Solved: 2911 IS Router configuration...

DanielMHussey · ‎08-23-2010

Hello-

My company recently purchased a 2911 Integrated services router and I have been charged with figuring out how to configure it. Our ISP has provided us with the following information:

Our carriers circuit is coming to us via Chicago Loop's metro-ethernet, and we have a VLAN ID: 105

Here is ths IP info provided:

WAN Block: X.X.254.108/30,

WAN Subnet: 255.255.255.252,

LAN Block: X.X.255.72/29,

LAN Subnet: 255.255.255.248,

Usable IPs: X.X.255.74-.78,

Cust Serial: X.X.254.110,

AOI Serial: X.X.254.109 <I believe this is our ISP's serial?

I currently have the 2911's interfaces configured as:

WAN facing GigabitEthernet0/0 IP: X.X.254.110 , 255.255.255.252

LAN facing GigabitEthernet0/1 IP: X.X.255.74 , 255.255.255.248

I would assume I need to incorporate the VLAN ID of 105 into the mix somehow as well but am not sure where it goes.

NOTE:

We also have a firewall behind the router, which I am fairly certain will get one of our usable IP's...

ANYWAY- THANKS FOR THE HELP, and if at all possible seeing configurations would help me!

-Dan

Chetan Kumar Ress · ‎08-23-2010

Hi Dainel

Below is the config

R1# conf terminal

R1(config)#int gi0/0

R1(config-if)#no ip add

R1(config-if)# no shut

R1(config-if)#exit

R1(config)#int gi0/0.105

R1(config-if)#encapsulation dot1q 105

R1(config-if)# ip add x.x.x.x x.x.x.x

The above config will give you connectivity between ISP router & your Router as a point 2 point link .

The you need to configure Routing protocol or static route for communication between your locaitons.

Regards

Chetan kumar

http://chetanress.blogspot.com

View solution in original post

Nagaraja Thanthry · ‎08-25-2010

Hello,

Does the ISP router has a route back to your LAN IP? If not you need to

configure NAT.

access-list 1 permit

ip nat inside source list 1 interface Gi 0/0.105 overload

interface gi 0/0.105

ip nat enable

exit

interface gi 0/1

ip nat enable

exit

ex:

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface Gi 0/0.105 overload

Hope this helps.

Regards,

NT

View solution in original post

Chetan Kumar Ress · ‎08-23-2010

Hi Dainel

When ISP provide an Metro - Ethernet service then they assign an VLAN for Customer link.

If ISP told you to configure the Vlan ID in you router then you have to create an sub-interface .

For Example :

int g0/0

no ip add

int g0/0.105 --- 105 is sub-interface number ( Subinterface between ISP interface and your interface )

encapsulation dot1q 105

ip add x.x.x.x x.x.x.x

so you will be using subinterface for communication between ISP and your router.

Regards

Chetan Kumar

http://chetanress.blogspot.com

DanielMHussey · ‎08-23-2010

Thanks-

I will give that a try... any idea on the commands to create a sub interface? I am pretty new to terminal, and there is clearly a learning curve. I am sure I will figure it out but any help is greatly needed and will save me from having to /? every 30 seconds

-Dan

Chetan Kumar Ress · ‎08-23-2010

Hi Dainel

Below is the config

R1# conf terminal

R1(config)#int gi0/0

R1(config-if)#no ip add

R1(config-if)# no shut

R1(config-if)#exit

R1(config)#int gi0/0.105

R1(config-if)#encapsulation dot1q 105

R1(config-if)# ip add x.x.x.x x.x.x.x

The above config will give you connectivity between ISP router & your Router as a point 2 point link .

The you need to configure Routing protocol or static route for communication between your locaitons.

Regards

Chetan kumar

http://chetanress.blogspot.com

DanielMHussey · ‎08-23-2010

I am getting the message:

RN(config-subif)#ip address X.X.254.110 255.255.255.252

% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.

I am unsure if the IP i put here is OUR serial or the ISP serial? theres wouls be .109... I am assuming the static route should be to the .109 correct?

-Dan

Chetan Kumar Ress · ‎08-23-2010

HI

Frist configure the dot1q encapsulation undersubinterface then assign IP Address.

Regards

Chetan Kumar

http://chetanress.blogspot.com

DanielMHussey · ‎08-23-2010

Here is what I am getting:

R1(config-subif)#encapsulation dot1q 105
802.1Q VID 105 is already a part of VLAN range 105

R1(config-subif)#ip address X.X.254.110 255.255.255.252

% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.

Is this not what you are reffering to above?

I appologize for my lack of knowledge on this subject...

Nagaraja Thanthry · ‎08-23-2010

Hello,

Can you please post the sanitized version of your configuration here? Do you

have any L2 module in the router where you have configured VLAN 105?

Regards,

NT

DanielMHussey · ‎08-24-2010

Current interface summary:

Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES manual up up

GigabitEthernet0/0.105 unassigned YES unset up up

GigabitEthernet0/1 x.x.255.74 YES manual down down

GigabitEthernet0/2 unassigned YES manual administratively down down

Virtual-Access1 unassigned YES unset up up

Is this what you were looking fo, for the sanatized config? maybe its that virtual-access1 that is causing the problem?

we dont have any pyshical modules installed on it.

-Dan

Nagaraja Thanthry · ‎08-24-2010

Hello,

Can you please send the entire running configuration (remove any public IP

address)?

Regards,

NT

DanielMHussey · ‎08-24-2010

Olenick.com#show config

Using 1281 out of 262136 bytes

!

! Last configuration change at 19:35:59 UTC Mon Aug 23 2010

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname XXXXX.com

!

boot-start-marker

boot-end-marker

!

enable secret XXXXXXXXXXXXXXXXXXXXXXXX

enable password XXXX

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

vlan ifdescr detail

multilink bundle-name authenticated

!

trunk group 1

!

trunk group switchport

!

license udi pid CISCO2911/K9 sn FTX1429A13F

!

username XXXXX privilege 15 password 0 LINE XXXXXX

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

vlan-id dot1q 125

exit-vlan-config

!

vlan-id dot1q 105

exit-vlan-config

!

pppoe enable group global

no mop enabled

ethernet oam

!

interface GigabitEthernet0/0.105

!

interface GigabitEthernet0/1

ip address XXX.XXX.255.74 255.255.255.248

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

dialer-list 1 protocol ip permit

!

control-plane

!

line con 0

line aux 0

line vty 0 4

password XXXXX

login

!

scheduler allocate 20000 1000

end

hope this is what you were lookinh for... agian, I am new to this stuf.. THANKS AGAIN!

DanielMHussey · ‎08-25-2010

Is this the Runnin Config you were asking to see- this is what i got with the SHOW command, if its not, please let me know what it is you were looking for.

-Dan

Nagaraja Thanthry · ‎08-25-2010

Hello,

It seems like, for some reason, the router is thinking that it already has

VLAN 105 configured on the router. Can you send the output of "show diag" or

"show inventory" commands? Also, please collect the output of "show vlan"

from the router.

Regards,

NT

Chetan Kumar Ress · ‎08-25-2010

Hi Daniel

In your config i can see that vlan 105 is already exist but the none of the port is associate with the vlan 105.

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

vlan-id dot1q 125

exit-vlan-config

!

vlan-id dot1q 105

exit-vlan-config

Can you check the vlan data base & Check the Présence of vlan 105 . Also if vlan 105 exist then remove the vlan and then try to config under your sub-interface.

Regards

Chetan Kumar

http://chetanress.blogspot.com

DanielMHussey · ‎08-25-2010

OK!

Here is what I did- I cleared the startup-config THEN I entered the commands you previously told me to and NO ERROR was given form the encapsulation command for the vlan- I was ALSO succesfull in pinging our ISP serial. I am hoping we are live now, and I will be double checking shortly.

Please take a look at the included text files for the request info- I would really appriciate another set of eyes to make sure its configured correctly!