The Internet does not work if the provider is in the L2 port

Edgar481516 · ‎11-27-2023

Hello! The problem is the following: sometimes the Internet access for clients behind the router is lost (wireless and wired), but from the router itself the Internet is available. If you reboot the cisco router, the problem disappears for a few hours and then reappears. The problem is completely solved if you enable the ISP in the L3 port. Can anyone tell me why this happens? Here is an example of configuration.

interface GigabitEthernet0/1/1
description * Starlink *
switchport access vlan 15
switchport mode access

interface Vlan15
description * Starlink *
ip vrf forwarding inet
ip address dhcp
ip nat outside
ip access-group outside_in in
service-policy output starlink-dmvpn-guest-silpo

interface Vlan135
description *** SLY ***
bandwidth 10000
ip vrf forwarding inet
ip address 192.168.109.1 255.255.255.0
ip nat inside
ip access-group SLY in

route-map Inet_NAT_Silpo_ISP1 permit 10
match ip address 56
match interface Vlan15

ip nat inside source route-map Inet_NAT_Silpo_ISP1 interface Vlan15 vrf inet overload

ip route vrf inet 0.0.0.0 0.0.0.0 192.168.1.1 name inet

ping vrf inet 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/52/96 ms

Everything will be Ukraine !!!

MHM Cisco World · ‎11-27-2023

match ip address 56

Are you sure this acl is correct add to your router?

Edgar481516 · ‎11-28-2023

Yes, the acl is good. When i plug starlink into L3 port with the same ACL it works.

Everything will be Ukraine !!!

MHM Cisco World · ‎11-28-2023

If you reboot the cisco router, the problem disappears for a few hours and then reappears.

This make me think

You use specific IP as next-hop in your static route

You instead

Ip route x.x.x.x x.x.x.x ethx dhcp

It can that dhcp gw is change and make defualt route not work.

MHM

Richard Burts · ‎11-28-2023

I am puzzled about this "The problem is completely solved if you enable the ISP in the L3 port". Can you explain this? Perhaps also provide the configuration used for that L3 port?

HTH

Rick

Edgar481516 · ‎11-28-2023

Hello Richard thank for your answer!

I have started use this:

L3 port

interface GigabitEthernet0/0/1
description * Starlink *
ip vrf forwarding inet
ip address dhcp
ip nat outside
ip access-group outside_in in
negotiation auto

instead

l2 port (swithport)

interface GigabitEthernet0/1/1
description * Starlink *
switchport access vlan 15
switchport mode access

Everything will be Ukraine !!!

MHM Cisco World · ‎11-28-2023

One more thing check when use l2 of the dhcp push IP or nor

Show ip interface brief

MHM

Richard Burts · ‎11-28-2023

Thank you for the information that I requested. In comparing what works with what does not work the difference that I find is this:

service-policy output starlink-dmvpn-guest-silpo

We do not know what this policy does or how it might affect the connectivity. As a test could you remove this from the config and see if the behavior changes?

HTH

Rick