Can't access ISP from trunked VLAN on C2691

tcwan · ‎06-29-2005

I have a Cisco 2691 which is our ISP gateway router servicing a /24 variable sized subnet.

fa0/0 services a /26 subnet natively (VLAN 1).

I've defined several VLANs on a Cat2950 switch

and trunked to fa0/1 using dot1q encapsulation.

fa0/1.1 (VLAN 162) serves a /26 subnet, fa0/1.2 (VLAN 201) serves a /27 subnet while fa0/1.3 (VLAN 202) serves a /28 subnet.

The 2950 is a L2 only switch. The 2950 trunk port fa0/12 has VLAN 1 native, and allowed trunks are 162, 201 and 202.

The trunked VLANs are setup as a 'router on a stick' configuration, and are able to ping and access the respective VLANs without any problems. i.e. Inter-VLAN routing is working, since I can ping from 0/1.3 subnet to 0/1.2, 0/1.1, and 0/0 without any problems (and conversely).

In addition, all subnets are supposed to to access the Internet via the c2691 using their given IPs (global IPs, no NAT).

Default routes have been configured on the C2691 using ip route 0.0.0.0 ... to access the ISP routers. No routing protocol is running between the c2691 and the ISP.

The problem I'm facing is that while fa0/0 and fa0/1.1 subnets are working fine (they can access the Internet and be accessed from the Internet, fa0/1.2 and fa0/1.3 can't.

It seems that the default static route works only for fa0/0 (native) and fa0/1.1 (VLAN 162).

From outside the network (i.e., from the Internet), I can ping fa0/0, and fa0/1.1 fine. Pings to fa0/1.2 and fa0/1.3 times out.

I've attached my startup-config for the 2691 router. I've tried enabling RIP routing protocol but it doesn't do anything. Am I missing something?

The following is the 'sh ip route' output:

USM#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 218.208.69.57 to network 0.0.0.0

219.93.2.0/24 is variably subnetted, 4 subnets, 3 masks

C 219.93.2.128/27 is directly connected, FastEthernet0/1.2

C 219.93.2.192/28 is directly connected, FastEthernet0/1.3

C 219.93.2.0/26 is directly connected, FastEthernet0/0

C 219.93.2.64/26 is directly connected, FastEthernet0/1.1

210.187.57.0/30 is subnetted, 1 subnets

C 210.187.57.20 is directly connected, Serial0/3

218.208.69.0/30 is subnetted, 3 subnets

C 218.208.69.56 is directly connected, Serial0/2

C 218.208.69.52 is directly connected, Serial0/1

C 218.208.69.48 is directly connected, Serial0/0

S 192.168.0.0/24 [1/0] via 219.93.2.97

S 192.168.1.0/24 [1/0] via 219.93.2.97

S* 0.0.0.0/0 [1/0] via 218.208.69.57

[1/0] via 210.187.57.21

[1/0] via 218.208.69.49

[1/0] via 218.208.69.53

tcwan · ‎06-29-2005

I'm enclosing the edited startup-config for the 2691 router here

alfredshum · ‎06-29-2005

ip route 0.0.0.0 0.0.0.0 218.208.69.57

ip route 0.0.0.0 0.0.0.0 210.187.57.21

ip route 0.0.0.0 0.0.0.0 218.208.69.49

ip route 0.0.0.0 0.0.0.0 218.208.69.53

Sounds like you have 4 WAN circuits. Are all these Internet connections? Are they provided by the same ISP?

tcwan · ‎06-29-2005

Yes, they are 4 E1's (8 Mbps) provided by the same ISP for our Internet access.

alfredshum · ‎06-29-2005

Make sure your ISP helps you to advertise all the 3 subnets. You can actually test it by using loopback interfaces and configure the loopback to use the IP addresses in your 3 subnets and then ping to these addresses from outside the Internet.

Also make sure that all the 4 WAN links work by using 1 default route at a time to test the circuit.

I'd also like to suggest you to run Multilink PPP with your ISP if it supports MPPP so that you can form a logical 8Mbps circuit using the 4 E1 and use CEF for per-destination load-balancing.

tcwan · ‎06-30-2005

The subnet was originally a single unsubnetted /24 network using the same IP address block, and it was working fine with the ISP using the four static routes.

I'll have to test out your suggestion using the lo interfaces. At least they appear as non-trunked interfaces so actual subnet-ISP routing problems can be diagnosed.

I'm not sure how cooperative the ISP is with regards to configuring the 4xE1's as a single multilink PPP. I see your point though.

tcwan · ‎07-03-2005

I removed the ip address from fa0/1.2 and placed it o lo123:

[...]

interface Loopback123

ip address 219.93.2.129 255.255.255.224

[...]

I've also removed all the 0.0.0.0 default routes except one.

However, I still can't ping it from the Internet. Something is really wierd.

kumarapalani · ‎07-03-2005

Hi,

I wonder if these address worked before???.

I think the issue is to be with your ISP not adverdising these routes.

You cld confirm this with an extended ping

try pinging with the address that works to the other end of your serial interface and any other site in internet . Then try with the address that doesnt work. if you cant perform an extended ping with the not working address then the issue is with your ISP.

Thank you,

Venkatehs

tcwan · ‎07-04-2005

Hmm. I don't know if I understand your suggestion completely. If I get what you're saying, I've tried tracerouting from the 219.93.2.128/27 subnet and it doesn't get past our router. pinging from the 219.93.2.1/26 and 219.93.2.64/26 subnets to the Internet works just fine.

However, your suggestion did trigger something in my memory.

The ISP originally allocated us a /25, then extended it to a /24 (the second /25 from the same IP block).

If they didn't update their routing config, then I can see this problem happening.

kumarapalani · ‎07-04-2005

Hi,

Traceroute wldnt confirm if ur ISP has updated his tabel or not but "Extended PING " coudl do it :-)

Regards,

Venkatesh

tcwan · ‎07-06-2005

Hi,

Thanks. We've confirmed that the problem is at the ISP end, where 219.93.2.128/25 was not allocated/routed to us.

Thanks for all your help.