06-26-2019 10:31 AM
I currently use a CISCO2921/K9 router to connect to my ISP for Internet service. I am replacing that with an ISR4451-X
ISP hands off using Local Access Native Single CoS Medium Ethernet.
I basically just copied the 2921 config to the 4451.
From the 2921 I can ping out to the Internet. When I move the connections to the 4451 I cannot ping the Internet.
I'm sure I'm missing something, just don't know what it is.
I don't use NAT on the 2921, and didn't initially on the 4451. I also tried to use NAT on the 4451. Nothing is working for me.
Current scrubbed running configs are below.
2921:
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
card type t1 0 1
logging buffered 51200 warnings
!
aaa new-model
!
aaa session-id common
no network-clock-participate wic 0
no network-clock-participate wic 1
!
no ip source-route
!
no ip dhcp use vrf connected
!
no ip bootp server
no ip domain lookup
ip domain name
ip cef
login block-for 180 attempts 3 within 60
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose
voice-card 0
!
license udi pid CISCO2921/K9
hw-module pvdm 0/0
!
archive
log config
logging enable
logging size 500
hidekeys
path flash0:/config-bak/backup.conf
time-period 10080
!
redundancy
!
controller T1 0/0/0
clock source line primary
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
clock source internal
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/1/0
clock source internal
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/1/1
clock source internal
cablelength long 0db
channel-group 0 timeslots 1-24
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description -> ASA
ip address (Public IP)
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
description 200Mb Internet
ip address (ISP Public IP)
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 (ISP Public IP)
!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
gatekeeper
shutdown
!
end
-------------------------------------------------------------------------
4451:
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 2000000
!
hostname
!
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
aaa new-model
!
aaa session-id common
no ip source-route
!
no ip bootp server
no ip domain lookup
no ip dhcp use vrf connected
login block-for 180 attempts 3 within 60
login on-success log
!
subscriber templating
!
multilink bundle-name authenticated
!
license udi pid ISR4451-X/K9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id
et-analytics
archive
log config
logging enable
logging size 500
hidekeys
path flash:
time-period 10080
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
description 1GB Internet
ip address (ISP Public IP)
negotiation auto
!
interface GigabitEthernet0/0/2
description -> ASA
ip address (Public IP)
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address (Private IP)
negotiation auto
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http client source-interface GigabitEthernet0
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 (ISP Public IP)
ip route vrf Mgmt-intf 10.0.0.0 255.0.0.0 10.100.20.1
!
control-plane
end
06-26-2019 10:38 AM
Hi Chris,
Could you ping the next-hop from 4451? You might need to clear the ARP entry on the upstream device (if you have access).
HTH,
Meheretab
06-28-2019 07:44 AM
Cannot ping the next hop. I'll have to get with the ISP and see if they can clear the ARP cache on their end.
I have tried to change my outside interface MAC to the old 2921 MAC, but that didn't help.
A Show ARP on the 4451 does show the IP and MAC of the ISP device
06-26-2019 11:57 AM
Hello,
as correctly noted the upstream device may need to clear the ARP entry for your address,
when you put in the new router it will use a different MAC address on your side with the same IP public address.
As an alternative you can try to configure manually the MAC address to be the same of that used by old C2921 interface ( just do a show interface on C2921 to get this info even if the port is not connected at this moment)
Hope to help
Giuseppe
06-26-2019 12:55 PM
Hello,
since you are not using NAT, what other device is in between your 4451 and the Internet ? An ASA ?
06-27-2019 02:05 PM
The config certainly suggests that there is an ASA on the "inside" interface of the 4451. And suggests that the 4451 sits between the ISP outside and the ASA inside. This would probably explain the lack of address translation in the router config.
My guess at this point is that the issue is about the 4451 presenting a different mac address on the ISP interface address. One way to check that would be to do show arp on the 4451 and see whether we have learned the mac address of the ISP device. You might also check with the ISP. Since the ISP is presenting this as some type of Ethernet service ask if they perhaps have something like port security configured to prevent a different device from taking over the connection.
I am concerned about the amount of scrubbing of the config and whether there may be something significant that we are not seeing. For example while we do see a default route for outbound traffic there is no routing information about anything inside.
HTH
Rick
06-28-2019 07:52 AM
Thank you for the reply Richard.
Yes, there is an ASA on the Inside of the 4451.
I contacted the ISP before trying to swap routers and they told me I would have no issues just swapping them out. I'm thinking they might be wrong about that!
I am seeing the ISP device on a show ARP. Cannot ping it though.
06-28-2019 08:24 AM
Thanks for the additional information. Could you post the output of these commands on the 4451
show ip interface brief
show arp
ping <upstream_address>
What ISP device is on your site and providing the Ethernet connection? I wonder if a power cycle of that device might clear its arp cache and help you get connected.
HTH
Rick
06-28-2019 08:33 AM
The ISP has a service delivery switch on site. I think I will try to reboot that device, see if it clears the cache.
I'll do this over the weekend and get back with you on what I find and with the requested outputs.
I still have the old 2921 in production in the meantime.
Thanks for the suggestions and guidance!
06-28-2019 08:42 AM
Fine. Try rebooting the service delivery switch this weekend and let us know if that helps.
HTH
Rick
07-01-2019 08:59 AM
I rebooted the onsite ISP switch, but that didn't help. After banging my head against a wall for a few minutes I decided to reboot my 4451. Once it came back up everything was working. NO CLUE why the reboot of the 4451 corrected the issue.
07-01-2019 01:24 PM
Thanks for the update. Good to know that it is working now. Clearly something was out of step between the devices. I wonder if their starting to work might relate to the fact that both devices were rebooted. Perhaps one at a time was not enough. Bottom line is that now it is working.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide