01-03-2013 11:56 PM - edited 03-04-2019 06:34 PM
Hello,
I am struggling to get this working afetr spending many hours looking at it I am now completely stuck. We are upgradng from a 857W to this 887 VA-M I have some experience of IOS and the 800 series. Our 857W works perfectly using almost the same config.
Our situation is that the router will sit in front of our firewall and act essentially as a simple router passing everything through to our Firewall. Nat is done at the Firewall.
We currently have the followig configuration that seems to connect the the ISP fine but I cannot connect to the vlan2 port on the switch teh firewall connot connect ot he internet or route anything via the Vlan2 port no pings etc.. I am using FastEthernet 0 as the Vlan2 port and the rest are Vlan 1 with a local network address to allow me to connect a laptop.
We have a block of static IP addresses, the base of which is assigned to the Vlan 2 interface and used by Dialer 0 as IP Unnumbered.
Can anyione see the problem with the config below. Any help would be much appreciated.
Many thanks
Tony
Using 4590 out of 262136 bytes ! ! Last configuration change at 17:42:06 UTC Thu Jan 3 2013 ! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013 ! NVRAM config last updated at 17:43:00 UTC Thu Jan 3 2013 version 15.1 no service pad service tcp-keepalives-in service tcp-keepalives-out service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname XXXXXXX ! boot-start-marker boot-end-marker ! ! security authentication failure rate 3 log security passwords min-length 6 logging buffered 51200 logging console critical enable secret 5 $1$H6dv$YjRUiq1nuOQpaJVyuRkvH. enable password 7 121A0C041104545C7D3D2525 ! aaa new-model ! ! aaa authentication login local_authen local aaa authorization exec local_author local ! ! ! ! ! aaa session-id common ! memory-size iomem 25 crypto pki token default removal timeout 0 ! crypto pki trustpoint TP-self-signed-3558655132 enrollment selfsigned subject-name cn=IOS-Self-Signed-Certificate-3558655132 revocation-check none rsakeypair TP-self-signed-3558655132 ! crypto pki trustpoint test_trustpoint_config_created_for_sdm subject-name e=sdmtest@sdmtest.com revocation-check crl ! ! crypto pki certificate chain TP-self-signed-3558655132 certificate self-signed 01 nvram:IOS-Self-Sig#1.cer crypto pki certificate chain test_trustpoint_config_created_for_sdm no ip source-route ! ! ! ! ! no ip cef no ip bootp server ip domain name our.domain ip name-server our.isp.dns.server1
ip name-server our.isp.dns.server2 no ipv6 cef ! ! multilink bundle-name authenticated license udi pid CISCO887VA-M-K9 sn FCZ1634C1NF license accept end user agreement license boot module c880-data level advipservices ! ! username USERNAME privilege 15 view root secret 5 $1$Nv.r$.SPASK/daeNsD3lu9LFvX/ ! ! ! ! controller VDSL 0 ! ip tcp synwait-time 10 no ip ftp passive ip ftp username USERNAME ip ftp password 7 03104C03015D711C16 ! ! ! ! ! ! ! interface Ethernet0 no ip address no ip redirects no ip unreachables no ip proxy-arp no ip route-cache shutdown ! interface ATM0 no ip address no ip redirects no ip unreachables no ip proxy-arp no ip route-cache no atm ilmi-keepalive ! interface ATM0.1 point-to-point description ISP CONNECTION no ip redirects no ip unreachables no ip proxy-arp no ip route-cache pvc 0/38 encapsulation aal5mux ppp dialer dialer pool-member 1 ! ! interface FastEthernet0 switchport access vlan 2 no ip address duplex full speed 100 ! interface FastEthernet1 no ip address duplex full speed 100 ! interface FastEthernet2 no ip address duplex full speed 100 ! interface FastEthernet3 no ip address duplex full speed 100 ! interface Vlan1 description $FW_INSIDE$ ip address 192.168.0.10 255.255.255.0 ip access-group 102 in no ip redirects no ip unreachables no ip proxy-arp no ip route-cache ! interface Vlan2 ip address our.static.ip.address our.static.subnet.mask ip access-group 100 in no ip redirects no ip unreachables no ip proxy-arp ip flow ingress ip flow egress ! interface Dialer0 description $FW_OUTSIDE$ ip unnumbered Vlan2 ip access-group 101 in no ip redirects no ip unreachables no ip proxy-arp encapsulation ppp dialer pool 1 dialer-group 1 ppp authentication chap callin ppp chap hostname OUR HOSTANME ppp chap password OUR PASSWORD ! ip forward-protocol nd ip http server ip http access-class 1 ip http secure-server ! ip flow-top-talkers top 20 sort-by bytes ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! logging trap debugging access-list 1 remark Auto generated by SDM Management Access feature access-list 1 remark CCP_ACL Category=1 access-list 1 permit 192.168.0.0 0.0.0.255 access-list 1 permit our.static.ip.address our.static.subnet.mask access-list 100 remark Auto generated by SDM Management Access feature access-list 100 remark CCP_ACL Category=1 access-list 100 permit ip any any access-list 101 remark Auto generated by SDM Management Access feature access-list 101 remark CCP_ACL Category=1 access-list 101 permit ip any any access-list 102 permit ip 192.168.0.0 0.0.0.255 any access-list 102 permit ip our.static.ip.address our.static.subnet.mask any dialer-list 1 protocol ip permit no cdp run ! ! ! ! ! ! ! control-plane ! ! line con 0 login authentication local_authen transport output telnet line aux 0 login authentication local_authen transport output telnet line vty 0 4 access-class 102 in password 7 00071A150754535E58 authorization exec local_author login authentication local_authen transport input telnet ssh transport output telnet ssh ! scheduler interval 500 endcommand completed.
01-04-2013 01:45 AM
In your setup Dialer0 and Vlan2 are different L3-interfaces that need routing by default. I never configured that but if you want to use them as one network you probably have to connect the dialer and the vlan with a bridge-group.
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
01-04-2013 02:43 AM
Thanks for the heads up. Now I am really confused.
Is there another way to do what I need. This should be a very simple config. ATM to the ISP with a static IP range and then connection from one of the switch ports to the firewall. Pass everthing both ways.
I only configured the Vlan1 so that I could connect to the router from my laptop with another cable, as I could not get to it via the firewall. The port shows up (lights on) but nothing goes up or down.
Ideally I would want to use it at the moment almost acting like a simple modem, if I could simply bridge the atm and Vlan2 ports and plug straight into the firewall that might save me an IP address. I could still use the Vlan1 for configuration.
Any help appreciated.
Cheers
Tony
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide