09-12-2012 05:20 AM - edited 03-04-2019 05:32 PM
Hi... I have a cisco 2821 and have configured a llopback address which I want to use for management, however, I am unable to ping it from a device attached to GigabitEthernet0/0
here is config..
version 15.0
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname asys_rt_001
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
logging buffered 51200
logging console critical
enable secret 5 xx
enable password 7 xx
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_author local
!
!
!
!
!
aaa session-id common
!
!
!
!
!
crypto pki trustpoint TP-self-signed-3784246230
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3784246230
revocation-check none
rsakeypair TP-self-signed-3784246230
!
!
crypto pki certificate chain TP-self-signed-3784246230
certificate self-signed 01
3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33373834 32343632 3330301E 170D3132 30393130 31373534
32385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 37383432
34363233 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100AE25 032E36EB A9752091 545852D8 A4E29036 9B89E3D0 319E1757 EE6FF5BC
98BB68B0 ABE88F0A BDEB3A97 C9751DD7 94490C7F 82A4D5D5 04ED5728 F55748FA
B44408C4 1ED4B132 323024DC 206E9996 A9ED1C33 E154382C FD36B4ED 3D8D9A47
6A3279C7 4D5C52EB 41AE9D4C 704B4C68 4A808498 3079D0A3 0FD3468B A8EC2D4B
352F0203 010001A3 75307330 0F060355 1D130101 FF040530 030101FF 30200603
551D1104 19301782 15617379 735F7274 5F303031 2E617379 73742E63 6F6D301F
0603551D 23041830 168014CF 6BA326E5 BACC0370 A31ADE2B 0BBE4669 D7AC5630
1D060355 1D0E0416 0414CF6B A326E5BA CC0370A3 1ADE2B0B BE4669D7 AC56300D
06092A86 4886F70D 01010405 00038181 00264431 A443AC0C 5A20A1F6 915E0A19
42575880 4CCD2418 77B3C8AB C15B9028 FAE1DAAD ABA28109 BDDF38AC ACE650AE
6256FCD4 C91FA27A 094FA761 837485DE 6C09B233 CB242253 F67F31D7 835463EA
4DEB9EF1 327A9CE7 8CA11BDF 37DFB6A1 7B86B518 FA7AC9DD 293018C9 FD558609
D9FA84A0 505223AE 19BE5713 2012FAA3 87
quit
dot11 syslog
no ip source-route
!
!
ip cef
ip dhcp excluded-address 10.0.0.1 10.0.0.19
ip dhcp excluded-address 10.0.0.254
!
ip dhcp pool ccp-pool1
import all
network 10.0.0.0 255.255.255.0
domain-name asyst.com
dns-server 213.120.234.2 213.120.234.34
default-router 10.0.0.1
!
!
no ip bootp server
ip domain name asyst.com
ip name-server 213.120.234.2
ip name-server 213.120.234.34
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
license udi pid CISCO2821 sn FCZ144170VG
username admin view root secret 5 $1$OCs1$vr.SAWFZGUkgeBbRkbPux1
!
redundancy
!
!
ip tcp synwait-time 10
ip ssh time-out 60
ip ssh authentication-retries 2
!
class-map type inspect match-any ccp-skinny-inspect
match protocol skinny
class-map type inspect match-any ccp-cls-insp-traffic
match protocol cuseeme
match protocol dns
match protocol ftp
match protocol https
match protocol icmp
match protocol imap
match protocol pop3
match protocol netshow
match protocol shell
match protocol realmedia
match protocol rtsp
match protocol smtp
match protocol sql-net
match protocol streamworks
match protocol tftp
match protocol vdolive
match protocol tcp
match protocol udp
class-map type inspect match-all ccp-insp-traffic
match class-map ccp-cls-insp-traffic
class-map type inspect match-any ccp-h323nxg-inspect
match protocol h323-nxg
class-map type inspect match-any ccp-cls-icmp-access
match protocol icmp
match protocol tcp
match protocol udp
class-map type inspect match-any ccp-h225ras-inspect
match protocol h225ras
class-map type inspect match-any ccp-h323annexe-inspect
match protocol h323-annexe
class-map type inspect match-any ccp-h323-inspect
match protocol h323
class-map type inspect match-all ccp-invalid-src
match access-group 100
class-map type inspect match-all ccp-icmp-access
match class-map ccp-cls-icmp-access
class-map type inspect match-any ccp-sip-inspect
match protocol sip
class-map type inspect match-all ccp-protocol-http
match protocol http
!
!
policy-map type inspect ccp-permit-icmpreply
class type inspect ccp-icmp-access
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
pass
policy-map type inspect ccp-inspect
class type inspect ccp-invalid-src
drop log
class type inspect ccp-protocol-http
inspect
class type inspect ccp-insp-traffic
inspect
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
policy-map type inspect ccp-permit
class type inspect ccp-sip-inspect
inspect
class type inspect ccp-h323-inspect
inspect
class type inspect ccp-h323annexe-inspect
inspect
class type inspect ccp-h225ras-inspect
inspect
class type inspect ccp-h323nxg-inspect
inspect
class type inspect ccp-skinny-inspect
inspect
class class-default
drop
!
zone security out-zone
zone security in-zone
zone-pair security ccp-zp-self-out source self destination out-zone
service-policy type inspect ccp-permit-icmpreply
zone-pair security ccp-zp-in-out source in-zone destination out-zone
service-policy type inspect ccp-inspect
zone-pair security ccp-zp-out-self source out-zone destination self
service-policy type inspect ccp-permit
!
!
!
!
!
!
!
!
interface Loopback0
ip address 192.168.0.1 255.255.255.0
!
!
interface Null0
no ip unreachables
!
interface GigabitEthernet0/0
description $ES_LAN$$FW_INSIDE$$ETH-LAN$
ip address 10.0.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly
zone-member security in-zone
duplex auto
speed auto
no mop enabled
!
!
interface GigabitEthernet0/1
description $ES_WAN$$FW_OUTSIDE$
ip address 172.16.0.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip verify unicast reverse-path
ip flow ingress
ip nat outside
ip virtual-reassembly
zone-member security out-zone
duplex auto
speed auto
no mop enabled
!
!
ip default-gateway 172.16.0.2
ip forward-protocol nd
ip http server
ip http access-class 2
ip http secure-server
!
!
ip nat inside source list 1 interface GigabitEthernet0/1 overload
ip route 0.0.0.0 0.0.0.0 172.16.0.2
ip route 192.168.0.0 255.255.255.0 Loopback0 permanent
!
logging trap debugging
access-list 1 remark CCP_ACL Category=18
access-list 1 permit 10.0.0.0 0.0.0.255
access-list 1 permit 192.0.0.0 0.0.0.255
access-list 2 remark HTTP Access-class list
access-list 2 remark CCP_ACL Category=1
access-list 2 permit 10.0.0.0 0.0.0.255
access-list 2 permit 192.0.0.0 0.0.0.255
access-list 2 deny any
access-list 10 remark allow all
access-list 10 remark CCP_ACL Category=1
access-list 10 permit any
access-list 100 remark CCP_ACL Category=128
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any
access-list 100 permit ip 172.16.0.0 0.0.0.255 any
access-list 100 permit ip 192.0.0.0 0.0.0.255 any
no cdp run
!
!
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
line con 0
login authentication local_authen
transport output telnet
line aux 0
login authentication local_authen
transport output telnet
line vty 0 4
exec-timeout 100 0
password 7 xx
authorization exec local_author
login authentication local_authen
transport input all
transport output all
!
scheduler allocate 20000 1000
end
asys_rt_001#
09-12-2012 08:16 AM
Hi Neil,
remove this :
ip route 192.168.0.0 255.255.255.0 Loopback0 permanent
and give a /32 to your loopback. Remember that from a network viepoint your loopback is just an host.
Alessio
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide