Solved: new 2811 framerelay config help

midwestcisco · ‎04-12-2008

Hello, we have a new cisco 2811 with wic-t1-csudsu-v2 card and are trying to configure it for a t1 frame relay line from uunet/mci/verizon. The line has been in place and up & running with an old "router" for sometime(~6yrs), but the old router is starting to have issues so we are replacing it. I just started working here and they want me to get the new cisco setup and ready to replace the old unit.

The problem is the person who originally setup this old livingston/pm3 "router" is no longer working here and they cant seem to find the original config info from verizon. We called verizon and got a "ticket number" a day ago, but no info yet from them. I have setup several types of more basic routers and am just starting with some cisco classes, but I am really a cisco newb. The cisco is amazing in all the options it has, but can be a bit overwhelming for a cisco newbie.

I have read through quite a bit of cisco docs and whatnot, and searched through the forum and I think I have "converted" the setup info from the old router into the 2811 correctly. I have been able to get several bits of info out of the old router, but it is pretty old and some of the terminology seems abit different, so I was hoping someone could glance over my cisco config and tell me if im even close to converting it correctly!

Basically we have a DS1/T1 frame relay line from "verizon", and we are allocated a full class c /24 block of ip addresses. I have attached the info from the old router and the running config from the 2811.

Richard Burts · ‎04-15-2008

Tom

For a point to point connection like your Frame Relay link a static route works about the same whether it specifies the next hop address (as you used to do) or whether it just specifies the outbound interface. That is not true for multi access interfaces (especially for Ethernet) and for these it is much better to use static routes that specify next hop addresses. My advice is that if there is already a static default route specifying next hop then I would not bother to change it.

"subnet-zero" and "ip classless" are interesting exceptions to the rule that default values do not show up in the running config. Both of these are default values that do show up in running config (or have for quite a while, but I believe that in very recent 12.4T are no longer showing up). The reason that they have been showing up in the running config is that the default behavior changed. If you go far enough back the default was no subnet-zero and no ip classless. Then as network environments changed Cisco changed the default behavior and they have made these commands show up in running config to make it more obvious what the behavior is.

I would not worry about these commands being in the config and I absolutely disagree with the advice from Nikhil that you could remove the ip classless command. You do NOT want to remove that command from your config. I suggest that you just leave them alone - and also the multilink bundle-name authenticated can just be left alone.

If the Verizon tech says that they do not need RIP then I would certainly remove it from the config.

HTH

Rick

HTH

Rick

View solution in original post

Richard Burts · ‎04-12-2008

Tom

I have looked at the information that you posted and I believe that your configuration of the new router is pretty reasonable. I do have one big thing and several small things to mention about it.

- it looks like the old router was running RIP and the new router is not. In terms of getting your data forwarded out the static default route that is configured will work ok. But I wonder if your up-stream gateway (Verizon) is using RIP to learn your subnet (verify that it is up and reachable)? If they stop getting RIP updates for your network will they still forward to you>

- I do not see any reason why you would need ip forward-protocol nd.

- in general I am not fond of configuring privilege level 15 on the vty lines. It means that anyone who gets remote access to the router will automatically be in privilege mode. (of course since the router is doing local authentication and the only user ID configured has privilege 15 specified it means that anyone who can login get privilege level anyway). in general I would prefer to have people login to user level and then have to use the enable password/secret to get to privilege mode. Since I do not know how many people would have access to this router may be it is not a big deal.

HTH

Rick

HTH

Rick

midwestcisco · ‎04-12-2008

Hello Rick,

Thanks for taking a look!

-Yes I was also wondering about the RIP, it worries me a little. I don't know if that was supposed to be there or if it was mis-configured with RIP on in the first place. Wonder if I could do some sniffing and find out if they are trying to get RIP updates since they still haven't got back with us yet??

-You know, I missed seeing that "ip forward-protocol nd" myself.. Not sure how it got there and we wouldn't be forwarding network disk datagrams that I know of? I also just noticed "multilink bundle-name authenticated" and I didn't add that either. Wonder if when I opened SDM and accessed the router SDM added them for some reason? We aren't doing any multilink at the moment, guess I will remove those two settings.

-On the vty lines & access, probably only 2 or 3 people at most will have access and I was going to add acl's that only allow management from local/trusted sources also, just had not added them yet.

Thanks,

Tom

Richard Burts · ‎04-12-2008

Tom

The multilink bundle-name authenticated is inserted into the config in some current versions of IOS. It is not something that SDM did (I have seen it on routers on which SDM was removed before the configuration was begus). It is not worth worrying about (and I am not sure whether you could remove it if you tried). I am not sure how the ip forward-protocol nd got there (perhaps SDM) and I believe that you can (and should) remove it.

As far as the RIP is concerned, I am not sure how you would sniff it - especially on the Frame Relay/serial interface which is where it really matters. I believe that your best bet is to hope for some clarification from Verizon. Or if you do not get the clarification, then be aware when you put the new router into production that if things break then the first thing that you should do is to enable RIP routing with network statements that include both the serial and the LAN interface.

HTH

Rick

HTH

Rick

midwestcisco · ‎04-14-2008

Rick

I removed the ip forward-protocol. I read through some cisco docs and webpages on cisco commands , and they talk about multlink for ppp bundles, but not how to disable it or why it was on by default.

We finally got a contact by verizon today, talked with a tech briefly, he said our basic line settings sounded correct, but that he didn't now why RIP would be on unless it was mistakenly turned on at some point, but that they didn't need it on. He then said he would send us a example config. This is what he sent:

-----------------------------------

hello Tom.

Here's settings & example config for your cisco router.

hostname u69xxx-gw

no service udp-small-servers

no service tcp-small-servers

!

ip subnet-zero

ip classless

ip routing

!

interface FastEthernet 0/0

description To Yourlocalnet/Switch/FastEthernet

ip address XXX.XXX.75.1 255.255.255.0

no ip directed broadcast

no shutdown

!

interface Serial 0/0

description To UUNET (u69xxx)

bandwidth 1536

encapsulation frame-relay IETF

frame-relay lmi-type ansi

no ip address

no shutdown

no fair-queue

!

interface Serial 0/0.1 point-to-point

ip address YYY.YYY.160.82 255.255.255.252

frame-relay interface-dlci 500 IETF

bandwidth 1536

no shutdown

!

ip route 0.0.0.0 0.0.0.0 Serial 0/0.1

!

ip domain-name ALTER.NET

ip name-server 198.6.100.38 < ====== this is VZB dns server ip ..you can add with your dns server ip / domain if you using your own dns server.

Thank you,

Verizon Support

--------------------------------

What are your thoughts about the subnet-zero and classless, and that route without the gateway address we used in the old router? Thanks again for your input!

Tom

nikhil.engineer · ‎04-15-2008

Hi Tom,

I dont see any problem in your config. There should be a default route present cause you do not all the destinations u need to reach.

You must be having more than one destinations to reach.

Normally, ip classless is used to send packets to the subnets which are destined for unrecognized subnets of directly connected networks. But, if you are using default route you can remove this command.

Ip subnet-zero is used to make use of subnet 0.

HTH.

Cheers,

Nikhil E.

Richard Burts · ‎04-15-2008

Tom

For a point to point connection like your Frame Relay link a static route works about the same whether it specifies the next hop address (as you used to do) or whether it just specifies the outbound interface. That is not true for multi access interfaces (especially for Ethernet) and for these it is much better to use static routes that specify next hop addresses. My advice is that if there is already a static default route specifying next hop then I would not bother to change it.

"subnet-zero" and "ip classless" are interesting exceptions to the rule that default values do not show up in the running config. Both of these are default values that do show up in running config (or have for quite a while, but I believe that in very recent 12.4T are no longer showing up). The reason that they have been showing up in the running config is that the default behavior changed. If you go far enough back the default was no subnet-zero and no ip classless. Then as network environments changed Cisco changed the default behavior and they have made these commands show up in running config to make it more obvious what the behavior is.

I would not worry about these commands being in the config and I absolutely disagree with the advice from Nikhil that you could remove the ip classless command. You do NOT want to remove that command from your config. I suggest that you just leave them alone - and also the multilink bundle-name authenticated can just be left alone.

If the Verizon tech says that they do not need RIP then I would certainly remove it from the config.

HTH

Rick

HTH

Rick

midwestcisco · ‎04-16-2008

Rick

Thanks for all the help. We swapped the 2811 in and it seems to be working good! We left the rip off and other items as suggested. Thanks again!

Tom

Richard Burts · ‎04-17-2008

Tom

Thanks for posting back and indicating that it is working good. And thanks for using the rating system to indicate that your issue was resolved (and thanks for the rating). It makes the forum more useful when people can read about an issue and can know that they will read responses which did help resolve the issue.

The forum is an excellent place to learn about Cisco networking. I encourage you to continue your participation in the forum.

HTH

Rick

HTH

Rick