Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
983
Views
0
Helpful
4
Replies

Cable modem as transit link with Catalyst not working?

Go to solution
Jon_K
Level 1
Level 1

‎11-19-2019 09:06 PM - edited ‎11-19-2019 09:34 PM

Hi there,

 

I've got Spectrum cable (Cadant CMTS), with a Netgear modem. Whenever I reboot my firewall, switch, or modem, I can't get an IP address until I connect the modem to the firewall (Ubiquiti USG) and then it grabs a public DHCP lease and will work over my Cisco configuration. These aren't layer 3 ports. No other ports are online with vlan 999. The only layer 3 interface is vlan1. I have no VLAN set on my firewall WAN/LAN ports so GigE0/24 should be fine. I click connect all day on my Ubiquiti firewall and it says "No internet connection" until physically connected to the modem and reboot modem/firewall. Once I get a lease, I can introduce the switch and stay connected.

The SFP fiber port is connected to a TP-LINK ethernet to media converter and I do this for lightning isolation between the coaxial modem and my firewall. (I've had everything fried 3 times so far.) I don't have any sort of DHCP snooping protection enabled as far as I can see, so not sure what's happening.

Anyone know what to look for?

 

Here's the relevant configs. 

 

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname core-sw-01
!
no aaa new-model
clock timezone UTC -6
system mtu routing 1500
!
ip subnet-zero
ip domain-name localdomain
ip name-server 192.168.1.1
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
lldp holdtime 60
!
interface GigabitEthernet0/24
 description FIREWALL WAN LINK
 switchport access vlan 999
 switchport mode access
!
interface GigabitEthernet0/27
 description FIBER UPLINK
 switchport access vlan 999
 switchport mode access
!
interface Vlan1
 ip address 192.168.1.3 255.255.255.0
!

Switch info

Model number                    : WS-C3560G-24PS-S
SFP Module assembly part number : 73-7757-03
SFP Module revision Number      : A0
SFP Module serial number        : CAT102325TB
core-sw-01#show inventory
NAME: "1", DESCR: "WS-C3560G-24PS"
NAME: "GigabitEthernet0/27", DESCR: "1000BaseSX SFP"
PID:                     , VID:     , SN: AGM1116J86R     



999  VLAN0999                         active    Gi0/24, Gi0/25, Gi0/27
1002 fddi-default                     act/unsup 
1003 token-ring-default               act/unsup 
1004 fddinet-default                  act/unsup 
1005 trnet-default                    act/unsup 

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0   
999  enet  100999     1500  -      -      -        -    -        0      0

 

I found this thread, and the poster concluded that some Cisco devices just don't support cable modems on access ports, but that doesn't make any sense?

https://community.cisco.com/t5/switching/cable-modem-not-passing-ip-over-vlan/td-p/2580418

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon_K
Level 1
Level 1
In response to balaji.bandi

‎11-20-2019 07:20 PM - edited ‎11-20-2019 07:21 PM

@balaji.bandi  I don't think that was the issue, it was LLDP.

 

The Link Layer Discovery Protocol (LLDP) is a link layer protocol used by devices for advertising their identity, capabilities, and neighbors on a local area network.

 

More technical: Each device configured with LLDP sends periodic messages to the Slow Protocols multicast MAC address as specified by Std 802.3, 2000 Edition Annex 43B. The device sends the periodic messages on all physical interfaces enabled for LLDP transmission, and listens for LLDP messages on the same set on interfaces. Each LLDP message contains information identifying the source port as a connection endpoint identifier. It also contains at least one network address which can be used by an NMS to reach a management agent on the device (via the indicated source port).

 

This exposes the MAC address making the modem refuse DHCP to the firewall later on.

Solution

 

These interface settings (the port connected to the modem) resolve the issue.

interface GigabitEthernet0/27
description FIBER to MODEM
switchport access vlan 999
switchport mode access
no lldp transmit             !!! THESE ARE THE OPTIONS I AM TALKING ABOUT
no lldp receive              !!! THESE ARE THE OPTIONS I AM TALKING ABOUT
spanning-tree portfast
end
!
!

View solution in original post

0 Helpful
4 Replies 4

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎11-20-2019 12:24 AM

Another suggestion is since we are not sure what other products have capabilities.

 

if your provider not very interested in VLAN or Fancy, make it default VLAN 1 to access port save config and restart the switch and test. 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Jon_K
Level 1
Level 1
In response to balaji.bandi

‎11-20-2019 07:20 PM - edited ‎11-20-2019 07:21 PM

@balaji.bandi  I don't think that was the issue, it was LLDP.

 

The Link Layer Discovery Protocol (LLDP) is a link layer protocol used by devices for advertising their identity, capabilities, and neighbors on a local area network.

 

More technical: Each device configured with LLDP sends periodic messages to the Slow Protocols multicast MAC address as specified by Std 802.3, 2000 Edition Annex 43B. The device sends the periodic messages on all physical interfaces enabled for LLDP transmission, and listens for LLDP messages on the same set on interfaces. Each LLDP message contains information identifying the source port as a connection endpoint identifier. It also contains at least one network address which can be used by an NMS to reach a management agent on the device (via the indicated source port).

 

This exposes the MAC address making the modem refuse DHCP to the firewall later on.

Solution

 

These interface settings (the port connected to the modem) resolve the issue.

interface GigabitEthernet0/27
description FIBER to MODEM
switchport access vlan 999
switchport mode access
no lldp transmit             !!! THESE ARE THE OPTIONS I AM TALKING ABOUT
no lldp receive              !!! THESE ARE THE OPTIONS I AM TALKING ABOUT
spanning-tree portfast
end
!
!
0 Helpful

Go to solution
paul driver
VIP
VIP
In response to Jon_K

‎11-21-2019 12:10 AM - edited ‎11-21-2019 12:12 AM

Hello

When I inInitially saw your OP I would have said more likley it was spanning-tree portfast not being enabled on the port?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
Jon_K
Level 1
Level 1
In response to paul driver

‎11-21-2019 12:17 AM - edited ‎11-21-2019 12:18 AM

Oddly enough portfast had nothing to do with it, as I had portfast enabled initially and had disabled it, but had nothing with either config.

It was LLDP at the end of the day. I guess DOCCIS 3.0 Netgear modems do not play nice with LLDP.

0 Helpful
Customers Also Viewed These Support Documents