795 192.168.11.100:53402 80.92.164.34:443 80.92.164.34:443

(etc... 740 in total)

 


Fri May 07 2021 12:09:33 GMT+0500 (GMT+05:00)
===================================================================================
#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.11.2 0 2c44.fd95.e55c ARPA GigabitEthernet0/0/1
Internet 192.168.11.3 14 2c44.fd95.e55d ARPA GigabitEthernet0/0/1
Internet 192.168.11.5 - 0476.b00f.dfd1 ARPA GigabitEthernet0/0/1
Internet 192.168.11.7 1 ac1f.6b7f.24e4 ARPA GigabitEthernet0/0/1
Internet 192.168.11.8 52 0014.5ee1.e51c ARPA GigabitEthernet0/0/1
Internet 192.168.11.17 0 0015.5d0b.0203 ARPA GigabitEthernet0/0/1
Internet 192.168.11.28 140 c89c.dc7e.dfa8 ARPA GigabitEthernet0/0/1
Internet 192.168.11.30 170 18c0.4d3f.e22d ARPA GigabitEthernet0/0/1
Internet 192.168.11.31 120 9cf4.8e5a.4431 ARPA GigabitEthernet0/0/1
Internet 192.168.11.36 161 00d8.61a5.6522 ARPA GigabitEthernet0/0/1
Internet 192.168.11.38 38 58b1.0f49.a9d0 ARPA GigabitEthernet0/0/1
Internet 192.168.11.42 36 00c0.b7a0.e334 ARPA GigabitEthernet0/0/1
Internet 192.168.11.46 1 b886.8783.2b39 ARPA GigabitEthernet0/0/1
Internet 192.168.11.47 3 18c0.4d3f.e15a ARPA GigabitEthernet0/0/1
Internet 192.168.11.51 170 18c0.4d3f.e2c3 ARPA GigabitEthernet0/0/1
Internet 192.168.11.52 0 902b.3401.dff3 ARPA GigabitEthernet0/0/1
Internet 192.168.11.55 2 000c.296a.bbe9 ARPA GigabitEthernet0/0/1
Internet 192.168.11.57 32 e0d5.5e41.3206 ARPA GigabitEthernet0/0/1
Internet 192.168.11.59 152 00d8.61d9.b1c5 ARPA GigabitEthernet0/0/1
Internet 192.168.11.63 16 000c.29e3.3ad7 ARPA GigabitEthernet0/0/1
Internet 192.168.11.66 14 1062.e5aa.34db ARPA GigabitEthernet0/0/1
Internet 192.168.11.67 25 842a.fdcc.4b72 ARPA GigabitEthernet0/0/1
Internet 192.168.11.68 0 18c0.4d3f.e2cf ARPA GigabitEthernet0/0/1
Internet 192.168.11.69 5 18c0.4d3f.e156 ARPA GigabitEthernet0/0/1
Internet 192.168.11.73 0 18c0.4d3f.e158 ARPA GigabitEthernet0/0/1
Internet 192.168.11.75 0 7824.afba.b7b9 ARPA GigabitEthernet0/0/1
Internet 192.168.11.77 86 18c0.4d3f.e233 ARPA GigabitEthernet0/0/1
Internet 192.168.11.80 0 f47b.5e14.e9c4 ARPA GigabitEthernet0/0/1
Internet 192.168.11.84 0 a45d.36c5.1691 ARPA GigabitEthernet0/0/1
Internet 192.168.11.85 7 18c0.4d04.05a2 ARPA GigabitEthernet0/0/1
Internet 192.168.11.86 126 902b.3435.4079 ARPA GigabitEthernet0/0/1
Internet 192.168.11.89 0 a45d.36c5.1690 ARPA GigabitEthernet0/0/1
Internet 192.168.11.95 4 10dd.b1ed.87c5 ARPA GigabitEthernet0/0/1
Internet 192.168.11.100 146 e0d5.5e0b.6a3e ARPA GigabitEthernet0/0/1
Internet 192.168.11.104 0 a8a1.5904.5121 ARPA GigabitEthernet0/0/1
Internet 192.168.11.115 0 50e5.4943.ab0d ARPA GigabitEthernet0/0/1
Internet 192.168.11.126 15 787b.8ad1.dc7c ARPA GigabitEthernet0/0/1
Internet 192.168.11.141 7 3005.5c13.97ea ARPA GigabitEthernet0/0/1
Internet 192.168.11.142 7 3005.5c13.97fe ARPA GigabitEthernet0/0/1
Internet 192.168.11.147 0 14da.e9b7.e614 ARPA GigabitEthernet0/0/1
Internet 192.168.11.150 0 902b.34e2.702e ARPA GigabitEthernet0/0/1
Internet 192.168.11.158 13 1062.e5aa.2430 ARPA GigabitEthernet0/0/1
Internet 192.168.11.161 10 ac87.a30d.2c53 ARPA GigabitEthernet0/0/1
Internet 192.168.11.184 2 7c03.ab39.e0ed ARPA GigabitEthernet0/0/1
Internet 192.168.11.239 45 e0d5.5e41.3206 ARPA GigabitEthernet0/0/1

 


Fri May 07 2021 12:10:41 GMT+0500 (GMT+05:00)
===================================================================================
#sh version
Cisco IOS XE Software, Version 17.02.01r
Cisco IOS Software [Amsterdam], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9_NPE-M), Version 17.2.1r, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2020 by Cisco Systems, Inc.
Compiled Thu 09-Apr-20 23:27 by mcpre
Cisco IOS-XE software, Copyright (c) 2005-2020 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0. For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE
software.
ROM: IOS-XE ROMMON
ISR4331 uptime is 19 hours, 56 minutes
Uptime for this control processor is 19 hours, 59 minutes
System returned to ROM by Reload Command
System image file is "bootflash:isr4300-universalk9_npe.17.02.01r.SPA.bin"
Last reload reason: Reload Command
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
Suite License Information for Module:'esg'
--------------------------------------------------------------------------------
Suite Suite Current Type Suite Next reboot
--------------------------------------------------------------------------------
FoundationSuiteK9_npe None Smart License None
securityk9_npe
appxk9
AdvUCSuiteK9 None Smart License None
uck9
cme-srst
cube
Technology Package License Information:
-----------------------------------------------------------------
Technology Technology-package Technology-package
Current Type Next reboot
------------------------------------------------------------------
appxk9 None Smart License None
uck9 None Smart License None
securityk9 None Smart License None
ipbase ipbasek9 Smart License ipbasek9
The current throughput level is 100000 kbps
Smart Licensing Status: UNREGISTERED/No Licenses in Use
cisco ISR4331/K9 (1RU) processor with 1703268K/3071K bytes of memory.
Processor board ID JTV2443B057
Router operating mode: Autonomous
3 Gigabit Ethernet interfaces
32768K bytes of non-volatile configuration memory.
4194304K bytes of physical memory.
3207167K bytes of flash memory at bootflash:.
Configuration register is 0x102