cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
815
Views
0
Helpful
4
Replies

C1921 with EHWIC-4ESG not routing between PPPoE Dialer and SVI VLAN1

INISI Support
Level 1
Level 1

Hi, using a C1921 with ehwic-4esg as internet router. Using pppoe connection across build-in gigabit port to ISP and svi vlan1 to route traffic to firewalls. pppoe connection works fine (can ping the internet, etc) but svi is not routing any traffic. See below config.  

Interface vlan1 is using "IP unnumbered dialer 1". Also tried "ip address pool IAS" but didn't make any difference.

IOS version 15.4(3)M3.

Any help will be appreciated...

Thanks,

Rico.

====================================

!
hostname rtr01
!
ip dhcp pool IAS
 import all
 origin ipcp
 dns-server 194.151.228.18 194.151.228.34
!
ip cef
multilink bundle-name authenticated
!
cts logging verbose
!
redundancy
!
no cdp run
!
policy-map custom-shaper-30Mbps
 class class-default
  shape average 28800000
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 description ISP CPE
 no ip address
 load-interval 30
 duplex full
 speed 100
 pppoe enable group global
 pppoe-client dial-pool-number 1
 service-policy output custom-shaper-30Mbps
!
interface GigabitEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
!
interface GigabitEthernet0/0/1
 no ip address
!
interface GigabitEthernet0/0/2
 no ip address
!
interface GigabitEthernet0/0/3
 no ip address
!
interface Vlan1
 ip unnumbered Dialer1
 ip verify unicast reverse-path
 ip tcp adjust-mss 1452
 load-interval 30
!
interface Dialer1
 description Customer Traffic PPPoE Connection
 ip address negotiated
 ip verify unicast reverse-path
 encapsulation ppp
 mtu 1492
 dialer pool 1
 dialer-group 1
 ppp pap sent-username <removed> password <removed>
 ppp ipcp mask request
 ppp ipcp address accept
!
ip forward-protocol nd
!
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
!

=========================================================================

rtr01#sh vlan-switch

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/0/0, Gi0/0/1, Gi0/0/2, Gi0/0/3
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        1002   1003
1002 fddi  101002     1500  -      -      -        -    -        1      1003
1003 tr    101003     1500  1005   0      -        -    srb      1      1002
1004 fdnet 101004     1500  -      -      1        ibm  -        0      0  
1005 trnet 101005     1500  -      -      1        ibm  -        0      0  

==========================================================================

rtr01#sh int status

Port    Name               Status       Vlan       Duplex Speed Type
Gi0/0/0                    connected    1          a-full  a-1000 10/100BaseTX/1000BaseT
Gi0/0/1                    connected    1          a-full  a-1000 10/100BaseTX/1000BaseT
Gi0/0/2                    connected    1          a-full   a-100 10/100BaseTX/1000BaseT
Gi0/0/3                    notconnect   1            auto    auto 10/100BaseTX/1000BaseT

4 Replies 4

acampbell
VIP Alumni
VIP Alumni

Hi,

What does show ip int brief verify as ip addresses.

Regards

Alex

Regards, Alex. Please rate useful posts.

Hi Alex,

See below. This is from the logs I collected, we did a role-back to the original 871 router. I've slightly modified the output and set the first 3 digits of the IP address to x.x.x. Btw, this output is with the IP unnumbered config. The 871 router is using the "ip address pool IAS" on the svi interface but this didn't work on the 1921...

Thanks, Rico.

rtr01#sh ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down   
GigabitEthernet0/0         unassigned      YES NVRAM  up                    up     
GigabitEthernet0/1         unassigned      YES NVRAM  administratively down down   
GigabitEthernet0/0/0       unassigned      YES unset  up                    up     
GigabitEthernet0/0/1       unassigned      YES unset  up                    up     
GigabitEthernet0/0/2       unassigned      YES unset  up                    up     
GigabitEthernet0/0/3       unassigned      YES unset  down                  down   
Dialer1                    x.x.x.65        YES IPCP   up                    up     
Virtual-Access1            unassigned      YES unset  up                    up     
Virtual-Access2            unassigned      YES unset  up                    up     
Vlan1                      x.x.x.65        YES unset  up                    up     

Why don't you assign a different static IP to SVI Interface VLAN1, NAT inside, remove IP unnumbered and have it on the same subnet as the firewall's interface.

Set the default route on the firewall to point to the SVI's IP.

Also set an ACL for all subnets or hosts that need to be NATted on the router. That way you only NAT at the router. Also NAT outside on Dialer1.

Thanks

John

It turned out to be a netmask issue. The pppoe connection negotiated a /32 IP address which is not really usefull when using it as a routed interface. So used a dhcp pool to assign the ip address to the vlan1 interface which was basically the original configuration of the 871 router. The second issue was that this only worked after saving the new config and rebooting the 1921 router. It didn't work when only shuting down the interface and re-enabling it...

Review Cisco Networking for a $25 gift card