Hey, thanks for the reply...

Yes, ip routing is enable on both the Switch and the Router.

 The Vlans are configured on the 2960 Switch. There's Vlan1 for PCs/Printers/etc and Vlan2 for VoIP... Would a Vlan3 need to be created for something like this to work.? I actually started messing with that idea for creating a Vlan3 so I started to configure one, but I'll just remove that so its as it was when I posted the question....

I assume you're only really concerned with the Interfaces, Vlans, etc... so I'll exclude any voice stuff...

ISR Router Config:

	version 15.4
	service timestamps debug datetime msec localtime
	service timestamps log datetime msec localtime
	service password-encryption
	no platform punt-keepalive disable-kernel-core
	!
	hostname XYZ-4321
	!
	!
	!
	vrf definition Mgmt-intf
	 !
	 address-family ipv4
	 exit-address-family
	 !
	 address-family ipv6
	 exit-address-family
	!
	card type t1 0 1
	!
	aaa new-model
	!
	aaa accounting commands 1 default
	 action-type start-stop
	!
	no ip domain lookup
	!
	no ip dhcp use vrf connected
	ip dhcp excluded-address 10.113.2.1 10.113.2.20
	ip dhcp excluded-address 10.113.1.1 10.113.1.20
	!
	!
	application
	 global
	  service alternate Default
	 !
	!
	controller T1 0/1/0
	 framing esf
	 linecode b8zs
	 cablelength long 0db
	 channel-group 0 timeslots 1-24
	!
	!
	interface GigabitEthernet0/0/0
	 description To 3rd Party Internet Gateway
	 ip address 10.113.3.2 255.255.255.0
	 negotiation auto
	!
	interface GigabitEthernet0/0/1
	 description Uplink to Switch
	 no ip address
	 negotiation auto
	!
	interface GigabitEthernet0/0/1.1
	 description Inside 10.113.1.1 Interface
	 encapsulation dot1Q 1 native
	 ip address 10.113.1.1 255.255.255.0
	!
	interface GigabitEthernet0/0/1.2
	 description Inside 10.113.2.1 Interface
	 encapsulation dot1Q 2
	 ip address 10.113.2.1 255.255.255.0
	 h323-gateway voip interface
	 h323-gateway voip bind srcaddr 10.113.2.1
	!
	interface Serial0/1/0:0
	 ip address  W.X.Y.Z  255.255.255.252
	 encapsulation ppp
	 service-policy output AutoQoS-Policy-Trust
	!
	interface Service-Engine0/2/0
	!
	interface Service-Engine0/4/0
	!
	interface GigabitEthernet0
	 vrf forwarding Mgmt-intf
	 no ip address
	 shutdown
	 negotiation auto
	!
	router bgp 000000
	 ................cut................
	!
	ip forward-protocol nd
	ip http server
	ip http secure-server
	ip tftp source-interface GigabitEthernet0
	ip route  0.0.0.0  0.0.0.0  W.X.Y.Z
	!
	ip as-path access-list 1 permit ^$
	!
	!
	 ................cut................
	!
	!
	end

2960 Switch Config (*Port 1/0/24 connects switch to router):

	version 15.0
	no service pad
	service timestamps debug datetime msec localtime show-timezone
	service timestamps log datetime msec localtime show-timezone
	no service password-encryption
	!
	hostname XYZ-2960sw1
	!
	!.....
	!..........
	!................cut................
	!..........
	!.....
	!
	switch 1 provision ws-c2960x-24ps-l
	ip routing
	ip dhcp excluded-address 10.113.1.1 10.113.1.20
	ip dhcp excluded-address 10.113.2.1 10.113.2.20
	!
	ip dhcp pool PCs
	 network 10.113.1.0 255.255.255.0
	 default-router 10.113.1.2 
	 dns-server 192.168.5.35 10.50.1.3 
	 domain-name xyz.com
	!
	ip dhcp pool PHONES
	 network 10.113.2.0 255.255.255.0
	 default-router 10.113.2.1 
	 option 150 ip 192.168.1.8 10.113.2.1 192.168.1.9 10.70.2.9 
	 dns-server 192.168.15.35 10.70.15.3
	!
	!
	ip domain-name xyz.com
	ip name-server 1.2.3.4
	ip name-server 5.6.7.8
	!
	spanning-tree mode pvst
	spanning-tree extend system-id
	!
	vlan internal allocation policy ascending
	!
	interface FastEthernet0
	 no ip address
	 no ip route-cache
	!
	interface GigabitEthernet1/0/1
	 switchport voice vlan 2
	 spanning-tree portfast
	!
	interface GigabitEthernet1/0/2
	 switchport voice vlan 2
	 spanning-tree portfast
	!
	!.....
	!..........
	!................cut................
	!..........
	!.....
	!
	interface GigabitEthernet1/0/23
	 switchport voice vlan 2
	 spanning-tree portfast
	!
	interface GigabitEthernet1/0/24
	 description ***** To ISR Router *****
	 switchport mode trunk
	 spanning-tree portfast
	!
	interface GigabitEthernet1/0/25
	!
	interface GigabitEthernet1/0/26
	!
	interface GigabitEthernet1/0/27
	!
	interface GigabitEthernet1/0/28
	!
	interface Vlan1
	 description PCs and Printers
	 ip address 10.113.1.2 255.255.255.0
	!
	interface Vlan2
	 description Voice VLAN
	 ip address 10.113.2.2 255.255.255.0
	!
	ip default-gateway 10.113.1.1
	ip http server
	ip http secure-server
	!
	ip route  0.0.0.0  0.0.0.0  10.113.1.1
	!
	!
	!.....
	!..........
	!................cut................
	!..........
	!.....
	!
	!
	ntp source Vlan1
	ntp server 10.113.1.1
	end

So was it necessary that I would need to create a Vlan3 for the Addresses in 10.113.3.x..?

Thanks again for you reply, very much appreciated!

Thanks Again,
Matt

Hello,

On the switch, since you have ip routing enabled, you do not need the 'ip default-gateway', so you can remove that. Use the 'ip default-network' instead, or leave the static route as is.

Can you post the output of 'show ip route' from both devices ?

Hey, thanks again for the reply!

Oh ok, so the "ip default-gateway ..." config command only really does anything when "ip routing" is NOT enabled, is that correct?

Also, when I try to enter the "ip default-network ..." command in global-config mode, apparently that command doesn't exist on this box... I get "% unrecognized command". The S/W version is 15.0(2a)EX5...

Since that command doesn't seem to work on this Switch / Version, should I leave the default route in there?

One change in the config I posted, let's say this "65.1.1.2" is the Serial Int ip address, and "65.1.1.1" is the gateway of last resort, i.e. the default route address. Sorry, for some reason when I looked at them I thought both addresses where the same, which is why I showed them as the same in the Router config, i.e. as "W.X.Y.Z"...

ISR Router - IP Routes:

XYZ-4321# show ip route

Gateway of last resort is 65.1.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 65.1.1.1
      10.0.0.0/8 is variably subnetted, 39 subnets, 3 masks
B        10.1.1.0/24 [20/0] via 65.1.1.1, 7w0d
B        10.1.2.0/24 [20/0] via 65.1.1.1, 7w0d
B        10.2.1.0/24 [20/0] via 65.1.1.1, 4w4d
B        10.2.2.0/24 [20/0] via 65.1.1.1, 4w4d
B        10.3.1.0/24 [20/0] via 65.1.1.1, 1w4d
B        10.3.2.0/24 [20/0] via 65.1.1.1, 1w4d
	.....................................................................
	......Cut - Just more Private network IPs broadcasting from BGP......
	.....................................................................
C        10.113.1.0/24 is directly connected, GigabitEthernet0/0/1.1
L        10.113.1.1/32 is directly connected, GigabitEthernet0/0/1.1
C        10.113.2.0/24 is directly connected, GigabitEthernet0/0/1.2
L        10.113.2.1/32 is directly connected, GigabitEthernet0/0/1.2
C        10.113.3.0/24 is directly connected, GigabitEthernet0/0/0
L        10.113.3.2/32 is directly connected, GigabitEthernet0/0/0
	.....................................................................
	......Cut - Just more Private network IPs broadcasting from BGP......
	.....................................................................
      63.0.0.0/8 is variably subnetted, 8 subnets, 3 masks
	........................ Cut ........................
      65.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C        65.1.1.3/30 is directly connected, Serial0/1/0:0
C        65.1.1.1/32 is directly connected, Serial0/1/0:0
L        65.1.1.2/32 is directly connected, Serial0/1/0:0
	.....................................................................
	......Cut - Just more Private network IPs broadcasting from BGP......
	.....................................................................

2960 Switch - IP Routes:

XYZ-2960sw1# show ip route

Gateway of last resort is 10.113.1.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.113.1.1
      10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C        10.113.1.0/24 is directly connected, Vlan1
L        10.113.1.2/32 is directly connected, Vlan1
C        10.113.2.0/24 is directly connected, Vlan2
L        10.113.2.2/32 is directly connected, Vlan2

*FYI, nothing was cut from the switch's "show ip routes" command

***EDIT*** Nevermind about the "default-gateway" command question and "ip routing", just Googled for it and found the attached image...

Thanks Again for the Reply,
Matt

Matt, 

I think the problem is that both networks 10.113.1.0/24 and 10.113.2.0/24 are listed as directly connected on both devices, which means they exist on the router as well as on the switch (which is effectively a router now).

Ok, so what should I do?

Everything else seems to be working just fine in this network. This is a seim-new hardware setup, but it's been running a little over 2 months now without any issues...

The only problem I seem to be having at the moment is that from the Switch's CLI I cannot ping 10.113.3.1 (*Modem's IP Address), but I can ping 10.113.3.2 (*Gi0/0/0 IP Address where the Modem is plugged into).

However, I can ping the modem just fine from the Router where the Modem is plugged into. See below...

From ISR Router:

XYZ-4321# ping 10.113.3.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.113.3.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
XYZ-4321# 
XYZ-4321# 
XYZ-4321# ping 10.113.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.113.3.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
XYZ-4321# 

From 2960 Switch:

XYZ-2960sw1# ping 10.113.3.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.113.3.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
XYZ-2960sw1# 
XYZ-2960sw1# 
XYZ-2960sw1# ping 10.113.3.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.113.3.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
XYZ-2960sw1# 

Thanks Again,
Matt

Hi Matt

It seems to me that the third party device doesn't have any routing info about your internal network. So it can't respond to the ping.

Best test for this is via a extended ping. First your normal ping is working, when you do a ping 10.113.3.1, the isr router is using 10.113.3.2 as the source ip, and the modem can answer the ping.

If you do an extended ping and specify the 10.113.1.1 as source the modem must look at its routing table to see where to send the answer, if the routing for 10.113.1.1 is not in the routing table or have wrong destination the ping will fail.

on most ios you can use "ping 10.113.3.1 source 10.113.1.1" if that command is not supported you can use "ping" and then hit return then you got a lot of qustions to answer.

/Mikael

Hey Mikael, thanks for the reply.

Yes, you are correct. Pinging 10.113.3.1 with 10.113.1.1 as the source address fails...

So is there any route that I would be able to add that could allow me to get to the Modem? Or is it strictly the Modem's routing that is causing the issue?

If it is the modem, is there anything on there I should look for to get this working? What exactly does the modem need to know about the network?

*EDIT: Also, would it help any to plug the modem into the Switch instead of the Router...?

Thanks again for the reply, much appreciated!

Thanks,
Matt

Hi Matt

It's the modem that needs to know how to forward packets to 10.113.1.0 so You have to put in routing entry in the modem pointing to the isr.

If modem doesn't support the feature of putting in routing, you may have to consider either to move the modem to the inside network or to do nat on the isr interface, that way the modem sees all traffic as local to 10.113.3.

/Mikael

Hello Again,

Sorry for not getting back sooner. Got pulled onto a different project and haven't gotten back to this in a few days.

Quick question... Let's say the Modem is NOT capable of adding routing to it as you had suggested needs to be done, so the Modem knows how to get back to the Router/Switch. Would enabling PAT (*Port Address Translation) work? since I can ping the Modem from the Port where the Modem plugs into on the ISR, but cannot ping the modem from the switch, would enabling PAT to tell the traffic to use Gi0/0/0 work in this case?

Also, how can I tell if a Cisco IOS device has PAT capabilities on it? Is there a command that could confirm if it has this or not?

Thanks,
Matt

Hi

Nat and pat are nearly the same when configuring, for pat you use overload.

#ip nat ins sou list 100 int g9/1 overload

If you do show ip nat ? , you'll see if the router returns an error or not.

/Mikael

Hey Mikael, thanks for the reply.

It looks like it will allow me to enter the same command you entered below. I haven't entered the config command just yet, still a few other things to figure out first, but it looks like it is supported.

Also, for the show ip nat command, if I just try to enter that it shows as "incomplete". My options are:

#show ip nat ?
  bpa           Bulk Port Allocation information
  limits        Limit statistics
  pool          Pool and port statistics
  portblock     TCP/UDP port blocks allocated for NAT
  statistics    Translation statistics
  translations  Translation entries

Any idea what I would use to show it after I enter the config command?

Thanks Again,
Matt

The show command was just a test to see if the router support the nat function.

And as you see you got a couple of choices, so the router is supporting nat/pat.

Personally I most often start with show ip nat translation when I want to see if the nat is functioning. 

/Mikael