Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1910
Views
5
Helpful
11
Replies

ISR4451-X - cannot connect to the Internet

Chris Penny
Level 1
Level 1

‎06-26-2019 10:31 AM

I currently use a CISCO2921/K9 router to connect to my ISP for Internet service. I am replacing that with an ISR4451-X

 

ISP hands off using Local Access Native Single CoS Medium Ethernet.

 

I basically just copied the 2921 config to the 4451.

 

From the 2921 I can ping out to the Internet. When I move the connections to the 4451 I cannot ping the Internet.

 

I'm sure I'm missing something, just don't know what it is.

 

I don't use NAT on the 2921, and didn't initially on the 4451. I also tried to use NAT on the 4451. Nothing is working for me.

 

Current scrubbed running configs are below.

 

2921:


no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
!
hostname
!
boot-start-marker

boot-end-marker
!
card type t1 0 0
card type t1 0 1
logging buffered 51200 warnings

!
aaa new-model
!
aaa session-id common

no network-clock-participate wic 0
no network-clock-participate wic 1
!
no ip source-route
!
no ip dhcp use vrf connected

!
no ip bootp server
no ip domain lookup
ip domain name

ip cef
login block-for 180 attempts 3 within 60
no ipv6 cef
!
multilink bundle-name authenticated
!
cts logging verbose

voice-card 0
!
license udi pid CISCO2921/K9
hw-module pvdm 0/0
!
archive
log config
logging enable
logging size 500
hidekeys
path flash0:/config-bak/backup.conf
time-period 10080

!
redundancy
!
controller T1 0/0/0
clock source line primary
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
clock source internal
cablelength long 0db
channel-group 1 timeslots 1-24
!
controller T1 0/1/0
clock source internal
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/1/1
clock source internal
cablelength long 0db
channel-group 0 timeslots 1-24
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description -> ASA
ip address (Public IP)
duplex auto
speed auto
!
interface GigabitEthernet0/2/0
description 200Mb Internet
ip address (ISP Public IP)


ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip route 0.0.0.0 0.0.0.0 (ISP Public IP)

 

!
control-plane
!
mgcp behavior rsip-range tgcp-only
mgcp behavior comedia-role none
mgcp behavior comedia-check-media-src disable
mgcp behavior comedia-sdp-force disable
!
mgcp profile default
!
gatekeeper
shutdown
!

end

 

 

-------------------------------------------------------------------------

 

4451:


no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime msec localtime
service password-encryption
service sequence-numbers
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform hardware throughput level 2000000
!
hostname
!
boot-start-marker

boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!

aaa new-model

!
aaa session-id common

no ip source-route
!
no ip bootp server

no ip domain lookup

no ip dhcp use vrf connected

login block-for 180 attempts 3 within 60
login on-success log
!
subscriber templating
!
multilink bundle-name authenticated
!

license udi pid ISR4451-X/K9
no license smart enable
diagnostic bootup level minimal
!
spanning-tree extend system-id

et-analytics
archive
log config
logging enable
logging size 500
hidekeys
path flash:
time-period 10080
!
redundancy
mode none
!
interface GigabitEthernet0/0/0
description 1GB Internet
ip address (ISP Public IP)
negotiation auto
!
interface GigabitEthernet0/0/2
description -> ASA
ip address (Public IP)
negotiation auto
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address (Private IP)
negotiation auto
!

ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip http client source-interface GigabitEthernet0
ip tftp source-interface GigabitEthernet0

ip route 0.0.0.0 0.0.0.0 (ISP Public IP)

ip route vrf Mgmt-intf 10.0.0.0 255.0.0.0 10.100.20.1
!
control-plane

end

0 Helpful
11 Replies 11

Meheretab Mengistu
Level 7
Level 7

‎06-26-2019 10:38 AM

Hi Chris,

 

Could you ping the next-hop from 4451? You might need to clear the ARP entry on the upstream device (if you have access). 

 

HTH,

Meheretab

HTH,
Meheretab

Chris Penny
Level 1
Level 1
In response to Meheretab Mengistu

‎06-28-2019 07:44 AM

Cannot ping the next hop. I'll have to get with the ISP and see if they can clear the ARP cache on their end.

 

I have tried to change my outside interface MAC to the old 2921 MAC, but that didn't help.

 

A Show ARP on the 4451 does show the IP and MAC of the ISP device

 

 

 

 

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎06-26-2019 11:57 AM

Hello,

as correctly noted the upstream device may need to clear the ARP entry for your address,

when you put in the new router it will use a different MAC address on your side with the same IP public address.

 

As an alternative you can try to configure manually the MAC address to be the same of that used by old C2921 interface ( just do  a show interface on C2921 to get this info even if the port is not connected at this moment)

 

Hope to help

Giuseppe

 

0 Helpful

Georg Pauwen
VIP
VIP

‎06-26-2019 12:55 PM

Hello,

 

since you are not using NAT, what other device is in between your 4451 and the Internet ? An ASA ?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Georg Pauwen

‎06-27-2019 02:05 PM

The config certainly suggests that there is an ASA on the "inside" interface of the 4451. And suggests that the 4451 sits between the ISP outside and the ASA inside. This would probably explain the lack of address translation in the router config.

 

My guess at this point is that the issue is about the 4451 presenting a different mac address on the ISP interface address. One way to check that would be to do show arp on the 4451 and see whether we have learned the mac address of the ISP device. You might also check with the ISP. Since the ISP is presenting this as some type of Ethernet service ask if they perhaps have something like port security configured to prevent a different device from taking over the connection.

 

I am concerned about the amount of scrubbing of the config and whether there may be something significant that we are not seeing. For example while we do see a default route for outbound traffic there is no routing information about anything inside.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Chris Penny
Level 1
Level 1
In response to Richard Burts

‎06-28-2019 07:52 AM

Thank you for the reply Richard.

 

Yes, there is an ASA on the Inside of the 4451.

 

I contacted the ISP before trying to swap routers and they told me I would have no issues just swapping them out. I'm thinking they might be wrong about that!

 

I am seeing the ISP device on a show ARP. Cannot ping it though.

 

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Chris Penny

‎06-28-2019 08:24 AM

Thanks for the additional information. Could you post the output of these commands on the 4451

show ip interface brief

show arp

ping <upstream_address>

 

What ISP device is on your site and providing the Ethernet connection? I wonder if a power cycle of that device might clear its arp cache and help you get connected.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Chris Penny
Level 1
Level 1
In response to Richard Burts

‎06-28-2019 08:33 AM

The ISP has a service delivery switch on site. I think I will try to reboot that device, see if it clears the cache.

 

I'll do this over the weekend and get back with you on what I find and with the requested outputs.

 

I still have the old 2921 in production in the meantime.

 

Thanks for the suggestions and guidance!

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Chris Penny

‎06-28-2019 08:42 AM

Fine. Try rebooting the service delivery switch this weekend and let us know if that helps.

 

HTH

 

Rick

HTH

Rick
0 Helpful

Chris Penny
Level 1
Level 1
In response to Richard Burts

‎07-01-2019 08:59 AM

I rebooted the onsite ISP switch, but that didn't help. After banging my head against a wall for a few minutes I decided to reboot my 4451. Once it came back up everything was working. NO CLUE why the reboot of the 4451 corrected the issue.

 

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Chris Penny

‎07-01-2019 01:24 PM

Thanks for the update. Good to know that it is working now. Clearly something was out of step between the devices. I wonder if their starting to work might relate to the fact that both devices were rebooted. Perhaps one at a time was not enough. Bottom line is that now it is working.

 

HTH

 

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card