08-17-2015 08:01 AM - edited 03-05-2019 02:04 AM
Good morning everyone,
I hope someone here could assist me with the situation I am facing, I am a network administrator who has been assigned the task of adding a secondary router to a redundant backup third party provided internet circuit. This router will serve two-fold firstly it will serve out dhcp addresses through a dhcp pool and secondly it will accomodate 2 Unifi AP access points. I'll show my config below but the end result is I cannot ping the outside router interface that the ISP has provided which ultimately should allow me to get on the internet. My config is below:
CLTCHIEF2#show run
Building configuration...
Current configuration : 1934 bytes
!
! Last configuration change at 17:52:47 UTC Sun Mar 3 2002
!
version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname CLTCHIEF2
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$fMm.$fVzzs3q6pnSM6avr03Nho1
enable password 7 12211D0E081115
!
no aaa new-model
!
!
dot11 syslog
ip source-route
ip dhcp excluded-address 172.16.102.1 172.16.102.99
ip dhcp excluded-address 172.16.102.151 172.16.102.254
!
ip dhcp pool CLT2WIRELESS
network 172.16.102.0 255.255.255.0
default-router 172.16.102.1
domain-name INTERNAL.COM
lease 7
!
!
ip cef
no ip domain lookup
!
!
!
!
!
!
!
!
!
!
bridge irb
!
!
!
interface FastEthernet0
!
interface FastEthernet1
shutdown
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
description WAN INTERFACE
ip address 50.58.80.82 255.255.255.252
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
54.0
station-role root
!
interface Vlan1
description VLAN WIRED AND WIRELESS
no ip address
no ip redirects
bridge-group 1
!
interface BVI1
description VIRTUAL BONDED INTERFACE
ip address 172.16.102.2 255.255.255.0
no ip redirects
no ip unreachables
ip nat inside
ip virtual-reassembly max-reassemblies 1024
ip tcp adjust-mss 1360
load-interval 30
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 150 interface FastEthernet4 overload
ip route 0.0.0.0 0.0.0.0 172.16.102.1
ip route 0.0.0.0 0.0.0.0 50.58.80.81
!
access-list 150 remark NAT TRANSLATIONS
access-list 150 permit ip 172.16.102.0 0.0.0.255 any
!
!
!
snmp-server community public RO
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 07173955541300
login
transport input all
!
end
Does this config look right?
Thank-you.
08-18-2015 02:15 PM
Yes,
I checked out the isp router's interface and saw that there was no light activity so I kust unplugged it and plugged it back in and voila! So it appears that the customer g0/1 went into a sleep mode or something.
I intend on connecting a 3548P switch to one the fa0-3 ports, so within the router dont i just need to under the interface add the line "switchport mode access" to make it work.
08-18-2015 02:31 PM
John
I do not have a lot of experience with the 871 router. But my impression is that fa0-3 are effectively switch ports. While it would not hurt to configure them with switchport mode access I believe that it is not necessary.
HTH
Rick
08-18-2015 02:37 PM
I intend on connecting a 3548P switch to one the fa0-3 ports, so within the router dont i just need to under the interface add the line "switchport mode access" to make it work.
I don't think you need to add anything as they can only be L2 ports (f4 is the only L3 port) and you are using the default vlan.
Jon
08-18-2015 01:07 PM
Jon is right this is a significant issue and is very surprising since there has been an arp entry for .81 previous times when we looked at arp.
If arp can not resolve the address for .81 then certainly we will have no connectivity.
HTH
Rick
08-18-2015 10:33 AM
The mention of hyperterm makes me wonder if he is connected from his laptop to the router console and is doing the ping from the router console, which should work just fine.
The show arp does show a device at 172.16.102.100 which is the first available address in the DHCP pool and I wonder if that is his laptop. Perhaps the original poster can clarify how the ping is being done and what is in the output of ipconfig from his laptop.
HTH
Rick
08-18-2015 10:42 AM
Yes that is correct I am connected to the router console using a laptop remotely, that laptop is using wireless on a different subnet so that I can get to the hyperterminal session.
My remote laptop has grabbed 172.16.102.100 as intended from the pool but my concern is it is not showing a default gateway. Without this I will not be able to get to the internet from the inside?
08-18-2015 10:45 AM
Rick
The mention of hyperterm makes me wonder if he is connected from his laptop to the router console and is doing the ping from the router console, which should work just fine.
Good point, I expect that explains the ping.
Any ideas about the DHCP default gateway ?
Jon
08-18-2015 10:54 AM
Jon
I agree that it is getting a bit confusing. The config looks pretty good to me. And the output of show arp leads me to believe that there should be IP connectivity. We do need the original poster to clarify what is working and what is not working. And posting the output of ipconfig would be helpful also.
HTH
Rick
08-17-2015 11:45 AM
Thanks for the updated config. If you do not plan to use the wireless then removing the bridging and the BVI interface makes sense. But in that case I would think that you would want to put an IP address for vlan 1. As it stands now the only interface with an IP address is the WAN interface. So effectively you have no LAN at this point.
With this changed config can the router ping the external router? If not then please post outputs from show ip arp and from show ip interface brief.
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: