Solved: Re: ROAS Issue

jnewton83985 · ‎02-22-2023

Running into an issue that I cannot figure out and looking for help.

Cable modem (bridge mode) -> 1921 router -> 3750 switch -> computers

No devices can ping the

default gateway:10.5.104.1

The router config was built by another tech but worked at this location at one time which puzzles me as

10.5.104.1

is not anywhere in the config.

Is it normal for the inside interface of a router to have no IP address?
I can only get this to work in CML by creating
```
gi0/1.10 and placing 10.5.104.1 
```
on this interface, then the desktop can ping the
```
default gateway
```

Switch config

spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
interface GigabitEthernet1/0/16
switchport access vlan 10
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
speed 1000
storm-control broadcast level bps 10m
storm-control multicast level bps 10m
storm-control action shutdown
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/19
description AUTONOMOUS AP
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport trunk allowed vlan 2,5,10
switchport mode trunk
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/43
switchport access vlan 5
switchport mode access
switchport port-security maximum 2
switchport port-security mac-address sticky
storm-control broadcast level bps 10m
storm-control multicast level bps 10m
storm-control action shutdown
storm-control action trap
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/46
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 10.2.104.6 255.255.255.0
ip helper-address 10.5.104.2
!
interface Vlan5
ip address 10.5.104.76 255.255.255.248
!
interface Vlan10
ip address 10.5.104.6 255.255.255.192
!
interface Vlan199
ip address 10.199.1.116 255.255.255.0
!
ip default-gateway 10.5.104.73




Router config

no ipv6 cef
no ip source-route
ip cef
!
interface Loopback2
ip address 10.5.104.240 255.255.255.255
!
interface GigabitEthernet0/0
ip address PUBLIC IP ADDRESS
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
no mop enabled
!
interface GigabitEthernet0/1.5
description Outside_MGMT
encapsulation dot1Q 5
ip address 10.5.104.73 255.255.255.248
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.7
encapsulation dot1Q 7
ip address 10.5.104.65 255.255.255.248
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.8
description Guest Wireless
encapsulation dot1Q 2
ip address 10.2.104.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 103 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.5.104.1

Thank you for your help.

paul driver · ‎02-25-2023

Hello
You have quite a few mistakes in this configuration
- As the the router is performing the intervlan routing then you don't need any L3 addressing on the switch
- Missing l3 addressing on the router for vlan 10,199
- The router is performing NAT calling an

access-list

that is none existent
- Your default route is pointing to an interface ip residing on the switch

router
no ip route 0.0.0.0 0.0.0.0 10.5.104.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 <public ip next hop>
or
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.5.104.6 255.255.255.192
ip nat inside

interface GigabitEthernet0/1.199
encapsulation dot1Q 199
ip address 10.199.1.116 255.255.255.0
ip nat inside

access-list 103 permit ip 10.5.104.72 0.0.0.7 any
access-list 103 permit ip 10.5.104.64 0.0.0.7 any
access-list 103 permit ip 10.5.104.0 0.0.0.63 any
access-list 103 permit ip 10.2.104.0 0.0.0.255 any
access-list 103 permit ip 10.199.1.0 0.0.0.255 any



switch
config t
no interface Vlan2
no interface Vlan5
no interface Vlan10
no interface Vlan199
no ip routing
vlan 2,5,7,10,199

int vlan 5
ip address 10.5.104.74 255.255.255.248

Edited- forgot to mention the port on the switch that connects to router needs to be a trunk port

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

luis_cordova · ‎02-22-2023

Hello

IP 10.5.104.1

can be assumed to be located on the cable modem.
This can be deduced by the next hop IP of the configured default route.

ip nat inside source list 103 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 10.5.104.1

The ping to that IP will not be successful because the cable modem should not have a route configured for internal routes, the ones behind the router.

When you use RoaS, it is normal that the physical interface does not have an IP configured, since the addressing is housed in the sub interfaces.

Regards

balaji.bandi · ‎02-22-2023

No devices can ping the

default gateway:10.5.104.1

The router config was built by another tech but worked at this location at one time which

puzzles me as 10.5.104.1

is not anywhere in the config. << - this means this was not working ? or is this working still ?

Is it normal for the inside interface of a router to have no IP address? - yes that is ok since your are using dot1q tagging with VLAN

There are lot of tweaks required in the config: example :

ip address PUBLIC IP ADDRESS  (is this fixed IP address ?)  and is this from same range 10.5.104.X ?

you have NAT statement but we did not see Access-list 103 content ?

ip nat inside source list 103 interface GigabitEthernet0/0 overload


you have 10.2.X and 10.5.X public IP address is this allocated by ISP to you ?

Not sure why you need Loopback interface here ?

You have VLAN tagged 5 7 8, but on the switch we see only VLAN 5 ? ( do you need rest of the VLAN ?)

SWITCH :

If the switch act as Layer 2, you can use

default gateway.

if the switch looks to the Routing function, you need to enable IP routing and change from

default gateway

to, IP route x.x.x.x statement.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

jnewton83985 · ‎02-23-2023

The outside router interface is using a static public IP to talk to the modem, it is not using

10.5.104.1

I removed the IP when sharing the config.

balaji.bandi · ‎02-24-2023

ok what is the issue now ?

BB