Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 775
  • Last Modified:

Configure 1811 Router as other end of ISP /30 network

Hello,

Here's the situation:
I arrive in a foreign country to configure a new remote office.  We ordered a /29 from the ISP.  In all the other countries I have done this, I am handed an ethernet cable and I configure from the firewall -> in.  In this situation, the ISP did not provide the border router (and didn't tell me).  I wasinstructed to place the router at the other end of their /30 and on top of that, route my /29 network.

So I now have an 1811 an I am trying to configure it to their request given the following information from the ISP (and only this information):

IP ADDRESSES ARE NOT THE ACTUAL IP ADDRESSES

Begin ISP provided info via email***********************************************************
"They simply have point-to-point connection from us, so on their WAN interface they should use following details:

IP: 82.148.148.22
Netmask: 255.255.255.252
Gateway: 82.148.148.21

Than on top of this they have their /29 range routed, so they can create DMZ behind their router, so it will act as a gateway for this range.

So /29 range is 78.127.187.248 - 78.127.187.255."
End ISP provided info**********************************************************************8

I am comfortable inside the IOS and have attempted to configure the router as follows:
SNN-C1811#sh ru
Building configuration...

Current configuration : 4591 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname SNN-C1811
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$73gK$h1Sc7vn8FLszD8.h9L0eb0
enable password 7 121A0C0411040F0D39282B
!        
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
no ip source-route
no ip gratuitous-arps
!
!
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name dts.local
ip ssh time-out 60
ip ssh authentication-retries 2
login block-for 5 attempts 5 within 5
!
!
crypto pki trustpoint TP-self-signed-1509561198
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1509561198
 revocation-check none
 rsakeypair TP-self-signed-1509561198
!
!
crypto pki certificate chain TP-self-signed-1509561198
 certificate self-signed 01
  3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31353039 35363131 3938301E 170D3036 30353234 30313033
  34335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35303935
  36313139 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BD1F 7628EEA9 9D23A4C3 F8885A7D 956211A8 59A6E99C D6FE4C97 2C557AEB
  A3CFB7E2 17D685C3 986B0A9C 36DA0995 EE6942F2 E5DE20C6 127361AD 9EE5825C
  9187C90D DA54FF66 DCD6F065 64CE1C46 8877B3A1 F13C281A 27F3F532 8260D43A
  7594920F 28793A80 A6C267FF 787DA3F3 71E58BC3 E08E9CA5 0A2E3CCB A4AF8A82
  DB430203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
  551D1104 17301582 13485744 2D433138 31312E64 74732E6C 6F63616C 301F0603
  551D2304 18301680 1485EB7C DE114BE4 AA00564C 0D75A36F FE8D2BF7 67301D06
  03551D0E 04160414 85EB7CDE 114BE4AA 00564C0D 75A36FFE 8D2BF767 300D0609
  2A864886 F70D0101 04050003 81810089 FE60BACD BC6DB80D D41D53BE A6557AA4
  D460885E CE487092 8FF7780E 4C75BB41 3D2B0AF7 21203A93 9708E527 6BCC941A
  397702C5 510A1F70 6CFB979A 94DFF7F8 10778660 4F27E83F AAA81734 46E7894C
  CBFE8125 EA284E80 1ADEF47D BDA1132C B87AF2F2 BE110E4C 5C5839AC D614D53A
  E87C8CA2 3B7321E0 B1DC1980 2C6F7F
  quit
username admin privilege 15 secret 5 $1$hcpl$ufg9CqnFd6atw1B2dCjy20
!
!
!
!
!
!
interface FastEthernet0
 ip address 82.148.148.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 speed 100
 full-duplex
!
interface FastEthernet1
 ip address 78.127.187.249 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex auto
 speed auto
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 shutdown
!
interface FastEthernet5
 shutdown
!
interface FastEthernet6
 shutdown
!
interface FastEthernet7
 shutdown
!
interface FastEthernet8
 shutdown
!
interface FastEthernet9
 shutdown
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1452
 shutdown
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 82.148.148.21
!
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
!
!
!
!        
!
control-plane
!
banner login ^C
^C
banner motd ^C
Authorized users only.
^C
!
line con 0
 exec-timeout 5 0
 login authentication local_auth
 transport output telnet
line 1
 exec-timeout 15 0
 login authentication local_auth
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 privilege level 15
 password 7 06040626424C081D
 login authentication local_auth
 transport input telnet ssh
line vty 5 15
 privilege level 15
 password 7 094E470E17071616
 login authentication local_auth
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

*************************************
From the router I am unable to ping the other side of the /30 or anything on the Internet.
I was hoping someone could review this config and let me know how bad I have this jacked up.

TIA,
Bob

0
bslattery
Asked:
bslattery
  • 28
  • 28
  • 18
  • +1
2 Solutions
 
RobertKwonCommented:
Have you checked your interfaces to make sure that they are up?
Also, after you issue a ping have you looked at your arp requests to see if they are coming up incomplete or are populating with a value?
Your interfaces and routing seem to be configured appropriately but I'm wondering where you are testing from?
0
 
kyleb84Commented:
I can't see anything wrong with the parameter's you've been given, and the config you've done...

You can ping devices on the /28 side?

If there are no devices, got a laptop? Set it's IP address to 78.127.187.250 255.255.255.248 and try ping .249

Then try ping your /30 side of your router.

Let me know how you go...
0
 
kyleb84Commented:
Is there a speed/duplex mismatch on the WAN FE?

Do a "show log"

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
bslatteryAuthor Commented:
I am now checking all provided suggestions.

thank you for the quick responses.

sincerely,
bob
0
 
RobertKwonCommented:
Well with a speed mismatch the interface wouldn't come up.
With a duplex mismatch you'll see CRC errors but you should be able to ping a couple of times.

I would suggest checking your interface status
sh ip int bri

Also, I personally don't feel that auto-negotiation of duplex ever really works well.  I would hard set it if possible since on Fast Ethernet you are going to default to half duplex if negotiation is not successful.
0
 
bslatteryAuthor Commented:
Robert,
Interface status shows ok for both interfaces

Kyle,
No errors in the log, I am configuring a spare laptop to connect to the /29 side of the router, FE1.
0
 
RobertKwonCommented:
So just to understand, when you ping the ip address of the lan side of your isp from your router you are not getting a response?  It could very well be that they are filtering ICMP.  But if you are unable to reach the outside network it could be a multitude of issues.

Were you able to look at your arp tables when you issued the ping?
Can you verify that you are pinging from the router or where you are pinging from?
Were you able to verify with the isp that their side has the right IP addresses configured?
If they are filtering against ICMP you can use the get command to get http data and see if that works.

Sorry from reading your original post I would recommend you confirm with your ISP that their interface is configured correctly.
0
 
RobertKwonCommented:
Also, if you need to provide proof to your isp you can set up a short acl to confirm your router is sending data out that port.  Something like:

access-list 101 permit icmp any any
access-list 101 permit ip any any

interface f0
ip access-group 101 out

then do "sh access-list 101" and see if there are any hits after you try to ping.  That would be proof that you are sending packets out that way since you will see the counters incrementing.

To elaborate on the get command you would do it this way.
telnet www.google.com:80 or port 80... the syntax escapes me at this moment.
get http

and you should see some recognizable text.

Note: google.com is an example not sure if they have port 80 open and allowed
0
 
bslatteryAuthor Commented:
Kyle,
I configure a laptop with .250 (/29) and connected directly to FE1.  I could not ping the router @ 78.127.187.249

Robert,
I have confirmed the information not only with the provider of the /29 (Digiweb/Ireland) but also with THEIR provider who they proxy the /30 (ENET/Ireland) for. ENET confirmed the can see their interface on the fibre box is up and linked to the router.
Also, sh arp has this:
SNN-C1811#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  82.148.148.22           -   0017.9523.df32  ARPA   FastEthernet0
Internet  78.127.187.249          -   0017.9523.df33  ARPA   FastEthernet1
0
 
kyleb84Commented:
This is a long shot, but worth a mention....

I see a "no ip gratuitous-arps" command in there, if in fact the ISP has got it wrong, and it's router is .22, your logs wouldn't show up any errors.
0
 
kyleb84Commented:
Humor me and do a no shut on Vlan1 int?
0
 
RobertKwonCommented:
I'm thinking you have bigger issues than routing if you can't ping a directly connected interface on the same subnet.

The ip addresses are within the same subnet, interface appears to be correctly configured, routing shouldn't even matter since its a directly connected interface.

I'm not doubting you but would you double check your interface and make absolutely sure you are plugging into FE.  Also, would you make sure on your laptop that the interface comes up with no issues.
0
 
bslatteryAuthor Commented:
Question, on a router are the WAN ports (FE0/FE1) by default in vlan1?  If so, is the shutdown command on vlan1 an issue?
0
 
RobertKwonCommented:
I'm thinking it wouldn't be since int fe0 and 1 are routed interfaces.  I believe you would have to do switchport to make it go into using vlans.

You can also check if the command is available by doing "sh int status" or "sh vlans"

I guess according to the cisco website these interfaces are switched.. but this is a bit odd, I didn't think you could assign ip addresses to switched interfaces unless you assigned it to the vlan or made it a routed port.
0
 
bslatteryAuthor Commented:
I see we were thinking the same thing.  I removed the shutdown and still have the same results:

Cannot ping from laptop conntected directly to FE1 and config'd in the same /29.
Cannot ping from my 1811 to anywhere (Internet, /30 gateway, /29 laptop)

Man I suck at this!!
0
 
bslatteryAuthor Commented:
You are correct, the sh int status does not include fe0/fe1 in the vlan list
0
 
kyleb84Commented:
I agree with rob.

On the laptop, if you ping the router then immediately do a "arp -a", does the router have a MAC address assigned to it?
0
 
kyleb84Commented:
Maybe try ping the Laptop from the router and then do a "sh arp" on the router...
0
 
RobertKwonCommented:
Can you provide with a "sh int status" or "sh vlans" output.

I'm thinking if they are switched ports, that the ip on the interface isn't doing any good.  But at the same time your arp output makes me believe otherwise.

I think you can get around this issue by possibly assigning the ip addresses to the vlan but then it still wouldn't work because of dot1q or ISL (tagging/framing).  Your isp may need to work with you on this to tag the correct vlan on their interface which I'm not sure they would want or can even support.  But still not being able to ping your interface.  Can you try moving your fe1 ip address to the vlan and remove it from fe1.  Also ensure that it is in no shutdown and ensure that the vlan is assigned to fe1.
0
 
bslatteryAuthor Commented:
the arp -a returns "No ARP entries found"
0
 
kyleb84Commented:
Can I ever so humble suggest that you double check which ports your plugged in to....

Unplug the laptop and confirm in the log that it says "FastEthernet1 protocol down" etc...
0
 
bslatteryAuthor Commented:
From the router:
SNN-C1811#sh vlans

No Virtual LANs configured.

SNN-C1811#sh nt status
SNN-C1811#sh int status

Port    Name               Status       Vlan       Duplex Speed Type
Fa2                        disabled     1            auto    auto 10/100BaseTX
Fa3                        disabled     1            auto    auto 10/100BaseTX
Fa4                        disabled     1            auto    auto 10/100BaseTX
Fa5                        disabled     1            auto    auto 10/100BaseTX
Fa6                        disabled     1            auto    auto 10/100BaseTX
Fa7                        disabled     1            auto    auto 10/100BaseTX
Fa8                        disabled     1            auto    auto 10/100BaseTX
Fa9                        disabled     1            auto    auto 10/100BaseTX
0
 
RobertKwonCommented:
Ok I think I found your problem.  According to Cisco you can not assign ip addresses and them routed ports so those ip addresses need to move to the vlan.

Can you add fe0 and fe1 to vlan 1 and then remove the ip addresses from fe0 and fe1.  After that add the first ip address then add the second ip address to the vlan as a secondary and that should solve your issue.  Let me know if you want exact commands.
0
 
RobertKwonCommented:
i'm hoping that when you remove the ip addresses from fe0 and fe1 they will start being in vlan 1 if not you would want to make this interface a trunk or access depending on your network layout.
0
 
RobertKwonCommented:
From Cisco's website on the product.

Q. Can the individual ports be configured as routed ports?
A. No, the Cisco EtherSwitch HWICs do not support routed ports. This means you cannot assign an IP address directly to the interface and make it a Layer 3 interface.

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/prod_qas0900aecd8016c026.html


I'm guessing this is the card  you have installed.
0
 
kyleb84Commented:
Rob do you agree it would be better to create 2 Vlan interfaces, assign an ip to each Vlan int, and make Fa0 an access member of one, and Fa1-6 an access member of the other?
0
 
kyleb84Commented:
Then you would have your WAN uplink as Fa0, and 6 ports ready for each device in your /29?
0
 
bslatteryAuthor Commented:
Kyle, sure as friggin s***, I had the cables switched.  Now FE1 is up and I can ping it from the /29 laptop (with some seriously high times).  So, color me stupid on that one. Monster kudos to you for working that out. I swear to god the jet lag is killing me!!!

However, fe0 will not come up now.

Robert, please allow me to digest your last 2 entries.
0
 
RobertKwonCommented:
I honestly don't feel that would make a difference since Vlan 1 should be native if using dot1q which is what I'm hoping.  I think that would create better separation but at the same time I don't know what his/her network design is ultimately that's why I was suggesting using Vlan1 for both to speed things along.  But both will work.
0
 
RobertKwonCommented:
bslattey,
I would be worried about high times depending on how high.  Since that will only add on to your latency as you go through your carriers network.
0
 
kyleb84Commented:
No worries b.

Credit where it's due, Rob did suggest this in a previous post, I just made the request a bit more official :P
0
 
bslatteryAuthor Commented:
Here is my cookie cutter network layout overview used in 7 countries
Limerick-Internet-Connection-Ove.jpg
0
 
RobertKwonCommented:
Ok that's what I was imagining it to look like.. so I'm going to assume you would want trunked ports between your switch and your 1811.  Looking at that lets tackle one issue at a time.  I believe first would be bringing up the WAN interface fe0 since that would be easiest and then you can hash out your design woes ;).

do this command on global config mode

default int f0
"this will cause your interface to go to default"

then do int vlan 1
ip address "address of wan"
no shut

then go to exec mode and do "sh int status"
make sure fe0 is in vlan 1

let me know if this fixes your wan issue first.


0
 
bslatteryAuthor Commented:
Robert, roger that.

Also, 9 minutes(according to the logs) after switching the cables, fe0 came up, but still cannot ping anywhere from the router.

I will now perform your requested actions
0
 
RobertKwonCommented:
if not you may have to do
switchport mode access
switchport access vlan 1

I can't remember switch syntaxes to save my life..


also after that check to make sure that the interface is behaving as configured

int f0 switchport
int f0 trunk

let me know what you get.
0
 
RobertKwonCommented:
Yeah just I guess my assumption but I don't think assigning those ip addresses is doing anything for you.  Honestly, I've never messed with 1811 so I don't even know where to begin assuming how that router is behaving.
0
 
bslatteryAuthor Commented:
Robert,

All comands accepted however fe0 does/will not show up in vlan1.  Only fa2-fa9 appear in the vlan.
0
 
RobertKwonCommented:
can you give me output of

sh int f0 switchport
sh int f0 trunk
sh vlan
0
 
bslatteryAuthor Commented:
Here are the outputs of the 3 commands:

SNN-C1811#sh int f0 switchport
% Fa0 is not a switchable port
SNN-C1811#sh int f0 trunk

SNN-C1811#sh vlan
% Ambiguous command:  "sh vlan"
SNN-C1811#sh vlan1
                 ^
% Invalid input detected at '^' marker.

SNN-C1811#sh vlan 1
% Ambiguous command:  "sh vlan 1"
SNN-C1811#show vlan 1
% Ambiguous command:  "show vlan 1"
SNN-C1811#
0
 
RobertKwonCommented:
haha not fun.. its stating that the interface is not a switchport.  Just to get this thing up would you mind moving the cable f0 to f2 and provide an output for

sh int f2 switchport
sh int f2 trunk
sh int status

I think getting this thing up would be more paramount and then troubleshoot the f0 issue unless you would like to work f0 all the way through.
0
 
RobertKwonCommented:
Sorry to add would you provide me with

sh run int f0
sh run int vlan1

I would like to see what's going on
0
 
bslatteryAuthor Commented:
Robert, we can work it fromthe f2 perspective first if u think that's best.  I have no probs with it.  Here is the outut from the commands plus a sh run int f2.

SNN-C1811#sh int f2 switchport
Name: Fa2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
SNN-C1811#sh int f2 trunk    

Port      Mode         Encapsulation  Status        Native vlan
Fa2       off          802.1q         not-trunking  1

Port      Vlans allowed on trunk
Fa2       1

Port      Vlans allowed and active in management domain
Fa2       1

Port      Vlans in spanning tree forwarding state and not pruned
Fa2       none
SNN-C1811#sh int status      

Port    Name               Status       Vlan       Duplex Speed Type
Fa2                        connected    1          a-half   a-100 10/100BaseTX
Fa3                        disabled     1            auto    auto 10/100BaseTX
Fa4                        disabled     1            auto    auto 10/100BaseTX
Fa5                        disabled     1            auto    auto 10/100BaseTX
Fa6                        disabled     1            auto    auto 10/100BaseTX
Fa7                        disabled     1            auto    auto 10/100BaseTX
Fa8                        disabled     1            auto    auto 10/100BaseTX
Fa9                        disabled     1            auto    auto 10/100BaseTX
SNN-C1811#sh run int f0      
Building configuration...

Current configuration : 71 bytes
!
interface FastEthernet0
 no ip address
 duplex auto
 speed auto
end

SNN-C1811#sh run int vlan1    
Building configuration...

Current configuration : 143 bytes
!
interface Vlan1
 ip address 83.147.148.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1452
end

SNN-C1811#sh run int f2  
Building configuration...

Current configuration : 31 bytes
!
interface FastEthernet2
end

SNN-C1811#
0
 
RobertKwonCommented:
So are you able to ping out now to the internet and ISP?
0
 
RobertKwonCommented:
Can you go to int f0 and issue command switchport.

then provide sh outputs

sh run int f0
sh int f0 switchport
0
 
bslatteryAuthor Commented:
I cannot ping either one.
0
 
bslatteryAuthor Commented:
It will not allow me issue that command:
SNN-C1811#config t
Enter configuration commands, one per line.  End with CNTL/Z.
SNN-C1811(config)#int f0
SNN-C1811(config-if)#switchport
                      ^
% Invalid input detected at '^' marker.
0
 
kyleb84Commented:
int Fa0
 switchport access vlan 1
 switchport mode access

int Vlan2
 ip address 78.127.187.249 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100

int Fa2
 switchport access vlan 2
 switchport mode access


Try that :)
0
 
RobertKwonCommented:
go to interface f2 and lets force it to vlan 1

int f2
switchport mode access
switchport access vlan 1

then verify it with

sh int f2 switchport
sh run int f2
0
 
RobertKwonCommented:
That F0 port is behaving very oddly.  According to docs its a switched interface but it doesn't want to be a switched interface.  I'm wondering whether you may have to reload to clear that sort of like when you reload a router when you want to change a serial interface from ptp to mtp or vice versa.  but that's another matter.. this is behaving weirdly since the port comes up and it says that access vlan 1 is default on fa2 but its not routing out that vlan... hmm when you do a ping can  you do an extended ping to specify the source interface

so it'll be like

ping

then follow the prompts.
0
 
kyleb84Commented:
Good point,

He's got 10 ports 0 - 9 inclusive, one will be a routable FE, the other members of the switch module which are not routable.

I'd put my money on Fa0 being the routable one.

Sorry b, pleas try paste this in:

int Fa0
 ip address 83.147.148.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1452
!
int Vlan1
 ip address 78.127.187.249 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100
!
!
int FaX
 switchport mode access
 switchport access vlan 1
!
end

(Where FaX is the port where your laptop is plugged in to)
0
 
RobertKwonCommented:
Kyle,
he had that before and I don't believe it was working,  I was thinking the same thing that since the 1811 is classified as a router it should have a routed port.. but hopefully that works.. if not I guess back to VLANS :)
0
 
bslatteryAuthor Commented:
Robert,
Commands issued, verified.  Although the sh run int f2 will not show the default vlan 1.

SNN-C1811#sh int f2 switchport
Name: Fa2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
SNN-C1811#sh ru int f2        
Building configuration...

Current configuration : 31 bytes
!
interface FastEthernet2
end
0
 
bslatteryAuthor Commented:
SNN-C1811#ping
Protocol [ip]:
Target IP address:
% Bad IP address
SNN-C1811#ping
Protocol [ip]:
Target IP address: 4.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SNN-C1811#
0
 
RobertKwonCommented:
Are you able to ping?
0
 
RobertKwonCommented:
can you do a sh ip route.

and try an extended ping originating the source address from your wan side.
0
 
bslatteryAuthor Commented:
Kyle,

Working on it, give me a minute
0
 
kyleb84Commented:
Ah but it does, according to Cisco.com:

1811
- 2 WAN FE Interfaces
- 8 Switch Ports

The question is which FE's are the WAN ports?

The Cisco's 851 WAN port is the last one, Fa4...

Maybe its Fa8 + Fa9 on the 1811?

Can I grace this thread with a quick test config?

default Fa0
default Fa1
default Fa2
default Fa3
!
int Vlan1
 no ip address
!
int Fa9
 ip address 83.147.148.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100
 no shut
!
 ip address 78.127.187.249 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100
 no shut
!

I'm gonna put money on this one.
0
 
kyleb84Commented:
Sorry b,

Put you through all this re-configs lol!

As the saying goes, to many chefs ruin the broth.
0
 
RobertKwonCommented:
Kyle,
All you.  I need to get some sleep but hopefully that is the issue.. damn cisco and weird numbering if it is so :P
0
 
RobertKwonCommented:
Kyle,
All you.  I need to get some sleep but hopefully that is the issue.. damn cisco and weird numbering if it is so :P
0
 
bslatteryAuthor Commented:
Kyle,

no go on your suggestion, could ping fa2 from the laptop, couldn't ping ISP or Internet
0
 
bslatteryAuthor Commented:
Fe0 and fe1 look to be the WAN ports,  They are grouped together and separate from the switchports
0
 
bslatteryAuthor Commented:
Correction on earlier, could NOT ping from laptop to router
0
 
kyleb84Commented:
Looking at config guides on the net, Fa0+1 are the routable ones.

Dont waste your time with the Fa9+8 based config b.
0
 
bslatteryAuthor Commented:
working on your test config now
0
 
bslatteryAuthor Commented:
scratch that won't do the fa8 + fa9 as we agree it's fa0 and fa1
0
 
kyleb84Commented:
Looks like your original config was completely correct...

If you go back to that.

erase startup-config
(confirm)
reload

Was the issue all this time just that you has the cable the wrong way around?
0
 
RobertKwonCommented:
Last idea before I'm off to bed.

bslattery,
can you configure your laptop with the wan ip address then connect it directly to your isp and ping.  So take the router out of the picture completely.  See if that works to ensure they are done correctly.
0
 
bslatteryAuthor Commented:
I don't think so as I could never ping the ISP or the internet even after switching cables.  I will reload that config and check again.
0
 
bslatteryAuthor Commented:
I will do that Kyle.  thanks for all your help!  Robert too!!

Pray for me!
0
 
bslatteryAuthor Commented:
did you want me to whack the startup config or the running config?
0
 
kyleb84Commented:
startup-config, then just paste your original in...

maybe try Rob's idea first, it'll save you some hassle if it doesn't work then....
0
 
kyleb84Commented:
Any success?

Let me know!

0
 
bslatteryAuthor Commented:
Sorry, I though you retired for the evening.

I connected a laptop directly to the fiber node and assigned the /30 ip and could not ping the other side of the ISP or the Internet.

I sent the ISP NOC an email and I am waiting for a response.  I will most certainly update the thread as soon s I know anything.  Based on everything we have tested, something certainly seems amiss with the ISP.  until they prove otherwise, I will blame them!!!
0
 
ParanormasticCryptographic EngineerCommented:
show port status    -- this should give you an idea of what is plugged in, try with one cable plugged in at a time to make sure you get the port numbering straight, and links.

I also noticed that you have one port set to 100-full static - are you sure that this is correct?  If it is a wan port I am wondering if it maybe should be 100 half or 10 half?  
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 28
  • 28
  • 18
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now