Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
838
Views
5
Helpful
5
Replies

Cisco 887VA booting issue with static NAT

Go to solution
the_maxtor
Level 1
Level 1

‎03-07-2018 01:51 PM - edited ‎03-05-2019 10:03 AM

Hi all,

 

i have a strange issue with a Cisco 887va-k9.

I configured an ATM point to point sub interface, an interface vlan for LAN use with private address, an overload NAT to give internet access to LAN and a port forwarding to access to a web server from internet.

All work until the router restart, during reload it stop at the choose config file step.

If i remove the port forwarding command, the router reboot without problem.

 

Any idea/advice?

 

This is the config:

version 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname name
!
boot-start-marker
boot-end-marker
!
!
enable secret 5
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!


!
!
!
!
ip domain name dominio
ip name-server 151.99.125.2
ip name-server 151.99.250.2
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
license udi pid C887VA-K9 sn FCZ220190RS
!
!
username admin secret 5
!
!
!
!
!
controller VDSL 0
!
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
ip address X.X.X.54 255.255.255.252
ip nat outside
ip virtual-reassembly in
pvc 8/35
oam-pvc manage
oam retry 5 5 1
encapsulation aal5snap
!
!
interface Ethernet0
no ip address
shutdown
!
interface FastEthernet0
switchport access vlan 10
no ip address
!
interface FastEthernet1
no ip address
!
interface FastEthernet2
no ip address
!
interface FastEthernet3
no ip address
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan10
description management
ip address 192.168.200.14 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
!
ip nat pool PUBLIC Y.Y.Y.70 Y.Y.Y.70 netmask 255.255.255.252
ip nat inside source list 101 pool PUBLIC overload
ip nat inside source static tcp 192.168.1.200 554 Y.Y.Y.70 554 extendable
ip nat inside source static tcp 192.168.1.201 2000 Y.Y.Y.70 2000 extendable
ip nat inside source static tcp 192.168.1.201 2001 Y.Y.Y.70 2001 extendable
ip nat inside source static tcp 192.168.1.200 8000 Y.Y.Y.70 8000 extendable
ip nat inside source static tcp 192.168.1.200 8080 Y.Y.Y.70 8080 extendable
ip route 0.0.0.0 0.0.0.0 X.X.X.53
ip route 192.168.0.0 255.255.0.0 192.168.200.1
ip ssh version 2
!
!
!
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
login local
transport input all
transport output all
line vty 5 15
login local
transport input all
transport output all
!
scheduler allocate 20000 1000
!
end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Georg Pauwen
VIP
VIP

‎03-08-2018 07:15 AM

Hello,

 

you might be hitting the bug below:

 

Router getting hang after reload when using static NAT
CSCve86017
Description
$$IGNORE

Router C887VA-K9 is not coming up after reload, while below static nat configuration command is present in startup-config.

ip nat inside source static tcp x.x.x.x yyyy x.x.x.x yyyy extendable

Device is completing boot process and getting hang. To get the device back, need to pass the startup-config from rommon mode.

Symptom:
Router is getting hang after reload when using static NAT configuration line as below:

ip nat inside source static tcp 192.168.1.150 3389 80.19.214.181 3389 extendable

Conditions:
Below static NAT configuration line saved in startup-config

ip nat inside source static tcp 192.168.1.150 3389 80.19.214.181 3389 extendable

Workaround:
Use dynamic rule or static rule without specific tcp/udp entry rule as of now.

 

Known Fixed Releases: (5)
15.7(3.1.14A)OT
15.7(3.1.8A)OT
15.7(3.1.6R)OT
15.7(3.0c)M
15.7(3)M1

View solution in original post

5 Replies 5

Go to solution
paul driver
VIP
VIP

‎03-08-2018 06:24 AM

Hello

Not so sure i understand, you reloaded your router and it failed to boot up correctly due to a port forwarding command?

 

As for your NAT configuration

I see your nat statements but dont see any access-list 101 which is specified and vlan 10 doesn't have nat applied to it either.

res

Paul

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
the_maxtor
Level 1
Level 1
In response to paul driver

‎03-08-2018 06:44 AM

Hi Paul,

 

you perfectly understand the situation.

Vlan10 doesn't need any kind of NAT, it's used only to manage the router.

 

Access list 101 is the following:

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

 

If i remove the following commands the router reload correctly:

ip nat inside source static tcp 192.168.1.200 554 Y.Y.Y.70 554 extendable
ip nat inside source static tcp 192.168.1.201 2000 Y.Y.Y.70 2000 extendable
ip nat inside source static tcp 192.168.1.201 2001 Y.Y.Y.70 2001 extendable
ip nat inside source static tcp 192.168.1.200 8000 Y.Y.Y.70 8000 extendable
ip nat inside source static tcp 192.168.1.200 8080 Y.Y.Y.70 8080 extendable

 

If those commands is in the startup config, the router doesn't complete the boot and all the led are off, except the OK led that is fixed green.

0 Helpful

Go to solution
Georg Pauwen
VIP
VIP

‎03-08-2018 07:15 AM

Hello,

 

you might be hitting the bug below:

 

Router getting hang after reload when using static NAT
CSCve86017
Description
$$IGNORE

Router C887VA-K9 is not coming up after reload, while below static nat configuration command is present in startup-config.

ip nat inside source static tcp x.x.x.x yyyy x.x.x.x yyyy extendable

Device is completing boot process and getting hang. To get the device back, need to pass the startup-config from rommon mode.

Symptom:
Router is getting hang after reload when using static NAT configuration line as below:

ip nat inside source static tcp 192.168.1.150 3389 80.19.214.181 3389 extendable

Conditions:
Below static NAT configuration line saved in startup-config

ip nat inside source static tcp 192.168.1.150 3389 80.19.214.181 3389 extendable

Workaround:
Use dynamic rule or static rule without specific tcp/udp entry rule as of now.

 

Known Fixed Releases: (5)
15.7(3.1.14A)OT
15.7(3.1.8A)OT
15.7(3.1.6R)OT
15.7(3.0c)M
15.7(3)M1

Go to solution
the_maxtor
Level 1
Level 1
In response to Georg Pauwen

‎03-08-2018 07:43 AM

What a wonderful bug. Who use static NAT in this world?

Anyway thanks Georg.
As soon as i receive a firmware with the fix, i'll try and i'll let you know
0 Helpful

Go to solution
the_maxtor
Level 1
Level 1
In response to the_maxtor

‎03-15-2018 07:08 AM

Hi all,

with the update of IOS the bug is fixed.
I installed IOS 15.7(3)M1, that is one of the known release with the specific fix.

Now i can reboot my Cisco 887VA-K9, with static NAT configuration, without any problem.

Thanks all for the help.
0 Helpful
Customers Also Viewed These Support Documents