Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2230
Views
0
Helpful
7
Replies

Cisco Router 891

indagiji
Level 1
Level 1

‎03-30-2019 02:42 PM

Hi,

We have Cisco Router 891 and after power outage, the GE WAN port connected to ISP loses traffic, LAN is okay.

 For the traffic to come back, we have to re-configure the WAN port by reputing ISP ip, mask, no shut,  ip nat outside

note: the router does not lose any configuration after power outage. 

Question: any workaround/suggestion to keep the WAN traffic active after power outage?

Labels:
0 Helpful
7 Replies 7

Georg Pauwen
VIP
VIP

‎04-01-2019 08:57 AM

Hello,

 

hard to say, it could be just the NAT translations...what happens if you issue 'clear ip nat translation *', does that restore connectivity ?

 

In any case post the full configuration of the router anyway...

0 Helpful

indagiji
Level 1
Level 1
In response to Georg Pauwen

‎04-04-2019 06:02 AM

hello,

I applied the script and it seems working but power outage for more than 1 hour the problem reoccurs.

maybe NAT translations problem? I am posting the full config, kindly check and advise. 

thanks a lot

 

Building configuration...

Current configuration : 9429 bytes
!
! Last configuration change at 12:11:41 GMT Thu Apr 4 2019 by piass1
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
enable secret 5 $1$aaR2$kThhtE4DA.J8fqHfnwZks/
!
no aaa new-model
!
!
!
clock timezone GMT 2
!
crypto pki trustpoint TP-self-signed-3253301719
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3253301719
revocation-check none
rsakeypair TP-self-signed-3253301719
!
!
crypto pki certificate chain TP-self-signed-3253301719
certificate self-signed 01
30820244 308201AD A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323533 33303137 3139301E 170D3139 30343034 30393033
31335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32353333
30313731 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100DCCC 055A5ADD 806D0011 96117F93 ECA887F6 E1B721FE 04D56D14 DD34B0F4
1746C0F8 F6C711BB 91F868A0 F0D1DF71 857EE5BD 67C2E298 DF91B04A E1793FA1
64892B66 599AE7DA A501C611 422C99F7 3E680576 EF34D532 39483B77 A1EBF603
A5E402F2 012FF614 81869C27 B2162A41 2BA8A297 7CFA468C B4FFE780 3CBB4EB0
E8EB0203 010001A3 6C306A30 0F060355 1D130101 FF040530 030101FF 30170603
551D1104 10300E82 0C526F75 7465722E 70696173 73301F06 03551D23 04183016
8014C1BB 8D979BD2 B25F4DFD 50D5EF68 72CD60E2 9292301D 0603551D 0E041604
14C1BB8D 979BD2B2 5F4DFD50 D5EF6872 CD60E292 92300D06 092A8648 86F70D01
01040500 03818100 AEDFC0D9 7786734C EE72BAC9 E420C664 355A7F09 E9259BB6
F4E86425 DEE8E2A4 E5C00272 D81A07A3 9631987F D3EB5CE4 F667D46C 895300F6
232A9682 A48A5145 4F5795DC 1641E633 CAE5FF03 FCC2AA75 A69D1A47 71AD2B36
3F58C0D4 A4791427 5AEBC186 A34A2D01 9E69B563 AA45D8A2 ABCC0652 ACAE15A5
12DAC0D1 9FBDEE36
quit
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
ip dhcp excluded-address 192.168.2.1 192.168.2.15
ip dhcp excluded-address 192.168.3.1 192.168.3.15
ip dhcp excluded-address 192.168.4.1 192.168.4.15
ip dhcp excluded-address 192.168.5.1 192.168.5.15
ip dhcp excluded-address 192.168.6.1 192.168.6.15
ip dhcp excluded-address 192.168.7.1 192.168.7.15
ip dhcp excluded-address 192.168.1.1 192.168.1.40
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server x.x.x.x x.x.x ISP dns1, 2
lease 0 2
!
ip dhcp pool poolVLAN10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 41.74.172.61 41.74.172.62
lease 0 2
!
ip dhcp pool vlan20
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.1
dns-server x.x.x.x x.x.x.x ISP dns1,2
!
ip dhcp pool vlan30
import all
network 192.168.3.0 255.255.255.0
default-router 192.168.3.1
dns-server x.x.x.x.x x.x.x.x ISP dn1,2

ip dhcp pool vlan40
import all
network 192.168.4.0 255.255.255.0
default-router 192.168.4.1
dns-server x.x.x.x x.x.x.x ISP dns1,2
!
ip dhcp pool vlan50
import all
network 192.168.5.0 255.255.255.0
default-router 192.168.5.1
dns-server x.x.x.x x.x.x.x ISP dns1, 2
!
ip dhcp pool vlan60
import all
network 192.168.6.0 255.255.255.0
default-router 192.168.6.1
dns-server x.x.x.x x.x.x.x ISP dns1,2

ip dhcp pool vlan70
import all
network 192.168.7.0 255.255.255.0
default-router 192.168.7.1
dns-server x.x.x.x x.x.x.x ISP dns1, dns2
!
!
ip cef
ip domain name piass
ip name-server x.x.x.x
ip name-server x.x.x.x
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO891-K9 sn FTX1508013A
!
!
object-group network local_lan_subnets
10.10.10.0 255.255.255.128
192.168.1.0 255.255.255.0
192.168.2.0 255.255.255.0
192.168.3.0 255.255.255.0
192.168.4.0 255.255.255.0
192.168.5.0 255.255.255.0
192.168.6.0 255.255.255.0
192.168.7.0 255.255.255.0
10.10.10.0 255.255.255.248
!
username pass1 privilege 15 password 0 pass4321
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
switchport access vlan 10
!
!
interface FastEthernet2
switchport access vlan 20
!
!
interface FastEthernet3
switchport access vlan 30
!
!
interface FastEthernet4
switchport access vlan 40
!
!
interface FastEthernet5
switchport access vlan 50
!
!
interface FastEthernet6
switchport access vlan 60
!
!
interface FastEthernet7
switchport access vlan 70
!
!
interface FastEthernet8
no ip address
duplex auto
speed auto
!
!
interface GigabitEthernet0
ip address x.x.x.x x.x.x.x ISP ip, mask
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!
interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan20
ip address 192.168.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan30
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan40
ip address 192.168.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan50
ip address 192.168.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan60
ip address 192.168.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan70
ip address 192.168.7.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Async1
no ip address
encapsulation slip
!
!
interface Dialer1
description PrimaryWANDesc__GigabitEthernet0
no ip address
ip mtu 1452
ip nat outside
ip virtual-reassembly
no cdp enable
!
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 ISP GW
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.1.0 0.0.0.255
access-list 23 permit 192.168.2.0 0.0.0.255
access-list 23 permit 192.168.3.0 0.0.0.255
access-list 23 permit 192.168.4.0 0.0.0.255
access-list 23 permit 192.168.5.0 0.0.0.255
access-list 23 permit 192.168.6.0 0.0.0.255
access-list 23 permit 192.168.7.0 0.0.0.255
no cdp run

!
!
!
!
!
!
control-plane
!
!
banner exec ^C
% Password expiration warning.
-----------------------------------------------------------------------

Cisco Configuration Professional (Cisco CP) is installed on this device
and it provides the default username "cisco" for one-time use. If you have
already used the username "cisco" to login to the router and your IOS image
supports the "one-time" user option, then this username has already expired.
You will not be able to login to the router with this username after you exit
this session.

It is strongly suggested that you create a new username with a privilege level
of 15 using the following command.

username <myuser> privilege 15 secret 0 <mypassword>

Replace <myuser> and <mypassword> with the username and password you want to
use.

-----------------------------------------------------------------------
^C
banner login ^C
-----------------------------------------------------------------------
Cisco Configuration Professional (Cisco CP) is installed on this device.
This feature requires the one-time use of the username "cisco" with the
password "cisco". These default credentials have a privilege level of 15.

YOU MUST USE CISCO CP or the CISCO IOS CLI TO CHANGE THESE PUBLICLY-KNOWN
CREDENTIALS

Here are the Cisco IOS commands.

username <myuser> privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want
to use.

IF YOU DO NOT CHANGE THE PUBLICLY-KNOWN CREDENTIALS, YOU WILL NOT BE ABLE
TO LOG INTO THE DEVICE AGAIN AFTER YOU HAVE LOGGED OFF.

For more information about Cisco CP please follow the instructions in the
QUICK START GUIDE for your router or go to http://www.cisco.com/go/ciscocp
-----------------------------------------------------------------------
^C
!
line con 0
exec-timeout 9 30
password pass4321
login
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
password pass4321
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
login local
transport input telnet ssh
!
scheduler max-task-time 5000
event manager applet RECONFIGURE_INTERFACE
event timer countdown time 10
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "default interface GigabitEthernet0"
action 4.0 cli command "interface GigabitEthernet0"
action 5.0 cli command "ip address 197.243.61.146 255.255.255.252"
action 6.0 cli command "ip nat outside"
action 7.0 cli command "end"
!
end

 

0 Helpful

paul driver
VIP
VIP

‎04-01-2019 10:08 AM - edited ‎04-01-2019 11:39 AM

Hello
I would be more concerned with your frequent power outages
Can you confirm how your wan connection is attached - It is via an access port or a direct routed port?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

indagiji
Level 1
Level 1
In response to paul driver

‎04-01-2019 02:14 PM

Hi,

The ISP RJ45 cable(from fiber to copper media converter)is directly connected to the Router GE0 WAN port(no modem).

ISP provided ip, mask, gw. dns1,dns2 and everything works perfectly. But after power outage or power cut the WAN port is up has no traffic with steady green light not blinking, not passing traffic. I have to reconfigure ISP details on WAN port to have the traffic and the internet back. Is there any workaround to keep the WAN traffic active even after power cut. see below my configuration and advise. Thanks for your assistance.

 

Building configuration...

Current configuration : 6330 bytes
!
! Last configuration change at 12:55:49 GMT Fri Mar 22 2019 by piass1
!
version 15.0
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
!
!
clock timezone GMT 2
!
crypto pki trustpoint TP-self-signed-3253301719
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3253301719
revocation-check none
rsakeypair TP-self-signed-3253301719
!
!
crypto pki certificate chain TP-self-signed-3253301719
certificate self-signed 01
3082024A 308201B3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33323533 33303137 3139301E 170D3139 30333232 31303033
33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 32353333
30313731 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BC5A 1A69C301 A90E6471 2B268BB3 0BE3908A 92E7A48C E9F39BEE D23C7F24
C3660827 97CA8BB7 A9051E4D 99F85F57 3F0C8A44 CE680C87 553CC96C 20B9E233
4FA7AFE6 56E9BACF 558B44EB F4684476 A6A3432A D320829B EEFF55F3 B1C30510
F853EB04 C1A33188 D3C29FD3 805B5902 816D4D1E DC5F081D 64C5A68D 25CE9B27
B2E50203 010001A3 72307030 0F060355 1D130101 FF040530 030101FF 301D0603
551D1104 16301482 12526F75 7465722E 70696173 732E6163 2E727730 1F060355
1D230418 30168014 09A2A34B 76F5BECB 7276ECF1 FD051186 C9BD433E 301D0603
551D0E04 16041409 A2A34B76 F5BECB72 76ECF1FD 051186C9 BD433E30 0D06092A
864886F7 0D010104 05000381 8100724C FDD50EB5 BF616E6E 9E9842DD 08E68189
BD1ABDAA BD5BD1F8 9E7A627C B9B4105C 623AC421 CA0E4A71 32BDBBA4 F6B674BA
A01C28DD A5FE4269 27192B94 10F834F2 45B6C846 0E39F3CF 9D02EF0D 5E9206F0
4435CE60 8BABBCAE D373F43F 901D61CE FC307F95 15E532FE CB7A3F7B 56F27418
5204D9B6 D61D5DEA 9BACB143 C451
quit
ip source-route
!
!
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 192.168.1.1
!
ip dhcp pool ccp-pool
import all
network 10.10.10.0 255.255.255.248
default-router 10.10.10.1
dns-server x.x.x.x x.x.x.x ISP dns1, dns2
lease 0 2
!
ip dhcp pool poolVLAN10
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server x.x.x.x x.x.x.x ISP dns1, dn2
lease 0 2
!
!
ip cef
ip domain name paiss
ip name-server x.x.x.x ISP Dns1
ip name-server x.x.x.x ISP Dns2
no ipv6 cef
!
!
multilink bundle-name authenticated

!
object-group network local_lan_subnets
10.10.10.0 255.255.255.128
192.168.1.0 255.255.255.0
!
username ndagijis2 privilege 15 password 0 mark4321
!
!
!
!
!
!
!
!
!
interface FastEthernet0
!
!
interface FastEthernet1
switchport access vlan 1
!
!
interface FastEthernet2
switchport access vlan 10
!
!
interface FastEthernet3
!
!
interface FastEthernet4
!
!
interface FastEthernet5
!
!
interface FastEthernet6
!
!
interface FastEthernet7
!

interface FastEthernet8
no ip address
duplex auto
speed auto

!

interface GigabitEthernet0
description PrimaryWANDesc_
ip address x.x.x.x  x.x.x.x   ISP IP. mask
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
!

interface Vlan1
description $ETH-SW-LAUNCH$$INTF-INFO-FE 1$
ip address 10.10.10.1 255.255.255.248
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Vlan10
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
!
interface Async1
no ip address
encapsulation slip
!
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list nat-list interface GigabitEthernet0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 ISP GW
!
ip access-list extended nat-list
permit ip object-group local_lan_subnets any
deny ip any any
!
access-list 23 permit 10.10.10.0 0.0.0.7
access-list 23 permit 192.168.1.0 0.0.0.255
no cdp run

0 Helpful

Georg Pauwen
VIP
VIP

‎04-01-2019 11:23 AM

Hello,

 

you can automate the process by configuring the EEM script below on your router:

 

event manager applet RECONFIGURE_INTERFACE
event syslog pattern "SYS-5-RESTART"
event timer countdown time 10
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "default interface FastEthernet8"
action 4.0 cli command "interface FastEthernet8"
action 5.0 cli command "ip address x.x.x.x y.y.y.y"
action 6.0 cli command "ip nat outside"
action 7.0 cli command "no shut"
action 8.0 cli command "end"

0 Helpful

Georg Pauwen
VIP
VIP
In response to Georg Pauwen

‎04-01-2019 11:40 PM

Hello,

 

one of the networks in your object group has the wrong subnet mask:

 

object-group network local_lan_subnets
10.10.10.0 255.255.255.128 --> needs to be 248

 

Also since you know the next hop of your iSP Gateway, remove the static route pointing to the interface:

 

--> no ip route 0.0.0.0 0.0.0.0 GigabitEthernet0

The script I posted earlleri, in case you are using it, needs to be adapted slightly and use GigabitEthernet0 instead of FastEthernet8:

 

event manager applet RECONFIGURE_INTERFACE
event syslog pattern "SYS-5-RESTART"
event timer countdown time 10
action 1.0 cli command "enable"
action 2.0 cli command "conf t"
action 3.0 cli command "default interface GigabitEthernet0"
action 4.0 cli command "interface GigabitEthernet0"
action 5.0 cli command "ip address x.x.x.x y.y.y.y"
action 6.0 cli command "ip nat outside"
action 7.0 cli command "no shut"
action 8.0 cli command "end"

 

Can you post the output of:

 

sh ip nat translation *

0 Helpful

indagiji
Level 1
Level 1
In response to Georg Pauwen

‎04-03-2019 02:56 PM

Dear Greg,

Thanks for your inputs. I was out of the office

I will try the script and let you know. I have other 2 concerns

1. To access/enable my router config mode, I use password. is this password not required to be entered in the script?

2 In my config file, I have the following 2 similar entries, should I disable the 2nd entry if it can cause problem?.

 

1st correct entry:

interface GigabitEthernet0
description PrimaryWANDesc_
ip address x.x.x.x y.y.y.y    ISP ip, mask
ip nat outside
ip virtual-reassembly
duplex auto
speed auto

 

2nd entry

interface Dialer1
description PrimaryWANDesc__GigabitEthernet0
no ip address
ip mtu 1452
ip nat outside
ip virtual-reassembly
no cdp enable

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card