final-reseaux Thu, 06/04/2009 - 08:52

I try to change the ip adress with CCA in Configure - routing - IP Addresses but we can't change it. What must i do?

Regards

Steven DiStefano Fri, 06/05/2009 - 08:02

I tell you what I did when I implemented a multisite where they had to be different...., but I did this "Before" I configured anything.

So if this is a lab system, you can do this as well.  If its in production, it may be more difficult to do with CLI.

Basically factory reset the system from CCA.  Then Connect directly to the IP Address of the UC520 and go to the Wizard.  You will know you connected correctly if the Wizard works (many people try to use the wizard connecting via a community with the single UC520 in it, and that wont work).

Go through the screens, one of them will be data VLAN.   Set it as you wish.  When done, create a community, add the UC520 and configure as normal.

Marcos Hernandez Fri, 06/05/2009 - 08:28

There is a way to do it on an active system, by adding a second VLAN and making it the default. I have included some screenshots with the "story board":

1) Create new VLAN:

Picture 3.png

2) Assign IP to new VLAN

Picture 4.png

3) Change Smartports to use new VLAN the default data VLAN (exclude the port you are connected to, so you do not lose connectivity):

Picture 6.png

4) Change DHCP Server Settings:

Picture 7.png

5) Enable NAT (inside) for new VLAN Interface:

Picture 8.png

6) Close CCA.

7) Connect to another switch port and open CCA using the new VLAN IP.

8) Change the Smartport Data VLAN on the last port that didn't have it.

9) Check for other places where previous IP might have been configured (VPN Server, for example).

We will update the First Look Labs.

Thanks,


Marcos

SHeidemann Mon, 02/22/2010 - 20:22

Using CCA 2.2 this does not work. I've set it and the dhcp server scope but it always goes to 192.168.10.1 data network. I really would like the default vlan to reflect the rest of the network. Have you tried changing it with the wizard with 2.2 yet?

Thanks

Stephanie

SHeidemann Tue, 02/23/2010 - 07:10

The telephony setup wizard. The same one that launches upon factory reset. I put in the different ip's and the dhcp scope changes automatically. All looks well, but when the wizard is done everything is still .10 network. I've tried saving and restarting, but still the same results. This is a UC540. I have made the changes by creating VLAN 2, and making that the access vlan for all ports, but I can not erase the default vlan 1.

Stephanie

Marcos Hernandez Tue, 02/23/2010 - 07:15

Bummer. This should work. It is what we have been recommending all along in order to change default IP's. If it doesn't work, this is a VERY serious bug. May I kindly ask you to open a TAC case?

Thanks for your patience.


Marcos

Jesse Shumaker Wed, 09/26/2012 - 16:31

I see this article mentioned on creating another interface for an additional subnet on the uc520. I'm in need of using it for a WAN setup so I can have dual isp's. I'm wondering how via the cli you can remove the switchport access so it's a standard routing port. I get the following error when trying to give it an ip addreess.

% IP addresses may not be configured on L2 links.

I'm also wondering how the dual nat situation would work as well if it can be used as a another WAN port.

thanks

Marcos Hernandez Thu, 09/27/2012 - 09:32

Jesse,

What you do is create an "Interface Vlan X", where X can be "25" for example. Under that interface you configure all your L3 stuff and then you put the switchport that will serve as your secondary WAN on that VLAN.

Thanks,

Marcos

Jesse Shumaker Thu, 09/27/2012 - 09:44

Oh I see so yur configuring the ip on the vlan interface not the fast ethernet port. Would this still work going out to the isp if the fast ethernet port is tagging itself with vlan x frames?

Also how would this work out in relation to a dual wan setup with sla monitoring? My concern is having two interfaces that go to both of my isp's which are on NAT outside. this would load balance traffic, which I don't want. I want a failover scenario using ip sla monitoring.

thanks Marcos

Jesse Shumaker Thu, 09/27/2012 - 10:03

Funny, I thought you would mention that article. my questions are stemming from reading through your suggesstions and seeing what would fit in my scenario. Yes you address the ip sla monitoring which is great and I will use that. My other main concern is how the uc520 will handle a dual "NAT outside" situation on both interfaces. If I apply nat outside to each interface and make my nat overload statements for each interface along with all the sla configuration, how will the uc520 only leave one link "active" and working? I know that the sla monitoring will keep only one default gateway active but won't it still try to nat out the other "inactive" interface causing problems?

thanks

Marcos Hernandez Thu, 09/27/2012 - 10:08

Routing would fix this. I mean, a routing decision (outbound interface) is made prior to NAT'ing. Static route preference would be the way to go, or policy based routing, which is a little more complicated. Try to experiment with this and let me know if you need help.

Jesse Shumaker Thu, 09/27/2012 - 11:32

Hmmm... routing decision before the nat occurs is good. With static route preference do you mean administrative distance? never done policy based routing. I thought with ip sla this is being done in terms of removing the routes. not sure where to go with this one.

ip route 0.0.0.0 0.0.0.0 [ISP 1 GATEWAY] 1

ip route 0.0.0.0 0.0.0.0 [ISP 1 GATEWAY] 10

Marcos Hernandez Thu, 09/27/2012 - 12:08

Give the primary route a lower administrative disctane than teh backup route. Remember to use SLA tracking to detect when the first interface becomes unavailable.

Thanks,

Marcos

Jesse Shumaker Thu, 09/27/2012 - 12:17

that is how I planned on doing it but I didn't know that would affect the nat choice and figured the uc520 would still try to nat on both interfaces. so does the natting occur before the route selection and the natting checks to see which route is active?

Marcos Hernandez Thu, 09/27/2012 - 12:19

No. The router decides on which interface to put the packet for outbound transmission and then NAT kicks in.

Jesse Shumaker Thu, 09/27/2012 - 12:31

so when it decides which interface it looks at the route with lowest AD in order to make that decision?

Jesse Shumaker Wed, 10/17/2012 - 14:05

Well I implemented the following config and things work but users are saying that they will get disconnected and then reconnected at random times. When I checked the statistics it doesn't show that the ip sla is failing over. I'm wondering if it's a nat issue. what do you think or recommend?

interface FastEthernet0/0

description PRIMARY COX INTERFACE

ip address X.X.X.X 255.255.255.240

ip access-group 104 in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map mymap

interface FastEthernet0/1/0

description INTEGRA BACKUP T1 WAN

switchport access vlan 2

spanning-tree portfast

interface Vlan2

description INTEGRA BACKUP WAN

ip address X.X.X.X 255.255.255.248

ip access-group 104 in

ip nat outside

no ip virtual-reassembly

crypto map mymap

ip nat inside source route-map COX_PRIMARY interface FastEthernet0/0 overload

ip nat inside source route-map INTEGRA_BACKUP interface Vlan2 overload

route-map INTEGRA_BACKUP permit 10

match ip address 110

match interface Vlan2

!

route-map COX_PRIMARY permit 10

match ip address 110

match interface FastEthernet0/0

ip sla 1

icmp-echo 8.8.8.8

timeout 500

threshold 2

frequency 30

ip sla schedule 1 life forever start-time now

!

ip sla 2

icmp-echo 8.8.8.8

timeout 500

threshold 2

frequency 30

ip sla schedule 2 life forever start-time now

!

track ip sla 1 reachability

!

track ip sla 2 reachability

!

ip route 0.0.0.0 0.0.0.0 ** COX PRIMARY GATEWAY ** track 1

!

ip route 0.0.0.0 0.0.0.0 ** INTEGRA BACKUP GATEWAY **  track 2 200

Marcos Hernandez Thu, 10/18/2012 - 06:06

The "match interface" under the route-maps are not required. In fact, you can use just an "ip nat inside" statement and point it to acces list 110. Also, under "ip sla" I would track the reachability of the default gateway for that connected interface.

Marcos

Jesse Shumaker Thu, 10/18/2012 - 06:53

So something like this is what you would do? Would this address my random internet drops?

Here is the article I followed prior to get the dual ISP NAT working

http://docwiki.cisco.com/wiki/NAT_failover_with_DUAL_ISP_on_a_router_Configuration_Example

interface FastEthernet0/0

description PRIMARY COX INTERFACE

ip address X.X.X.X 255.255.255.240

ip access-group 104 in

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

crypto map mymap

interface FastEthernet0/1/0

description INTEGRA BACKUP T1 WAN

switchport access vlan 2

spanning-tree portfast

interface Vlan2

description INTEGRA BACKUP WAN

ip address X.X.X.X 255.255.255.248

ip access-group 104 in

ip nat outside

no ip virtual-reassembly

crypto map mymap

!

!

ip nat inside source list 110 interface FastEthernet0/0 overload

ip nat inside source list 110 interface Vlan2 overload

!

!

ip sla 1

icmp-echo ** COX PRIMARY GATEWAY **

timeout 500

threshold 2

frequency 30

ip sla schedule 1 life forever start-time now

!

ip sla 2

icmp-echo ** INTEGRA BACKUP GATEWAY **

timeout 500

threshold 2

frequency 30

ip sla schedule 2 life forever start-time now

!

track ip sla 1 reachability

!

track ip sla 2 reachability

!

ip route 0.0.0.0 0.0.0.0 ** COX PRIMARY GATEWAY ** track 1

!

ip route 0.0.0.0 0.0.0.0 ** INTEGRA BACKUP GATEWAY **  track 2 200