Re: Cisco 887 (3G) routing from LAN being blocked?

johnelliot6 · ‎02-01-2011

Hi,

Weird issue with an 887 connecting via Dialer to 3G(We run LNS the router is terminating on(7200)) - From 7200, can ping WAN IP assigned to 3G dialer:

ping vrf HOCA 172.18.35.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.35.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/83/96 ms

From CE can ping 7200 loop:

#ping 172.18.35.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.18.35.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/318/1212 ms

CE has default route of dialer:

#sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 1, metric 0 (connected), candidate default path
Routing Descriptor Blocks:
* directly connected, via Dialer2
Route metric is 0, traffic share count is 1

7200 has route for CEs LAN (192.168.130.0/24):

>sh ip route vrf HOCA 192.168.130.0
Routing entry for 192.168.130.0/24
Known via "static", distance 1, metric 0
Redistributing via bgp 17766
Advertised by bgp 17766
Routing Descriptor Blocks:
* 172.18.35.2
Route metric is 0, traffic share count is 1

But cannot ping lan IP of CE:

>ping vrf HOCA 192.168.130.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.130.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

vlan is definitely up on CE:

#sh int vlan 1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 1cdf.0f12.ddae (bia 1cdf.0f12.ddae)
Description: EHOCA_3G_LAN
Internet address is 192.168.130.1/24
MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00

If I debug icmp, I am seeing unusual output(In that I have never seen "topology BASE, dscp 0 topoid 0" etc)

icmp that is working seems to be marked as dscp 10, where the icmp that isn't working is marked as dscp 0(probably coincidence)

*Feb 2 05:13:06.251: ICMP: echo reply rcvd, src 172.18.35.1, dst 172.18.35.2, topology BASE, dscp 10 topoid 0
*Feb 2 05:13:06.291: ICMP: echo reply rcvd, src 172.18.35.1, dst 172.18.35.2, topology BASE, dscp 10 topoid 0
*Feb 2 05:13:06.991: ICMP: echo reply rcvd, src 172.18.35.1, dst 172.18.35.2, topology BASE, dscp 10 topoid 0
*Feb 2 05:13:07.291: ICMP: echo reply rcvd, src 172.18.35.1, dst 172.18.35.2, topology BASE, dscp 10 topoid 0
*Feb 2 05:13:07.531: ICMP: echo reply rcvd, src 172.18.35.1, dst 172.18.35.2, topology BASE, dscp 10 topoid 0
*Feb 2 05:13:22.563: ICMP: echo reply sent, src 192.168.130.1, dst 172.18.35.1, topology BASE, dscp 0 topoid 0
*Feb 2 05:13:24.567: ICMP: echo reply sent, src 192.168.130.1, dst 172.18.35.1, topology BASE, dscp 0 topoid 0
*Feb 2 05:13:26.551: ICMP: echo reply sent, src 192.168.130.1, dst 172.18.35.1, topology BASE, dscp 0 topoid 0
*Feb 2 05:13:28.551: ICMP: echo reply sent, src 192.168.130.1, dst 172.18.35.1, topology BASE, dscp 0 topoid 0
*Feb 2 05:13:30.551: ICMP: echo reply sent, src 192.168.130.1, dst 172.18.35.1, topology BASE, dscp 0 topoid 0

IOS is c880data-universalk9-mz.151-1.T1.bin

CE config is one we use for all vrf CE's (no nat, no acl's - very simple config), and the 7200(LNS) has 00's of DSL tails terminating on it that work without issue.

Any suggestions are greatly appreciated.

johnelliot6 · ‎02-02-2011

Found out it is the 3G supplier that is blocking routed subnets - Any suggestions on a work-around(Potentially use a tunnel to route the additional subnet?)