Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
679
Views
0
Helpful
8
Replies

ASR9001 routing question

tinhnho123
Level 2
Level 2

‎03-05-2016 07:32 PM - edited ‎03-08-2019 04:50 AM

Hello,

 I'm given a subnet  73.24.24.240/28 from my ISP. Everything was working with my old edge router. I was trying to replace my old edge router with ASR9001 and I believe I'm having issue with routing. My ASR router is connected to ISP router and my layer3 switch (the attachment is my topology).

On the ASR router, I divided the subnet 73.24.24.240/28 into small subnets:
73.24.24.240/29

73.24.24.248/29

Below are configurations of the ASR:

interface GigabitEthernet0/0/0/0
   description to Internet
   ipv4 address 73.24.24.241 255.255.255.248
   speed 1000
   negotiation auto
!

interface GigabitEthernet0/0/0/1
   description to Layer3 switch
   ipv4 address 73.24.24.249 255.255.255.248
   speed 1000
   negotiation auto

router static
   address-family ipv4 unicast
     0.0.0.0/0 73.24.24.245 14
!

Note: The IP address 73.24.24.245 is the ISP router's G0/1 interface (or my ASR next hop).

router ospf 1
  log adjacency changesrouter-id 73.24.24.241
  nsf cisco
  auto-cost reference-bandwidth 1000
  redistribute static metric-type 1
  area 1
     nssa default-information-originate metric-type 1
     interface GigabitEthernet0/0/0/1

Below is the Layer3 switch setup:

interface vlan 2
   ip address 73.24.24.250 255.255.255.248

ip default-gateway 73.24.24.249

interface g1/1/1
   switchport
   switchport access vlan 2
   switchport mode access
   no shut

From the ASR, I can ping 8.8.8.8, 73.24.24.245 and 73.24.24.250 (layer3 switch). 

From Layer3 switch, I can ping both interfaces of ASR g0/0/0/0 and g0/0/0/1 IP addresses, but can not ping 73.24.24.245 and 8.8.8.8. 

Do you guys have any ideas why my Layer3 switch can not ping 73.24.24.245 and 8.8.8.8 and others? If it's unclear, please feel free to let me know. 

Thanks.

Labels:
Preview file
63 KB
0 Helpful
8 Replies 8

Iulian Vaideanu
Level 4
Level 4

‎03-06-2016 06:20 AM

"ip default-gateway 73.24.24.248" doesn't look right (should be .249)

0 Helpful

tinhnho123
Level 2
Level 2
In response to Iulian Vaideanu

‎03-06-2016 07:33 AM

sorry for the typo. it's 73.24.24.249.
0 Helpful

Iulian Vaideanu
Level 4
Level 4
In response to tinhnho123

‎03-06-2016 11:09 AM

You said that you divided your subnet when you migrated to the ASR - it could happen that the ISP's router still has /28 as netmask for its .245 interface towards you, and when it tries to reply to .250 (your Layer3 switch) it expects to find it "locally" (on the same network) and not behind another router (your ASR).

0 Helpful

tinhnho123
Level 2
Level 2
In response to Iulian Vaideanu

‎03-10-2016 12:01 PM

Hello, 

I think you're right as the ISP still has /28 as netmask.

Since that way didn't work, I've changed the ASR's g0/0/0/1 to have private ip 192.168.0.1/24

interface GigabitEthernet0/0/0/0
   description to Internet
   ipv4 address 73.24.24.241 255.255.255.248
   speed 1000
   negotiation auto
!

interface GigabitEthernet0/0/0/1
   description to Layer3 switch
   ipv4 address 192.168.0.1 255.255.255.0
   speed 1000
   negotiation auto

router static
   address-family ipv4 unicast
     0.0.0.0/0 73.24.24.245 14
!

router ospf 1

  log adjacency changesrouter-id 73.24.24.241
  nsf cisco
  auto-cost reference-bandwidth 1000
  redistribute static metric-type 1
  area 1
     nssa default-information-originate metric-type 1
     interface GigabitEthernet0/0/0/1

My Layer 3 switch now has:

interface vlan 2
   ip address 192.168.0.2 255.255.255.0

ip default-gateway 192.168.0.1

interface g1/1/1
   switchport
   switchport access vlan 2
   switchport mode access
   no shut

I can ping the ASR's g0/0/0/0 and g0/0/0/1 interfaces from my switch but can't ping 8.8.8.8 or any other public addresses. Any ideas? Thanks.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to tinhnho123

‎03-10-2016 03:58 PM

You need to setup NAT because you are using private IPs and they need translating to one of your public IPs, either the interface IP or one of the other IPs in that subnet.

Jon

0 Helpful

tinhnho123
Level 2
Level 2
In response to Jon Marshall

‎03-10-2016 04:10 PM

Hi Jon,

I had NAT setup on my old router but this ASR 9001 does not have NAT commands that I can use in this case. Are there any other ways around without setup NAT?

Thanks.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to tinhnho123

‎03-10-2016 04:55 PM

Your original solution should work as long as the interface on your ASR that connects to the ISP has proxy arp enabled.

The ISP will simply send an arp for all IPs and your ASR should respond for the IPs on the inside with the mac address of it's outside interface.

It may be the ISP router has some incorrect arp entries from before you switched over.

Jon

0 Helpful

tinhnho123
Level 2
Level 2
In response to Jon Marshall

‎03-11-2016 11:39 AM

Hello Jon,

I've turned on 'proxy-arp' for both interfaces g0/0/0/0 and g0/0/0/1 on the ASR. From the layer 3 switch, now I can ping 73.24.24.245 which I couldn't ping before.

The only issue which I have now is that I still can't ping 8.8.8.8 from my layer3 switch.I did reboot the ISP router and it didn't seem to help either. Not sure what to do next.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card