I am in the process of rolling out Cisco 831 Routers to several remote home offices for both voice and data. I am running into a issue where as I deploy these routers to my end users, they are simply not working "plug and play" like they should be. I configure them on Comcast here in East Lansing, test the configuration, test voice, test data, test VPN and everything works 100%. I box them up, ship them to my customers in Illinois, on Comcast as well, and when they connect them (I checked to make sure it was correct) the router boots up, gets a IP, and can ping its upstream gateway on the Internet, as well as a few other Comcast routers, but cannot ping back to my office, nor any place else on the Internet. First thing I am thinking is that the MAC address needs to be registered. I called and this is not the case. I then elimiated the router and plugged her PC directly in, this works. I replace the PIX501 that was previously deployed, this works. Plug the 831 in, it gets a IP address (I have the end user doing a show int) and same thing, the router is unpingable and cannout ping off comcasts net.
I am at a complete loss of what could be the problem. DHCP is working, there's a IP, why doesn't it work just like the PIX501. I am attaching my config in hopes that someone can either correct me or confirm my config.
I have attached the config since I can't seem to insert it here.
I use Comcast at my house in Georgia, and it works fine but I have to do NAT, which I noticed you're not. Also, you might try taking off the ACL 101 as a test. I also noticed that you've set the MTU to 542 though I know of no reason for going that low. Perhaps you could try letting the mtu run at its natural state first? Could be something local to that comcast network incompatible with those settings.
I have the MTU set for 542 specifically because we are doing VoIP and they recommend that you set the size low because of this. It is a good idea to change the MTU size back to normal as well as take of the Firewall and ACL. Funny thing is that I get a IP address from DHCP. If you don't mind, shoot me your config at firstname.lastname@example.org I would love to compare.
A few of ideas:
1. Are you rebooting the cable modem after you change the connecting device (PC/831/501)?
2. Some ISPs are implementing a policy where every time you change the MAC address connected at the router, you have to go through an Acceptable Use Policy. Until you accept the AUP, the only thing you can ping are devices on the ISP's network, not outside their network. I've had situations where I had to connect my laptop to the cable modem, spoof the MAC address of the router just to get through the AUP. Once the AUP was accepted, reboot the cable modem and connect it back to the router and everything was happy.
3. You are using "ip address dhcp". You are already getting an IP, so this probably isn't it, but does Comcast require you send your MAC address in the DHCP request? E.g. by using the command "ip address dhcp client-id ethernet 1"
1) I have been rebooting the cable modem each time.
2) Comcast swears to me that you don't have to register the new MAC (e.g. a AUP) but I only about half believe them.
3) Not sure about this one, but this sounds like something good to try. Is this something that you have done in your general configs for 831's? Have you ever had problems running this global command?
Tomorrow Im going to use the mac-address command to spoof the currently working PIX 501 MAC address and see if this works as well.
Thanks for the info. I will let you know.
1) I entered the new ip address dhcp client-id Ethernet 1 command.
2) I spoofed the MAC address of the PIX 501 that works.
3) I removed all of the FW Inspection, Access lists, etc.
4) I removed the ip tcp adjust-mss commands.
5) I "had a moment of silence"
Still, the router gets a IP address (albeit a new one since I spoofed the MAC, so it got the PIX address), but yet is unpingable. I am at a total loss.
A strange problem indeed. Have you had any luck? I'm sure it isn't easy to troubleshoot this problem remotely using the hands/eyes of the user. I wonder if you could temporary ship a modem for out-of-band access while this is fixed.
I have run 831's using 12.3(4)T with DHCP (Cox is the ISP) without any problems (and using many of the features of your config).
At this point, the only thing I can think of is to do an erase start/reload, configure only the internet interface with "ip address dhcp client-id ethernet 1" and "no shut", and see if you can ping.
If the devices on comcast that you can ping are on the same subnet as your 831 router, you probably don't have a default route installed in the routing table. You could try configuring a static default route pointing to the ethernet interface. If this works, it wouldn't matter what address is assigned to your router by DHCP at your various locations.
I'm sorry. I see that you do have a static route configured pointing to the ethernet 1 interface. It is possible that the comcast upstream router has proxy-arp disabled. If so, you would probably have to configure a static route pointing to the upstream routers ip address.
Yeah, if those remote sites have not clicked thru the AUP, fresh comcast installs are likely to behave that way.
Also, comcast's cable modems need to be powered off for 2 minutes to really refresh their config from the head end.
Comcast has phased out mac addy stuff in the New England region, at a minimum