ā11-04-2022 10:05 AM
Hi All,
I have a problem on the router 1921 the infrastructure is as follows:
router isp -> sw -> sw -> router 1921 -> distributor
can someone help me to understand why I can't get to the distributor from the ISP router? this is how the 1921 is configured
boot-start-marker
boot-end-marker
!
!
enable secret 4 xxxxx
enable password 7 1xxx
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
clock timezone CET 1 0
clock summer-time ita recurring last Sun Mar 3:00 last Sun Oct 3:00
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FCZ1626C4KS
!
!
username xxxx privilege 15 password 7 xxxxx
!
redundancy
!
!
!
!
controller VDSL 0/0/0
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.10.10.164 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.21.1.1 255.255.255.240
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0/0/0
no ip address
shutdown
!
interface ATM0/1/0
no ip address
shutdown
no atm ilmi-keepalive
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 070D205E5C081A101313
transport input ssh
line vty 5 15
password 7 094E4F1B0B0414070F0D
transport input ssh
!
scheduler allocate 20000 1000
end
thank you and good evening
ā11-04-2022 10:14 AM - edited ā11-04-2022 10:15 AM
is this config from RTR ISP
add static route as per the diagram :
ip route 172.21.1.0 0.0.0.15 10.10.10.10
Also from distrib
ip route 0.0.0.0 0.0.0.0 172.21.1.1
I take all the switches in the path layer2
ā11-04-2022 10:39 AM
the posted configuration is that of the router between the switch and the distributor,
the ISP router has the following static route: ip route 172.21.1.0 255.255.255.240 10.10.10.10
I take all the switches in the path layer2 --> yes cisco 2960-x
ā11-04-2022 10:48 AM
Thanks for the clarification :
i take RTR ISP IP address 10.10.10.1 (can you post the RTR ISP config also)
Question here is :
can RTR able to ping 10.10.10.1
can RTR able to ping 172.21.1.4
from Distrib you able to ping 172.21.1.1 and 10.10.10.10 ?
show ip interface brief from all devices ?
ā11-04-2022 11:09 AM
this is the config the router isp:
interface GigabitEthernet0/0/0
ip address 192.168.5.29 255.255.255.252
load-interval 30
media-type rj45
speed 100
no negotiation auto
!
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
no cdp enable
!
interface GigabitEthernet0/0/1.1
description "Collegamento alla rete LAN
encapsulation dot1Q 1 native
ip address 10.10.10.3 255.255.255.0
standby 10 ip 10.10.10.1
standby 10 priority 230
standby 10 preempt
no cdp enable
!
!
interface GigabitEthernet0/0/1.2
description "Collegamento alla rete LAN VOIP
encapsulation dot1Q 2
ip address 172.18.10.3 255.255.255.0
standby 100 ip 172.18.10.1
standby 100 priority 230
standby 100 preempt
!
!
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
!
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface Loopback7
ip route 0.0.0.0 0.0.0.0 192.168.3.1
ip route 172.21.1.0 255.255.255.240 10.10.10.10
ip route 192.168.2.0 255.255.255.224 10.10.10.4
!
!
!
ip prefix-list FilterInBGPSec description Nega le p2p, le loopback 7 delle sedi remote e permette il resto
ip prefix-list FilterInBGPSec seq 10 deny 192.168.0.0/16 ge 30 le 30
ip prefix-list FilterInBGPSec seq 20 permit 7.0.255.2/32
ip prefix-list FilterInBGPSec seq 25 permit 7.62.0.0/16 le 32
ip prefix-list FilterInBGPSec seq 30 deny 7.0.0.0/8 ge 32
ip prefix-list FilterInBGPSec seq 40 permit 0.0.0.0/0 le 32
!
ip prefix-list MatchLoo7CPESEC description Permette la loopback 7 del CPE secondario
ip prefix-list MatchLoo7CPESEC seq 10 permit 7.23.40.15/32
!
ip prefix-list RedConnectedBGP description Permette la LAN, la loopback di mgmt ed eventuali altre
ip prefix-list RedConnectedBGP seq 10 permit 10.10.10.0/24
ip prefix-list RedConnectedBGP seq 20 permit 7.23.40.15/32
ip prefix-list RedConnectedBGP seq 25 permit 172.16.50.0/24
ip prefix-list RedConnectedBGP seq 30 permit 10.20.10.0/24
ip prefix-list RedConnectedBGP seq 35 permit 172.18.10.0/24
ip prefix-list RedConnectedBGP seq 50 permit 172.21.10.0/28
ip radius source-interface Loopback7
!
!
end
can RTR able to ping 10.10.10.1 --> Yes
can RTR able to ping 172.21.1.4 --> Yes
the distrib. is an end user type like a pc / notebook
show ip interface brief from all devices ? --> of which devices ?
ā11-04-2022 12:30 PM - edited ā11-04-2022 12:31 PM
show ip interface brief from RTR and RTR ISP?
FROM RTR ISP are you able to ping 10.10.10.10 and 172.21.1.1 ?
the distrib. is an end user type like a pc / notebook
if the PC are you able to ping gateway 172.21.1.1 ? if yes then most PC now a days have FW, do disable windows FW and TEST it.
You running HSRP on RTR ISP, do you any other device part of HSRP ?
ā11-05-2022 03:51 AM
traceroute from dist. to ISP
share the output here
ā11-05-2022 08:46 PM - edited ā11-06-2022 05:50 AM
The config shown in the original post clearly shows that the router interface address is 10.10.10.164 and not 10.10.10.10.
ā11-05-2022 11:22 PM
I guess static route next hop is wrong, and we will be sure if he share traceroute
ip route 0.0.0.0 0.0.0.0 10.10.10.1
Must be
ip route 0.0.0.0 0.0.0.0 10.10.10.10
ā11-06-2022 05:56 AM
Looking at this
Must be
ip route 0.0.0.0 0.0.0.0 10.10.10.10
10.10.10.10 should be the address of the 1921 router. 10.10.10.1 is the correct next hop and is the HSRP address of the ISP router.
ā11-06-2022 05:59 AM
let wait him to share traceroute,
and you correct, static route must be toward HSRP VIP not interface IP.
ā11-07-2022 07:45 AM
this traceroute from ISP to Dist.:
router ISP>traceroute 172.21.1.4
Type escape sequence to abort.
Tracing the route to 172.21.1.4
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.10.3 0 msec 1 msec 1 msec
2 10.10.10.10 1 msec 0 msec 1 msec
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
router ISP>
it is as if the RTR 1921 was unable to route packets to the Distr.
ā11-06-2022 11:26 AM
Hello,
since the interface on the 1921 router has IP address 10.10.10.164, the route on the ISP router
should be 'ip route 172.21.1.0 255.255.255.240 10.10.10.164'
ā11-07-2022 07:35 AM
hi all,
the interface on the RTR correct is:
interface GigabitEthernet0/0
ip address 10.10.10.10 255.255.255.0
duplex auto
speed auto
ā11-07-2022 07:40 AM
I need traceroute can you share results?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: