Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12011
Views
0
Helpful
16
Replies

how to configure ftth with 2 vlan - TM unifi

nocsertech
Level 1
Level 1

‎05-10-2014 09:17 AM - edited ‎03-04-2019 10:57 PM

Introduction:
I have a ftth (Fiber to the home) service at home. My ISP offering 2 services with the ftth which is Internet access on Vlan500 and IPTV on Vlan600. I managed to setup router for internet access but not IPTV. I keep trying for 2 months without luck. Need help from you guy expert.

My Router and switch:
I have a CISCO1841 router and WS-C2950T-24 switch

My problem:
Internet access is working fine. All computer and laptop able to access internet. But IPTV is not working. Also not able to obtain IP from ISP. I have 2 port in my CISCO1841. fa0/0 connected to modem and fa0/1 connected to WS-C2950. I have no extra port for IPTV. Hence the IPTV set have to connected to switch and  create vlan from the router to the switch to the IPTV set.

Computer connection:
BTU(modem) > [fa0/0.500 - 1841 - fa0/1] > [fa0/1 - 2950 - fa0/19] > [Access Point] > [computer]

IPTV connection:
BTU(modem) > [fa0/0.600 - 1841 - fa0/1] > [fa0/1 - 2950 - fa0/22] > [IPTV Set]

 

CISCO1841 Router:

interface FastEthernet0/0
 description "WAN Port to Unifi BTU"
 no ip address
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/0.500
 encapsulation dot1Q 500
 ip nat outside
 ip virtual-reassembly
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0/0.600
 encapsulation dot1Q 600
 ip nat outside
 ip virtual-reassembly
 pppoe enable
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0/1
 description "LAN port connect to Switch"
 ip address 192.168.xxx.x1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto

interface Dialer1
 ip ddns update hostname palma.ddns.net
 ip ddns update ddns-noip
 ip address negotiated
 ip mtu 1492
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 dialer pool 1
 dialer idle-timeout 0
 dialer persistent
 dialer-group 1
 ppp authentication chap pap callin
 ppp chap hostname myusername
 ppp chap password 0 mypassword
 ppp pap sent-username username password 0 mypassword

 

WS-C2960:

interface FastEthernet0/1
 description "Router uplink"
 switchport trunk allowed vlan 1,500,600
 switchport mode trunk
 switchport voice vlan 600
 spanning-tree portfast

interface FastEthernet0/19
 description "Serve GF Study Room AP"

interface FastEthernet0/22
 description "Serve TM IPTV"
 switchport access vlan 600
 switchport mode access

interface Vlan1
 ip address 192.168.xxx.x8 255.255.255.0
 no ip route-cache

 

show vlan:

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/23
                                                Fa0/24, Gi0/1, Gi0/2
500  Unifi Internet Vlan              active
600  Vlan 600 for IPTV                active    Fa0/22

 

show interface summary:

* FastEthernet0/22         0     0    0     0     0    0     0    0    0

Help is much appreciated. Thank you in advance.

Labels:
0 Helpful
16 Replies 16

Nagendra Kumar Nainar
Cisco Employee
Cisco Employee

‎05-10-2014 12:03 PM

Hi,

 

On a quick look, I think you have PC/Laptop connected to F0/19 of your switch?. You appear to have trunk enabled on F0/1 (which is connected to your 1841 router) and enabled IP address on LAN interface of 1841. So 1841 will expect IP packets without any dot1q and any dot1q will be dropped.

 

Since F0/19 is is default vlan, traffic from this port will be sent without any dot1q which will be forwarded by 1841 while traffic from your IPTV will be sent with 600 as dot1q which will be dropped by 1841.

 

How are you getting IP address for your PC/Laptop?. Few things you may need to do are:

 

1. Configure 2 subinterfaces for F0/1 (one for IPTV and other for Internet)

2. Enable DHCP on 1841 with different pool (one for IPTV and otehr for Internet).

3. Modify your NAT statements.

 

-Nagendra

 

0 Helpful

nocsertech
Level 1
Level 1
In response to Nagendra Kumar Nainar

‎05-10-2014 01:31 PM

Hello Nagendra

Thank you for your reply.


Yes, Laptop are connect to 2950 fa0/19
Yes, truck on 2950 fa0/1 with vlan500,600,1 (native vlan 1)


All PC obtain IP from the DHCP pool supply by CSICO1841. Here is my existing DHCP:

no ip dhcp use vrf connected
ip dhcp binding cleanup interval 10
ip dhcp excluded-address 192.168.xxx.1 192.168.xxx.100
ip dhcp excluded-address 192.168.xxx.250 192.168.xxx.254
ip dhcp excluded-address 192.168.xxx.101 192.168.xxx.150
!
ip dhcp pool LAN-Pool
   network 192.168.xxx.0 255.255.255.0
   domain-name mydomain.local
   dns-server 8.8.8.8 202.188.0.133
   default-router 192.168.xxx.x1
   lease 7
!


Follow your advise I added another pool for IPTV. But I am not sure the IP will assigned by my CISCO1841 or by my ISP directly.

no ip dhcp use vrf connected
ip dhcp binding cleanup interval 10
ip dhcp excluded-address 192.168.xxx.1 192.168.xxx.100
ip dhcp excluded-address 192.168.xxx.250 192.168.xxx.254
ip dhcp excluded-address 192.168.xxx.101 192.168.xxx.150
!
ip dhcp pool LAN-Pool
   network 192.168.xxx.0 255.255.255.0
   domain-name mydomain.local
   dns-server 8.8.8.8 202.188.0.133
   default-router 192.168.xxx.x1
   lease 7
!
ip dhcp pool IPTV-Pool
   network 192.168.yy.0 255.255.255.0
   domain-name iptv.mydomain.local
   dns-server 8.8.8.8 202.188.0.133
   default-router 192.168.yyy.y1
   lease 7


I added 2 sub-interface in my CISCO1841. Now it look like this:
interface FastEthernet0/1
 description "LAN port connect to Switch"
 ip address 192.168.60.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1.500
 description "Vlan500 for internet access"
 encapsulation dot1Q 500
 ip nat inside
 ip virtual-reassembly
 no cdp enable
!
interface FastEthernet0/1.600
 description "Vlan600 for IPTV"
 encapsulation dot1Q 600
 ip nat inside
 ip virtual-reassembly
 no cdp enable

 

Appreciate if you can send me guide on how and what to modify in my NAT statement?

0 Helpful

strangly
Level 1
Level 1
In response to nocsertech

‎05-26-2014 01:20 AM

Hello nocsertech,

 

I share with you my working configuration. Since IPTV vlan from BTU is bridging mode, so we just need to bring 2 sub interface together will do.

 

 

interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.500
 encapsulation dot1Q 500
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0/0.600
 encapsulation dot1Q 600
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.500
 encapsulation dot1Q 500
 ip address 1.1.1.1 255.255.255.252
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface FastEthernet0/1.600
 encapsulation dot1Q 600
 bridge-group 1
 bridge-group 1 spanning-disabled

 

bridge 1 protocol ieee

 

but i have a problem here too.... Every time if i completely power off the STB, i got to wait for 5 min before can watch show.

 

Hope above config can lead you some where.

 

0 Helpful

nocsertech
Level 1
Level 1
In response to strangly

‎06-08-2014 02:53 AM

Hi Stangly

Thank you for your kind reply. I have created vlan 500 and vlan 600 on both my router interface and also bridge on vlan600. But still does not work. Any idea where is my mistake made?

 

interface FastEthernet0/0
 description "WAN Port to Unifi BTU"
 no ip address
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/0.500
 encapsulation dot1Q 500
 ip nat outside
 ip virtual-reassembly
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0/0.600
 encapsulation dot1Q 600
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0/1
 description "LAN port connect to Switch"
 ip address 192.168.xx.xx 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1.600
 encapsulation dot1Q 600
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled
!

bridge 1 protocol ieee

 

 

 

In my switch.

WS-C2950:

interface FastEthernet0/1
 description "Router uplink"
 switchport trunk allowed vlan 1,500,600
 switchport mode trunk
 switchport voice vlan 600
 spanning-tree portfast

interface FastEthernet0/22

 description "Serve TM IPTV"
 switchport access vlan 600
 switchport mode access

interface Vlan1
 ip address 192.168.xxx.x8 255.255.255.0
 no ip route-cache

 

show vlan:

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/7, Fa0/8, Fa0/9
                                                Fa0/11, Fa0/12, Fa0/13, Fa0/14
                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18
                                                Fa0/19, Fa0/20, Fa0/21, Fa0/23
                                                Fa0/24, Gi0/1, Gi0/2
500  Unifi Internet Vlan              active
600  Vlan 600 for IPTV                active    Fa0/22

 


 

0 Helpful

strangly
Level 1
Level 1
In response to nocsertech

‎06-14-2014 09:06 AM

Hello nocsertech,

When i look into your Switch config, that is voice vlan conflit with IPTV Vlan, try this way.

 

interface FastEthernet0/1

 no switchport voice vlan 600
 

Bare in mind, got to wait for few min to get connected. Hope this help.

 

0 Helpful

nocsertech
Level 1
Level 1
In response to strangly

‎06-21-2014 09:03 AM

Hello Stangly

I removed the voice voice vlan 600

 

switch 2950

=============

interface FastEthernet0/1
 description "Router uplink"
 switchport trunk allowed vlan 1,500,600
 switchport mode trunk

interface FastEthernet0/22
 description "Serve TM IPTV"
 switchport access vlan 600
 switchport mode access

 

 

Router 1841

===========

interface FastEthernet0/0
 description "WAN Port to Unifi BTU"
 no ip address
 duplex auto
 speed auto
 no cdp enable
!
interface FastEthernet0/0.500
 encapsulation dot1Q 500
 ip nat outside
 ip virtual-reassembly
 pppoe enable group global
 pppoe-client dial-pool-number 1
 no cdp enable
!
interface FastEthernet0/0.600
 encapsulation dot1Q 600
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled
!
interface FastEthernet0/1
 description "LAN port connect to Switch"
 ip address 192.168.xx.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1.600
 encapsulation dot1Q 600
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled

 

I wait 15 mins still network error show in TV screen. Any others setting i need to take care of?

 

Thanks again.

 

 

 

0 Helpful

strangly
Level 1
Level 1
In response to nocsertech

‎07-12-2014 01:38 AM

Hello nocsertech,

make sure you have "bridge 1 protocol ieee" configured. Beside that i cant see any problem...

 

Maybe you can try to isolate the issue one by one, try to inject dhcp from external router interface 0/0.600 let it broadcast into your switch vlan 600, try to see your client in the switch vlan 600 can get the IP or not. 

If yes, then mean your router has correct setting but unfortunately your 0/0.600 did not pickup/send DHCP reqeust correctly.

If no, try to troubleshooting first until internal client can get the ip address from external DHCP server.

 

0 Helpful

nocsertech
Level 1
Level 1
In response to strangly

‎08-02-2014 10:33 AM

Hi stangly

Again thank you for your reply.

I am sure IPTV set successfully obtain the VLAN 600 IP. The only Vlan 600 access port is fa0/22 and it is connected to IPTV set.

 

My router fa0/1 is the switch facing interface.

interface FastEthernet0/1
 description "LAN port connect to Switch"
 ip address 192.168.60.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly
 duplex auto
 speed auto
!
interface FastEthernet0/1.600
 encapsulation dot1Q 600
 ip address 192.168.70.1 255.255.255.0
 no cdp enable
 bridge-group 1
 bridge-group 1 spanning-disabled

 

My DHCP for IPTV as below:

ip dhcp pool IPTV-POOL
   network 192.168.70.0 255.255.255.0
   domain-name palma.local
   dns-server 8.8.8.8 202.188.0.133
   default-router 192.168.70.1
   lease 7

 

 

I my switch, I able to obtain MAC address of IPTV:

========================================

switch#show mac address-table | include Fa0/22
 600    0007.6372.007c    DYNAMIC     Fa0/22

 

In my router I can the IP being assigned and ping it

=========================================
router#show ip arp | include 007c
Internet  192.168.70.2            0   0007.6372.007c  ARPA   FastEthernet0/1.600

router.palma#ping 192.168.70.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.70.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

 

Here is my MAC search for fa0/1:

============================

switch#show mac address-table | include Fa0/1
 600    001c.583b.39bb    DYNAMIC     Fa0/1

router#show ip arp | include 39bb
Internet  192.168.60.1            -   001c.583b.39bb  ARPA   FastEthernet0/1
Internet  192.168.70.1            -   001c.583b.39bb  ARPA   FastEthernet0/1.600

 

 

From the above I can say IP is successfully being assigned. But IPTV set still display no connection. Any other clue?

0 Helpful

strangly
Level 1
Level 1
In response to nocsertech

‎08-02-2014 06:40 PM

Hello nocsertech,

I found your problem... please make correction below.

1) Revert all your config back to previous stage.

2) Make sure you leave your Fastethernet 0/1 without IP, only configure IP on sub interface. Fa0/1 is main interface and Fa0/1.1 is subinterface.

 

interface FastEthernet0/0 
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.500
 encapsulation dot1Q 500
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface FastEthernet0/0.600
 encapsulation dot1Q 600
 ip tcp adjust-mss 1452
 bridge-group 1

 

 

interface FastEthernet0/1

 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/1.1
 encapsulation dot1Q 1
 ip address 192.168.60.1
 ip nat inside
 ip virtual-reassembly
 ip tcp adjust-mss 1452
!
interface FastEthernet0/1.600
 encapsulation dot1Q 600
 ip tcp adjust-mss 1452
 bridge-group 1
!

 

ip dhcp pool User
   network 192.168.60.0 255.255.255.0
   domain-name abc.local
   dns-server 8.8.8.8 202.188.0.133
   default-router 192.168.60.1
!

 

Wish you success.

 

0 Helpful

nocsertech
Level 1
Level 1
In response to strangly

‎04-08-2015 03:19 AM

Thank you for your update. Let me try and will post here.

0 Helpful

nocsertech
Level 1
Level 1
In response to Nagendra Kumar Nainar

‎05-12-2014 09:06 AM

Anybody can give me some guide? Much appreciated.

0 Helpful

bkhong183
Level 1
Level 1

‎05-18-2016 02:14 AM

For Unifi (Data + IPTV) user who wish to use Cisco Router and Switch may refer to the working configuration below.

*Note: "bridge irb" & "bridge 1 protocol ieee" is compulsory.

============================= ROUTER 1921 =============================
!
ip dhcp pool MYDHCP
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.254 1.9.1.9 202.188.0.133
lease 0 0 30
!
bridge irb
!
interface GigabitEthernet0/0
description WAN - BTU
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/0.500
description WAN DATA
encapsulation dot1Q 500
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0/0.600
description WAN IPTV
encapsulation dot1Q 600
bridge-group 1
!
interface GigabitEthernet0/1
description LOCAL NETWORK
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/1.500
description LAN DATA
encapsulation dot1Q 500
ip address 192.168.1.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface GigabitEthernet0/1.600
description LAN IPTV
encapsulation dot1Q 600
bridge-group 1
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
dialer pool 1
dialer idle-timeout 0
dialer persistent
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname YourUsername@unifi
ppp chap password 0 YourPassword
ppp pap sent-username YourUsername@unifi password 0 YourPassword
!
ip forward-protocol nd
!
ip nat inside source list 100 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
access-list 100 permit ip 192.168.1.0 0.0.0.255 any
dialer-list 1 protocol ip permit
!
control-plane
!
bridge 1 protocol ieee
!

============================= SWITCH SG300-10 =============================

!
interface vlan 500
name DATA
!
interface vlan 600
name IPTV
!
interface gigabitethernet1
description DATA
switchport mode access
switchport access vlan 500
!
interface gigabitethernet2
description DATA
switchport mode access
switchport access vlan 500
!
interface gigabitethernet3
description DATA
switchport mode access
switchport access vlan 500
!
interface gigabitethernet4
description DATA
switchport mode access
switchport access vlan 500
!
interface gigabitethernet5
description DATA
switchport mode access
switchport access vlan 500
!
interface gigabitethernet6
description DATA
switchport mode access
switchport access vlan 500
!
interface gigabitethernet7
description DATA
switchport mode access
switchport access vlan 500
!
interface gigabitethernet8
description DATA
switchport mode access
switchport access vlan 500
!
interface gigabitethernet9
description IPTV
switchport mode access
switchport access vlan 600
!
interface gigabitethernet10
description SWITCH-ROUTER UPLINK
switchport trunk allowed vlan add 500,600
!

0 Helpful

oholynskyj
Level 1
Level 1
In response to bkhong183

‎09-21-2016 08:25 AM

HI, I am doing the same thing in our new Malaysia office.  I noticed on your working config that you dont call up the Dialer 1 for the Gig0/1.600 vlan subinterface.  Does that mean you only need the dialer interface once for the data vlan (Gig0/1.500) ?

0 Helpful

nocsertech
Level 1
Level 1
In response to oholynskyj

‎09-21-2016 08:47 AM

You dont need vlan 600 unless you would like to watch their IP TV. Vlan 500 is for data.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card