You didn't answer my

msomerville99 · ‎05-20-2014

So I am requesting help from the Cisco community on this issue as the cable company states there equipment is working fine. At all my facilities I have a guest Internet service setup through a local Internet provide to provide Internet services to the residents and guests. I have the cable modem usually a Motorola SBG6580 or a SMC 8014 (both provided by cable company) connected to my router on a FE or GE interface. I am using static IPs and using the cable modem just as a modem (bridge mode). Over the past several months these connections have just stopped working. I have not made any drastic changes to my router configs; however, the cable company has updated the firmware on these modems. I am wondering if that could affected how the modem and router talk. I was told by the cable company that the modem sees the Cisco router but that the port is inactive. My router shows the port is active and traffic passing. Does anyone have any ideas that could point where the problem lies? I will post a basic config to one that currently does not work. I am using a VRF to route a certain group out, using NAT. Please let me know if I need to post additional info. Any help would be greatly appreciated.

Cisco CISCO2911/K9
Version 15.2(3)T1

service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname 1204RTR01
!
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-3.T.bin
boot-end-marker
!
!
card type t1 0 0
logging buffered 64000

!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
clock timezone cst -6 0
clock summer-time CDT recurring
!
no ipv6 cef
no ip source-route
!
!
!
ip vrf 5
rd 5:1
!
ip multicast-routing
1
ip dhcp pool Guest
vrf 5
network 10.51.XXX.0 255.255.255.0
default-router 10.51.XXX.XXX
dns-server 209.18.47.61 209.18.47.62
!
!
!
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
multilink bundle-name authenticated
!
!

!
!
!
!
!
application
global
service alternate default
!
!
license udi pid CISCO2911/K9 sn FTX1508AHTM
hw-module pvdm 0/0
!
!
!
!
redundancy
!
ip tcp synwait-time 10
!
!
!
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding 5
ip address 10.51.xx.xxx 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
!
interface GigabitEthernet0/2
description Guest Intenet access
ip vrf forwarding 5
ip address 24.242.182.182 255.255.255.252 <--Cable company IP, Modem IP is 24.242.182.181
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto

!
ip forward-protocol nd
!
no ip http server
ip http authentication local
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
ip nat inside source list 9 interface GigabitEthernet0/2 vrf 5 overload
ip route vrf 5 0.0.0.0 0.0.0.0 24.242.182.181

access-list 9 permit 10.51.204.0 0.0.0.255
!
!

mfurnival · ‎05-20-2014

Hi,

Probably you have tried these things but I will ask the questions anyway:

1. Can you ping 24.242.182.181 from the router?

2. Can you ping 8.8.8.8 from the router?

3. Can you enable "debug ip nat trans" on the router - do you see any nat translations taking place?

Your comment " I was told by the cable company that the modem sees the Cisco router but that the port is inactive" confused me a bit - how can it see the Cisco if the port is inactive? Do they mean 0 packets in and out?

msomerville99 · ‎05-20-2014

Cannot ping 24.242.182.181 through the vrf. cannot ping 8.8.8.8 through the vrf

msomerville99 · ‎05-20-2014

I have about 30 locations with the exact same setup. Only 8 are not working. All the routers are 2901, 2911s running the same IOS. The modems are Motorola or SMC modems. The cable company said they see the router but shows inactive. I am puzzled too with the inactive part because the cable company will not let me log into the modem and look for myself.

mfurnival · ‎05-21-2014

Does G0/2 show packets in and out of you do a "show interface G0/2"? Are you able to resolve the mac address of 24.242.182.181 (show arp | i 24.242.182.181)? I notice you have speed and duplex set to auto - have you tried hard setting them?

msomerville99 · ‎05-21-2014

Ok, mysteriously this location just started working yesterday, but I still am dealing with seven others and I really would like to know what is going on. I will give you everything you may need and let me know.

Config:

version 15.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname 1112RTR01
!
boot-start-marker
boot system flash0:c2900-universalk9-mz.SPA.152-3.T1.bin
boot system flash0:c2900-universalk9-mz.SPA.151-1.T.bin
boot-end-marker
!
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
clock timezone CDT -6 0
clock summer-time CDT recurring
network-clock-participate wic 0
network-clock-select 1 T1 0/0/0
!
no ipv6 cef
no ip source-route
!
!
!
ip vrf GuestVRF
rd 5:1
!
ip multicast-routing
!
ip dhcp pool Guest
vrf GuestVRF
network 10.51.112.0 255.255.255.0
default-router 10.51.112.1
dns-server 209.18.47.61 209.18.47.62
!
!
ip flow-cache timeout active 1
no ip bootp server
no ip domain lookup
ip cef
!
!
!
!
!
application
global
service alternate default
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
!
interface GigabitEthernet0/0.5
description Guest VLAN
encapsulation dot1Q 5
ip vrf forwarding GuestVRF
ip address 10.51.112.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
!
interface GigabitEthernet0/1
description Guest Internet (Time Warner Connection)
ip vrf forwarding GuestVRF
ip address 97.77.116.234 255.255.255.252
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
!
!
ip forward-protocol nd
!
ip nat inside source list 5 interface GigabitEthernet0/1 vrf GuestVRF overload
ip route vrf GuestVRF 0.0.0.0 0.0.0.0 97.77.116.233
!
access-list 5 permit 10.51.112.0 0.0.0.255
!
!
!
control-plane
!
!
end

router#sh ip arp vrf GuestVRF

router#Internet 97.77.116.233           2   f80b.bee7.e09f ARPA   GigabitEthernet0/1
Protocol Address          Age (min) Hardware Addr   Type   Interface
Internet 97.77.116.234           -   8843.e13c.8d99 ARPA   GigabitEthernet0/1

router#ping vrf GuestVRF 97.77.116.233
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 97.77.116.233, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:10
Input queue: 76/75/15/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 0 bits/sec, 0 packets/sec
     81 packets input, 4860 bytes, 0 no buffer
     Received 81 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 12 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     16 packets output, 1193 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

router#sh int g0/1
GigabitEthernet0/1 is up, line protocol is up
Hardware is CN Gigabit Ethernet, address is 8843.e13c.8d99 (bia 8843.e13c.8d99)
Description: Guest Internet (Time Warner Connection)
Internet address is 97.77.116.234/30
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Full Duplex, 1Gbps, media type is RJ45
output flow-control is XON, input flow-control is XON
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters 00:00:42
Input queue: 76/75/67/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
30 second input rate 3000 bits/sec, 7 packets/sec
30 second output rate 1000 bits/sec, 2 packets/sec
     408 packets input, 24480 bytes, 0 no buffer
     Received 408 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 61 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 0 multicast, 0 pause input
     72 packets output, 5669 bytes, 0 underruns
     0 output errors, 0 collisions, 0 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out

I am receiving packets in and out of the interface but I cannot ping the modem through the VRF.

router#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
udp 97.77.116.234:3169 10.51.112.39:3169 209.18.47.62:53    209.18.47.62:53
udp 97.77.116.234:8534 10.51.112.39:8534 209.18.47.61:53    209.18.47.61:53
udp 97.77.116.234:12244 10.51.112.39:12244 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:14002 10.51.112.39:14002 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:23623 10.51.112.39:23623 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:24489 10.51.112.39:24489 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:24550 10.51.112.39:24550 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:27458 10.51.112.39:27458 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:28603 10.51.112.39:28603 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:37404 10.51.112.39:37404 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:53942 10.51.112.39:53942 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:58125 10.51.112.39:58125 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:64797 10.51.112.39:64797 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:56925 10.51.112.52:56925 209.18.47.62:53   209.18.47.62:53
udp 97.77.116.234:62342 10.51.112.52:62342 209.18.47.62:53   209.18.47.62:53
tcp 97.77.116.234:36559 10.51.112.69:36559 199.167.177.46:1227 199.167.177.46:1227
tcp 97.77.116.234:48895 10.51.112.69:48895 54.195.253.126:5223 54.195.253.126:5223
tcp 97.77.116.234:58385 10.51.112.69:58385 54.195.243.137:5223 54.195.243.137:5223
Pro Inside global      Inside local       Outside local      Outside global
tcp 97.77.116.234:58658 10.51.112.71:58658 31.13.66.165:443 31.13.66.165:443
udp 97.77.116.234:3066 10.51.112.72:3066 209.18.47.62:53    209.18.47.62:53
udp 97.77.116.234:3884 10.51.112.72:3884 209.18.47.61:53    209.18.47.61:53
udp 97.77.116.234:6656 10.51.112.72:6656 209.18.47.61:53    209.18.47.61:53
udp 97.77.116.234:11194 10.51.112.72:11194 209.18.47.61:53   209.18.47.61:53
udp 97.77.116.234:11774 10.51.112.72:11774 209.18.47.62:53   209.18.47.62:53

Let me know if you need anything else. I need to figure this out and I just don't get it because the other site wasn't working a few days ago and all of a sudden it is working again but others are still not.

Lucas Phelps · ‎06-11-2014

Any resolution on this?

Having the exact same issue with CableOne Internet provider in Mississippi. Using a Motorola SurfBoard modem with a Cisco 2911 router.

The gigabit port refuses to turn up/negotiate with the Motorola modem.

msomerville99 · ‎06-12-2014

No, the cable providers here will not accept any responsibility. I am going to have to open a case with Cisco and see if I can what they say.

mfurnival · ‎06-12-2014

You didn't answer my questions:

Does G0/2 show packets in and out of you do a "show interface G0/2"? Are you able to resolve the mac address of 24.242.182.181 (show arp | i 24.242.182.181)? I notice you have speed and duplex set to auto - have you tried hard setting them?

msomerville99 · ‎06-12-2014

I show packets coming in and out but I can't ping the modem. The modem according to the cable company sees the router mac but shows the port to be inactive. The router shows the mac of the modem. It started working for a few days and then it stopped again. yes, I have tried hard coding them. That did not work.

Lucas Phelps · ‎06-18-2014

For what it's worth, after complaining to the cable company enough they replaced our Motorola Modem with an Arris Modem and the problem stopped. Everything is working as it should.

Lucas Phelps · ‎06-11-2014

Any resolution on this?

Having the exact same issue with CableOne Internet provider in Mississippi. Using a Motorola SurfBoard modem with a Cisco 2911 router.

The gigabit port refuses to turn up/negotiate with the Motorola modem.

msomerville99 · ‎06-16-2014

Lucas,

When did this start happening to your site? The reason I am asking is I think it may have to do with the latest firmware upgrade on the modem. I have some 2911s that are working with the motorola and others that are not but with different firmware versions on the modem/router itself.

Brian Tissue · ‎06-18-2014

In that past with several different types of modems/ISPs I had to spoof the mac address of the outside interface to get traffic moving.

Your NAT translations and general config look good.

Try this on your outside interface.

mac-address 0017.3f7f.ad35

Trouble connecting Cisco router with cable modem for Internet purposes