Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
300
Views
0
Helpful
1
Replies

Upgraded C1811 from 12.4 to 15.1, same config but VLAN won't come up. Why?

RvdKraats
Level 1
Level 1

‎11-14-2016 03:29 AM - edited ‎03-08-2019 08:09 AM

Hi All,

I recently upgraded my C1811 from IOS 12.4 to 15.1 because of the BENIGNCERTAIN vulnerability.

The config stays the same, but for some reason a VLAN that came up automatically in 12.4 doesn't in 15.1.

I'm quite baffled why that is. As the config file is the same, it must be something tha't changed in IOS internally.

Has anyone had the same experience? The Dialer0 connection with the provider comes up fine, so I would assume that if the trunk is up, VLAN6 should come up too (as it did in 12.4).

Regards,

Rene.

Below is the config:

!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco_1811
!
boot-start-marker
boot system flash c181x-advipservicesk9-mz.151-4.M12a.bin
boot config:startup-config
boot-end-marker
!
logging message-counter syslog
enable secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxx
enable password xxxxxxxxxxxxxxxxxxxxxxxxxxx
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login vpn_authen_list local
aaa authorization exec default local
aaa authorization network vpn_author_list local
!
!
aaa session-id common
!
!
dot11 syslog
no ip source-route
!
!
ip dhcp excluded-address 192.168.0.1 192.168.0.10
ip dhcp excluded-address 192.168.0.21 192.168.0.254
!
ip dhcp pool Subnet_0.1
network 192.168.0.0 255.255.255.0
default-router 192.168.0.1
dns-server 192.168.0.1
domain-name home.nl
!
!
ip cef
ip domain name home.nl
no ip igmp snooping
no ipv6 cef
!
multilink bundle-name authenticated
!
vpdn enable
!
no virtual-template subinterface
!
!
username admin privilege 15 secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
username vpn secret 5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
!
!
crypto isakmp policy 1
encr aes
authentication pre-share
group 2
!
crypto isakmp client configuration group vpn_group
key xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
dns 192.168.0.1
pool vpn_address_pool
max-users 5
netmask 255.255.255.0
crypto isakmp profile vpn_isakmp_profile
match identity group vpn_group
client authentication list vpn_authen_list
isakmp authorization list vpn_author_list
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set vpn_ipsec_transform esp-aes esp-sha-hmac
!
crypto ipsec profile vpn_ipsec_profile
set transform-set vpn_ipsec_transform
set isakmp-profile vpn_isakmp_profile
!
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
bridge irb
!
!
!
interface FastEthernet0
no ip address
duplex auto
speed auto
no cdp enable
!
interface FastEthernet0.4
description Digital TV VLAN
encapsulation dot1Q 4
bridge-group 4
bridge-group 4 spanning-disabled
!
interface FastEthernet0.6
description Internet VLAN
encapsulation dot1Q 6
pppoe enable group global
pppoe-client dial-pool-number 6
!
interface FastEthernet1
no ip address
shutdown
duplex auto
speed auto
no cdp enable
!
interface FastEthernet2
description Cisco Access Point port
switchport access vlan 6
no cdp enable
!
interface FastEthernet3
description Upstairs subnet port
switchport access vlan 6
no cdp enable
!
interface FastEthernet4
description Livingroom port
switchport access vlan 6
no cdp enable
!
interface FastEthernet5
description Digital TV port
switchport access vlan 4
no cdp enable
spanning-tree portfast
!
interface FastEthernet6
no cdp enable
!
interface FastEthernet7
no cdp enable
!
interface FastEthernet8
no cdp enable
!
interface FastEthernet9
no cdp enable
!
interface Virtual-Template1 type tunnel
ip unnumbered Vlan6
ip nat inside
ip virtual-reassembly
tunnel mode ipsec ipv4
tunnel protection ipsec profile vpn_ipsec_profile
!
interface Vlan1
no ip address
!
interface Vlan4
no ip address
ip flow ingress
ip flow egress
no ip route-cache cef
no ip route-cache
bridge-group 4
bridge-group 4 spanning-disabled
!
interface Vlan6
ip address 192.168.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly
ip tcp adjust-mss 1452
!
interface Async1
no ip address
encapsulation slip
shutdown
!
interface Dialer0
description PPPoE connection
mtu 1492
ip address negotiated
ip access-group block_external_service_requests in
ip verify unicast reverse-path
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 6
dialer-group 6
no cdp enable
ppp authentication pap callin
ppp pap sent-username xxxxxxxx@xxxxxxxxx password 0 xxxxxx
ppp ipcp dns request
ppp ipcp mask request
ppp ipcp route default
ppp ipcp address accept
!
ip local pool vpn_address_pool 192.168.2.1 192.168.2.5
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer0
ip route 192.168.1.0 255.255.255.0 192.168.0.2
no ip http server
no ip http secure-server
!
!
ip dns server
ip nat inside source list 6 interface Dialer0 overload
!
ip access-list extended block_external_service_requests
deny udp any any eq domain
deny tcp any any eq domain
deny tcp any any eq 22
permit ip any any
!
access-list 6 permit 192.168.0.0 0.0.0.255
access-list 6 permit 192.168.1.0 0.0.0.255
access-list 6 permit 192.168.2.0 0.0.0.255
access-list 6 deny any
!
!
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
password password
transport input ssh
!
no process cpu extended
no process cpu autoprofile hog
end

Labels:
0 Helpful
1 Reply 1

RvdKraats
Level 1
Level 1

‎11-24-2016 05:15 AM

Ok, took some time, but I'm able to answer my own question :)

Apparently the config was still correct, but I suspect something went awry in reading the vlan database when switching from firmware 12.4 to 15.1.

I decided to remove/create the VLANs, and remove/add interfaces to those VLANs, and now it works as expected.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card