11-05-2015 10:28 AM - edited 03-05-2019 02:40 AM
Can someone help me?
I have a 2621 (with Cisco VLAN switch behind it but not relevant to conversation) into which I plugged a Time Warner Business Class cable connection.
It goes through a bridged (I set the modem to bridged myself) Arris dg1670.
My WAN IP on the 2621 is set to dhcp on FastEthernet 0/0. And it IS pulling from Time Warner. I can also ping from the 2621 the IP 8.8.8.8.
The LAN IP is set to my subnet (and I put it on FastEthernet 0/1.4 exactly the setup my DSL used to use except using a different subnet)assigned by Time Warner of (fake) 111.111.111.41 255.255.255.240 (so I have a /28). This is the first address in the subnet.
I set my default route on the 2621 to:
ip route 0.0.0.0 0.0.0.0 fastethernet 0/0 dhcp
And I took off any access-lists from the interfaces.
PROBLEM: The 2621 is not routing the subnet assigned to FE 0/1.4. My test for this was to ping From the 2621 out to 8.8.8.8 using the advanced ping out of the interface FE 0/1.4....and it's just not going.
Can anyone help me here? Thank you very much.
-Joe
11-05-2015 11:10 AM
Is your carrier routing the assigned subnet to you (if you do a packet capture do you see the traffic reaching you're WAN IP)?
Sounds like the traffic is not actually reaching you.
-AO
11-05-2015 11:26 AM
ARRIS DG1670 TIME WARNER CABLE LOGIN (login to 192.168.0.1):
USERNAME: technician (not admin, technician gives you more ability).
PASSWORD: T!m3W4rn3rC4bl3 (works as of 11/07/2015 in NYC. And yes, it's called POD (Password of the Day) BUT it appears Time Warner just stopped using the algorithm or API and hardcoded it in as of now).
Also if you need it the router RIP keystring that is blacked out is: tw1cable
They should be but Time Warner isn't forthcoming on anything partly because they have no real engineers on the customer facing side it appears mind-bogglingly.
What works: If I set their Arris cable modem up as a router itself with my subnet on Their LAN interface, pulling dhcp on their WAN interface, so I'm assuming they're routing the block to me.
But....when I (as I illustrated above) I try to use my router, I'm not able to route with my assigned subnet.
When you say capture the packets....are you talking about from the router like "ip debug?" Or an external app on a computer? I haven't tried it yet but can after 5 pm.
Thanks
11-05-2015 11:26 AM
IOS packet capture may be an option, its been a while since I've done much on a 2621 I don't know if they support it, what IOS are you running?
Your IP block is a public IP block correct?
Also, they weren't doing any NATing in their modem for you were they?
-AO
11-05-2015 12:40 PM
IOS: 12.3(18)
Public IP block yes. If I trace the IP (I just don't want to paste it here I guess) I get as far as 66.109.6.156, then a bunch of stars.
No natting. We had it setup at one point using their cable modem as the router and I could assing my desktop a public IP for testing, the first one in the block I used and I could get out.
11-05-2015 01:02 PM
Can you ask TWC to clear the arp cache on their side after you put the 2621 in place?
11-05-2015 01:13 PM
I'd love to but they don't let you talk to a NOC, more like....whatever is the opposite of that.
The cache should clear itself over a few days correct? I haven't had my pc plugged in for about three days.
11-05-2015 01:29 PM
Normally 24 hours (at least with Comcast and Brighthouse) If that does not resolve is then an IOS packet capture would help, let me know.
-AO
11-05-2015 02:12 PM
I tested it. I cannot ping the LAN interface (my subnet first IP on FE 0/1.4) from the public internet but I can ping the WAN IP (the dhcp address TW assigns to my 2621).
I'm running "ip debug packet" to do this, and yes I see my outside IP trying to ping the WAN IP....but I see Nothing when I try to ping the LAN IP (my first IP in the /28 subnet).
11-06-2015 05:55 AM
Can you attach a show run from your 2621?
-AO
11-06-2015 06:23 AM
CONFIG REMOVED POST DISCUSSION FOR SAFETY
11-06-2015 06:23 AM
Can you remove the crypto map and ip nat outside from the outside interface for now?
-AO
11-06-2015 06:27 AM
I've tried all that. But yes I can remove everything including the access-lists.
11-06-2015 06:59 AM
Can you also add no ip proxy-arp
11-07-2015 04:51 PM
Thank you ALL FOR BEING SO KIND and helping me. It's not solved, shame on Time Warner, and unless you're planning to use them for playing Netflix in your basement....CHOOSE ANOTHER PROVIDER who takes business seriously and routes subnet blocks (in the most standards-based and standard way). I never would have thought they would not only not deliver what they committed but would be so adamant about it. We only needed it for a backup connection, but Still, we were told it would route. SHAME and SHAME on them staffing their highest level of support "Tier 3" with people who have zero clue of even basic routing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide