Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1082
Views
0
Helpful
10
Replies

Configure Fiber With ISR C1101-P

Go to solution
vpoon87
Level 1
Level 1

‎12-18-2020 05:27 PM - edited ‎12-18-2020 08:14 PM

Hi all,

 

I'm having a problem setting up an ISR C1101-P to work with our fiber Internet provider. We have an ethernet handoff from the fiber provider. They provided us a /29 block of public IP addresses and also advised us what our WAN IP address should be. I plan to connect our firewall on Gig0/1/0 and number it with an available public IP. I have the default route pointing to the Internet provider's Serial IP address in the configuration but the devices on our public IP side do not route to the WAN side and to the Internet.

 

I've setup older models of the Cisco routers similarly but this is the first time I'm using an ISR model. What am I missing?

 

Here is the configuration and thanks in advance.

 

Victor

 

version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname router1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
redundancy
!
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/0/0
ip address 2.2.2.1 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 1.1.1.1 255.255.255.248
!
ip default-gateway 2.2.2.2
no ip nat settings support mapping outside
ip forward-protocol nd
no ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to vpoon87

‎12-21-2020 11:51 AM

Ok i understand in that case you can do like this

 

interface GigabitEthernet0/1/0
switchport access vlan 10

no shutdown

 

interface Vlan1

no ip address

!

interface Vlan10

ip address x.x.202.193 255.255.255.224

no shutdown

!

 

this should work.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

0 Helpful
10 Replies 10

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-19-2020 12:33 AM

FW does the NAT config you may not see some config - that was configured automatically.

 

try below basic config see if that work before makes more complex config or your requirement :

 

 

interface GigabitEthernet0/0/0
ip address 2.2.2.1 255.255.255.252
ip nat outside
negotiation auto
!
interface Vlan1
ip address 1.1.1.1 255.255.255.248
ip nat inside
!
no ip default-gateway 2.2.2.2
!

access-list 1 permit 1.1.1.0 0.0.0.7
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
!
ip route 0.0.0.0 0.0.0.0 2.2.2.2

 

TESTINGs:

 

1. ping 2.2.2.2 is that working (hope 2.2.2.2 is the provider IP replace with real ip in config)

2. ping 8.8.8.8

3. configure PC with 1.1.1.X series IP address ( make sure you use google DNS 8.8.8.8) test and advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
vpoon87
Level 1
Level 1
In response to balaji.bandi

‎12-20-2020 11:44 AM

Hi BB,

Thank you very much for the reply. However, it's still not routing between the interfaces. Here is what I have and can't still ping devices between each other over the router.

 

Victor

 

version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!

!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
license udi pid C1101-4P sn FGL233215DK
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
!
!
vlan internal allocation policy ascending

!
!
interface GigabitEthernet0/0/0
ip address 2.2.2.1 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 1.1.1.1 255.255.255.248
ip nat inside
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 2.2.2.2
!
!
access-list 1 permit 1.1.1.0 0.0.0.7
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
password xxxxxxxxx
login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to vpoon87

‎12-20-2020 12:21 PM

it's still not routing between the interfaces. I-  Like to know more, i was in the impression you have a Router connected to the (router interface configured and belong to VLAN 1) switch - and the device has (PC 1.1.1.X address)  - is this correct or please explain more to understand.

 

questions :

 

1. Are you able to ping from the router to 2.2.2.2?

2. are you able to ping from router 8.8.8.8 ?

 

is this 2.2.2.X address and 1.1.1.X is the real config of the device ? or changed or masked with original information?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
vpoon87
Level 1
Level 1
In response to balaji.bandi

‎12-20-2020 12:28 PM

Hi BB,

 

I have the setup in a lab environment right now so I can't ping 8.8.8.8. I have pingable devices connected to both interfaces so I can test the configuration through end to end. The devices (PCs) have the IP addresses I have assigned from the ISP. On the LAN side, the IP address is a usable IP address within our LAN. The other PC on the WAN side has the serial IP of the ISP.

 

The addresses were changed to make the original configuration but the subnet masks are the original assigned by the ISP.

 

Thanks

Victor

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-20-2020 12:35 PM

The other PC on the WAN side has the serial IP of the ISP.  - This means you are not really connected to ISP ? so how do you expect to ping to 8.8.8.8

 

i am afraid we can assist with the imagination of IP addresses here. Please do post correct information masking first 2 octets on the publci side IP and Local IP anyway RFC 1918 so no need to mask to understand the problem correctly.

 

Do you have any paper with you, please do draw a small diagram of how this connected, i do not see any config on the Router Lan side on the port (which one connected) other than VLAN 1 config?

 

what kind of more testing you did, what is not working, what is the end goal?

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
vpoon87
Level 1
Level 1
In response to balaji.bandi

‎12-20-2020 01:11 PM - edited ‎12-20-2020 01:36 PM

I'm not able to connect the device to the Internet as I need to configure the device and ship it to a different location. That is why I have setup the device in a lab with PCs acting as the remote IP devices. I am trying to hook up things like this-
[Diagram Description automatically generated]
Thanks

Preview file
50 KB
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎12-21-2020 12:22 AM

here is sample config on router  and FW need to configure to work.

 

interface GigabitEthernet0/0/0
ip address x.x.127.210 255.255.255.252
no shutdown
!
interface GigabitEthernet0/1/0
ip address x.x.202.193 255.255.255.224
no shutdown
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
no interface Vlan1
!
no ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 x.x.127.209
!
!

 

Test  -

2. are you able to ping ISP IP x.x.127.209 ?

 are you able to ping from router 8.8.8.8 ?

 

1. On the FW configure as mentioned Interface 0
x.x.202.194 255.255.255.224

2. you FW need to configure NAT

3. FW default route point t0 x.x.202.193

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
vpoon87
Level 1
Level 1
In response to balaji.bandi

‎12-21-2020 09:54 AM

Hi BB,
That is how I've had other Cisco routers configured before but on this device I am not able to directly put an IP address on Gig0/1/0 as it doesn't take the command. I'm not able to "no interface Vlan1" either as it says I cannot delete the default Vlan.
Thanks
Victor
0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame
In response to vpoon87

‎12-21-2020 11:51 AM

Ok i understand in that case you can do like this

 

interface GigabitEthernet0/1/0
switchport access vlan 10

no shutdown

 

interface Vlan1

no ip address

!

interface Vlan10

ip address x.x.202.193 255.255.255.224

no shutdown

!

 

this should work.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
vpoon87
Level 1
Level 1
In response to balaji.bandi

‎12-21-2020 11:56 AM

Thanks for your help BB! 

That worked!

 

Regards

Victor

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card