cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2653
Views
0
Helpful
14
Replies

Cisco 887: Config help/suggestions and VLAN question

Darkglasses
Level 1
Level 1

Hi Folks,

 

I have posted my config below for a little advice/suggestions.

This is 1 of 2 Cisco 887 routers which feed into a Cisco 2960 switch were I have mapped the access ports to VLANs as below. I have a few questions as I had planned to use Ether Channel as a trunk but the Cisco 887 doesn't support Ether channel:

1) The IPTV box works fine when connected to the Cisco 887 Fa3. When I run a cable from the Cisco 887 Fa3 to the Cisco 2960 Fa9 and then connect the IPTV box to Fa10. The IPTV box shows connected but doesn't stream picutre. Should this not work as all FastEthernet ports are in the same VLAN 90?

2) Would I best setting these FastEthernet ports as trunks?

3) Would a single DHCP server work for all VLAN,s 192.168.0.0 /16? Then set a IP helper address?

Note: I will be adding HSRP so the server can use either internet connection and moving the ZBFW to a ASA 5510 because the Cisco 887 only provides 60 Mbps of the FTTC available 80 Mbps.

 

Any suggestions for a cost effective Cisco 887 replacement to connect my 2 x FTTC circuits and provide Gig Ethernet/wireless?

 

Thanks in advance,
John

 

Cisco 2960 VLANs
1 default active Fa0/1, Fa0/11, Fa0/12, Gi0/1, Gi0/2
10 LAN_MAIN active Fa0/13, Fa0/14, Fa0/15, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
20 LAN_ALT active Fa0/2, Fa0/3, Fa0/4
50 LAN_IOT active Fa0/5, Fa0/6, Fa0/7, Fa0/8
90 IPTV active Fa0/9, Fa0/10

 

 

RouterRes#sh run
Building configuration...

Current configuration : 6104 bytes
!
! Last configuration change at 13:59:52 UTC Sat Sep 21 2019 by RouterResAdmin
! NVRAM config last updated at 12:39:11 UTC Sat Sep 21 2019 by RouterResAdmin
! NVRAM config last updated at 12:39:11 UTC Sat Sep 21 2019 by RouterResAdmin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterRes
!
boot-start-marker
boot-end-marker
!
!
enable password 7 13061E0108035C727C362D20
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.90.1 192.168.90.50
ip dhcp excluded-address 192.168.20.1 192.168.20.50
ip dhcp excluded-address 192.168.10.1 192.168.10.50
ip dhcp excluded-address 192.168.50.1 192.168.50.50
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.254
!
ip dhcp pool IPTV
network 192.168.90.0 255.255.255.0
default-router 192.168.90.254
dns-server 192.168.90.254
!
ip dhcp pool LAN_ALT
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
dns-server 192.168.20.254
!
ip dhcp pool LAN_MAIN
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 192.168.10.254
!
ip dhcp pool LAN_IOT
network 192.168.50.0 255.255.255.0
default-router 192.168.50.254
dns-server 192.168.50.254
!
!
ip domain name cisco887res.local
ip cef
no ipv6 cef
!
!
license udi pid CISCO887VA-K9 sn FGL17362220
!
!
username RouterResAdmin privilege 15 secret 5 $1$dXP7$8JplBb4SxDkUlgWBVEBb8.
!
!
!
!
!
controller VDSL 0
!
ip ssh version 2
!
class-map type inspect match-all INSIDE-TO-OUTSIDE-CLASS
description Allowed_Protocol_From_INSIDE_to_OUTSIDE
match protocol http
match protocol https
match protocol dns
match protocol udp
match protocol tcp
match protocol icmp
match access-group name INSIDE-TO-OUTSIDE
class-map type inspect match-all OUTSIDE-TO-INSIDE-CLASS
match access-group name OUTSIDE-TO-INSIDE
!
!
policy-map type inspect INSIDE-TO-OUTSIDE-POLICY
class type inspect INSIDE-TO-OUTSIDE-CLASS
inspect
class class-default
drop log
policy-map type inspect OUTSIDE-TO-INSIDE-POLICY
class type inspect OUTSIDE-TO-INSIDE-CLASS
pass
class class-default
drop log
!
zone security INSIDE
zone security OUTSIDE
zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE
service-policy type inspect INSIDE-TO-OUTSIDE-POLICY
zone-pair security OUT-TO-IN source OUTSIDE destination INSIDE
service-policy type inspect OUTSIDE-TO-INSIDE-POLICY
!
!
!
!
!
bridge irb
!
!
!
!
interface Ethernet0
no ip address
no ip route-cache
!
interface Ethernet0.101
description Tagging for PPPoE (VDSL0)
encapsulation dot1Q 101
ip nat outside
ip virtual-reassembly in
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 100
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
zone-member security INSIDE
!
interface FastEthernet1
switchport access vlan 10
no ip address
zone-member security INSIDE
!
interface FastEthernet2
switchport access vlan 20
no ip address
zone-member security INSIDE
!
interface FastEthernet3
switchport access vlan 90
no ip address
zone-member security INSIDE
!
interface Vlan1
description Default VLAN to be disabled
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface Vlan10
description Main Network
no ip address
!
interface Vlan20
description Alternate VLAN to Main Network
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan50
description VLAN for IOT devices
no ip address
!
interface Vlan90
description VLAN for IP TV boxes
no ip address
bridge-group 100
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
description BT Res VDSL
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap ms-chap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password 7 15020A1F173D24362C
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
interface BVI100
description L3 for fa0 and fa1 bridge group 100
ip address 192.168.90.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1350
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source static tcp 192.168.1.125 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.1.125 32400 interface Dialer1 32400
ip nat inside source static tcp 192.168.1.30 32401 interface Dialer1 32401
ip nat inside source static tcp 192.168.1.30 3389 interface Dialer1 33891
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended OUTSIDE-TO-INSIDE
permit icmp any 192.168.1.0 0.0.0.255
permit tcp any eq 3389 host 192.168.1.125 eq 3389
permit tcp any eq 33891 host 192.168.1.30 eq 3389
permit tcp any eq 32400 host 192.168.1.125 eq 32400
permit tcp any eq 32401 host 192.168.1.30 eq 32401
!
access-list 1 remark Networks allowed through Dialer interface
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.50.0 0.0.0.255
access-list 1 permit 192.168.90.0 0.0.0.255
access-list 1 deny any
access-list 5 remark Remote Mgt Access
access-list 5 permit 192.168.1.0 0.0.0.255
access-list 5 deny any
dialer-list 1 protocol ip permit
!
!
!
bridge 100 protocol ieee
bridge 100 route ip
!
line con 0
logging synchronous
line aux 0
line vty 0 4
access-class 5 in
exec-timeout 15 0
password 7 01100F1758045E57765E4B1A
logging synchronous
transport input all
!
!
end

14 Replies 14

Hello

so if I understand your topology your 2 Cisco rtrs will an internet feed each and these rtrs will be interconnected for resiliency incorporating HRSP.

 

Also you have a switch for end host connectivity that the two Cisco rtrs will be attached to via their lan facing interfaces 

 

A possible solution can be that as your rtrs will providing the inter-vlan routing their lan facing interfaces can be sub-interfaces specifying all the vlans with HRSP

 

On the switch ip routing will be disabled with just L2 vlans defined pertaining to the sub-interfaces of the rtrs

 

Only one SVI interface will be required for remote mgt with the Deafult Gateway pointing to the virtual ip (hrsp) address of its mgt vlan defined on the rtrs

 

Rapid spanning- tree will be enabled with access- ports in porfast mode

 

The ports attaching to your rtrs you will have trunks interconnects

 

access- ports will be assigned their specific vlans 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Hi Paul,

You are correct. I have 2 x Cisco 887 with a 80/20 FTTC circuit each. These routers are connected to my Cisco 2960 switch via the Fast Ethernet ports as I am using the 2 x Gigabit Ethernet ports as Trunks, G0/1 to a wireless AP and G0/2 to another Cisco 2960 where the server and rest of my lab reside.

The Original plan was to setup Ether Channel as a Trunk but i found that the Cisco 887 does not support it. This is because the Cisco 887 Fa0-3 are L2 switch ports. As a consequence, HSRP is also not supported!

My thinking was to put Cisco 887 Fa3 into vlan 90 and add Cisco 2960 switch ports, fa0/9-10 to the same vlan 90. Therefore everything should route out to the internet. Should this have worked?

I think I am best with 4 trunks from the Cisco 887 routers to the Cisco 2960 or move back to my ISP routers to run a Gigabit Ethernet link from each router to a Cisco (something) with G0/X WAN links. I would prefer using all Cisco but the budget is limited for developing a test lab/SOHO network.

Any advice is appreciated mate,
John


Hello

Regards the topology can you post a diagram so we can see the exact setup or how you wish it to be?


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

I think the suggestion from Paul about a diagram will be helpful. I am not sure what was in the link that you used that introduced your to IRB. So I can not comment on how it relates to the current discussion. The main point of IRB is that it enables bridging on several interfaces and it uses a virtual interface (BVI) to do routing. IRB does bridging between the interfaces in the bridge group and does routing on the BVI. A key concept in IRB is that it establishes a bridged domain (all of the interfaces doing bridging) and a routed domain (the BVI) and it allows traffic to be forwarded between the domains.

 

In your config both interfaces Eth0.101 and vlan 90 are in bridge group 100. So both interfaces are using the same IP address. So why does it make sense to have the same IP on the outside interface and on the IPTV interface?

 

Perhaps another way to look into this issue starts with a statement from your post "Therefore everything should route out to the internet".  I see the key element as being that they route to the Internet. To route it should start from one subnet and forward to a different subnet. When both interfaces are in the same bridge group and share the same IP address then you are really bridging to the Internet.

 

HTH

 

Rick

 

 

HTH

Rick

Thanks Rick,

That is extremely helpful and I think I need to do a little more IRB reading.

The origins for the this config came from the BT forums: https://community.bt.com/t5/YouView-from-BT/Cisco-887VA-config-for-youview-sports-channels/td-p/1550377

I have noticed that the IPTV box complains of no internet connection for streaming HD and recorded content. The Cisco 887 is rebooted and problem solved.

I think my mitake from applying Zone Based Firewall because I was adding the INSIDE rule to the Dialer where NAT was. This never worked until I moved ZBFW to Ethernet0.101. So I assume there was a reason for the IP address on the BVI100 and not on the VLAN 90 interface.

Thanks for the help,
John

Hi Paul, 

 

A crude drawing attached and apologies for the delay, it is one of those weeks!

 

The aim:

 - Cisco 887 to provide internet to the Cisco 2960 switch.

 - VLAN 1 will be disabled and 

 - There will be a VLAN for the Home network, Office Netwrok, an alternate network for Testing/Guest and a separate network for the IPTV box. May section of a network for IOT devices as I see so many articles about security.

 

I am OK building my VLANs for different network and controlling access. I had expected that the Cisco 887 Fa3 port and Cisco 2960 Fa9 and Fa10 would allow the IPTV box to run. They are all Acess ports in VLAN 90. However, It may be a problem with my Bridge (BVI100) which Richard has pointed out as I believe my laptop worked OK in VLAN 20 and VLAN 1.

 

I may be best taking my plan back to the start as I kept hitting barriers with the Cisco 887 not running Ether Channel, HSRP, etc. 

 

John

Rick,

 

I changed BVI100 to no ip address and applied 192.168.90.254 to the VLAN 90 interface. The IPTV box stopped working until i moved back to my config.

 

I believe I am doing the right thing here. The layer 3 VLAN IP address is assigned to the bridge. Here my reference for the config.

https://www.cisco.com/c/en/us/td/docs/optical/15000r8_5/ethernet/454/guide/r85ether/r85irb.pdf

https://community.cisco.com/t5/networking-documents/how-to-configure-irb/ta-p/3131332

 

John

 

 

John

 

Thanks for the update. I looked at the diagram that you posted and see the fa switch port interfaces but do not see the Ether0/Ether0.101 interface. Can you clarify for me what that is and what it connects to?

 

I am still a bit puzzled about the use of IRB. When we talk about routing out to the Internet I expect to see one (or more) inside interface with an inside subnet communicating to an outside interface with an outside subnet. I am not seeing that here. But I have read and re-read this discussion and what becomes obvious is that IRB was suggested in the post from the BT site and that when configured with IRB using Fa3 that IPTV works. And when you moved the IP address from the BVI to the vlan interface that it did not work. So I just need to stop worrying about IRB and accept that it is part of the solution for this particular environment.

 

I am now thinking about why it does not work when you move the IPTV to the switch port. Can you set that up again and then post the output of sow interface status from the switch?

 

HTH

 

Rick

HTH

Rick

Hi Rick,

 

The IRB config works now the IPTV box is connected via the switch.

Cabling: Cisco 887 Fa3 >> Cisco 2960 Fa9 and Cisco 2960 Fa10 to IPTV

 

The IPTV box initially could not connect to the router or showed an internet connection but I got an error streaming. I thought I was going to have the same issue until i got internet channels streaming. Tentatively, the issue looks resolved and I will have to monitor because the IPTV box was showing internet connection/streaming errors the next day,

 

The Ethernet 0 is not a physical interface as the Cisco 887 has only Fast Ethernet 0-3 and a console port. The Ethernet0.101 is a sub interface I created to tag traffic for the VDSL WAN connection configured with Dialer1. This is opposed to using the ATM interface for an ADSL WAN connection. From what I gather, the 887 is a Branch router and doesn't operate the same as the ISR's with limited featues i.e. no HSRP, EtherChannel, and other functions I have not come across!

 

The IRB puzzle is one I will keep tinkering with as I am not 100% on why the IP is specified on the BVI and not the VLAN interface. I tried adding the IP to the interface and a different subnet to the BVI (like a GRE tunnel) but that didn't work. So next I will add another port to VLAN 90 and attach another device to see what happens.

 

Thanks for the interest/help mate, any suggestions welcome. I will post back in a few days with thumbs up or with bad news.

John

 

updated config:

 

Cisco 887

 

RouterRes#sh run
Building configuration...

Current configuration : 6099 bytes
!
! Last configuration change at 17:13:48 UTC Fri Sep 27 2019 by RouterResAdmin
! NVRAM config last updated at 17:13:53 UTC Fri Sep 27 2019 by RouterResAdmin
! NVRAM config last updated at 17:13:53 UTC Fri Sep 27 2019 by RouterResAdmin
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname RouterRes
!
boot-start-marker
boot-end-marker
!
!
enable password 7 13061E0108035C727C362D20
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
memory-size iomem 10
crypto pki token default removal timeout 0
!
!
ip auth-proxy max-login-attempts 5
ip admission max-login-attempts 5
!
!
!
ip dhcp excluded-address 192.168.1.1 192.168.1.50
ip dhcp excluded-address 192.168.90.1 192.168.90.50
ip dhcp excluded-address 192.168.20.1 192.168.20.50
ip dhcp excluded-address 192.168.10.1 192.168.10.50
ip dhcp excluded-address 192.168.50.1 192.168.50.50
!
ip dhcp pool LAN
network 192.168.1.0 255.255.255.0
default-router 192.168.1.254
dns-server 192.168.1.254
!
ip dhcp pool IPTV
network 192.168.90.0 255.255.255.0
default-router 192.168.90.254
dns-server 192.168.90.254
!
ip dhcp pool LAN_ALT
network 192.168.20.0 255.255.255.0
default-router 192.168.20.254
dns-server 192.168.20.254
!
ip dhcp pool LAN_MAIN
network 192.168.10.0 255.255.255.0
default-router 192.168.10.254
dns-server 192.168.10.254
!
ip dhcp pool LAN_IOT
network 192.168.50.0 255.255.255.0
default-router 192.168.50.254
dns-server 192.168.50.254
!
!
ip domain name cisco887res.local
ip cef
no ipv6 cef
!
!
license udi pid CISCO887VA-K9 sn FGL17362220
!
!
username RouterResAdmin privilege 15 secret 5 $1$dXP7$8JplBb4SxDkUlgWBVEBb8.
!
!
!
!
!
controller VDSL 0
!
ip ssh version 2
!
class-map type inspect match-all INSIDE-TO-OUTSIDE-CLASS
description Allowed_Protocol_From_INSIDE_to_OUTSIDE
match protocol http
match protocol https
match protocol dns
match protocol udp
match protocol tcp
match protocol icmp
match access-group name INSIDE-TO-OUTSIDE
class-map type inspect match-all OUTSIDE-TO-INSIDE-CLASS
match access-group name OUTSIDE-TO-INSIDE
!
!
policy-map type inspect INSIDE-TO-OUTSIDE-POLICY
class type inspect INSIDE-TO-OUTSIDE-CLASS
inspect
class class-default
drop log
policy-map type inspect OUTSIDE-TO-INSIDE-POLICY
class type inspect OUTSIDE-TO-INSIDE-CLASS
pass
class class-default
drop log
!
zone security INSIDE
zone security OUTSIDE
zone-pair security IN-TO-OUT source INSIDE destination OUTSIDE
service-policy type inspect INSIDE-TO-OUTSIDE-POLICY
zone-pair security OUT-TO-IN source OUTSIDE destination INSIDE
service-policy type inspect OUTSIDE-TO-INSIDE-POLICY
!
!
!
!
!
bridge irb
!
!
!
!
interface Ethernet0
no ip address
no ip route-cache
!
interface Ethernet0.101
description Tagging for PPPoE (VDSL0)
encapsulation dot1Q 101
ip nat outside
ip virtual-reassembly in
no ip route-cache
pppoe enable group global
pppoe-client dial-pool-number 1
bridge-group 100
!
interface ATM0
no ip address
shutdown
no atm ilmi-keepalive
!
interface FastEthernet0
no ip address
zone-member security INSIDE
!
interface FastEthernet1
switchport access vlan 10
no ip address
zone-member security INSIDE
!
interface FastEthernet2
switchport access vlan 20
no ip address
zone-member security INSIDE
!
interface FastEthernet3
switchport access vlan 90
no ip address
zone-member security INSIDE
!
interface Vlan1
description Default VLAN to be disabled
ip address 192.168.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
!
interface Vlan10
description Main Network
no ip address
!
interface Vlan20
description Alternate VLAN to Main Network
ip address 192.168.20.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan50
description VLAN for IOT devices
no ip address
!
interface Vlan90
description VLAN for IP TV boxes
no ip address
bridge-group 100
!
interface Dialer0
no ip address
no cdp enable
!
interface Dialer1
description BT Res VDSL
ip address negotiated
no ip redirects
no ip unreachables
no ip proxy-arp
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 1
dialer-group 1
ppp authentication chap ms-chap callin
ppp chap hostname bthomehub@btbroadband.com
ppp chap password 7 15020A1F173D24362C
ppp ipcp dns request accept
ppp ipcp route default
ppp ipcp address accept
no cdp enable
!
interface BVI100
description Brdige VLAN90 to Ethernet0.101
ip address 192.168.90.254 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1350
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip dns server
ip nat inside source static tcp 192.168.1.125 3389 interface Dialer1 3389
ip nat inside source static tcp 192.168.1.125 32400 interface Dialer1 32400
ip nat inside source static tcp 192.168.1.30 32401 interface Dialer1 32401
ip nat inside source static tcp 192.168.1.30 3389 interface Dialer1 33891
ip nat inside source list 1 interface Dialer1 overload
ip route 0.0.0.0 0.0.0.0 Dialer1
!
ip access-list extended OUTSIDE-TO-INSIDE
permit icmp any 192.168.1.0 0.0.0.255
permit tcp any eq 3389 host 192.168.1.125 eq 3389
permit tcp any eq 33891 host 192.168.1.30 eq 3389
permit tcp any eq 32400 host 192.168.1.125 eq 32400
permit tcp any eq 32401 host 192.168.1.30 eq 32401
!
access-list 1 remark Networks allowed through Dialer interface
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 1 permit 192.168.10.0 0.0.0.255
access-list 1 permit 192.168.20.0 0.0.0.255
access-list 1 permit 192.168.50.0 0.0.0.255
access-list 1 permit 192.168.90.0 0.0.0.255
access-list 1 deny any
access-list 5 remark Remote Mgt Access
access-list 5 permit 192.168.1.0 0.0.0.255
access-list 5 deny any
dialer-list 1 protocol ip permit
!
!
!
bridge 100 protocol ieee
bridge 100 route ip
!
line con 0
logging synchronous
line aux 0
line vty 0 4
access-class 5 in
exec-timeout 15 0
password 7 01100F1758045E57765E4B1A
logging synchronous
transport input all
!
!
end

 

 

John

 

Thanks for the update. Glad to know that IPTV now does work when connected via switch. Do let us know your results as you continue to work on this.

 

HTH

 

Rick

HTH

Rick

Hi Rick,

 

Unfortunately the wheels feel off the next morning!

 

The IPTV box was showing connected to the internet, resolved EPG channel/program information but no picture with an error appearing. Therefore the box has been reconnected to Cisco 887 Fa3 and all is working. 

 

Work continues and I will post a solution . . .. when found

 

John

 

 

John

 

Thanks for the update. Sorry to hear that it has taken a step backwards. Interesting that it seems to work ok when connected to router fa3 but has problems when connected to the switch. Don't know if there are other things you need to do first or whether you would want to work on the switch issue now. But when you are ready to work on the switch please do these steps:

- connect router fa3 to switch. (can you confirm that this connection is using standard Ethernet cable?)

- connect IPTV to switch.

- post the output of show vlan from switch.

- post output of show interface status from switch.

- post output of show ip interface brief from the router.

- post the output of show arp from the router.

- post the current running config from the switch.

 

HTH

 

Rick

HTH

Rick

Richard Burts
Hall of Fame
Hall of Fame

There is something in your router config that I do not understand. Why are you running IRB? And why is your vlan90/fa3 (for IPTV) in the same bridge group as interface Ethernet0.101 (your outside interface)?

 

HTH

 

Rick 

 

 

HTH

Rick

Hi Rick,

Full disclosure, I am newly CCNA certified within the past 6 months and bought these Cisco 887 routers to connect my Test Lab to the internet. The challenge was getting the BT TV box running.

The solution was found on the BT Forms which introduced my me to IRB. My understanding is this bridge carriers Ethernet traffic with a 1350 packet size to the Ethernet.101 sub interface that is used for VDSL link. The Cisco 887 is capable of ADSL2/2+ but the ATM interface is not required.

Do you have an alternative suggestion for running the TV Box?
I find that channels stop intermittently stop steaming when I switch it on in the morning. A router reboot solves the problem (VLAN 90 is showing down/down when Fa0/3 is up/up) so I am thinking that some kind of keep alive is needed or stopping the TV box going to sleep.

John
Review Cisco Networking for a $25 gift card