cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1271
Views
15
Helpful
24
Replies

Cisco router 1921 problem

Iaco
Level 1
Level 1

Hi All,

I have a problem on the router 1921 the infrastructure is as follows:

carburanti.jpg

router isp -> sw -> sw -> router 1921 -> distributor
can someone help me to understand why I can't get to the distributor from the ISP router? this is how the 1921 is configured

boot-start-marker
boot-end-marker
!
!
enable secret 4 xxxxx
enable password 7 1xxx
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
clock timezone CET 1 0
clock summer-time ita recurring last Sun Mar 3:00 last Sun Oct 3:00
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO1921/K9 sn FCZ1626C4KS
!
!
username xxxx privilege 15 password 7 xxxxx
!
redundancy
!
!
!
!
controller VDSL 0/0/0
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 10.10.10.164 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.21.1.1 255.255.255.240
duplex auto
speed auto
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Ethernet0/0/0
no ip address
shutdown
!
interface ATM0/1/0
no ip address
shutdown
no atm ilmi-keepalive
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 070D205E5C081A101313
transport input ssh
line vty 5 15
password 7 094E4F1B0B0414070F0D
transport input ssh
!
scheduler allocate 20000 1000
end

thank you and good evening

24 Replies 24

balaji.bandi
Hall of Fame
Hall of Fame

is this config from RTR ISP

add static route as per the diagram :

ip route 172.21.1.0 0.0.0.15 10.10.10.10

 

Also from distrib

ip route 0.0.0.0 0.0.0.0 172.21.1.1

 

I take all the switches in the path layer2

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

the posted configuration is that of the router between the switch and the distributor,

the ISP router has the following static route: ip route 172.21.1.0 255.255.255.240 10.10.10.10

I take all the switches in the path layer2 --> yes cisco 2960-x

Thanks for the clarification :

i take RTR ISP IP address 10.10.10.1 (can you post the RTR ISP config also)

Question here is :

can RTR able to ping 10.10.10.1

can RTR able to ping 172.21.1.4

from Distrib you able to ping 172.21.1.1 and 10.10.10.10 ?

show ip interface brief from all devices ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

this is the config the router isp:

interface GigabitEthernet0/0/0
ip address 192.168.5.29 255.255.255.252
load-interval 30
media-type rj45
speed 100
no negotiation auto
!
!
interface GigabitEthernet0/0/1
no ip address
negotiation auto
no cdp enable
!
interface GigabitEthernet0/0/1.1
description "Collegamento alla rete LAN
encapsulation dot1Q 1 native
ip address 10.10.10.3 255.255.255.0
standby 10 ip 10.10.10.1
standby 10 priority 230
standby 10 preempt
no cdp enable
!
!
interface GigabitEthernet0/0/1.2
description "Collegamento alla rete LAN VOIP
encapsulation dot1Q 2
ip address 172.18.10.3 255.255.255.0
standby 100 ip 172.18.10.1
standby 100 priority 230
standby 100 preempt
!
!
!
interface GigabitEthernet0/0/2
no ip address
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
!
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface Loopback7
ip route 0.0.0.0 0.0.0.0 192.168.3.1
ip route 172.21.1.0 255.255.255.240 10.10.10.10
ip route 192.168.2.0 255.255.255.224 10.10.10.4
!
!
!
ip prefix-list FilterInBGPSec description Nega le p2p, le loopback 7 delle sedi remote e permette il resto
ip prefix-list FilterInBGPSec seq 10 deny 192.168.0.0/16 ge 30 le 30
ip prefix-list FilterInBGPSec seq 20 permit 7.0.255.2/32
ip prefix-list FilterInBGPSec seq 25 permit 7.62.0.0/16 le 32
ip prefix-list FilterInBGPSec seq 30 deny 7.0.0.0/8 ge 32
ip prefix-list FilterInBGPSec seq 40 permit 0.0.0.0/0 le 32
!
ip prefix-list MatchLoo7CPESEC description Permette la loopback 7 del CPE secondario
ip prefix-list MatchLoo7CPESEC seq 10 permit 7.23.40.15/32
!
ip prefix-list RedConnectedBGP description Permette la LAN, la loopback di mgmt ed eventuali altre
ip prefix-list RedConnectedBGP seq 10 permit 10.10.10.0/24
ip prefix-list RedConnectedBGP seq 20 permit 7.23.40.15/32
ip prefix-list RedConnectedBGP seq 25 permit 172.16.50.0/24
ip prefix-list RedConnectedBGP seq 30 permit 10.20.10.0/24
ip prefix-list RedConnectedBGP seq 35 permit 172.18.10.0/24
ip prefix-list RedConnectedBGP seq 50 permit 172.21.10.0/28
ip radius source-interface Loopback7
!
!
end

can RTR able to ping 10.10.10.1 --> Yes

can RTR able to ping 172.21.1.4 --> Yes

the distrib. is an end user type like a pc / notebook

show ip interface brief from all devices ? --> of which devices  ?

 

show ip interface brief from RTR and RTR ISP?

FROM RTR ISP are you able to ping 10.10.10.10 and 172.21.1.1 ?

the distrib. is an end user type like a pc / notebook

if the PC are you able to ping gateway  172.21.1.1 ? if yes then most PC now a days have FW, do disable windows FW and TEST it.

You running HSRP on RTR ISP, do you any other device part of HSRP ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

traceroute from dist. to ISP 
share the output here 

The config shown in the original post clearly shows that the router interface address is 10.10.10.164 and not 10.10.10.10.

HTH

Rick

I guess static route next hop is wrong, and we will be sure if he share traceroute 

ip route 0.0.0.0 0.0.0.0 10.10.10.1
Must be

ip route 0.0.0.0 0.0.0.0 10.10.10.10

Looking at this

Must be

ip route 0.0.0.0 0.0.0.0 10.10.10.10

10.10.10.10 should be the address of the 1921 router. 10.10.10.1 is the correct next hop and is the HSRP address of the ISP router.

HTH

Rick

let wait him to share traceroute,  
and you correct, static route must be toward HSRP  VIP not interface IP.

this traceroute from ISP  to Dist.:

router ISP>traceroute 172.21.1.4
Type escape sequence to abort.
Tracing the route to 172.21.1.4
VRF info: (vrf in name/id, vrf out name/id)
1 10.10.10.3   0 msec 1 msec 1 msec
2 10.10.10.10 1 msec 0 msec 1 msec
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
router ISP>

it is as if the RTR 1921 was unable to route packets to the Distr.

Hello,

since the interface on the 1921 router has IP address 10.10.10.164, the route on the ISP router
should be 'ip route 172.21.1.0 255.255.255.240 10.10.10.164'

Iaco
Level 1
Level 1

hi all,

the interface on the RTR correct is:

interface GigabitEthernet0/0
ip address 10.10.10.10 255.255.255.0
duplex auto
speed auto

 

I need traceroute can you share results?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco

Ā