JustinBrian
asked on
CISCO 1921-SEC No Internet Access
I am working on a new install with a CISCO 1921-SEC router and HP 2530 switches. I have roughly configured the router and I am unable to access the internet. I believe that I have configured NAT correctly but am obviously missing something. Any input would be greatly appreciated. I have configured the following.
Interface 0/0 Outside with public IP address
Interface 0/1 vlan1 inside unused lan due to CISCO not tagging native lan
Interface 0/1.1 vlan2 GUEST inside
DHCP POOL
Interface 0/1.2 vlan3 VoIP inside
Interface 0/1.3 vlan4 CCTV inside
Interface 0/1.4 vlan10 ADMIN inside
DHCP POOL
show running-config
Building configuration...
Current configuration : 5534 bytes
!
! Last configuration change at 19:25:13 UTC Thu Sep 19 2013 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname troplanc
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.1.1 10.0.1.99
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool ADMIN
import all
network 10.0.1.0 255.255.255.0
dns-server 75.75.75.75 76.76.76.76
default-router 10.0.1.1
!
ip dhcp pool GUEST
import all
network 192.168.0.0 255.255.255.0
dns-server 75.75.75.75 76.76.76.76
default-router 192.168.0.1
lease 0 12
!
!
!
ip domain name yourdomain.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1999770955
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1999770955
!
!
crypto pki certificate chain TP-self-signed-1999770955
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393939 37373039 3535301E 170D3133 30353134 31383331
35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39393937
37303935 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A4A8 1E248A6B 64A5CE11 A4957CDA AE0C64FD DC55DC30 F332A715 184AEBD0
B71BE062 63BC7140 D0846EE9 CC478991 99B02730 247FB01B A0305545 5D9538B3
FBF9385F F085E20E C265D7CB CE0C305C E9E82179 FD7886F6 1F255074 87554BE2
442BA09A 0D3268B2 7D70FEBE 08D74B6F 7FFFDBCD 8AFE98A7 100F800F DA9F2ACE
6BE10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14E107FA 2BF516D2 44365EE4 D646CBB5 6ACF2EFA DD301D06
03551D0E 04160414 E107FA2B F516D244 365EE4D6 46CBB56A CF2EFADD 300D0609
2A864886 F70D0101 05050003 8181003D 83552CE1 4092643D FA851F22 6A9B0C2C
6F76F87E 651E8502 F6FBCAE7 F82FD612 2B9DAB99 494421CF 0EAE7636 2754B58A
3C9F2889 C3C17E2C 9905CC96 9BAAE645 B681AEAC 2A0F0B0C D1E8C22F 5FD47EE5
F1CA9CA4 0031A0BB DFB51F5F 8A64EEF1 65DCB444 E354AD61 30F003AB 7264191C
AA2E2B75 E0CA5D00 1C36E63B CE11F2
quit
license udi pid CISCO1921/K9 sn FGL172021BG
!
!
username admin privilege 15 secret 4 9Rm7ZxlTUuYCINH6WJRoXb79cZ
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description outside
ip address 50.241.184.25 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description DEFAULT LAN
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description GUEST LAN
encapsulation dot1Q 2
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/1.2
description VoIP
encapsulation dot1Q 3
ip address 10.0.3.1 255.255.255.0
!
interface GigabitEthernet0/1.3
description CCTV
encapsulation dot1Q 4
ip address 10.0.4.1 255.255.255.0
!
interface GigabitEthernet0/1.4
description ADMIN LAN
encapsulation dot1Q 10
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 permit ip any any
!
!
!
control-plane
!
!
banner exec ^Cine TROP ELITE EQUIPMENT
**************************
RESTRICTED ACCESS - AUTHORIZED PERSONEL ONLY - VIOLATORS WILL BE SHOT
1
RESTRICTED ACCESS - AUTHORIZED PERSONEL ONLY - VIOLATORS WILL BE SHOT
^C
banner login ^C
--------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
--------------------------
^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
troplanc#
Interface 0/0 Outside with public IP address
Interface 0/1 vlan1 inside unused lan due to CISCO not tagging native lan
Interface 0/1.1 vlan2 GUEST inside
DHCP POOL
Interface 0/1.2 vlan3 VoIP inside
Interface 0/1.3 vlan4 CCTV inside
Interface 0/1.4 vlan10 ADMIN inside
DHCP POOL
show running-config
Building configuration...
Current configuration : 5534 bytes
!
! Last configuration change at 19:25:13 UTC Thu Sep 19 2013 by admin
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname troplanc
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
ip cef
!
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 10.0.1.1 10.0.1.99
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
lease 0 2
!
ip dhcp pool ADMIN
import all
network 10.0.1.0 255.255.255.0
dns-server 75.75.75.75 76.76.76.76
default-router 10.0.1.1
!
ip dhcp pool GUEST
import all
network 192.168.0.0 255.255.255.0
dns-server 75.75.75.75 76.76.76.76
default-router 192.168.0.1
lease 0 12
!
!
!
ip domain name yourdomain.com
no ipv6 cef
!
multilink bundle-name authenticated
!
!
crypto pki trustpoint TP-self-signed-1999770955
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certifi
revocation-check none
rsakeypair TP-self-signed-1999770955
!
!
crypto pki certificate chain TP-self-signed-1999770955
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31393939 37373039 3535301E 170D3133 30353134 31383331
35385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 39393937
37303935 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A4A8 1E248A6B 64A5CE11 A4957CDA AE0C64FD DC55DC30 F332A715 184AEBD0
B71BE062 63BC7140 D0846EE9 CC478991 99B02730 247FB01B A0305545 5D9538B3
FBF9385F F085E20E C265D7CB CE0C305C E9E82179 FD7886F6 1F255074 87554BE2
442BA09A 0D3268B2 7D70FEBE 08D74B6F 7FFFDBCD 8AFE98A7 100F800F DA9F2ACE
6BE10203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14E107FA 2BF516D2 44365EE4 D646CBB5 6ACF2EFA DD301D06
03551D0E 04160414 E107FA2B F516D244 365EE4D6 46CBB56A CF2EFADD 300D0609
2A864886 F70D0101 05050003 8181003D 83552CE1 4092643D FA851F22 6A9B0C2C
6F76F87E 651E8502 F6FBCAE7 F82FD612 2B9DAB99 494421CF 0EAE7636 2754B58A
3C9F2889 C3C17E2C 9905CC96 9BAAE645 B681AEAC 2A0F0B0C D1E8C22F 5FD47EE5
F1CA9CA4 0031A0BB DFB51F5F 8A64EEF1 65DCB444 E354AD61 30F003AB 7264191C
AA2E2B75 E0CA5D00 1C36E63B CE11F2
quit
license udi pid CISCO1921/K9 sn FGL172021BG
!
!
username admin privilege 15 secret 4 9Rm7ZxlTUuYCINH6WJRoXb79cZ
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description outside
ip address 50.241.184.25 255.255.255.248
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description DEFAULT LAN
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1.1
description GUEST LAN
encapsulation dot1Q 2
ip address 192.168.0.1 255.255.255.0
!
interface GigabitEthernet0/1.2
description VoIP
encapsulation dot1Q 3
ip address 10.0.3.1 255.255.255.0
!
interface GigabitEthernet0/1.3
description CCTV
encapsulation dot1Q 4
ip address 10.0.4.1 255.255.255.0
!
interface GigabitEthernet0/1.4
description ADMIN LAN
encapsulation dot1Q 10
ip address 10.0.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 100 interface GigabitEthernet0/0 overload
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 100 permit ip any any
!
!
!
control-plane
!
!
banner exec ^Cine TROP ELITE EQUIPMENT
**************************
RESTRICTED ACCESS - AUTHORIZED PERSONEL ONLY - VIOLATORS WILL BE SHOT
1
RESTRICTED ACCESS - AUTHORIZED PERSONEL ONLY - VIOLATORS WILL BE SHOT
^C
banner login ^C
--------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.
YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS
Here are the Cisco IOS commands.
username <myuser> privilege 15 secret 0 <mypassword>
no username cisco
Replace <myuser> and <mypassword> with the username and password you want
to use.
IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.
For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
--------------------------
^C
!
line con 0
login local
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
access-class 23 in
privilege level 15
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
troplanc#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER