cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1064
Views
15
Helpful
4
Replies

Cisco 1941w sharing VDSL

karlosthehat
Level 1
Level 1

Hi everyone, newb here.

 

I picked up a cheap 1941w, but know very little about them and as such this is a very steep learning curve. This particular one has a VDSL2 module and 1x 8 port POE gigabit module. I have a VLAN that covers 8x POE gigabit ports which is my main network, a separate admin VLAN and then share the VDSL to both of these.

 

So far all is good, I am connected to the internet (my ISP has assigned a static IP and it displays correctly) but I can't figure out how to share it to my VLAN's or the router itself. I found some other threads on the topic but they are all related to FTTP etc and I can't get it to work with VDSL2. If I try to test the WAN connection or ping something, it doesn't work despite being connected to the internet. My ISP tool says I am synced but I can't ping the router.

 

Any help appreciated!

 

config:

 

Using 5380 out of 262136 bytes
!
! Last configuration change at 22:38:06 UTC Wed Nov 17 2021 by thepoint
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname thepoint
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxxxx
enable password xxxxx
!
no aaa new-model
memory-size iomem 5
service-module wlan-ap 0 bootimage autonomous
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool admin
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.1
!
!
!
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
parameter-map type inspect global
max-incomplete low 18000
max-incomplete high 20000
nbar-classify
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941W-N/K9 sn FGL163823NB
hw-module ism 0
!
!
!
object-group service INTERNAL_UTM_SERVICE
!
object-group network Others_dst_net
any
!
object-group network Others_src_net
any
!
object-group service Others_svc
ip
!
object-group network Web_dst_net
any
!
object-group network Web_src_net
any
!
object-group service Web_svc
ip
!
object-group network local_cws_net
!
object-group network local_lan_subnets
192.168.1.0 255.255.255.0
!
object-group network vpn_remote_subnets
any
!
username thepoint privilege 15 secret 5 xxxxx
!
redundancy
!
!
!
!
!
controller VDSL 0/0/0
operating mode vdsl2
!
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
match protocol msnmsgr
match protocol ymsgr
class-map type inspect match-any Others_app
match protocol https
match protocol smtp
match protocol pop3
match protocol imap
match protocol sip
match protocol ftp
match protocol dns
match protocol icmp
class-map type inspect match-any Web_app
match protocol http
class-map type inspect match-all Others
match class-map Others_app
match access-group name Others_acl
class-map type inspect match-all Web
match class-map Web_app
match access-group name Web_acl
!
policy-map type inspect LAN-WAN-POLICY
class type inspect Web
inspect
class type inspect Others
inspect
class class-default
drop log
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security LAN-WAN source LAN destination WAN
service-policy type inspect LAN-WAN-POLICY
!
!
crypto isakmp policy 1
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface wlan-ap0
no ip address
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
no ip address
ip tcp adjust-mss 1412
shutdown
duplex auto
speed auto
!
interface Wlan-GigabitEthernet0/0
switchport mode trunk
no ip address
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
cdp enable
!
interface Ethernet0/0/0
description PrimaryWANDesc_
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface GigabitEthernet0/1/4
no ip address
!
interface GigabitEthernet0/1/5
no ip address
!
interface GigabitEthernet0/1/6
no ip address
!
interface GigabitEthernet0/1/7
switchport mode trunk
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
ip tcp adjust-mss 1412
load-interval 30
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet0/0/0 overload
ip nat inside source list nat-list interface Ethernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Ethernet0/0/0
!
ip access-list extended Others_acl
permit object-group Others_svc object-group Others_src_net object-group Others_dst_net
ip access-list extended Web_acl
permit object-group Web_svc object-group Web_src_net object-group Web_dst_net
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
!
!
!
snmp-server community thepoint RO
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
access-list 1 permit 0.0.0.1 255.255.255.0
!
control-plane
!
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
password xxxxxx
login
transport input none
!
scheduler allocate 20000 1000
!
end

1 Accepted Solution

Accepted Solutions

Hello,

 

make the changes marked in bold:

 

Using 5380 out of 262136 bytes
!
! Last configuration change at 22:38:06 UTC Wed Nov 17 2021 by thepoint
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname thepoint
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxxxx
enable password xxxxx
!
no aaa new-model
memory-size iomem 5
service-module wlan-ap 0 bootimage autonomous
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool admin
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.1
!
!
!
ip cef
no ipv6 cef
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
parameter-map type inspect global
max-incomplete low 18000
max-incomplete high 20000
nbar-classify
multilink bundle-name authenticated
!
license udi pid CISCO1941W-N/K9 sn FGL163823NB
hw-module ism 0
!
!
!
object-group service INTERNAL_UTM_SERVICE
!
object-group network Others_dst_net
any
!
object-group network Others_src_net
any
!
object-group service Others_svc
ip
!
object-group network Web_dst_net
any
!
object-group network Web_src_net
any
!
object-group service Web_svc
ip
!
object-group network local_cws_net
!
object-group network local_lan_subnets
192.168.1.0 255.255.255.0
!
object-group network vpn_remote_subnets
any
!
username thepoint privilege 15 secret 5 xxxxx
!
redundancy
!
controller VDSL 0/0/0
operating mode vdsl2
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
match protocol msnmsgr
match protocol ymsgr
class-map type inspect match-any Others_app
match protocol https
match protocol smtp
match protocol pop3
match protocol imap
match protocol sip
match protocol ftp
match protocol dns
match protocol icmp
class-map type inspect match-any Web_app
match protocol http
class-map type inspect match-all Others
match class-map Others_app
match access-group name Others_acl
class-map type inspect match-all Web
match class-map Web_app
match access-group name Web_acl
!
policy-map type inspect LAN-WAN-POLICY
class type inspect Web
inspect
class type inspect Others
inspect
class class-default
drop log
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security LAN-WAN source LAN destination WAN
service-policy type inspect LAN-WAN-POLICY
!
crypto isakmp policy 1
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface wlan-ap0
no ip address
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
no ip address
ip tcp adjust-mss 1412
shutdown
duplex auto
speed auto
!
interface Wlan-GigabitEthernet0/0
switchport mode trunk
no ip address
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
cdp enable
!
interface Ethernet0/0/0
description PrimaryWANDesc_
ip address dhcp
ip nat outside
ip virtual-reassembly in
--> zone-member security WAN
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface GigabitEthernet0/1/4
no ip address
!
interface GigabitEthernet0/1/5
no ip address
!
interface GigabitEthernet0/1/6
no ip address
!
interface GigabitEthernet0/1/7
switchport mode trunk
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
ip tcp adjust-mss 1412
load-interval 30
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet0/0/0 overload
--> no ip nat inside source list nat-list interface Ethernet0/0/0 overload
--> ip route 0.0.0.0 0.0.0.0 Ethernet0/0/0 dhcp
!
ip access-list extended Others_acl
permit object-group Others_svc object-group Others_src_net object-group Others_dst_net
ip access-list extended Web_acl
permit object-group Web_svc object-group Web_src_net object-group Web_dst_net
--> no ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
!
snmp-server community thepoint RO
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
--> no access-list 1 permit 0.0.0.1 255.255.255.0
!
control-plane
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
password xxxxxx
login
transport input none
!
scheduler allocate 20000 1000
!
end

View solution in original post

4 Replies 4

pieterh
VIP
VIP

do i overlook an "ip routing" statement ?

Hello,

 

make the changes marked in bold:

 

Using 5380 out of 262136 bytes
!
! Last configuration change at 22:38:06 UTC Wed Nov 17 2021 by thepoint
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname thepoint
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxxxx
enable password xxxxx
!
no aaa new-model
memory-size iomem 5
service-module wlan-ap 0 bootimage autonomous
!
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool admin
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
dns-server 8.8.8.8
default-router 192.168.1.1
!
!
!
ip cef
no ipv6 cef
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
parameter-map type inspect global
max-incomplete low 18000
max-incomplete high 20000
nbar-classify
multilink bundle-name authenticated
!
license udi pid CISCO1941W-N/K9 sn FGL163823NB
hw-module ism 0
!
!
!
object-group service INTERNAL_UTM_SERVICE
!
object-group network Others_dst_net
any
!
object-group network Others_src_net
any
!
object-group service Others_svc
ip
!
object-group network Web_dst_net
any
!
object-group network Web_src_net
any
!
object-group service Web_svc
ip
!
object-group network local_cws_net
!
object-group network local_lan_subnets
192.168.1.0 255.255.255.0
!
object-group network vpn_remote_subnets
any
!
username thepoint privilege 15 secret 5 xxxxx
!
redundancy
!
controller VDSL 0/0/0
operating mode vdsl2
!
class-map type inspect match-any INTERNAL_DOMAIN_FILTER
match protocol msnmsgr
match protocol ymsgr
class-map type inspect match-any Others_app
match protocol https
match protocol smtp
match protocol pop3
match protocol imap
match protocol sip
match protocol ftp
match protocol dns
match protocol icmp
class-map type inspect match-any Web_app
match protocol http
class-map type inspect match-all Others
match class-map Others_app
match access-group name Others_acl
class-map type inspect match-all Web
match class-map Web_app
match access-group name Web_acl
!
policy-map type inspect LAN-WAN-POLICY
class type inspect Web
inspect
class type inspect Others
inspect
class class-default
drop log
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
zone-pair security LAN-WAN source LAN destination WAN
service-policy type inspect LAN-WAN-POLICY
!
crypto isakmp policy 1
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1412
duplex auto
speed auto
no mop enabled
!
interface wlan-ap0
no ip address
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
no ip address
ip tcp adjust-mss 1412
shutdown
duplex auto
speed auto
!
interface Wlan-GigabitEthernet0/0
switchport mode trunk
no ip address
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
cdp enable
!
interface Ethernet0/0/0
description PrimaryWANDesc_
ip address dhcp
ip nat outside
ip virtual-reassembly in
--> zone-member security WAN
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface GigabitEthernet0/1/4
no ip address
!
interface GigabitEthernet0/1/5
no ip address
!
interface GigabitEthernet0/1/6
no ip address
!
interface GigabitEthernet0/1/7
switchport mode trunk
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nbar protocol-discovery
ip flow monitor application-mon input
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly in
zone-member security LAN
ip tcp adjust-mss 1412
load-interval 30
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 1 interface Ethernet0/0/0 overload
--> no ip nat inside source list nat-list interface Ethernet0/0/0 overload
--> ip route 0.0.0.0 0.0.0.0 Ethernet0/0/0 dhcp
!
ip access-list extended Others_acl
permit object-group Others_svc object-group Others_src_net object-group Others_dst_net
ip access-list extended Web_acl
permit object-group Web_svc object-group Web_src_net object-group Web_dst_net
--> no ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
!
snmp-server community thepoint RO
access-list 1 permit 192.168.2.0 0.0.0.255
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.0.0 0.0.0.255
--> no access-list 1 permit 0.0.0.1 255.255.255.0
!
control-plane
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
password xxxxxx
login
transport input none
!
scheduler allocate 20000 1000
!
end

karlosthehat
Level 1
Level 1

Hi there,

 

Thanks for the replies! You are correct that there was no ip route, but I have made all of the suggested changes with no luck.

WAN shows connected, VDSL has synced and I have an IP address but none of my VLAN's can access the internet. I can ping remote servers successfully from Ethernet0/0/0 and 192.168.1.1, so this is definitely a routing issue.

 

I have tidied up the config and will post below

 

Any more ideas? Thanks!

 

Using 3457 out of 262136 bytes
!
! Last configuration change at 22:00:53 UTC Thu Nov 18 2021 by thepoint
!
version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname thepoint
!
boot-start-marker
boot-end-marker
!
!
enable secret 5 xxxxxxxxxxx
enable password xxxxxxxxxxxxx
!
no aaa new-model
memory-size iomem 5
service-module wlan-ap 0 bootimage autonomous
!
!
!
!
!
!
!
!
!
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.0.1
!
ip dhcp pool admin
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
!
ip dhcp pool LAN
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
!
!
!
ip domain name thepoint.com
ip cef
no ipv6 cef
!
!
flow record nbar-appmon
match ipv4 source address
match ipv4 destination address
match application name
collect interface output
collect counter bytes
collect counter packets
collect timestamp absolute first
collect timestamp absolute last
!
!
flow monitor application-mon
cache timeout active 60
record nbar-appmon
!
multilink bundle-name authenticated
!
!
!
license udi pid CISCO1941W-N/K9 sn FGL163823NB
hw-module ism 0
!
!
!
object-group network local_cws_net
!
object-group network local_lan_subnets
any
!
object-group network vpn_remote_subnets
any
!
username thepoint privilege 15 secret 5 xxxxxxxxxxxxxxxx
!
redundancy
!
!
!
!
!
controller VDSL 0/0/0
operating mode vdsl2
!
zone security LAN
zone security WAN
zone security VPN
zone security DMZ
!
!
crypto isakmp policy 1
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface wlan-ap0
no ip address
arp timeout 0
no mop enabled
no mop sysid
!
interface GigabitEthernet0/1
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no mop enabled
!
interface Wlan-GigabitEthernet0/0
switchport mode trunk
no ip address
shutdown
!
interface ATM0/0/0
no ip address
shutdown
no atm ilmi-keepalive
cdp enable
!
interface Ethernet0/0/0
description PrimaryWANDesc_
ip address dhcp
ip nat outside
ip virtual-reassembly in
zone-member security WAN
!
interface GigabitEthernet0/1/0
no ip address
!
interface GigabitEthernet0/1/1
no ip address
!
interface GigabitEthernet0/1/2
no ip address
!
interface GigabitEthernet0/1/3
no ip address
!
interface GigabitEthernet0/1/4
no ip address
!
interface GigabitEthernet0/1/5
no ip address
!
interface GigabitEthernet0/1/6
no ip address
!
interface GigabitEthernet0/1/7
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 Ethernet0/0/0 dhcp
!
!
!
snmp-server community thepoint RO
access-list 100 permit ip 192.168.0.0 0.0.0.255 any
!
control-plane
!
!
vstack
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 67
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
password xxxxxxxxx
login local
transport input ssh
!
scheduler allocate 20000 1000
!
end

karlosthehat
Level 1
Level 1

Success! It turns out I hadn't configured any firewall policies yet (d'oh!). So the routing was all good, just being blocked by the firewall. Here are the changes  I made:

 

ip nat inside source list 1 interface Ethernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 Ethernet0/0/0 dhcp
!
ip access-list extended Others_acl
permit object-group Others_svc object-group Others_src_net object-group Others_dst_net
ip access-list extended Web_acl
permit object-group Web_svc object-group Web_src_net object-group Web_dst_net
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
!
!
!
snmp-server community thepoint RO
access-list 1 permit 192.168.1.0 0.0.0.255

 

Thanks again for your help, much appreciated.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: