IPOE KPN Connection C1111-8P

RichySlo · ‎04-12-2023

Hi there,

i need help to configure a new 500mb connection with IPOE .

Situation:

KPN ISP with lighting edge 310. The KPN doc says they need two interfaces: GigabitEthernet0/0/0 for the WAN (KPN side) and GigabitEthernet0/0/1 for the customer side.

Cable from lightning edge -> GigabitEthernet0/0/0

GigabitEthernet0/0/1 -> Palo Alto 820

I tried to get it working with the config they(The ISP) reccomend but this resulted in the router boot looping en showing some kernel errors. as soon as I disconnected the GigabitEthernet0/0/1 this stopped.
I used the config below, any tips?

version 17.6
service timestamps debug datetime msec
service timestamps log datetime msec
service call-home
platform qfp utilization monitor load 80
platform punt-keepalive disable-kernel-core
platform hardware throughput crypto 50000
!
hostname NL-HQ-RO01
!
boot-start-marker
boot-end-marker
!
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
aaa session-id common
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
!
!
ip name-server 194.xx.xx.18 194.xx.xx.34
no ip domain lookup
!
login on-success log
!
!
subscriber templating
multilink bundle-name authenticated
!
!
diagnostic bootup level minimal
!
spanning-tree extend system-id
!
!
redundancy
mode none
!
!
vlan internal allocation policy ascending
!
!
policy-map custom-shaper-500000kbps
class class-default
shape average 480000000
!
!
interface GigabitEthernet0/0/0
description WAN-KPN-500Mbit
ip address 145.xx.xx.38 255.255.255.252
no ip redirects
negotiation auto
no cdp enable
service-policy output custom-shaper-500000kbps
!
interface GigabitEthernet0/0/1
description WAN-TO-FIREWALL
ip address 92.xx.xx.185 255.255.255.248
no ip redirects
ip verify unicast reverse-path
negotiation auto
no cdp enable
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
!
interface GigabitEthernet0/1/3
!
interface GigabitEthernet0/1/4
!
interface GigabitEthernet0/1/5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
!
interface Vlan1
ip address 10.0.2.4 255.255.255.0
no ip redirects
no ip proxy-arp
!
no ip http server
no ip http secure-server
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 145.xx.xx.37
ip ssh version 2
!
!
ip access-list standard 23
10 permit 217.xx.xx.xx
20 remark Axxxxxxx
20 permit 84.xx.xx.0 0.0.0.255
30 permit 37.xx.xx.0 0.0.0.255
40 permit 172.xx.xx.0 0.0.0.255
50 permit 212.xx.xx.0 0.0.0.255
60 remark TTY security
60 permit 192.168.0.0 0.0.255.255
70 permit 172.16.0.0 0.0.255.255
80 permit 10.0.0.0 0.255.255.255
90 permit 92.xx.xx.xx 0.0.0.7
!

pieterh · ‎04-12-2023

some remarks
- I do not see any "ip routing" statement ?
- I see an access-list 23, but not applied to any interface or service
- the boot-loop may be caused by having a device with improper license for the some of the configured commands ?

RichySlo · ‎04-13-2023

There is a ip routing statement "ip route 0.0.0.0 0.0.0.0 145.xx.xx.37".
I will add the access-list to the right interface, thanks for noticing!
The bootloop has been resolved, i dont know what the cause was but I dont see any errors anymore.

pieterh · ‎04-13-2023

i did not refer to "ip route ...", but "ip routing"
IP Routing Configuration Guide, Cisco IOS Release 15.2(7)Ex (Catalyst 1000 Switches) - Configuring IP Unicast Routing [Support] - Cisco
but as the C1111 is a router and not a switch , it will be enabled by default and not visible in the config

RichySlo · ‎04-13-2023

So i dont have to configura anything on the C1111 if i understand it correctly?

Georg Pauwen · ‎04-12-2023

Hello,

the IPOE config looks good (/30 on the WAN, /29 on the LAN side). The 'p verify unicast reverse-path' looks suspicious though, what if you remove that line ?

RichySlo · ‎04-13-2023

Hi,

Well i basically copied the config from our old Cisco-1921/K9 and changed the things needed for IPoE.
We dont want to use NAT and are routing all the traffic to the /30(gi0/0/0). The/29(0/0/1) is not a LAN port but also a routed WAN port, is this config right this way? We are migrating the connection today but this company has no options to test my config first or even try it in a virtualised enviroment.

Kind ragards,

Richy

RichySlo · ‎04-13-2023

Well, I tried migrating with a slightly modified config, as soon as i plug in the cable from the LightningEdge 310 to the Cisco C1111-8p i get the following errors.

*Apr 13 14:24:15.958: RG Infra Trace: Failure to get trace slot

*Apr 13 14:24:15.958: RG Infra Trace: Failure to get trace slot
.3
*Apr 13 14:24:15.963: %IOSXE_OIR-6-OFFLINECARD: Card (fp) offline in slot F0
*Apr 13 14:24:15.904: %CPPHA-3-FAILURE: F0/0: cpp_ha_top_level_server: CPP 0 failure Stuck Thread(s) detected
*Apr 13 14:24:15.915: %CPPHA-3-FAULT: F0/0: cpp_ha_top_level_server: CPP:0.0 desc:Stuck CPP Thread det:HA class:OTHER sev:FATAL id:0 cppstate:STOPPED res:UNKNOWN flags:0x2 cdmflags:0x0
*Apr 13 14:24:15.915: %CPPHA-3-FAULTCRASH: F0/0: cpp_ha_top_level_server: CPP 0.0 unresolved fault detected, initiating crash dump.
*Apr 13 14:24:15.916: %CPPHA-3-CDMDONE: F0/0: cpp_ha_top_level_server: CPP 0 microcode crashdump creation completed.
*Apr 13 14:24:15.921: %IOSXE-6-PLATFORM: R0/0: cpp_ha: Shutting down CPP MDM while client(s) still connected
*Apr 13 14:24:15.956: %IOSXE-1-PLATFORM: R0/0: kernel: QFP0.0: Fatal Fault: SW reported: Ucode process fault
*Apr 13 14:24:15.967: %PMAN-3-PROCHOLDDOWN: F0/0: cpp_ha_top_level_server: The process cpp_ha_top_level_server has been helddown (rc 69)
*Apr 13 14:24:16.126: %CPPDRV-3-LOCKDOWN: F0/0: cpp_cp_svr: QFP0.0 CPP Driver LOCKDOWN encountered due to previous fatal error (SW: Ucode process fault).7
*Apr 13 14:24:16.512: %CPPOSLIB-3-ERROR_NOTIFY: F0/0: cpp_cp_svr: cpp_cp encountered an error -Traceback= 1#40164aba518110e349f1075130276279 errmsg:FFFFAACDF000+DA8 cpp_common_os:FFFFABD67000+1C7C4 cpp_common_os:FFFFABD67000+135AC cpp_icmp_svr:FFFFAD1AE000+16A7C cpp_icmp_svr:FFFFAD1AE000+129C4 cpp_icmp_svr:FFFFAD1AE000+150E8 cpp_common_os:FFFFABD67000+23530 evlib:FFFFAB1E1000+87C4 evlib:FFFFAB1E1000+9144 cpp_common_os:FFFFABD67000+216B4 cpp_common_os:FFFFABD67000+21638 :AAAAC1368000+2F770 c:FFFFA984C000+245B0 :AAAAC1368000+25D
*Apr 13 14:24:18.542: %PMAN-3-PROCHOLDDOWN: F0/0: qfp-ucode-tsn-le: The process qfp-ucode-tsn-le has been helddown (rc 134)
*Apr 13 14:24:25.320: %CPPDRV-3-LOCKDOWN: F0/0: fman_fp_image: QFP0.0 CPP Driver LOCKDOWN encountered due to previous fatal error (SW: Ucode process fault).
*Apr 13 14:24:25.323: %CPPOSLIB-3-ERROR_NOTIFY: F0/0: fman_fp_image: fman_fp encountered an error -Traceback= 1#6da7e149a766145bef4b152feece98fa errmsg:FFFF83E38000+DA8 cpp_common_os:FFFF8AEAE000+1C7C4 cpp_common_os:FFFF8AEAE000+135AC cpp_dmap:FFFF8B322000+13A4C cpp_sbs:FFFF8ADF7000+BB14 cpp_sbs:FFFF8ADF7000+83A4 cpp_sbs:FFFF8ADF7000+8598 cpp_cef_mpls_common:FFFF8B49E000+595DC :AAAAB218D000+44E20C evlib:FFFF7BB3D000+86F4 evlib:FFFF7BB3D000+9144 :AAAAB218D000+8A11E0 :AAAAB218D000+8A1160 :AAAAB218D000+77E700 :AAAAB218D000+9E3A34
*Apr 13 14:24:25.340: %CPPOSLIB-3-ERROR_NOTIFY: F0/0: cpp_cp_svr: cpp_cp encountered an error -Traceback= 1#40164aba518110e349f1075130276279 errmsg:FFFFAACDF000+DA8 cpp_common_os:FFFFABD67000+1C7C4 cpp_common_os:FFFFABD67000+135AC cpp_dmap:FFFFAD0CE000+13A4C cpp_sbs:FFFFAD119000+BB14 cpp_sbs:FFFFAD119000+83A4 cpp_sbs:FFFFAD119000+8598 cpp_gic_ea_lib:FFFFAE137000+2AF40 cpp_gic_smc_lib:FFFFAE187000+7858 cpp_common_os:FFFFABD67000+23530 evlib:FFFFAB1E1000+87C4 evlib:FFFFAB1E1000+9144 cpp_common_os:FFFFABD67000+216B4 cpp_common_os
*Apr 13 14:24:34.232: %IOSXE-6-PLATFORM: R0/0: cpp_sp: Shutting down CPP MDM while client(s) still connected
*Apr 13 14:24:38.166: %PMAN-3-PROCHOLDDOWN: F0/0: cpp_cp_svr: The process cpp_cp_svr has been helddown (rc 134)
*Apr 13 14:24:38.756: %PMAN-5-EXITACTION: F0/0: pvp: Process manager is exiting: process exit with reload fru code
*Apr 13 14:24:39.408: %SERVICES-2-NORESOLVE_LOCAL: F0/0: btman: Error resolving local FRU: Invalid argument
*Apr 13 14:24:39.414: %SERVICES-3-INVALID_CHASFS: F0/0: btman: Thread 0xffff7ec87010 has no global chasfs context
*Apr 13 14:24:40.498: %SERVICES-2-NORESOLVE_LOCAL: C0/0: btman: Error resolving local FRU: Invalid argumentRom image verified correctly

I did some research but cant pinpoint the issue.
any idea's?