Solved: Re: Cisco router connection via Virgin Media Hub

RokasK · ‎10-05-2021

Hello guys,

C897VAG-LTE-GA-K9

I give up! I can't get my head around why I don't have connection to outside world via Virgin Media HUB (UK). I can connect to local devices though. Please take a look at running-config and tell me what do I miss

Router(config)#do show run
Building configuration...

Current configuration : 2493 bytes
!
! Last configuration change at 20:31:06 UTC Tue Oct 5 2021
!
version 15.5
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
ip dhcp pool INTERNAL
network 10.10.10.0 255.255.255.248
dns-server 8.8.8.8 1.1.1.1
default-router 10.10.10.1
!

!
!
no ip domain lookup
ip cef
no ipv6 cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
chat-script lte "" "AT!CALL" TIMEOUT 20 "OK"
!
!
!
!
!
license udi pid C897VAG-LTE-GA-K9 sn FCZ194393LQ
!
!
vtp mode transparent
!
!
!
!
!
controller VDSL 0
!
controller Cellular 0
lte modem link-recovery rssi onset-threshold -110
lte modem link-recovery monitor-timer 20
lte modem link-recovery wait-timer 10
lte modem link-recovery debounce-count 6
!
!
!
!
!
!
!
!
!
!
!
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface Cellular0
no ip address
encapsulation slip
dialer in-band
dialer string lte
!
interface Cellular1
no ip address
encapsulation slip
!
interface Ethernet0

no ip address
shutdown
!
interface GigabitEthernet0
no ip address
!
interface GigabitEthernet1
no ip address
!
interface GigabitEthernet2
no ip address
!
interface GigabitEthernet3
no ip address
!
interface GigabitEthernet4
no ip address
!
interface GigabitEthernet5
no ip address
!
interface GigabitEthernet6
no ip address
!
interface GigabitEthernet7
no ip address
!
interface GigabitEthernet8
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface Vlan1
ip address 10.10.10.1 255.255.255.224
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source list 1 interface Vlan1 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet8
!
--More--
Translating "devicehelper.cisco.com" !
access-list 1 permit 10.10.10.0 0.0.0.31
!
control-plane
!
!
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
!
!
!
!
!
!
line con 0
logging synchronous
no modem enable
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
stopbits 1
line 3
script dialer lte
no exec
line 8
no exec
line vty 0 4
login
transport input none
!
scheduler allocate 20000 1000
ntp server devicehelper.cisco.com
!
end

Richard Burts · ‎10-05-2021

I just looked through the config and found a more serious issue. The address translation is not correct. Instead of

ip nat inside source list 1 interface Vlan1 overload

use

ip nat inside source list 1 interface G8 overload

HTH

Rick

View solution in original post

Richard Burts · ‎10-06-2021

One of the posts in this discussion tells us that the router has a very large arp table. And it says

and list goes on and on and on....

I don't think this is what it suppose to be ...

The very large arp table is the result of having the default route which specifies the outbound interface but does not specify a next hop address. If the static route specifies an outbound interface but not the next hop then IOS assumes that every destination reached for that route is locally connected. And if locally connected on an Ethernet interface then IOS will arp for EVERY remote destination. If you add the dhcp parameter to your static route (as I suggested) then you will find that your router will have a much smaller arp table.

HTH

Rick

View solution in original post

Richard Burts · ‎10-05-2021

I note that your default route point only to the outbound interface. Sometimes this causes issues. It might or might not be the problem here but I would suggest using a default route something like this

ip route 0.0.0.0 0.0.0.0 GigabitEthernet8 dhcp

In addition to that suggestion I do have some questions which might help identify the issue, if it is not the default route.

- do the devices connected to the router ports get a correct IP address?

- if they have correct IP address can they ping their default gateway?

- if they can ping their default gateway can they ping the router G8 IP address?

- if they can ping the router G8 interface post the output of tracert 8.8.8.8 from one of the devices.

HTH

Rick

Richard Burts · ‎10-05-2021

I just looked through the config and found a more serious issue. The address translation is not correct. Instead of

ip nat inside source list 1 interface Vlan1 overload

use

ip nat inside source list 1 interface G8 overload

HTH

Rick

Georg Pauwen · ‎10-05-2021

Hello,

the mask used in the DHCP pool is wrong also, it needs to be:

network 10.10.10.0 255.255.255.224

RokasK · ‎10-05-2021

Hey thanks for answer!

Why DHCP mask is wrong? 224 subnet is that I have 31 addresses minus broadcast and subnet which leaves me with 29 usable than I want to further assign a fraction of it for dhcp and rest leave for static which basically means dhcp 242 mask is 13 - 2 = 11 usable for dhcp clients

31(mask224) - 13(dhcp mask) = 18 static addresses and 13 dhcp

I cant check it right now but I will when I come back after work

Rokas

Georg Pauwen · ‎10-05-2021

Hello,

this is what you have configured:

ip dhcp pool INTERNAL
network 10.10.10.0 255.255.255.248
dns-server 8.8.8.8 1.1.1.1
default-router 10.10.10.1

This leaves you with only 6 host addresses, also, the mask on the Vlan 1 interface does not match:

interface Vlan1
ip address 10.10.10.1 255.255.255.224
ip nat inside
ip virtual-reassembly in

The mask in the pool needs to be the same:

ip dhcp pool INTERNAL
network 10.10.10.0 255.255.255.224
dns-server 8.8.8.8 1.1.1.1
default-router 10.10.10.1

RokasK · ‎10-06-2021

Georg

It was only one line that stopped me from connecting

Router(config)#no ip nat inside source lis 1 interface Vlan1 overload

Dynamic mapping in use, do you want to delete all entries? [no]: y
Router(config)#ip nat inside source lis 1 interface gi8 overload
Router(config)#

--- 8.8.8.8 ping statistics ---
129 packets transmitted, 41 packets received, 68.2% packet loss
round-trip min/avg/max/stddev = 14.209/16.657/19.693/1.202 ms
(base) rokas@Rokass-Mac-mini ~ % speedtest-cli
Retrieving speedtest.net configuration...
Testing from Virgin Media (8*.2*.1*4.*5)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Vodafone UK (Watford) [19.56 km]: 22.775 ms
Testing download speed................................................................................
Download: 327.69 Mbit/s
Testing upload speed......................................................................................................
Upload: 36.94 Mbit/s
(base) rokas@Rokass-Mac-mini ~ %

The original reason why I started to building configuration from zero is because I used

(base) rokas@Rokass-Mac-mini ~ % nmap --script=vuln 10.10.10.1
Starting Nmap 7.92 ( https://nmap.org ) at 2021-10-06 09:02 BST
Pre-scan script results:
| broadcast-avahi-dos:
| Discovered hosts:
| 224.0.0.251
| After NULL UDP avahi packet DoS (CVE-2011-1002).
|_ Hosts are all up (not vulnerable).
Nmap scan report for 10.10.10.1
Host is up (0.0015s latency).
Not shown: 994 closed tcp ports (conn-refused)
PORT STATE SERVICE
53/tcp open domain
2002/tcp open globe
4002/tcp open mlchat-proxy
6002/tcp open X11:2
6666/tcp open irc
9002/tcp open dynamid

Nmap done: 1 IP address (1 host up) scanned in 38.96 seconds
(base) rokas@Rokass-Mac-mini ~ %

and I wanted to block the ports I don't need and leave only 22 as open. I could block all of them and open only one that I need but afraid of that some of the things will be left closed and Im not going to figure that out.

RokasK · ‎10-06-2021

By the way WIFI works just fine. I have MikroTik AP and its set to find address via DHCP

Router#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.10.10.2 ecb5.fa2f.db90 Oct 06 2021 08:05 PM Automatic
10.10.10.3 01b8.69f4.cfb0.4c Oct 06 2021 08:05 PM Automatic
10.10.10.4 014c.20b8.e4c7.15 Oct 07 2021 07:30 AM Automatic
10.10.10.5 01a8.23fe.404a.20 Oct 07 2021 02:48 AM Automatic

RokasK · ‎10-06-2021

Georg

It looks like DHCP works as intended

my Mac ethernet interface

Router(config)#do show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.10.10.2 ecb5.fa2f.db90 Oct 07 2021 08:05 AM Automatic
10.10.10.3 01b8.69f4.cfb0.4c Oct 07 2021 08:05 AM Automatic
10.10.10.4 014c.20b8.e4c7.15 Oct 07 2021 07:30 AM Automatic
10.10.10.5 01a8.23fe.404a.20 Oct 07 2021 02:48 AM Automatic

Richard Burts · ‎10-06-2021

One of the posts in this discussion tells us that the router has a very large arp table. And it says

and list goes on and on and on....

I don't think this is what it suppose to be ...

The very large arp table is the result of having the default route which specifies the outbound interface but does not specify a next hop address. If the static route specifies an outbound interface but not the next hop then IOS assumes that every destination reached for that route is locally connected. And if locally connected on an Ethernet interface then IOS will arp for EVERY remote destination. If you add the dhcp parameter to your static route (as I suggested) then you will find that your router will have a much smaller arp table.

HTH

Rick

Richard Burts · ‎10-07-2021

I am gad that our suggestions have been helpful. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

paul driver · ‎10-06-2021

Hello
I don’t see any correct VDSL configuration, Would have expected to see the physical interface thats connected to the virgin modem being tagged, are you sure you need to be applying VDSL to your router?

Post the output-

sh controller vdsl 0
sh ip int brief

sh ip arp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

RokasK · ‎10-06-2021

Paul

Router#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 1.1.1.1 194 00af.1f1e.501a ARPA GigabitEthernet8
Internet 1.15.142.211 47 00af.1f1e.501a ARPA GigabitEthernet8
Internet 2.16.75.200 23 00af.1f1e.501a ARPA GigabitEthernet8
Internet 2.17.22.67 22 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.82.248.137 35 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.83.51.199 40 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.83.53.5 45 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.83.134.185 50 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.86.221.58 50 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.87.73.22 50 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.92.206.92 40 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.208.71.104 50 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.215.185.227 40 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.219.33.214 35 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.230.119.226 35 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.232.95.48 45 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.236.198.77 35 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.237.186.255 50 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.238.140.29 45 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.239.184.225 50 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.239.192.197 45 00af.1f1e.501a ARPA GigabitEthernet8
Internet 3.248.161.8 22 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.39.220.40 44 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.63.151.115 57 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.63.151.123 58 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.135.173.126 118 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.180.211.40 78 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.188.119.204 31 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.188.159.218 152 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.188.159.238 7 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.188.206.42 185 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.188.206.62 30 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.199.136.101 53 00af.1f1e.501a ARPA GigabitEthernet8
Internet 5.254.56.242 163 00af.1f1e.501a ARPA GigabitEthernet8
Internet 8.8.4.4 168 00af.1f1e.501a ARPA GigabitEthernet8
Internet 8.8.8.8 168 00af.1f1e.501a ARPA GigabitEthernet8
Internet 8.130.55.12 39 00af.1f1e.501a ARPA GigabitEthernet8
Internet 8.131.240.236 97 00af.1f1e.501a ARPA GigabitEthernet8
Internet 8.210.7.103 65 00af.1f1e.501a ARPA GigabitEthernet8
Internet 8.210.162.129 254 00af.1f1e.501a ARPA GigabitEthernet8
Internet 8.210.233.234 12 00af.1f1e.501a ARPA GigabitEthernet8

and list goes on and on and on....

I don't think this is what it suppose to be ...

Router#show ip int brief
Interface IP-Address OK? Method Status Protocol
ATM0 unassigned YES unset administratively down down
Cellular0 unassigned YES TFTP up up
Cellular1 unassigned YES unset down down
Ethernet0 unassigned YES unset administratively down down
GigabitEthernet0 unassigned YES unset up up
GigabitEthernet1 unassigned YES unset up up
GigabitEthernet2 unassigned YES unset down down
GigabitEthernet3 unassigned YES unset up up
GigabitEthernet4 unassigned YES unset down down
GigabitEthernet5 unassigned YES unset up up
GigabitEthernet6 unassigned YES unset up up
GigabitEthernet7 unassigned YES unset up up
GigabitEthernet8 8*.2*.1*4.*5 YES DHCP up up
NVI0 10.10.10.1 YES unset up up
Vlan1 10.10.10.1 YES TFTP up up
Router#