Help with 2901 with a new ISP

ctusa2003am · ‎11-11-2015

Hi,

We were using Ge 0/1 with old ISP (10 Mb Ethernet over Fiber) which is now inactive.

Now we using Cablemodem on Fe 0/0/3 and the above ISP is allowing us to use his IPs through this cablemodem.

We are now getting a new Fiber Ethernet (20Mb).

I have put the running config of the above router (2901) below.

So here are my questions/confusions:

Which interface we can use for the upcoming 20Mb line. I think Ge 0/0 is available. Once the new line comes, Can I start working with usinge (Ge 0/0), without affecting any current/live access? Once tested fine, I can make the new 20Mb line as 'production'.

I will keep the existing config/interfaces unaffected which will help us quickly reverting the access back in case something goes wrong with the new line.

Also if some can provide more help for the new config will be great, since this is a little more complicated scenario than I am used to. Llearning a lot lately, but am concerned since this is production system.

Also wanted to give the input that we have 2 ASA 5510 in Active-Standby mode with NATs and ACL etc. and I was thinking that I can break the failover and use one of the 5510 with the new line.

Any help/suggestion is appreciated.

Config below--------------------------------------------------------------

Building configuration...

Current configuration : 4659 bytes

!

! Last configuration change at 01:38:49 EDT Tue Jul 14 2015

! NVRAM config last updated at 01:38:52 EDT Tue Jul 14 2015

version 15.1

service timestamps debug datetime localtime

service timestamps log datetime localtime

no service password-encryption

!

hostname router

!

boot-start-marker

boot system flash flash:/c2900-universalk9-mz.SPA.151-4.M6.bin

boot system flash flash:/c2900-universalk9-mz.SPA.151-4.M4.bin

boot system flash flash:

warm-reboot

boot-end-marker

!

logging buffered 65536

enable password …………………………

!

no aaa new-model

clock timezone EST -5 0

clock summer-time EDT recurring

!

no ipv6 cef

no ip source-route

ip cef

!

ip vrf cablemodem

rd 7922:1

route-target export 7922:1

route-target import 7922:1

!!

ip name-server 204.213.176.1

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

license udi pid CISCO2901/K9 sn FTX153680T5

license boot module c2900 technology-package datak9

!

redundancy

!

track 1 ip sla 1 reachability

delay down 10

!

policy-map opteman10-policy

class class-default

shape average 10000000 250000 0

fair-queue

random-detect

!

interface Tunnel20

description Tunnel to oldISP

bandwidth 10000

ip address 204.x.x.x 255.255.255.252

ip mtu 1476

ip tcp adjust-mss 1436

keepalive 10 3

tunnel source Vlan13

tunnel destination 69.x.x.x

tunnel vrf cablemodem

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

!

interface GigabitEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/1

description oldISP Internet

bandwidth 10000

ip address 204.x.x.x 255.255.255.252

duplex full

speed 100

service-policy output opteman10-policy

!

interface ATM0/1/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/1/0.1 point-to-point

pvc 0/35

oam-pvc manage

encapsulation aal5snap

pppoe-client dial-pool-number 1

!

interface ATM0/2/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/2/0.1 point-to-point

pvc 0/35

oam-pvc manage

encapsulation aal5snap

pppoe-client dial-pool-number 1

!

interface ATM0/3/0

no ip address

no atm ilmi-keepalive

!

interface ATM0/3/0.1 point-to-point

pvc 0/35

oam-pvc manage

encapsulation aal5snap

pppoe-client dial-pool-number 1

!

interface FastEthernet0/0/0

switchport access vlan 10

no ip address

!

interface FastEthernet0/0/1

switchport access vlan 11

no ip address

!

interface FastEthernet0/0/2

switchport access vlan 12

no ip address

!

interface FastEthernet0/0/3

switchport access vlan 13

no ip address

!

interface Vlan1

no ip address

!

interface Vlan10

description Lightstat #1

ip address 205.x.x.x 255.255.255.240

ip verify unicast reverse-path

!

interface Vlan11

description Lightstat #2

ip address 65.x.x.x 255.255.255.192

ip verify unicast reverse-path

!

interface Vlan12

description Lightstat #3

ip address 65.x.x.x 255.255.255.240

ip verify unicast reverse-path

!

interface Vlan13

description Cable Modem Connection

ip vrf forwarding cablemodem

ip address 71.9.x.x 255.255.255.248

ip verify unicast reverse-path

!

interface Dialer1

description oldISP ADSL

mtu 1492

ip address negotiated

no ip redirects

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer idle-timeout 0 either

dialer hold-queue 100

dialer persistent

ppp pap sent-username lstat@oldISPnklttjhklpfg6lgh78x.net password 7 15405849063F392A

ppp multilink

no cdp enable

!

ip default-gateway 204.x,x,x

no ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip route 0.0.0.0 0.0.0.0 204.x.x.x track 1

ip route 0.0.0.0 0.0.0.0 204.x.x.x 10

ip route 0.0.0.0 0.0.0.0 Dialer1 250

ip route 10.0.0.0 255.0.0.0 Null0

ip route 65.x.x.x 255.255.255.240 Null0 254

ip route 65.x.x.x 255.255.255.192 Null0 254

ip route 127.0.0.0 255.0.0.0 Null0

ip route 172.16.0.0 255.240.0.0 Null0

ip route 192.168.0.0 255.255.0.0 Null0

ip route 205.x.x.x 255.255.255.240 Null0 254

ip route vrf cablemodem 0.0.0.0 0.0.0.0 71.9.x.x

!

ip sla 1

icmp-echo 204.x.x.x source-interface GigabitEthernet0/1

ip sla schedule 1 life forever start-time now

access-list 99 permit 204.x.x.x 0.0.0.3

!

no cdp run

snmp-server community oldISPstats RO 99

!

control-plane

!

line con 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line vty 0 4

password .;lll;…………

login

transport input all

!

scheduler allocate 20000 1000

ntp update-calendar

ntp server 204.x.x.x

end

-------------------

User Access Verification

router#sh ip int brief

Interface IP-Address OK? Method Status Prot ocol

Embedded-Service-Engine0/0 unassigned YES NVRAM administratively down down

GigabitEthernet0/0 unassigned YES NVRAM administratively down down

GigabitEthernet0/1 204.x.x.x YES NVRAM up up

ATM0/1/0 unassigned YES NVRAM down down

ATM0/1/0.1 unassigned YES unset down down

ATM0/2/0 unassigned YES NVRAM up up

ATM0/2/0.1 unassigned YES unset up up

ATM0/3/0 unassigned YES NVRAM up up

ATM0/3/0.1 unassigned YES unset up up

FastEthernet0/0/0 unassigned YES unset up up

FastEthernet0/0/1 unassigned YES unset up up

FastEthernet0/0/2 unassigned YES unset up up

FastEthernet0/0/3 unassigned YES unset up up

Dialer1 32.x.x.x YES IPCP up up

Tunnel20 204.x.x.x YES manual up up

Virtual-Access1 unassigned YES unset up up

Virtual-Access2 unassigned YES unset down down

Virtual-Access3 unassigned YES unset up up

Vlan1 unassigned YES unset down down

Vlan10 205.x.x.x YES NVRAM up up

Vlan11 65.x.x.x YES NVRAM up up

Vlan12 65.x.x.x YES NVRAM up up

Vlan13 71.9.x.x YES manual up up

router#

Ganesh Hariharan · ‎11-11-2015

Hello,

See , Your scenario is to do cutover to new cable modem link from old link.

Assumming you are having the same provider and they have aggreed to route your pubic ips from new cable modem on new fiber link.

Get the stability test of the link and you need to same configuration on new port same.As you cant have same ip address on both the ports at same time.

Hope it Helps..

-GI

ctusa2003am · ‎11-12-2015

Hi Ganesh,

Thanks for your comments/input. Actually we currently, are using CableModem (Fe0/0/3-- Vlan13), as you will see from the config. The old ISP (10Mb line on Ge 0/1) line is inactive but he was nice to still let us use his IP via Cable Modem (Vlan 13 above).

Now we are getting a 20Mb line ( and a new 32 IPs) for which I need help with Configuration.

Can I configure Ge 0/0 with the new Line/new IPs. I just want to make sure that while I am working with the new line configuration, it does not affect the existing connections since that's all we have. Once the new line works fine, we shall remove the old routing from Cablemodem and use that just for phones and wi-fi etc.

I apologize if I didn't articulate properly before.

Thanks,

Ashok

Ganesh Hariharan · ‎11-13-2015

Hello Ashok,

Adding an ip address in new port will not give any issue unless you point your defaul route or routing configiration towards the new interface.

Hope it Helps..

-GI

bolds04 · ‎11-12-2015

Yes you should be able to build your config to GE0/0 with the new 20mb line. Just make sure to put it in a different VRF.

You currently have Vlan 13 in VRF cablemodem. Just build a new vrf - "VRF NEWLINE" with the proper IP addressing ect. and verify connectivity. Once verified, you can then reconfigure your default gateway to the new VRF.

Ping VRF NEWLINE 8.8.8.8

Ping VRF NEWLINE x.x.x.x - Carrier IP

Then change your default route on your vlan 13 to the new VRF. Hope this helps.

B

ctusa2003am · ‎11-13-2015

Hi B,

thanks for your post. It does help. Questions:

Please correct me if I am wrong, wouldn't changing the Def.route on Vlan 13, will stop using the cablemodem connection?

What should I do to make sure that the current cable modem/configuration is unaffected, so if anything goes wrong (till everything is tested well for a few days) I could quickly revert back the way we are.

I was hoping to I could find a configuration where I use this available physical int Ge 0/0 and configure with the new line/IPs and start testing by making this as the higher priority 'ip route' and if things go wrong then next route (i.e. cablemodem) becomes active.

Is it a fair question and if yes how can I do that.

Thanks,

Ashok

bolds04 · ‎11-13-2015

Perhaps I wasn't clear enough.

You are not changing the vrf on the cablemodem Vlan 13 till you are finished testing the new line and are ready to migrate traffic over to it.

Suggestions - If I were you, what I would do, is create a new VRF and new vlan. Test connectivity and then change your vlan 13 over to the new vrf.

Once you've migrated to the new line THEN you can build IP SLA statements into your configs to flip traffic to another pipe should one go down.

Let me know if that clears things up. B

ctusa2003am · ‎11-16-2015

Hi B,

This VRF is kind of new to me and I defintely learnt a lot. Thanks to you and Ganesh both. Your last post cleared up things a little more.

Another question I have is after creating a new vrf and assinging to the phy int ge0/0 (with the new vlan), can I just keep the old one as well and put some policy so that if the new line (20Mb) is down the old 'cablemodem' line gets in operation?

Thanks,

Ashok