Can someone help me with Time Warner Cable subnet and 2621?

commandlinekid · ‎11-05-2015

Can someone help me?

I have a 2621 (with Cisco VLAN switch behind it but not relevant to conversation) into which I plugged a Time Warner Business Class cable connection.

It goes through a bridged (I set the modem to bridged myself) Arris dg1670.

My WAN IP on the 2621 is set to dhcp on FastEthernet 0/0. And it IS pulling from Time Warner. I can also ping from the 2621 the IP 8.8.8.8.

The LAN IP is set to my subnet (and I put it on FastEthernet 0/1.4 exactly the setup my DSL used to use except using a different subnet)assigned by Time Warner of (fake) 111.111.111.41 255.255.255.240 (so I have a /28). This is the first address in the subnet.

I set my default route on the 2621 to:

ip route 0.0.0.0 0.0.0.0 fastethernet 0/0 dhcp

And I took off any access-lists from the interfaces.

PROBLEM: The 2621 is not routing the subnet assigned to FE 0/1.4. My test for this was to ping From the 2621 out to 8.8.8.8 using the advanced ping out of the interface FE 0/1.4....and it's just not going.

Can anyone help me here? Thank you very much.

-Joe

Aaron O'Hare · ‎11-05-2015

Is your carrier routing the assigned subnet to you (if you do a packet capture do you see the traffic reaching you're WAN IP)?

Sounds like the traffic is not actually reaching you.

-AO

commandlinekid · ‎11-05-2015

ARRIS DG1670 TIME WARNER CABLE LOGIN (login to 192.168.0.1):

USERNAME: technician (not admin, technician gives you more ability).

PASSWORD: T!m3W4rn3rC4bl3 (works as of 11/07/2015 in NYC. And yes, it's called POD (Password of the Day) BUT it appears Time Warner just stopped using the algorithm or API and hardcoded it in as of now).

Also if you need it the router RIP keystring that is blacked out is: tw1cable

They should be but Time Warner isn't forthcoming on anything partly because they have no real engineers on the customer facing side it appears mind-bogglingly.

What works: If I set their Arris cable modem up as a router itself with my subnet on Their LAN interface, pulling dhcp on their WAN interface, so I'm assuming they're routing the block to me.

But....when I (as I illustrated above) I try to use my router, I'm not able to route with my assigned subnet.

When you say capture the packets....are you talking about from the router like "ip debug?" Or an external app on a computer? I haven't tried it yet but can after 5 pm.

Thanks

Aaron O'Hare · ‎11-05-2015

IOS packet capture may be an option, its been a while since I've done much on a 2621 I don't know if they support it, what IOS are you running?

Your IP block is a public IP block correct?

Also, they weren't doing any NATing in their modem for you were they?

-AO

commandlinekid · ‎11-05-2015

IOS: 12.3(18)

Public IP block yes. If I trace the IP (I just don't want to paste it here I guess) I get as far as 66.109.6.156, then a bunch of stars.

No natting. We had it setup at one point using their cable modem as the router and I could assing my desktop a public IP for testing, the first one in the block I used and I could get out.

Aaron O'Hare · ‎11-05-2015

Can you ask TWC to clear the arp cache on their side after you put the 2621 in place?

commandlinekid · ‎11-05-2015

I'd love to but they don't let you talk to a NOC, more like....whatever is the opposite of that.

The cache should clear itself over a few days correct? I haven't had my pc plugged in for about three days.

Aaron O'Hare · ‎11-05-2015

Normally 24 hours (at least with Comcast and Brighthouse) If that does not resolve is then an IOS packet capture would help, let me know.

-AO

commandlinekid · ‎11-05-2015

I tested it. I cannot ping the LAN interface (my subnet first IP on FE 0/1.4) from the public internet but I can ping the WAN IP (the dhcp address TW assigns to my 2621).

I'm running "ip debug packet" to do this, and yes I see my outside IP trying to ping the WAN IP....but I see Nothing when I try to ping the LAN IP (my first IP in the /28 subnet).

Aaron O'Hare · ‎11-06-2015

Can you attach a show run from your 2621?

-AO

commandlinekid · ‎11-06-2015

CONFIG REMOVED POST DISCUSSION FOR SAFETY

Aaron O'Hare · ‎11-06-2015

Can you remove the crypto map and ip nat outside from the outside interface for now?

-AO

commandlinekid · ‎11-06-2015

I've tried all that. But yes I can remove everything including the access-lists.

Aaron O'Hare · ‎11-06-2015

Can you also add no ip proxy-arp

commandlinekid · ‎11-07-2015

Thank you ALL FOR BEING SO KIND and helping me. It's not solved, shame on Time Warner, and unless you're planning to use them for playing Netflix in your basement....CHOOSE ANOTHER PROVIDER who takes business seriously and routes subnet blocks (in the most standards-based and standard way). I never would have thought they would not only not deliver what they committed but would be so adamant about it. We only needed it for a backup connection, but Still, we were told it would route. SHAME and SHAME on them staffing their highest level of support "Tier 3" with people who have zero clue of even basic routing.