Re: Help setup a Cisco 1921 Router

JX23 · ‎07-29-2022

I'm currently trying to replace my ISP router. The ISP provides Internet using Vlan 11, Voice in Vlan 12 and IPTV in Vlan 13, all using dhcp, so far i can create subinterfaces, get ip addresses, NAT, local DHCP and setup a simple Firewall.
I used a route-map to route traffic from inside traffic to isp, which gives me internet access, but it is very slow, or lags, when i do a speedtest, it hangs in the middle of the test for a 1s, cpu usage is very high on the router.

I have Cisco Configuration Professional Express, but it is very basic and some things dont even work, i now its retired, is there any alternative for this router?

Here is my conf without the firewall, i tested with and without firewall and it is the same, thanks for the help

!
ip dhcp excluded-address 192.168.11.1 192.168.11.10
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.13.1
!
ip dhcp pool LAN
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
dns-server 1.1.1.1 8.8.8.8
!
ip dhcp pool MANAGEMENT
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
!
ip dhcp pool IPTV
network 192.168.13.0 255.255.255.0
default-router 192.168.13.1

!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.11
description WAN
encapsulation dot1Q 11
ip dhcp client lease 0 0 3
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.13
description IPTV
encapsulation dot1Q 13
ip dhcp client lease 0 0 2
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
ip policy route-map LAN-POLICY
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
description MANAGEMENT
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/1.11
description LAN
encapsulation dot1Q 11
ip address 192.168.11.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.13
description TV
encapsulation dot1Q 13
ip address 192.168.13.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/0.11 overload
!
!
route-map LAN-POLICY permit 10
match ip address 100
set interface GigabitEthernet0/0.11
!
!
access-list 100 permit ip 192.168.11.0 0.0.0.255 any
!

!

xpace · ‎07-31-2022

I'm not an expert in any way but I believe your NATting should look like this

ip nat inside source static <private ip> <public ip> route-map LAN-POLICY

What is your internet speed?

I recently learnt from my own experience that I had to set the port speed instead of auto as well as duplex to full. For my 1Gbit link I had to set the interface with : speed 1000 and duplex full

Maybe try that.

JX23 · ‎08-01-2022

Hi thanks for the reply, my internet speed is 130 down and 100 up. My public ip giving from the ISP with DHCP, does the static route-map still applies?

MHM Cisco World · ‎08-01-2022

why you need route-map ???
this is router and it have subinterface for each VLAN,
and then forward traffic to ISP.
sure the speed is drop since the router must match each packet for route-map.
friend you dont need it here.

JX23 · ‎08-01-2022

Hi, i thought of that, and realise i can probably use simple routes to interfaces to solve the problem, but i cant get the dhcp client to stop receiving the default gateway, both subinterfaces are adding 0.0.0.0 0.0.0.0 routes, i'm using " no ip dhcp client request router".

PBR is working, i'm getting 120 dow and 112 up, but i got curious and i think a static route will work just fine.

MHM Cisco World · ‎08-01-2022

no ip dhcp client request router ? where you put this command ?
can you more explain

JX23 · ‎08-01-2022

Inside, interface GigabitEthernet0/1.13, i cleared the routing table and released the dhcp, but it still adds the 0.0.0.0 0.0.0.0 route, but after adding

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.11 dhcp
ip route 192.168.13.0 255.255.255.0 GigabitEthernet0/0.13 dhcp 2

and removing the route-map, it still works, now i will enable zone based firewall to see if the performence is bad

MHM Cisco World · ‎08-01-2022

Now I get the Issue and why you need PBR.
1-Static route
you can config the WAN interface to ask add static route into your router via DHCP
LAN interface no need PBR

2-PBR
config PBR under TV interface and point the next-hop via IPTV interface
Note:- you need
a- no ip dhcp client request router << under IPTV interface
b- no need ip route 192.168.13.0 255.255.255.0 GigabitEthernet0/0.13 dhcp 2

that it.

JX23 · ‎08-01-2022

Does PBR performe better than ip route 192.168.13.0 255.255.255.0 GigabitEthernet0/0.13 dhcp 2, or this route is wrong?

MHM Cisco World · ‎08-01-2022

this route is wrong, this subnet which is TV subnet is direct connect, no meaning of config static route for it subnet.
after I check the detail
you have two ISP one called WAN other called IPTV,
you want only the TV subnet to take path through IPTV and for LAN it must take WAN.
for LAN the default route via DHCP server (SP) is enough
for the TV it take by default path through WAN that what not we want, here we add PBR in TV subinterface and shift traffic from WAN to IPTV.

Note:-BOTH WAN and IPTV have outside NAT so the traffic will NAT.

Georg Pauwen · ‎08-01-2022

Hello,

can you post a diagram of your topology, showing what is connected to what ? Both your GigabitEthernet interfaces are configured with the same Vlans, which does not look right...

JX23 · ‎08-01-2022

Hi, thanks for the reply, i attached the network diagram, sorry if its confusing first time doing one. Both DHCP pools needs NAT, because i need to connect multiple TV boxes. They are configured with the same Vlans like the ISP, but i think that doesn't matter because it is in the internal network?

Georg Pauwen · ‎08-01-2022

Hello,

make the changes marked in bold:

ip dhcp excluded-address 192.168.11.1 192.168.11.10
ip dhcp excluded-address 192.168.10.1
ip dhcp excluded-address 192.168.13.1
!
ip dhcp pool LAN
network 192.168.11.0 255.255.255.0
default-router 192.168.11.1
dns-server 1.1.1.1 8.8.8.8
!
ip dhcp pool MANAGEMENT
network 192.168.10.0 255.255.255.0
default-router 192.168.10.1
!
ip dhcp pool IPTV
network 192.168.13.0 255.255.255.0
default-router 192.168.13.1
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.11
description WAN
encapsulation dot1Q 11
ip dhcp client lease 0 0 3
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/0.13
description IPTV
encapsulation dot1Q 13
ip dhcp client lease 0 0 2
ip address dhcp
ip nat outside
ip virtual-reassembly in
!
interface GigabitEthernet0/1
no ip address
--> no ip policy route-map LAN-POLICY
duplex auto
speed auto
!
interface GigabitEthernet0/1.10
description MANAGEMENT
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/1.11
description LAN
encapsulation dot1Q 11
ip address 192.168.11.1 255.255.255.0
ip nat inside
--> ip policy route-map LAN-POLICY
ip virtual-reassembly in
!
interface GigabitEthernet0/1.13
description TV
encapsulation dot1Q 13
ip address 192.168.13.1 255.255.255.0
ip nat inside
--> ip policy route-map IPTV-POLICY
ip virtual-reassembly in
!
ip forward-protocol nd
!
ip http server
ip http authentication local
no ip http secure-server
!
ip nat inside source list 100 interface GigabitEthernet0/0.11 overload
--> ip nat inside source list 101 interface GigabitEthernet0/0.13 overload
!
route-map LAN-POLICY permit 10
match ip address 100
set interface GigabitEthernet0/0.11
!
--> route-map IPTV-POLICY permit 10
--> match ip address 101
--> set interface GigabitEthernet0/0.13
!
access-list 100 permit ip 192.168.11.0 0.0.0.255 any
--> access-list 101 permit ip 192.168.13.0 0.0.0.255 any

paul driver · ‎08-02-2022

Hello

@JX23 wrote:

I'm currently trying to replace my ISP router. The ISP provides Internet using Vlan 11, Voice in Vlan 12 and IPTV in Vlan 13, all using dhcp, so far i can create subinterfaces, get ip addresses, NAT, local DHCP and setup a simple Firewall.
I used a route-map to route traffic from inside traffic to isp,

Can you elaborate why are you are receiving ip allocation on two sub-interfaces when you say you are connecting to your ISP via just vlan 11 for wan connectivity?

If this isn’t the case I would say you would not require to policy route anything, but either case I would suggest adding a default static pointing towards your Primary gateway (ie vlan11) then test again

Try:

add a default static point towards the wan subinterface
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0.11 dhcp

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul