Solved: wic 4esw in 1721 trying to configure

randy kruen · ‎06-08-2013

Hi. I am not a Cisco pro, only a user. I have a pair of 1721's, 1 is connected to the internet, the other is connected to the first via T1 (with repeaters, about 30 miles). It also has a wic 4esw card in it, and I am trying to configure the ports on that card to route to the internet. I understand that I have to configure a vlan for the ports on that card, I have, and also made the ports hand out dhcp. When connected to a port on that card, though, I can only ping through to the ip address of the T1 card 192.168.2.1, as well as the vlan ip of 192.168.3.1. I seem to be missing something. Sorry if this is a stupid question. See a running config. Serial0 is my T1 access, The serial port on the far 1721 is ip 192.168.2.2. Fastethernet0 connects through, no problem. Thanks for your time!

Randy

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname C1721-Home

!

boot-start-marker

boot-end-marker

!

enable secret xxx

enable password xxx

!

no aaa new-model

memory-size iomem 25

clock timezone EST -5

clock summer-time EDT recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

no ip dhcp use vrf connected

!

ip dhcp pool vlan1

network 192.168.3.0 255.255.255.0

default-router 192.168.2.1

!

ip cef

!

username xxx nopassword

!

interface FastEthernet0

ip address 192.168.1.1 255.255.255.0

ip helper-address 192.168.2.2

speed 100

full-duplex

!

interface FastEthernet1

duplex full

speed 100

!

interface FastEthernet2

duplex full

speed 100

!

interface FastEthernet3

duplex full

speed 100

!

interface FastEthernet4

duplex full

speed 100

!

interface Serial0

ip address 192.168.2.1 255.255.255.0

service-module t1 fdl ansi

!

interface Vlan1

ip address 192.168.3.1 255.255.255.0

ip helper-address 192.168.2.2

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.2.2

no ip http server

!

control-plane

!

line con 0

password xxx

line aux 0

line vty 0 4

password xxx

login local

!

ntp clock-period 17180010

ntp server 129.6.15.29

ntp server 129.6.15.28

end

Richard Burts · ‎06-08-2013

The symptoms that Randy describes are almost a classic case where the remote router does not have a route to the new subnets on the home 1721. In his first post Reza mentions that you need a route on the remote router for the new subnet (though he did not phrase it quite that way). There has been no mention of this since so I would like to bring the point up again.

Randy tells us that if he logs into the router from a connection on a switch port that he is able to ping all remote resources. I would suggest a test using this. Login to the Home router from a connection on a switch port, verify that he can ping addresses on the remote router. Then test using extended ping. In the extended ping use the same destination address and specify the source address as the router interface in the new vlan 192.168.3.1. I predict that this ping from the router will fail.

HTH

Rick

HTH

Rick

View solution in original post

Reza Sharifi · ‎06-08-2013

Hi Randy,

When you connect your pc/laptop to one of the ports, what IP address you assign to it? I am assuming it is in the 192.168.3.0/24 subnet if that is correct. Can you make sure that the PC/laptop has the correct default gateway? (192.168.3.1)

You also need a static route on the far end router like this

ip route 192.168.3.0 255.255.255.0 192.168.2.1

Also, I am not sure if you are using this DHCP pool

ip dhcp pool vlan1

network 192.168.3.0 255.255.255.0

default-router 192.168.2.1

If you are, the default-router should be 192.168.3.1

HTH

randy kruen · ‎06-08-2013

Hi Reza, thanks very much for getting back to me.

The ports are handing out ip dhcp, and the ip generally assigned to me is 192.168.3.2

I made the changes you recommended, thanks for that. My gatway is now 192.168.3.1 when I connect to the 4esw card. I can still only ping the near serial port, 192.168.2.1, and cannot ping the far serial port, 192.168.2.2. Its funny, because I can log into the router through the wic card, and then I can ping the far serial port. I just cannot ping it using terminal on my pc, and of course I have no internet connection as well. It seems like it is so close to right, just missing something.

Reza Sharifi · ‎06-08-2013

Randy,

do this:

on your PC, manually assign IP address 192.168.3.10 with mash of 255.255.255.0 and default gateway of 192.168.3.1 (which is the routers vlan) and test again.

HTH

Reza

randy kruen · ‎06-08-2013

Thanks. Did that, no change. from my pc, I can only ping the local serial port 192.168.2.1, and the vlan1 ip of 192.168.3.1. If I telnet in, (through the 4esw card!), I can then ping the entire network, same as before.

Reza Sharifi · ‎06-08-2013

Ok,

on the router do this:

config t

vlan database

vlan 1

then go under the interface where your pc is connected

try this

interface fa x

switchport

switchport mode access

switchport access vlan 1

here is the doc for details

if vlan 1 does not work try a different vlan

http://www.cisco.com/en/US/docs/ios-xml/ios/lanswitch/configuration/12-4/lsw-hwic-ethsw-ic.html#GUID-4CDBC6B8-36F1-4024-B079-C156132A7270

HTH

paulstone80 · ‎06-08-2013

Hi Randy,

As Reza has suggested, it looks like the DHCP clients on vlan 1 are getting the incorrect gateway address from DHCP.

Clients on vlan 1 should have the gateway of vlan 1 as their default gateway, in this case it should be 192.168.3.1, where as you have 192.168.2.1 configured.

HTH

Paul

****Please rate useful posts****

HTH Paul ****Please rate useful posts****

randy kruen · ‎06-08-2013

Hi Reza. Thanks for all your help. still no luck, I have added a vlan2 and pointed my fe4 port to it. Its funny, as from my pc, I can ping only 192.168.2.1 1.1, and 3.1, (all the local ports on the router), but if I telnet into the router from my pc, I can then ping the entire network. (through fe4). I have made changes to my config file, enough to maby repost, though I dont want to clutter up this post with garbage. I have done some more playing around but dont seem to be getting anywhere. I did download that reference doc, thanks for the link, though most of it is over my head, I will look at it.

System image file is "flash:C1700-ADVSECURITYK9-MZ.124-25D.BIN"

C1721-Home#show runn
Building configuration...

Current configuration : 1781 bytes
!
! Last configuration change at 16:02:57 EDT Sat Jun 8 2013 by randy
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname C1721-Home
!
boot-start-marker
boot-end-marker
!
enable secret xxx
enable password xxx
!
no aaa new-model
memory-size iomem 25
clock timezone EST -5
clock summer-time EDT recurring
ip cef

!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
no ip dhcp use vrf connected
!
ip dhcp pool vlan1
   default-router 192.168.3.1
!
ip dhcp pool vlan
!
ip dhcp pool vlan2
   network 192.168.3.0 255.255.255.0
   default-router 192.168.3.1
!
username randy nopassword!
!
interface FastEthernet0
ip address 192.168.1.1 255.255.255.0
ip helper-address 192.168.2.2
speed 100
full-duplex
!
interface FastEthernet1
duplex full
speed 100
!
interface FastEthernet2
duplex full
speed 100
!
interface FastEthernet3
duplex full
speed 100
!
interface FastEthernet4
switchport access vlan 2
duplex full
speed 100
!
interface Serial0
ip address 192.168.2.1 255.255.255.0
ip nat outside
ip virtual-reassembly
service-module t1 fdl ansi
!
interface Vlan1
no ip address
ip helper-address 192.168.2.1
ip helper-address 192.168.2.2
!
interface Vlan2
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.2.1
ip helper-address 192.168.2.2
ip nat inside
ip virtual-reassembly
vlan-id dot1q 2
exit-vlan-config

!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.2.2
!
no ip http server
no ip http secure-server

!
control-plane
!
line con 0
password xxx
line aux 0
line vty 0 4
password xxx
login local
!
ntp clock-period 17180010
ntp server 129.6.15.29
ntp server 129.6.15.28
end

Reza Sharifi · ‎06-08-2013

Randy,

What IOS are you using?

"sh ver" will show it

You need:

Cisco IOS Software Release12.3(2)XC (this is an early deployment release that will merge into Cisco IOS Software Release 12.4T)

http://www.cisco.com/en/US/products/hw/routers/ps221/products_data_sheet09186a00801c749d.html

HTH

randy kruen · ‎06-08-2013

Yep, I dont know if that is critical to my problem, so I included it on my last post.

System image file is "flash:C1700-ADVSECURITYK9-MZ.124-25D.BIN. Will this work, or do I need a different IOS?

Thanks again for all your time, btw.

Randy

Reza Sharifi · ‎06-08-2013

I think, you need 12.4T.

Can you upgrade?

Richard Burts · ‎06-08-2013

The symptoms that Randy describes are almost a classic case where the remote router does not have a route to the new subnets on the home 1721. In his first post Reza mentions that you need a route on the remote router for the new subnet (though he did not phrase it quite that way). There has been no mention of this since so I would like to bring the point up again.

Randy tells us that if he logs into the router from a connection on a switch port that he is able to ping all remote resources. I would suggest a test using this. Login to the Home router from a connection on a switch port, verify that he can ping addresses on the remote router. Then test using extended ping. In the extended ping use the same destination address and specify the source address as the router interface in the new vlan 192.168.3.1. I predict that this ping from the router will fail.

HTH

Rick

HTH

Rick

randy kruen · ‎06-09-2013

Thanks for pointing me in that direction, Richard. You were correct, and I hadnt created an ip route on the remote router. I didnt quite understand the requirement at the time. The extended ping failed as predicted, I added the route, and presto! I had to do some more cleanup and etc, but am currently communicating on fe4 on the 4esw card. Thanks for all your time too, Reza, much appreciated, you had the right answer the first time. My little home network is much more functional, now.

Randy

Richard Burts · ‎06-09-2013

Randy

I am glad that our suggestions pointed you in the right direction and that your home network is much more functional now. Thank you for using the rating system to mark this question as answered. It makes the forum more useful when people can read a question and can know that an answer was found. Your marking has contributed to this process.

I have one other thought about your network. To get to the Internet your router needs to do address translation. I am assuming that the other router probably already has been configured to translate addresses for the existing network/subnet. But it is likely that it is not configured to translate the networks/subnets that you have added. So you may need to add to the configuration of the other router logic to translate your new addresses.

HTH

Rick

HTH

Rick

randy kruen · ‎06-09-2013

I am happy to mark this question as answered. I guess its a bit one-off of a config, and researching the net was not real helpful. I am not real sure how my remote router is doing its nat, and it didnt work for the new ports, so I added the dns-servers to the ip dhcp pool vlan2 on the machine at home, that seemed to work. However, if there is a better or more effecient way to do it, I am interested. Here is a config for the remote machine. fe0 points towards my provider, serial0 to the T1 facing me.

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname C1721-xxx

!

boot-start-marker

boot-end-marker

!

enable secret xxx

enable password xxx

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

!

no ip dhcp use vrf connected

!

ip dhcp pool wireless

network 192.168.1.0 255.255.255.0

default-router 192.168.1.1

dns-server 24.153.23.66 24.153.22.67

!

ip cef

!

username randy nopassword

!

interface FastEthernet0

ip address dhcp

ip nat outside

ip virtual-reassembly

speed 100

full-duplex

!

interface Serial0

ip address 192.168.2.2 255.255.255.0

ip nat inside

ip virtual-reassembly

service-module t1 clock source internal

service-module t1 timeslots 1-24

!

ip forward-protocol nd

ip route 192.168.1.0 255.255.255.0 192.168.2.1

ip route 192.168.3.0 255.255.255.0 192.168.2.1

ip http server

!

ip nat inside source list 1 interface FastEthernet0 overload

!

access-list 1 permit 192.168.0.0 0.0.255.255

access-list 1 permit any

!

control-plane

!

line con 0

line aux 0

line vty 0 4

password xxx

login local

!

ntp clock-period 17179875

ntp server 129.6.15.29

ntp server 129.6.15.28

end