Solved: Configure Fiber With ISR C1101-P

vpoon87 · ‎12-18-2020

Hi all,

I'm having a problem setting up an ISR C1101-P to work with our fiber Internet provider. We have an ethernet handoff from the fiber provider. They provided us a /29 block of public IP addresses and also advised us what our WAN IP address should be. I plan to connect our firewall on Gig0/1/0 and number it with an available public IP. I have the default route pointing to the Internet provider's Serial IP address in the configuration but the devices on our public IP side do not route to the WAN side and to the Internet.

I've setup older models of the Cisco routers similarly but this is the first time I'm using an ISR model. What am I missing?

Here is the configuration and thanks in advance.

Victor

version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname router1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
redundancy
!
!
vlan internal allocation policy ascending
!
!
!
interface GigabitEthernet0/0/0
ip address 2.2.2.1 255.255.255.252
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 1.1.1.1 255.255.255.248
!
ip default-gateway 2.2.2.2
no ip nat settings support mapping outside
ip forward-protocol nd
no ip http server
ip http secure-server
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

balaji.bandi · ‎12-21-2020

Ok i understand in that case you can do like this

interface GigabitEthernet0/1/0
switchport access vlan 10

no shutdown

interface Vlan1

no ip address

!

interface Vlan10

ip address x.x.202.193 255.255.255.224

no shutdown

!

this should work.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

balaji.bandi · ‎12-19-2020

FW does the NAT config you may not see some config - that was configured automatically.

try below basic config see if that work before makes more complex config or your requirement :

interface GigabitEthernet0/0/0
ip address 2.2.2.1 255.255.255.252
ip nat outside
negotiation auto
!
interface Vlan1
ip address 1.1.1.1 255.255.255.248
ip nat inside
!
no ip default-gateway 2.2.2.2
!

access-list 1 permit 1.1.1.0 0.0.0.7
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
!
ip route 0.0.0.0 0.0.0.0 2.2.2.2

TESTINGs:

1. ping 2.2.2.2 is that working (hope 2.2.2.2 is the provider IP replace with real ip in config)

2. ping 8.8.8.8

3. configure PC with 1.1.1.X series IP address ( make sure you use google DNS 8.8.8.8) test and advise.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

vpoon87 · ‎12-20-2020

Hi BB,

Thank you very much for the reply. However, it's still not routing between the interfaces. Here is what I have and can't still ping devices between each other over the router.

Victor

version 16.8
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!

!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
license udi pid C1101-4P sn FGL233215DK
no license smart enable
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
!
!
vlan internal allocation policy ascending

!
!
interface GigabitEthernet0/0/0
ip address 2.2.2.1 255.255.255.252
ip nat outside
negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface Vlan1
ip address 1.1.1.1 255.255.255.248
ip nat inside
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 2.2.2.2
!
!
access-list 1 permit 1.1.1.0 0.0.0.7
!
!
!
!
control-plane
!
!
line con 0
transport input none
stopbits 1
line vty 0 4
password xxxxxxxxx
login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

balaji.bandi · ‎12-20-2020

it's still not routing between the interfaces. I- Like to know more, i was in the impression you have a Router connected to the (router interface configured and belong to VLAN 1) switch - and the device has (PC 1.1.1.X address) - is this correct or please explain more to understand.

questions :

1. Are you able to ping from the router to 2.2.2.2?

2. are you able to ping from router 8.8.8.8 ?

is this 2.2.2.X address and 1.1.1.X is the real config of the device ? or changed or masked with original information?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

vpoon87 · ‎12-20-2020

Hi BB,

I have the setup in a lab environment right now so I can't ping 8.8.8.8. I have pingable devices connected to both interfaces so I can test the configuration through end to end. The devices (PCs) have the IP addresses I have assigned from the ISP. On the LAN side, the IP address is a usable IP address within our LAN. The other PC on the WAN side has the serial IP of the ISP.

The addresses were changed to make the original configuration but the subnet masks are the original assigned by the ISP.

Thanks

Victor

balaji.bandi · ‎12-20-2020

The other PC on the WAN side has the serial IP of the ISP. - This means you are not really connected to ISP ? so how do you expect to ping to 8.8.8.8

i am afraid we can assist with the imagination of IP addresses here. Please do post correct information masking first 2 octets on the publci side IP and Local IP anyway RFC 1918 so no need to mask to understand the problem correctly.

Do you have any paper with you, please do draw a small diagram of how this connected, i do not see any config on the Router Lan side on the port (which one connected) other than VLAN 1 config?

what kind of more testing you did, what is not working, what is the end goal?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

vpoon87 · ‎12-20-2020

I'm not able to connect the device to the Internet as I need to configure the device and ship it to a different location. That is why I have setup the device in a lab with PCs acting as the remote IP devices. I am trying to hook up things like this-
[Diagram Description automatically generated]
Thanks

balaji.bandi · ‎12-21-2020

here is sample config on router and FW need to configure to work.

interface GigabitEthernet0/0/0
ip address x.x.127.210 255.255.255.252
no shutdown
!
interface GigabitEthernet0/1/0
ip address x.x.202.193 255.255.255.224
no shutdown
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
no interface Vlan1
!
no ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip route 0.0.0.0 0.0.0.0 x.x.127.209
!
!

Test -

2. are you able to ping ISP IP x.x.127.209 ?

are you able to ping from router 8.8.8.8 ?

1. On the FW configure as mentioned Interface 0
x.x.202.194 255.255.255.224

2. you FW need to configure NAT

3. FW default route point t0 x.x.202.193

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

vpoon87 · ‎12-21-2020

Hi BB,
That is how I've had other Cisco routers configured before but on this device I am not able to directly put an IP address on Gig0/1/0 as it doesn't take the command. I'm not able to "no interface Vlan1" either as it says I cannot delete the default Vlan.
Thanks
Victor

balaji.bandi · ‎12-21-2020

Ok i understand in that case you can do like this

interface GigabitEthernet0/1/0
switchport access vlan 10

no shutdown

interface Vlan1

no ip address

!

interface Vlan10

ip address x.x.202.193 255.255.255.224

no shutdown

!

this should work.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

vpoon87 · ‎12-21-2020

Thanks for your help BB!

That worked!

Regards

Victor