Solved

Configure 1811 Router as other end of ISP /30 network

Posted on 2008-10-14
75
727 Views
Last Modified: 2011-10-19
Hello,

Here's the situation:
I arrive in a foreign country to configure a new remote office.  We ordered a /29 from the ISP.  In all the other countries I have done this, I am handed an ethernet cable and I configure from the firewall -> in.  In this situation, the ISP did not provide the border router (and didn't tell me).  I wasinstructed to place the router at the other end of their /30 and on top of that, route my /29 network.

So I now have an 1811 an I am trying to configure it to their request given the following information from the ISP (and only this information):

IP ADDRESSES ARE NOT THE ACTUAL IP ADDRESSES

Begin ISP provided info via email***********************************************************
"They simply have point-to-point connection from us, so on their WAN interface they should use following details:

IP: 82.148.148.22
Netmask: 255.255.255.252
Gateway: 82.148.148.21

Than on top of this they have their /29 range routed, so they can create DMZ behind their router, so it will act as a gateway for this range.

So /29 range is 78.127.187.248 - 78.127.187.255."
End ISP provided info**********************************************************************8

I am comfortable inside the IOS and have attempted to configure the router as follows:
SNN-C1811#sh ru
Building configuration...

Current configuration : 4591 bytes
!
version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname SNN-C1811
!
boot-start-marker
boot-end-marker
!
security authentication failure rate 10 log
security passwords min-length 6
logging buffered 4096 debugging
logging console critical
enable secret 5 $1$73gK$h1Sc7vn8FLszD8.h9L0eb0
enable password 7 121A0C0411040F0D39282B
!        
aaa new-model
!
!
aaa authentication login local_auth local
!
aaa session-id common
!
resource policy
!
no ip source-route
no ip gratuitous-arps
!
!
ip cef
!
!
no ip bootp server
no ip domain lookup
ip domain name dts.local
ip ssh time-out 60
ip ssh authentication-retries 2
login block-for 5 attempts 5 within 5
!
!
crypto pki trustpoint TP-self-signed-1509561198
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1509561198
 revocation-check none
 rsakeypair TP-self-signed-1509561198
!
!
crypto pki certificate chain TP-self-signed-1509561198
 certificate self-signed 01
  3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31353039 35363131 3938301E 170D3036 30353234 30313033
  34335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35303935
  36313139 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BD1F 7628EEA9 9D23A4C3 F8885A7D 956211A8 59A6E99C D6FE4C97 2C557AEB
  A3CFB7E2 17D685C3 986B0A9C 36DA0995 EE6942F2 E5DE20C6 127361AD 9EE5825C
  9187C90D DA54FF66 DCD6F065 64CE1C46 8877B3A1 F13C281A 27F3F532 8260D43A
  7594920F 28793A80 A6C267FF 787DA3F3 71E58BC3 E08E9CA5 0A2E3CCB A4AF8A82
  DB430203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
  551D1104 17301582 13485744 2D433138 31312E64 74732E6C 6F63616C 301F0603
  551D2304 18301680 1485EB7C DE114BE4 AA00564C 0D75A36F FE8D2BF7 67301D06
  03551D0E 04160414 85EB7CDE 114BE4AA 00564C0D 75A36FFE 8D2BF767 300D0609
  2A864886 F70D0101 04050003 81810089 FE60BACD BC6DB80D D41D53BE A6557AA4
  D460885E CE487092 8FF7780E 4C75BB41 3D2B0AF7 21203A93 9708E527 6BCC941A
  397702C5 510A1F70 6CFB979A 94DFF7F8 10778660 4F27E83F AAA81734 46E7894C
  CBFE8125 EA284E80 1ADEF47D BDA1132C B87AF2F2 BE110E4C 5C5839AC D614D53A
  E87C8CA2 3B7321E0 B1DC1980 2C6F7F
  quit
username admin privilege 15 secret 5 $1$hcpl$ufg9CqnFd6atw1B2dCjy20
!
!
!
!
!
!
interface FastEthernet0
 ip address 82.148.148.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 speed 100
 full-duplex
!
interface FastEthernet1
 ip address 78.127.187.249 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex auto
 speed auto
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 shutdown
!
interface FastEthernet5
 shutdown
!
interface FastEthernet6
 shutdown
!
interface FastEthernet7
 shutdown
!
interface FastEthernet8
 shutdown
!
interface FastEthernet9
 shutdown
!
interface Vlan1
 description $ETH-SW-LAUNCH$$INTF-INFO-FE 2$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1452
 shutdown
!
interface Async1
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 encapsulation slip
!
ip route 0.0.0.0 0.0.0.0 82.148.148.21
!
!
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
!
!
!
!        
!
control-plane
!
banner login ^C
^C
banner motd ^C
Authorized users only.
^C
!
line con 0
 exec-timeout 5 0
 login authentication local_auth
 transport output telnet
line 1
 exec-timeout 15 0
 login authentication local_auth
 modem InOut
 stopbits 1
 speed 115200
 flowcontrol hardware
line aux 0
 login authentication local_auth
 transport output telnet
line vty 0 4
 privilege level 15
 password 7 06040626424C081D
 login authentication local_auth
 transport input telnet ssh
line vty 5 15
 privilege level 15
 password 7 094E470E17071616
 login authentication local_auth
 transport input telnet ssh
!
!
webvpn context Default_context
 ssl authenticate verify all
 !
 no inservice
!
end

*************************************
From the router I am unable to ping the other side of the /30 or anything on the Internet.
I was hoping someone could review this config and let me know how bad I have this jacked up.

TIA,
Bob

0
Comment
Question by:bslattery
  • 28
  • 28
  • 18
  • +1
75 Comments
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710021
Have you checked your interfaces to make sure that they are up?
Also, after you issue a ping have you looked at your arp requests to see if they are coming up incomplete or are populating with a value?
Your interfaces and routing seem to be configured appropriately but I'm wondering where you are testing from?
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710037
I can't see anything wrong with the parameter's you've been given, and the config you've done...

You can ping devices on the /28 side?

If there are no devices, got a laptop? Set it's IP address to 78.127.187.250 255.255.255.248 and try ping .249

Then try ping your /30 side of your router.

Let me know how you go...
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710042
Is there a speed/duplex mismatch on the WAN FE?

Do a "show log"

0
 

Author Comment

by:bslattery
ID: 22710052
I am now checking all provided suggestions.

thank you for the quick responses.

sincerely,
bob
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710061
Well with a speed mismatch the interface wouldn't come up.
With a duplex mismatch you'll see CRC errors but you should be able to ping a couple of times.

I would suggest checking your interface status
sh ip int bri

Also, I personally don't feel that auto-negotiation of duplex ever really works well.  I would hard set it if possible since on Fast Ethernet you are going to default to half duplex if negotiation is not successful.
0
 

Author Comment

by:bslattery
ID: 22710085
Robert,
Interface status shows ok for both interfaces

Kyle,
No errors in the log, I am configuring a spare laptop to connect to the /29 side of the router, FE1.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710105
So just to understand, when you ping the ip address of the lan side of your isp from your router you are not getting a response?  It could very well be that they are filtering ICMP.  But if you are unable to reach the outside network it could be a multitude of issues.

Were you able to look at your arp tables when you issued the ping?
Can you verify that you are pinging from the router or where you are pinging from?
Were you able to verify with the isp that their side has the right IP addresses configured?
If they are filtering against ICMP you can use the get command to get http data and see if that works.

Sorry from reading your original post I would recommend you confirm with your ISP that their interface is configured correctly.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710135
Also, if you need to provide proof to your isp you can set up a short acl to confirm your router is sending data out that port.  Something like:

access-list 101 permit icmp any any
access-list 101 permit ip any any

interface f0
ip access-group 101 out

then do "sh access-list 101" and see if there are any hits after you try to ping.  That would be proof that you are sending packets out that way since you will see the counters incrementing.

To elaborate on the get command you would do it this way.
telnet www.google.com:80 or port 80... the syntax escapes me at this moment.
get http

and you should see some recognizable text.

Note: google.com is an example not sure if they have port 80 open and allowed
0
 

Author Comment

by:bslattery
ID: 22710144
Kyle,
I configure a laptop with .250 (/29) and connected directly to FE1.  I could not ping the router @ 78.127.187.249

Robert,
I have confirmed the information not only with the provider of the /29 (Digiweb/Ireland) but also with THEIR provider who they proxy the /30 (ENET/Ireland) for. ENET confirmed the can see their interface on the fibre box is up and linked to the router.
Also, sh arp has this:
SNN-C1811#sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  82.148.148.22           -   0017.9523.df32  ARPA   FastEthernet0
Internet  78.127.187.249          -   0017.9523.df33  ARPA   FastEthernet1
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710162
This is a long shot, but worth a mention....

I see a "no ip gratuitous-arps" command in there, if in fact the ISP has got it wrong, and it's router is .22, your logs wouldn't show up any errors.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710177
Humor me and do a no shut on Vlan1 int?
0
 
LVL 1

Accepted Solution

by:
RobertKwon earned 250 total points
ID: 22710183
I'm thinking you have bigger issues than routing if you can't ping a directly connected interface on the same subnet.

The ip addresses are within the same subnet, interface appears to be correctly configured, routing shouldn't even matter since its a directly connected interface.

I'm not doubting you but would you double check your interface and make absolutely sure you are plugging into FE.  Also, would you make sure on your laptop that the interface comes up with no issues.
0
 

Author Comment

by:bslattery
ID: 22710184
Question, on a router are the WAN ports (FE0/FE1) by default in vlan1?  If so, is the shutdown command on vlan1 an issue?
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710206
I'm thinking it wouldn't be since int fe0 and 1 are routed interfaces.  I believe you would have to do switchport to make it go into using vlans.

You can also check if the command is available by doing "sh int status" or "sh vlans"

I guess according to the cisco website these interfaces are switched.. but this is a bit odd, I didn't think you could assign ip addresses to switched interfaces unless you assigned it to the vlan or made it a routed port.
0
 

Author Comment

by:bslattery
ID: 22710211
I see we were thinking the same thing.  I removed the shutdown and still have the same results:

Cannot ping from laptop conntected directly to FE1 and config'd in the same /29.
Cannot ping from my 1811 to anywhere (Internet, /30 gateway, /29 laptop)

Man I suck at this!!
0
 

Author Comment

by:bslattery
ID: 22710218
You are correct, the sh int status does not include fe0/fe1 in the vlan list
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710220
I agree with rob.

On the laptop, if you ping the router then immediately do a "arp -a", does the router have a MAC address assigned to it?
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710223
Maybe try ping the Laptop from the router and then do a "sh arp" on the router...
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710232
Can you provide with a "sh int status" or "sh vlans" output.

I'm thinking if they are switched ports, that the ip on the interface isn't doing any good.  But at the same time your arp output makes me believe otherwise.

I think you can get around this issue by possibly assigning the ip addresses to the vlan but then it still wouldn't work because of dot1q or ISL (tagging/framing).  Your isp may need to work with you on this to tag the correct vlan on their interface which I'm not sure they would want or can even support.  But still not being able to ping your interface.  Can you try moving your fe1 ip address to the vlan and remove it from fe1.  Also ensure that it is in no shutdown and ensure that the vlan is assigned to fe1.
0
 

Author Comment

by:bslattery
ID: 22710233
the arp -a returns "No ARP entries found"
0
 
LVL 10

Assisted Solution

by:kyleb84
kyleb84 earned 250 total points
ID: 22710247
Can I ever so humble suggest that you double check which ports your plugged in to....

Unplug the laptop and confirm in the log that it says "FastEthernet1 protocol down" etc...
0
 

Author Comment

by:bslattery
ID: 22710250
From the router:
SNN-C1811#sh vlans

No Virtual LANs configured.

SNN-C1811#sh nt status
SNN-C1811#sh int status

Port    Name               Status       Vlan       Duplex Speed Type
Fa2                        disabled     1            auto    auto 10/100BaseTX
Fa3                        disabled     1            auto    auto 10/100BaseTX
Fa4                        disabled     1            auto    auto 10/100BaseTX
Fa5                        disabled     1            auto    auto 10/100BaseTX
Fa6                        disabled     1            auto    auto 10/100BaseTX
Fa7                        disabled     1            auto    auto 10/100BaseTX
Fa8                        disabled     1            auto    auto 10/100BaseTX
Fa9                        disabled     1            auto    auto 10/100BaseTX
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710255
Ok I think I found your problem.  According to Cisco you can not assign ip addresses and them routed ports so those ip addresses need to move to the vlan.

Can you add fe0 and fe1 to vlan 1 and then remove the ip addresses from fe0 and fe1.  After that add the first ip address then add the second ip address to the vlan as a secondary and that should solve your issue.  Let me know if you want exact commands.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710265
i'm hoping that when you remove the ip addresses from fe0 and fe1 they will start being in vlan 1 if not you would want to make this interface a trunk or access depending on your network layout.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710271
From Cisco's website on the product.

Q. Can the individual ports be configured as routed ports?
A. No, the Cisco EtherSwitch HWICs do not support routed ports. This means you cannot assign an IP address directly to the interface and make it a Layer 3 interface.

http://www.cisco.com/en/US/prod/collateral/routers/ps5853/prod_qas0900aecd8016c026.html


I'm guessing this is the card  you have installed.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710285
Rob do you agree it would be better to create 2 Vlan interfaces, assign an ip to each Vlan int, and make Fa0 an access member of one, and Fa1-6 an access member of the other?
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710292
Then you would have your WAN uplink as Fa0, and 6 ports ready for each device in your /29?
0
 

Author Comment

by:bslattery
ID: 22710298
Kyle, sure as friggin s***, I had the cables switched.  Now FE1 is up and I can ping it from the /29 laptop (with some seriously high times).  So, color me stupid on that one. Monster kudos to you for working that out. I swear to god the jet lag is killing me!!!

However, fe0 will not come up now.

Robert, please allow me to digest your last 2 entries.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710303
I honestly don't feel that would make a difference since Vlan 1 should be native if using dot1q which is what I'm hoping.  I think that would create better separation but at the same time I don't know what his/her network design is ultimately that's why I was suggesting using Vlan1 for both to speed things along.  But both will work.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710313
bslattey,
I would be worried about high times depending on how high.  Since that will only add on to your latency as you go through your carriers network.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710318
No worries b.

Credit where it's due, Rob did suggest this in a previous post, I just made the request a bit more official :P
0
 

Author Comment

by:bslattery
ID: 22710335
Here is my cookie cutter network layout overview used in 7 countries
Limerick-Internet-Connection-Ove.jpg
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710349
Ok that's what I was imagining it to look like.. so I'm going to assume you would want trunked ports between your switch and your 1811.  Looking at that lets tackle one issue at a time.  I believe first would be bringing up the WAN interface fe0 since that would be easiest and then you can hash out your design woes ;).

do this command on global config mode

default int f0
"this will cause your interface to go to default"

then do int vlan 1
ip address "address of wan"
no shut

then go to exec mode and do "sh int status"
make sure fe0 is in vlan 1

let me know if this fixes your wan issue first.


0
 

Author Comment

by:bslattery
ID: 22710356
Robert, roger that.

Also, 9 minutes(according to the logs) after switching the cables, fe0 came up, but still cannot ping anywhere from the router.

I will now perform your requested actions
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710357
if not you may have to do
switchport mode access
switchport access vlan 1

I can't remember switch syntaxes to save my life..


also after that check to make sure that the interface is behaving as configured

int f0 switchport
int f0 trunk

let me know what you get.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710372
Yeah just I guess my assumption but I don't think assigning those ip addresses is doing anything for you.  Honestly, I've never messed with 1811 so I don't even know where to begin assuming how that router is behaving.
0
 

Author Comment

by:bslattery
ID: 22710393
Robert,

All comands accepted however fe0 does/will not show up in vlan1.  Only fa2-fa9 appear in the vlan.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710402
can you give me output of

sh int f0 switchport
sh int f0 trunk
sh vlan
0
 

Author Comment

by:bslattery
ID: 22710417
Here are the outputs of the 3 commands:

SNN-C1811#sh int f0 switchport
% Fa0 is not a switchable port
SNN-C1811#sh int f0 trunk

SNN-C1811#sh vlan
% Ambiguous command:  "sh vlan"
SNN-C1811#sh vlan1
                 ^
% Invalid input detected at '^' marker.

SNN-C1811#sh vlan 1
% Ambiguous command:  "sh vlan 1"
SNN-C1811#show vlan 1
% Ambiguous command:  "show vlan 1"
SNN-C1811#
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710440
haha not fun.. its stating that the interface is not a switchport.  Just to get this thing up would you mind moving the cable f0 to f2 and provide an output for

sh int f2 switchport
sh int f2 trunk
sh int status

I think getting this thing up would be more paramount and then troubleshoot the f0 issue unless you would like to work f0 all the way through.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710442
Sorry to add would you provide me with

sh run int f0
sh run int vlan1

I would like to see what's going on
0
 

Author Comment

by:bslattery
ID: 22710475
Robert, we can work it fromthe f2 perspective first if u think that's best.  I have no probs with it.  Here is the outut from the commands plus a sh run int f2.

SNN-C1811#sh int f2 switchport
Name: Fa2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
SNN-C1811#sh int f2 trunk    

Port      Mode         Encapsulation  Status        Native vlan
Fa2       off          802.1q         not-trunking  1

Port      Vlans allowed on trunk
Fa2       1

Port      Vlans allowed and active in management domain
Fa2       1

Port      Vlans in spanning tree forwarding state and not pruned
Fa2       none
SNN-C1811#sh int status      

Port    Name               Status       Vlan       Duplex Speed Type
Fa2                        connected    1          a-half   a-100 10/100BaseTX
Fa3                        disabled     1            auto    auto 10/100BaseTX
Fa4                        disabled     1            auto    auto 10/100BaseTX
Fa5                        disabled     1            auto    auto 10/100BaseTX
Fa6                        disabled     1            auto    auto 10/100BaseTX
Fa7                        disabled     1            auto    auto 10/100BaseTX
Fa8                        disabled     1            auto    auto 10/100BaseTX
Fa9                        disabled     1            auto    auto 10/100BaseTX
SNN-C1811#sh run int f0      
Building configuration...

Current configuration : 71 bytes
!
interface FastEthernet0
 no ip address
 duplex auto
 speed auto
end

SNN-C1811#sh run int vlan1    
Building configuration...

Current configuration : 143 bytes
!
interface Vlan1
 ip address 83.147.148.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1452
end

SNN-C1811#sh run int f2  
Building configuration...

Current configuration : 31 bytes
!
interface FastEthernet2
end

SNN-C1811#
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710489
So are you able to ping out now to the internet and ISP?
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710498
Can you go to int f0 and issue command switchport.

then provide sh outputs

sh run int f0
sh int f0 switchport
0
 

Author Comment

by:bslattery
ID: 22710505
I cannot ping either one.
0
 

Author Comment

by:bslattery
ID: 22710519
It will not allow me issue that command:
SNN-C1811#config t
Enter configuration commands, one per line.  End with CNTL/Z.
SNN-C1811(config)#int f0
SNN-C1811(config-if)#switchport
                      ^
% Invalid input detected at '^' marker.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710520
int Fa0
 switchport access vlan 1
 switchport mode access

int Vlan2
 ip address 78.127.187.249 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100

int Fa2
 switchport access vlan 2
 switchport mode access


Try that :)
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710522
go to interface f2 and lets force it to vlan 1

int f2
switchport mode access
switchport access vlan 1

then verify it with

sh int f2 switchport
sh run int f2
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710544
That F0 port is behaving very oddly.  According to docs its a switched interface but it doesn't want to be a switched interface.  I'm wondering whether you may have to reload to clear that sort of like when you reload a router when you want to change a serial interface from ptp to mtp or vice versa.  but that's another matter.. this is behaving weirdly since the port comes up and it says that access vlan 1 is default on fa2 but its not routing out that vlan... hmm when you do a ping can  you do an extended ping to specify the source interface

so it'll be like

ping

then follow the prompts.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710581
Good point,

He's got 10 ports 0 - 9 inclusive, one will be a routable FE, the other members of the switch module which are not routable.

I'd put my money on Fa0 being the routable one.

Sorry b, pleas try paste this in:

int Fa0
 ip address 83.147.148.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip tcp adjust-mss 1452
!
int Vlan1
 ip address 78.127.187.249 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100
!
!
int FaX
 switchport mode access
 switchport access vlan 1
!
end

(Where FaX is the port where your laptop is plugged in to)
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710599
Kyle,
he had that before and I don't believe it was working,  I was thinking the same thing that since the 1811 is classified as a router it should have a routed port.. but hopefully that works.. if not I guess back to VLANS :)
0
 

Author Comment

by:bslattery
ID: 22710602
Robert,
Commands issued, verified.  Although the sh run int f2 will not show the default vlan 1.

SNN-C1811#sh int f2 switchport
Name: Fa2
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Disabled
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Trunking VLANs Enabled: ALL
Trunking VLANs Active: 1
Protected: false
Priority for untagged frames: 0
Override vlan tag priority: FALSE
Voice VLAN: none
Appliance trust: none
SNN-C1811#sh ru int f2        
Building configuration...

Current configuration : 31 bytes
!
interface FastEthernet2
end
0
 

Author Comment

by:bslattery
ID: 22710607
SNN-C1811#ping
Protocol [ip]:
Target IP address:
% Bad IP address
SNN-C1811#ping
Protocol [ip]:
Target IP address: 4.2.2.2
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 4.2.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SNN-C1811#
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710608
Are you able to ping?
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710611
can you do a sh ip route.

and try an extended ping originating the source address from your wan side.
0
 

Author Comment

by:bslattery
ID: 22710613
Kyle,

Working on it, give me a minute
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710645
Ah but it does, according to Cisco.com:

1811
- 2 WAN FE Interfaces
- 8 Switch Ports

The question is which FE's are the WAN ports?

The Cisco's 851 WAN port is the last one, Fa4...

Maybe its Fa8 + Fa9 on the 1811?

Can I grace this thread with a quick test config?

default Fa0
default Fa1
default Fa2
default Fa3
!
int Vlan1
 no ip address
!
int Fa9
 ip address 83.147.148.22 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100
 no shut
!
 ip address 78.127.187.249 255.255.255.248
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 duplex full
 speed 100
 no shut
!

I'm gonna put money on this one.
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710656
Sorry b,

Put you through all this re-configs lol!

As the saying goes, to many chefs ruin the broth.
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710662
Kyle,
All you.  I need to get some sleep but hopefully that is the issue.. damn cisco and weird numbering if it is so :P
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710663
Kyle,
All you.  I need to get some sleep but hopefully that is the issue.. damn cisco and weird numbering if it is so :P
0
 

Author Comment

by:bslattery
ID: 22710689
Kyle,

no go on your suggestion, could ping fa2 from the laptop, couldn't ping ISP or Internet
0
 

Author Comment

by:bslattery
ID: 22710699
Fe0 and fe1 look to be the WAN ports,  They are grouped together and separate from the switchports
0
 

Author Comment

by:bslattery
ID: 22710701
Correction on earlier, could NOT ping from laptop to router
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710703
Looking at config guides on the net, Fa0+1 are the routable ones.

Dont waste your time with the Fa9+8 based config b.
0
 

Author Comment

by:bslattery
ID: 22710706
working on your test config now
0
 

Author Comment

by:bslattery
ID: 22710715
scratch that won't do the fa8 + fa9 as we agree it's fa0 and fa1
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710719
Looks like your original config was completely correct...

If you go back to that.

erase startup-config
(confirm)
reload

Was the issue all this time just that you has the cable the wrong way around?
0
 
LVL 1

Expert Comment

by:RobertKwon
ID: 22710735
Last idea before I'm off to bed.

bslattery,
can you configure your laptop with the wan ip address then connect it directly to your isp and ping.  So take the router out of the picture completely.  See if that works to ensure they are done correctly.
0
 

Author Comment

by:bslattery
ID: 22710742
I don't think so as I could never ping the ISP or the internet even after switching cables.  I will reload that config and check again.
0
 

Author Comment

by:bslattery
ID: 22710751
I will do that Kyle.  thanks for all your help!  Robert too!!

Pray for me!
0
 

Author Comment

by:bslattery
ID: 22710764
did you want me to whack the startup config or the running config?
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22710788
startup-config, then just paste your original in...

maybe try Rob's idea first, it'll save you some hassle if it doesn't work then....
0
 
LVL 10

Expert Comment

by:kyleb84
ID: 22711001
Any success?

Let me know!

0
 

Author Comment

by:bslattery
ID: 22711056
Sorry, I though you retired for the evening.

I connected a laptop directly to the fiber node and assigned the /30 ip and could not ping the other side of the ISP or the Internet.

I sent the ISP NOC an email and I am waiting for a response.  I will most certainly update the thread as soon s I know anything.  Based on everything we have tested, something certainly seems amiss with the ISP.  until they prove otherwise, I will blame them!!!
0
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22712283
show port status    -- this should give you an idea of what is plugged in, try with one cable plugged in at a time to make sure you get the port numbering straight, and links.

I also noticed that you have one port set to 100-full static - are you sure that this is correct?  If it is a wan port I am wondering if it maybe should be 100 half or 10 half?  
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

Suggested Solutions

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now