06-17-2018 09:43 AM - edited 03-08-2019 03:23 PM
I’ve yet to actually get an answer that has helped me over the past few months when it comes to getting a 4321 router working as a router.
This is simple simple stuff that I need to do (I just need the functionality of a $30 router – I’m paying for quality not features. The original Cisco router we got ran for 10 years without a hiccup – that’s ALL I want right now.)
- Port 1, aka 0/0/1, aka 192.168.2.254 goes to the ISP’s ADLS/VDSL modem and is the Gateway address (according to the Cisco tech who connected to show me how to update the software and configure the ports this has to be the gateway address – yes, I have a service contract but want to learn how it’s done myself.)
- Port 2, aka 0/0/0, aka 192.168.2.253 goes to the switch (because eventually in our largest location I will be using the fiber link because the router and switch are on different floors.)
- The unit logs onto the ISP using PPPoE (Bell Canada.)
- The unit assigns IP addresses as devices are turned on (and takes them away when they are turned off), aka DHCP.
- I get internet access
Why is this proving to be impossible?
I get BDI set up on both ports so they are on the same subnet – then find out the hard way that PPPoE doesn’t want to work. (Our new store where this unit was installed was down for an hour Friday morning because the Bell 1000 unit did not want to get out of bridge mode when the test failed.)
I disable BDI this morning and then can no longer see the other port on the other subnet that I had to set it to – and still no internet access.
This isn't a router - it's a literal nightmare.
06-17-2018 10:22 AM
Hello,
can you post the full config ?
--> - Port 1, aka 0/0/1, aka 192.168.2.254 goes to the ISP’s ADLS/VDSL modem and is the Gateway address
- Port 2, aka 0/0/0, aka 192.168.2.253
Not sure how this is supposed to work. Your setup sounds fairly simple, let us see the config...
06-17-2018 12:42 PM
I'll have to post it in the AM, I gave up and went home.
I think that my problem is that I thought that the second WAN port was a LAN port when I bought it. I could get to work the way I need it to with that DBI trick if I didn’t have to deal with PPPoE.
No way is there the budge for a Lan NIM card and I need both slots for planned future expansion, the ADSL/VDSL modem card so I don’t have to pay the Telco a monthly rental on their modem and the Cell LTE card in case the Telco's internet goes down so that debit/credit transactions still work.
06-17-2018 01:12 PM
Hello,
post a brief schematic drawing of what you are trying to accomplish with the Cisco router. What do you mean by WAN and LAN port ?
06-19-2018 08:02 AM
What I want is simple (If you do have trouble understanding my rambling I’ll load MS Paint and try to make a picture):
1) Port 1, aka GigabitEthernet0/0/0 goes to a port 50 on an SG500-48P and everything that gets plugged into that SG500 should be able to surf the web. It’s just one big happy switch right now (I’ll worry about setting VLANS up on it when I get internet service working on this router - The VLANs on the switch I know how to.)
The router assigns IP addresses to each device as they connect starting at IP address 192.168.2.2 (I’d go with 192.168.2.1 but that is the modem’s IP when it is not in bridge mode so I prefer to keep the address range the way it currently is. (The router also unassigns assigned IP addresses when the devices are turned off/disconnected.)
The only reason I’m going with Port 1 to the switch instead of the modem is that the fiber thingy slot is also assigned to that port and in one store I’d like to connect the router to the switch using the fiber link because they are on different floors – and I want to have consistency in every location. BUT, if I have to reverse these ports I can live with an ethernet connection at that location instead of the fiber link.
Also, if the ports on this router don’t have to be at 192.168.2.254 etc. I also don’t care (I just thought that they had to be – if the devices on the Lan/network can communicate with the internet, and vice versa, through the router if those posts are set to whatever those 10.x.x.x style numbers, I’m good with that (I have the alleged “Management” port already set to a 192.168.2.x address so the alleged “Graphical Interface” can talk to it (One would think that a Management Port and Graphical Interface would interface and manage - Enter the router's IP address if you don't like the default, maybe check a box or two, enter PPPoE ID & PW and instant internet working.)
2) Port 2, aka GigabitEthernet0/0/1 goes to a Bell Canada 1000 router/modem that will be in bridge mode and thus losing its ability to logon via PPPoE – so the 4321 needs to do the logging into the ISP.
Bell disabled port forwarding on these units (I don’t know if it’s just for business customers) and I need to forward ports. Bell’s tech support told me that I had to buy our own router if I wanted to do that. That Bell 1000 unit connects to another box via Ethernet not via RJ-11/RJ-12 ADSL style normal phone jack (That box has a fiber optic cable coming into it and eight RJ-11 jacks for good old-fashioned POTS phones and 4 RJ-45/Ethernet jacks labeled LAN1-4 with LAN1 going to the Bell 1000 modem – I don’t what it’s make/model is because it’s up high on the wall and I’ll need to get a ladder to get at it.)
06-19-2018 08:26 AM
Hello,
the below should work. All clients on your switch are assumed to be in Vlan 10. If you have other Vlans, create the respective service instances and BDIs.
Important parts are marked in bold:
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Carlton_Router
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.03.16.07b.S.155-3.S7b-ext.SPA.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$d2AV$.x62c8AIL9dVKFN/m1Q61.
enable password Bloor
!
no aaa new-model
ethernet lmi global
no process cpu autoprofile hog
clock timezone GMT -5 0
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.2.245 192.168.2.254
!
ip dhcp pool Carlton
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 8.8.8.8 8.8.4.4
!
subscriber templating
multilink bundle-name authenticated
!
license udi pid ISR4321/K9 sn FDO21112KP2
!
spanning-tree extend system-id
!
username admin privilege 15 secret 5 $1$w/4P$sd2z6NvcAOHTKWR.QHRzU0
!
redundancy
mode none
!
no cdp run
!
interface BDI10
ip address 192.168.2.254 255.255.255.0
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
service instance 10 ethernet
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
bridge-domain 10
!
interface GigabitEthernet0/0/1
description PrimaryWANDesc_
no ip address
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
no cdp enable
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname dlftzcr3@bellnet.ca
ppp chap password 0 nVSLJRc4
ppp pap sent-username dlftzcr3@bellnet.ca password 0 nVSLJRc4
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.2.0 0.0.0.255
!
snmp-server community public RO
!
control-plane
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet
transport output telnet
!
end
06-19-2018 11:52 AM
@Georg Pauwen wrote:
Hello,
the below should work. All clients on your switch are assumed to be in Vlan 10. If you have other Vlans, create the respective service instances and BDIs.
I really appreciate the post, (and will be most definitely trying it) but this is what is confusing me, why a VLAN 10? What is it for, what does it do, why do I even need a VLAN on the router?
Can it be set to "1" - I ask because I believe in keeping things very simple, if there is only one VLAN on the router then I would call it "VLAN 1" and if I find down the road as I learn this stuff that I need a second VLAN, I would call it "VLAN 2." For example if I find I need a second VLAN to implement the scenario in the paragraph below:
I'm looking at some of that Retail technology Cisco has, for potential future solutions - like tracking phone locations in a store with the access points (don’t need to know any information about the phone, only that x amount of 'radio transmitters' visited a specific location on a specific day/time to see how many people visit the section(s) the day after we run an Ad, or sending promotional text messages to regular customers that have signed up if they are near the product. (Yes, yes I know I have a very steep learning curve - but even an old dog like me can learn new tricks, just slowly.)
My switch is currently just set to the default (no VLANs or VLAN 1 if that's the default on the SG500s) and when I set VLANs on it, they, VLANs 1 to 5 or 6, will all (with the exception of the VLAN with the security cameras) be part of Port 50/VLAN 1 so as far as the router should be concerned it is talking to a single switch with no VLANs.
06-19-2018 11:59 AM
Hello.
VLAN 10 was just an example, since you said you had several VLANs running on the switch. To keep everything in the (default) Vlan 1, configure the below:
interface BDI1
ip address 192.168.2.254 255.255.255.0
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
service instance 1 ethernet
encapsulation dot1q 1
rewrite ingress tag pop 1 symmetric
bridge-domain 1
07-03-2018 10:52 AM
The only reason I am concerned about this VLAN issue is that at one location (the largest) I was considering putting in a SG500-24P in the basement and linking it to the SG500-48P with the fiber link (every other store can run off of one SG500-48P ) on the main floor because that location has accounting and marketing and thus has more IP phones and computers than a store location has and the 50 ports on the SG500 48P aren’t enough. I had planned on "bridging" the VLANS between both switches (phones are on their own VLAN and so are computers.)
But like the locations where I have just a single switch I want the connection to appear to the router as a single no-VLANS switch. (That I've figured out how to do and was concerned that if I have to make VLANs on the router that I have to bridge those to the switch instead (on top of) of just plugging in a patch cable.)
Like I pointed out in another post, I don’t know Cisco's OS and commands and I just want to get the basics up and running and play with the complex issues (that are currently a want not a need) at 4am when usually get up and the stores are closed and I can quickly return them to a running state before they start opening at 8:30 & 9am.
07-03-2018 10:19 AM
07-03-2018 02:12 PM
Hello,
first of all, glad that you got it working. I am curious to know what change the engineer did...
08-29-2018 09:27 PM
@Georg Pauwen wrote:
Hello,
first of all, glad that you got it working. I am curious to know what change the engineer did...
I've been too busy doing maintenance jobs (I do that for the stores also) to get back and go through the log to sort out the commands that were entered. (I plan on doing that soon though and posting the configuration for other beginners that may also encounter the problems I have - It's more of an issue of not knowing IOS and being used to programming routers with a browser and just checking off a few boxes to get up and running than anything else.)
Next problem - port forwarding. Whatever the engineer did for that isn’t working and the boss is going ballistic (and I mean that literally - I could not use the language he is using on a public forum) because he can’t access the security camera from home.
08-30-2018 01:57 AM - edited 08-30-2018 02:01 AM
Hello
It looks like:
gig0/0 = is your LAN port
gig0/1 = what is this being used for?
Dialer 1 -= is connected to the ISP modem, so this is your WAN port
Now for Port forwarding to work you need to have NAT enabled on your LAN/WAN ports and also a static NAT addressing for you camera system. - ( Note: nat is already applied to the dialer interface on your router)
Now lets say your camera ip address is 192.168.2.250 and you need to access it via HTTP/HTTPS
conf t
int gig0/0
ip nat inside
exit
ip nat inside source static tcp 192.168.2.250 80 interface dialer 1 80
ip nat inside source static tcp 192.168.2.250 443 interface dialer 1 443
To test this, you need to try to access the camera system via the public ip address supplied to you via the ISP modem - this you will find by inputting the following command:
sh ip interface brief - and check the ip address of the dialer 1 interface
06-19-2018 07:07 AM
Sorry for the delay, I also do store maintenance and had a grease trap problem yesterday. (We are too small for a dedicated IT function.)
Now this running configuration may look like a dog’s breakfast in some places because on Sunday morning I was desperately entering all kinds of commands (most of which I have no idea what they changed) that I had written down when the various Cisco techs that connected to this unit were trying to get it working the way I need.
I did a "show config" and a "show running" because I don't know if they are the same or different. (the "show running" will be the next reply.)
Carlton_Router#show config
Using 2295 out of 33554432 bytes
!
! Last configuration change at 04:08:18 GMT Sun Jun 17 2018 by admin
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Carlton_Router
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.03.16.07b.S.155-3.S7b-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$d2AV$.x62c8AIL9dVKFN/m1Q61.
enable password Bloor
!
no aaa new-model
ethernet lmi global
no process cpu autoprofile hog
clock timezone GMT -5 0
!
!
!
!
!
!
!
!
!
!
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.2.245 192.168.2.254
!
ip dhcp pool Carlton
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 8.8.8.8 8.8.4.4
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO21112KP2
!
spanning-tree extend system-id
!
username admin privilege 15 secret 5 $1$w/4P$sd2z6NvcAOHTKWR.QHRzU0
!
redundancy
mode none
!
!
no cdp run
!
!
!
!
!
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
!
interface GigabitEthernet0/0/1
description PrimaryWANDesc_
ip address 192.168.2.254 255.255.255.0
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
ip address 192.168.2.245 255.255.255.0
negotiation auto
no cdp enable
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
ppp authentication chap pap callin
ppp chap hostname dlftzcr3@bellnet.ca
ppp chap password 0 nVSLJRc4
ppp pap sent-username dlftzcr3@bellnet.ca password 0 nVSLJRc4
no cdp enable
!
interface BDI1
ip address 192.168.2.254 255.255.255.0
shutdown
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
!
!
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet
transport output telnet
!
!
end
Carlton_Router#
06-19-2018 07:27 AM - edited 06-19-2018 07:30 AM
Hello
@IT at Very Very Small Business wrote:
Sorry for the delay, I also do store maintenance and had a grease trap problem yesterday. (We are too small for a dedicated IT function.)
Now this running configuration may look like a dog’s breakfast in some places because on Sunday morning I was desperately entering all kinds of commands (most of which I have no idea what they changed) that I had written down when the various Cisco techs that connected to this unit were trying to get it working the way I need.
I am wondering if you really need to config this rtr as a PPOE client?
If you plug a laptop into the ISP rtr do you get ip address allocation?, If so then all the below configuration isn't necessary?
Also few point on your exiting config.
1) you have the a incorrect default route if your using PPOE
2) gig0/0/0 is in a vrf so anything connected to this interface is logically separate from the rest of your network
3) As stated it looks like BDI isnt is compatible with your rtr
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide