Solved: Re: ROAS and using ethnet ports on a router

willmaci · ‎11-02-2022

I'm currently running a ROAS config that goes up to some switch that is outside of my control. My ROAS works completely fine, however my cisco router has 4 ethernet ports that I'm trying to use but I can't seem to make them work. I tried setting up my uplink with a VLAN1 SVI but that didn't work so I was wondering if someone might have an idea of how I can accomplish this. I have attached a diagram and here is my current config. I don't mind having the ethernet ports on the VLANs that I use for my ROAS or if I have to put them in a separate VLAN that's fine to. I have tried a few different ways to make this work but to no avail.

G 0/0 - 0/3 = the ethernet ports on my switch

G0/4.2 - 0/4.4 = ROAS

G0/5 = uplink

My current model I'm using is

Cisco IOS Software, C800M Software (C800M-UNIVERSALK9-M), Version 15.5(3)M4a, RELEASE SOFTWARE (fc1)

Current configuration

version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname home
!
boot-start-marker
boot-end-marker
!
enable secret 5 
!
no aaa new-model
ethernet lmi ce
!
ip dhcp excluded-address 10.8.8.1
ip dhcp excluded-address 10.8.2.1
ip dhcp excluded-address 10.8.3.1
ip dhcp excluded-address 10.8.4.1
ip dhcp excluded-address 10.8.3.2
ip dhcp excluded-address 10.8.4.2
ip dhcp excluded-address 10.8.3.3
!
ip dhcp pool 2
 network 10.8.8.0 255.255.255.0
 default-router 10.8.8.1
 dns-server 10.8.4.2
!
ip dhcp pool 4
 network 10.8.4.0 255.255.255.0
 default-router 10.8.4.1
 dns-server 10.8.4.2
!
ip dhcp pool 3
 network 10.8.3.0 255.255.255.0
 default-router 10.8.3.1
 dns-server 10.8.4.2
!
ip dhcp pool 4_reserve
 host 10.8.4.2 255.255.255.0
 client-identifier 01dc.a632.a02a.a8
!
ip dhcp pool 3_reserve
 host 10.8.3.2 255.255.255.0
 client-identifier 0100.1132.3d75.b8
!
!
no ip domain lookup
ip domain name home.local
ip cef
no ipv6 cef
!
license udi pid C841M-4X-JSEC/K9 sn FGL2109212W
!
redundancy
!
lldp timer 10
lldp run
no cdp run
!
interface GigabitEthernet0/0
 no ip address
!
interface GigabitEthernet0/1
 no ip address
!
interface GigabitEthernet0/2
 no ip address
!
interface GigabitEthernet0/3
 no ip address
!
interface GigabitEthernet0/4
 ip address 10.8.10.1 255.255.255.0
 duplex auto
 speed auto
 no routing dynamic
!
interface GigabitEthernet0/4.2
 encapsulation dot1Q 2
 ip address 10.8.8.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/4.3
 encapsulation dot1Q 3
 ip address 10.8.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/4.4
 encapsulation dot1Q 4
 ip address 10.8.4.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/5
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
!
interface Vlan2
 no ip address
!
interface Vlan3
 no ip address
!
interface Vlan4
 no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 10 interface GigabitEthernet0/5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/5 10.150.208.1
!
access-list 10 permit 10.8.2.0 0.0.0.255
access-list 10 permit 10.8.3.0 0.0.0.255
access-list 10 permit 10.8.4.0 0.0.0.255
access-list 10 permit 10.8.8.0 0.0.0.255
!
line con 0
 no modem enable
line vty 0 5
 exec-timeout 5 0
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Richard Burts · ‎11-03-2022

There are aspects of this environment that I do not understand, so I would like to start from a basic level and work from there. You have told us "my cisco router has 4 ethernet ports that I'm trying to use but I can't seem to make them work". Am I correct in understanding that this would the G0/0 through G0/3 in the config that you posted? If that is correct then the first step is clear. Those ports belong to vlan 1. The config specifies that vlan 1 has no IP address. So the first step is to assign an IP address for interface vlan 1. Depending on what IP address (and subnet) you use, you may also need to configure a dhcp scope for that subnet. You also should add that subnet to acl 10 used for nat.

Make these changes and let us know the results.

HTH

Rick

View solution in original post

NetworkDave · ‎11-03-2022

@willmaci,

What specifically can you not get to work on the LAN ports?

Check out this Link:
https://community.spiceworks.com/topic/2115158-i-need-help-to-configure-a-cisco-isr-c841m-4x

HTH
----------------------------------------------------------------------------------------------------
Remember to mark helpful posts and mark the correct answer as a solution; It helps other users with similar questions.

Richard Burts · ‎11-03-2022

There are aspects of this environment that I do not understand, so I would like to start from a basic level and work from there. You have told us "my cisco router has 4 ethernet ports that I'm trying to use but I can't seem to make them work". Am I correct in understanding that this would the G0/0 through G0/3 in the config that you posted? If that is correct then the first step is clear. Those ports belong to vlan 1. The config specifies that vlan 1 has no IP address. So the first step is to assign an IP address for interface vlan 1. Depending on what IP address (and subnet) you use, you may also need to configure a dhcp scope for that subnet. You also should add that subnet to acl 10 used for nat.

Make these changes and let us know the results.

HTH

Rick

willmaci · ‎11-03-2022

Thank you both very much for the help so far! And @Richard Burts I have been on these forums forever, it's awesome to have you on one of my questions! Thank you for all that you do!

So I have done as you instructed. Added it to VLAN1 and now all of my devices can communicate locally. (Objective one complete!!)

However, the g0/0 - g0/3 cannot reach the internet. I tried doing a traceroute to 8.8.8.8 on one of the LAN ports and it does hit the default gateway I assigned (10.8.10.1) but I believe there may be an issue with the nat config because that is as far as it goes

I added the following to my config

interface Vlan1
 ip address 10.8.10.1 255.255.255.0

ip dhcp pool 10
 network 10.8.10.0 255.255.255.0
 default-router 10.8.10.1
 dns-server 10.8.4.2

ip dhcp excluded-address 10.8.10.1
access-list 10 permit 10.8.10.0 0.0.0.255

I double checked that they were all on the right VLAN and so far it looked okay.

home(config)#ip dhcp pool 10
network 10.8.10.0 255.255.255.0
default-router 10.8.10.1
dns-server 10.8.4.2

interface Vlan1
 ip address 10.8.10.1 255.255.255.0

access-list 10 permit 10.8.10.0 0.0.0.255


home#show vlan-switch

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/0, Gi0/1, Gi0/2, Gi0/3

EDIT #2. I forgot to add the ip nat inside on the interface. Once I did that, everything is working perfectly. Again thank you so much! @Richard Burts and @NetworkDave for taking the time to answer. I really appreciate it!

home(config)#interface vlan 1
home(config-if)#ip nat inside

willmaci · ‎11-03-2022

For anyone who needs to know what the full working config was. Here it is

home#show run
Building configuration...

Current configuration : 2960 bytes
!
! Last configuration change at 05:00:01 UTC Fri Nov 4 2022
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname home
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
ethernet lmi ce
!
ip dhcp excluded-address 10.8.8.1
ip dhcp excluded-address 10.8.2.1
ip dhcp excluded-address 10.8.3.1
ip dhcp excluded-address 10.8.4.1
ip dhcp excluded-address 10.8.3.2
ip dhcp excluded-address 10.8.4.2
ip dhcp excluded-address 10.8.3.3
ip dhcp excluded-address 10.8.10.1
!
ip dhcp pool 2
 network 10.8.8.0 255.255.255.0
 default-router 10.8.8.1
 dns-server 10.8.4.2
!
ip dhcp pool 4
 network 10.8.4.0 255.255.255.0
 default-router 10.8.4.1
 dns-server 10.8.4.2
!
ip dhcp pool 3
 network 10.8.3.0 255.255.255.0
 default-router 10.8.3.1
 dns-server 10.8.4.2
!
ip dhcp pool 4_reserve
 host 10.8.4.2 255.255.255.0
 client-identifier 01dc.a632.a02a.a8
!
ip dhcp pool 3_reserve
 host 10.8.3.2 255.255.255.0
 client-identifier 0100.1132.3d75.b8
!
ip dhcp pool 10
 network 10.8.10.0 255.255.255.0
 default-router 10.8.10.1
 dns-server 10.8.4.2
!
no ip domain lookup
ip domain name home.local
ip cef
no ipv6 cef
!
license udi pid C841M-4X-JSEC/K9 sn FGL2109212W
!
redundancy
!
lldp timer 10
lldp run
no cdp run
!
interface GigabitEthernet0/0
 no ip address
!
interface GigabitEthernet0/1
 no ip address
!
interface GigabitEthernet0/2
 no ip address
!
interface GigabitEthernet0/3
 no ip address
!
interface GigabitEthernet0/4
 no ip address
 duplex auto
 speed auto
 no routing dynamic
!
interface GigabitEthernet0/4.2
 encapsulation dot1Q 2
 ip address 10.8.8.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/4.3
 encapsulation dot1Q 3
 ip address 10.8.3.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/4.4
 encapsulation dot1Q 4
 ip address 10.8.4.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface GigabitEthernet0/5
 ip address dhcp
 no ip redirects
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly in
 duplex auto
 speed auto
!
interface Vlan1
 ip address 10.8.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan2
 no ip address
!
interface Vlan3
 no ip address
!
interface Vlan4
 no ip address
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip nat inside source list 10 interface GigabitEthernet0/5 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/5 10.150.208.1
!
access-list 10 permit 10.8.2.0 0.0.0.255
access-list 10 permit 10.8.3.0 0.0.0.255
access-list 10 permit 10.8.4.0 0.0.0.255
access-list 10 permit 10.8.8.0 0.0.0.255
access-list 10 permit 10.8.10.0 0.0.0.255
!
line con 0
 no modem enable
line vty 0 5
 exec-timeout 5 0
 login
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end

Richard Burts · ‎11-04-2022

You are welcome. I am glad that it is now working as expected and that our suggestions were helpful. Thank you for sharing the current working config. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick