Re: How to convert a port from switch card on 892 router to wan port.

jomo frank · ‎10-28-2020

Hello Expert,

I tring to convert a Fe lan port to wan port on cisco 892 router.

The router that is connect telco provider pppoe device via a switch

Both the switch an pppoe device is supplied by the telco

I use the following commad below

-----------------------------------------------------

interface FastEthernet2
description Digicel Wan Interface
switchport access vlan 175
no ip address
duplex full
speed 100

interface Vlan175
description Digicel Wan Interface
ip address 10.10.2x5.100 255.255.255.0
crypto map SDM_CMAP_3

If I log into the router i am to ping my remote sites successfully, but I am unable to ping this router wan interface

from any of the router sites.

I have no to access list blocking pings from external sources.

Unsure what else to check but i am pleaing for somene to just vet the commands above to verify I did not miss a step

Regards

Georg Pauwen · ‎10-28-2020

Hello,

--> If I log into the router i am to ping my remote sites successfully, but I am unable to ping this router wan interface

from any of the router sites.

From which device/IP address are you trying to ping the router ? Post a schematic drawing of your topology, as it is unclear what 'remote sites' mean.

Joseph W. Doherty · ‎10-28-2020

I recall the 890's LAN ports cannot be individual routed ports except perhaps via a SVI. Which you appear to be doing, but your outside IP is a 10.x.x.x IP?

As your SVI also has a crypto map, it would help to post all the related interface configuration information, not only crypto but related route statements.

jomo frank · ‎10-29-2020

Hello Expert,

I have include a copy of the config for you guidance

Regards

jomo frank · ‎10-29-2020

Hello Expert,

The vlan number in the original post was incorrect the correvt vlan is vlan 245 and not vlan 175

Sorry for the mistake

Regards

jomo frank · ‎10-29-2020

Hello Joseph,

As a test I also configure a spare 892 router using one of the onbaord wan interface with the same configuration I send and was able to ping the wan interace from my remote site and the tunnels came up immediately.

I am not sure if the switch the telco provided is talking corretly to the converted lan port (svi) but once i am able to ping that interface from other router(remote site) I know the tunnels will come up

Just a quick layout of the connection were have pppoe device connect to switch(provider supply) and then to the router wan interface but in the my case FastEthernet2 (converted lan port)

Regards

Joseph W. Doherty · ‎10-29-2020

Interesting - i.e. it works fine if you use the WAN port.

To recap, from this router, you can ping other devices on 10.10.205.0/24, but those device cannot ping this device (using 10.10.205.100), correct? If so, have you tried the ping tests w/o crypto tied to SVI and the tunnel interfaces?

(BTW, I thought the later IOS versions [since 12.2.15] only needed the crypto map on physical interface.[?] [Further, I would recommend VTIs rather than the older GRE/IPSec tunnels. They are cleaner to configure and don't have GRE overhead.])

jomo frank · ‎10-30-2020

Hello Joseph,

I forgot to mention the switch the pppoe device is connected is a ubiquiti edgeswitch and i connect to one of the port on this

switch -- is there something that the ubiquiti switch do not like with the converted lan port.

Regards