3825 router with 48 port switch service module routing help

daniel.litwin · ‎07-19-2016

Hello

I've got a 3825 ISR router with a NME-XD-48ES-2S-P 48 port service module installed.

I'm having a problem communicating from the switch out to the WAN.

From the router side, I am able to ping the WAN and internal hosts on the switch. I am not able to ping from the switch to the WAN.

WAN port is G0/0 on the router to a cable modem via DHCP

connection from router to switch is an internal G1/0/4

Router subnet is 192.168.0.0/24

Switch subnet Vlan 1 is 192.168.1.0/24

The 3825 used to be used as an SRST device, but has been decommissioned. I'm repurposing it but didn't wipe the whole config, hence some of the voice stuff still listed.

Here are my configs:

Router:

ISR-01#sh run
Building configuration...

Current configuration : 7516 bytes
!
! No configuration change since last restart
version 15.1
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service linenumber
!
hostname ISR-01
!
boot-start-marker
boot-end-marker
!
!
logging buffered 10000
no logging console
logging monitor informational
!
no aaa new-model
!
clock timezone cst -6 0
clock summer-time cst recurring
!
dot11 syslog
ip source-route
!
ip cef
!
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
vtp version 2
!
redundancy
!
interface GigabitEthernet0/0
ip address dhcp
duplex full
speed 100
media-type rj45
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
!
interface Integrated-Service-Engine1/0
no ip address
no keepalive
!
interface GigabitEthernet2/0
description $ETH-LAN$
ip address 192.168.0.1 255.255.255.0
!
no ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip route 192.168.1.0 255.255.255.0 192.168.0.2
ip route 192.168.1.6 255.255.255.255 IDS-Sensor0/0
!
logging source-interface GigabitEthernet0/0
!
snmp-server trap-source GigabitEthernet0/0
snmp-server system-shutdown
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps xgcp
snmp-server enable traps envmon
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps cnpd
snmp-server enable traps config
snmp-server enable traps dial
snmp-server enable traps dsp card-status
snmp-server enable traps entity
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmobile
snmp-server enable traps ipmulticast
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps rsvp
snmp-server enable traps ipsla
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps voice poor-qov
snmp-server enable traps dnis
!
!
control-plane
!
!
voice-port 0/0/0
timing hookflash-out 500
!
voice-port 0/0/1
!
ccm-manager redundant-host 10.1.5.9
ccm-manager mgcp
ccm-manager music-on-hold
ccm-manager config server 10.1.5.9
ccm-manager config
!
mgcp
mgcp call-agent 10.1.5.10 2427 service-type mgcp version 0.1
mgcp dtmf-relay voip codec all mode out-of-band
mgcp rtp unreachable timeout 1000 action notify
mgcp modem passthrough voip mode nse
mgcp package-capability rtp-package
mgcp package-capability sst-package
mgcp package-capability pre-package
no mgcp package-capability res-package
no mgcp package-capability fxr-package
no mgcp timer receive-rtcp
mgcp sdp simple
mgcp fax t38 inhibit
mgcp rtp payload-type g726r16 static
mgcp bind media source-interface GigabitEthernet0/0
!
mgcp profile default
!
sccp local GigabitEthernet0/0
sccp ccm 10.1.5.9 identifier 2 priority 2 version 4.1
sccp ccm 10.1.5.10 identifier 1 priority 1 version 4.1
!
dial-peer voice 999000 pots
service mgcpapp
port 0/0/0
!
!
!
!
call-manager-fallback
max-conferences 4 gain -6
transfer-system full-consult
ip source-address 10.2.247.2 port 2000
max-ephones 336
max-dn 960
!
line con 0
exec-timeout 3 0
password 7 02300D50020808321D
logging synchronous
login local
line aux 0
exec-timeout 0 1
password 7 097A4702100B10015A
no exec
transport output none
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 130
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line 194
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
speed 115200
line vty 0 4
access-class 6 in
exec-timeout 30 0
privilege level 15
password 7 107800120C1915185D
logging synchronous
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
logging synchronous
login local
transport input telnet ssh
!
scheduler allocate 20000 1000
ntp master
ntp server 64.113.33.2
ntp server 65.111.172.8
end

SWITCH:

Switch>en
Password:
Switch#sh run
Building configuration...

Current configuration : 7533 bytes
!
! No configuration change since last restart
!
version 12.2
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service linenumber
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
logging buffered 10000
no logging console
logging monitor informational
!
no aaa new-model
clock timezone PCTime -6
clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
ip routing
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet1/0/1
description -= Users =-
!
interface FastEthernet1/0/2
description -= Users =-
!
interface FastEthernet1/0/3
description -= Users =-
!
interface FastEthernet1/0/4
description -= Users =-
!
interface FastEthernet1/0/5
description -= Users =-
!
interface FastEthernet1/0/6
description -= Users =-
!
interface FastEthernet1/0/7
description -= Users =-
!
interface FastEthernet1/0/8
description -= Users =-
!
interface FastEthernet1/0/9
description -= Users =-
!
interface FastEthernet1/0/10
description -= Users =-
!
interface FastEthernet1/0/11
description -= Users =-
!
interface FastEthernet1/0/12
description -= Users =-
!
interface FastEthernet1/0/13
description -= Users =-
!
interface FastEthernet1/0/14
description -= Users =-
!
interface FastEthernet1/0/15
description -= Users =-
!
interface FastEthernet1/0/16
description -= Users =-
!
interface FastEthernet1/0/17
description -= Users =-
!
interface FastEthernet1/0/18
description -= Users =-
!
interface FastEthernet1/0/19
description -= Users =-
!
interface FastEthernet1/0/20
description -= Users =-
!
interface FastEthernet1/0/21
description -= Users =-
!
interface FastEthernet1/0/22
description -= Users =-
!
interface FastEthernet1/0/23
description -= Users =-
!
interface FastEthernet1/0/24
description -= Users =-
!
interface FastEthernet1/0/25
description -= Users =-
!
interface FastEthernet1/0/26
description -= Users =-
!
interface FastEthernet1/0/27
description -= Users =-
!
interface FastEthernet1/0/28
description -= Users =-
!
interface FastEthernet1/0/29
description -= Users =-
!
interface FastEthernet1/0/30
description -= Users =-
!
interface FastEthernet1/0/31
description -= Users =-
!
interface FastEthernet1/0/32
description -= Users =-
!
interface FastEthernet1/0/33
description -= Users =-
!
interface FastEthernet1/0/34
description -= Users =-
!
interface FastEthernet1/0/35
description -= Users =-
!
interface FastEthernet1/0/36
description -= Users =-
!
interface FastEthernet1/0/37
description -= Users =-
!
interface FastEthernet1/0/38
description -= Users =-
!
interface FastEthernet1/0/39
description -= Users =-
!
interface FastEthernet1/0/40
description -= Users =-
!
interface FastEthernet1/0/41
description -= Users =-
!
interface FastEthernet1/0/42
description -= Users =-
!
interface FastEthernet1/0/43
description -= Users =-
!
interface FastEthernet1/0/44
description -= Users =-
!
interface FastEthernet1/0/45
description -= Users =-
!
interface FastEthernet1/0/46
description -= Users =-
!
interface FastEthernet1/0/47
description -= Users =-
!
interface FastEthernet1/0/48
description -= Users =-
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
no switchport
ip address 192.168.0.2 255.255.255.0
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
ip classless
ip route 192.168.0.0 255.255.255.0 192.168.0.1
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip sla enable reaction-alerts
!
snmp-server system-shutdown
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps tty
snmp-server enable traps entity
snmp-server enable traps vtp
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps config
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps syslog
!
line con 0
exec-timeout 3 0
password 7 02300D50020808321D
logging synchronous
login local
line vty 0 4
access-class 6 in
exec-timeout 30 0
privilege level 15
password 7 107800120C1915185D
logging synchronous
login local
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
logging synchronous
login local
transport input telnet ssh
!
ntp clock-period 36029320
ntp server 8.8.8.8 source GigabitEthernet1/0/4 prefer
end

chrihussey · ‎07-20-2016

The only routing on the switch I see is for the 192.168.0.0/24 network, there is no default route. So it does not know how to get to the WAN. Try adding:

ip route 0.0.0.0 0.0.0.0 192.168.0.1

This should get you from the switched network to the WAN.

The router will probably also need a default route to the next hop WAN address. SInce it's DHCP, I'm not sure how likely that the WAN IP could change, but the default route should point to the next hop IP and not the LAN interface (G0/0).

paul driver · ‎07-20-2016

Hello

Router
no ip route 192.168.1.0 255.255.255.0 192.168.0.2
ip route 192.168.1.0 255.255.255.0 GigabitEthernet2/0 192.168.0.2
ip route 192.168.0.0 255.255.255.0 Null0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp

Switch
no ip route 192.168.0.0 255.255.255.0 192.168.0.1
ip route 0.0.0.0 0.0.0.0 GigabitEthernet1/0/4 192.168.0.1
ip route 192.168.1.1 255.255.255.0 null 0

resPaul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

daniel.litwin · ‎08-03-2016

I made these changes, and I still can't get out to the WAN from the switch. ISR side, I can ping everything LAN and WAN sides.

Here is my routes on router side:

ISR-01#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 104.159.176.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 104.159.176.1, GigabitEthernet0/0
      68.0.0.0/32 is subnetted, 1 subnets
S        68.114.37.101 [254/0] via 104.159.176.1, GigabitEthernet0/0
      104.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        104.159.176.0/22 is directly connected, GigabitEthernet0/0
L        104.159.179.100/32 is directly connected, GigabitEthernet0/0
      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, GigabitEthernet2/0
L        192.168.0.1/32 is directly connected, GigabitEthernet2/0
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
S        192.168.1.0/24 [1/0] via 192.168.0.2, GigabitEthernet2/0
S        192.168.1.6/32 is directly connected, IDS-Sensor0/0
ISR-01#

Here is the routes on the switch side:

Switch#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.0.1 to network 0.0.0.0

C 192.168.0.0/24 is directly connected, GigabitEthernet1/0/4

C 192.168.1.0/24 is directly connected, Vlan1

S* 0.0.0.0/0 [1/0] via 192.168.0.1, GigabitEthernet1/0/4

Switch#

Any more thoughts?

Dan