UC520 behind RV082 no internet?

Unanswered Question
Jun 10th, 2009
User Badges:

I just received my demo wall gear to set up in the office for testing and learning and can not connect to the internet through the UC520. I've had this gear for 3 days now and can't figure out how to get this to work. I've had 3 days experience with IOS CLI & CCA and have never before worked on any Cisco gear.


I have an exisitng RV082 as my gateway router on a .224 subnet .64 lan. I have other routers on other lan ip's on the same subnet. I have the UC520 connected directly to the gateway router and I assigned it a "static" DHCP IP in the RV082's dhcp table. The UC520 WAN fa0/0 is set up for DHCP and get's assigned the IP set in the RV082 of 192.168.1.80. In the RV082 static route tables I have the lan IP for the UC520 of 192.168.10.0 set and points to (gateway) IP 192.168.1.80 (the public IP on the UC520 WAN port which is assigned via DHCP by the RV082.

In the UC520 I have security (FireWall) off via CCA since I haven't been able to figure out how to do this through CLI. I've been able to create ACL's and I've figured out how to delete things from the ACL's in CLI but not how to change the WAN fa0/0 to use a specific ACL for the "in". So setting security to off gives me no "in" and no "out" ACL. I'll come back to this some day after I connect to the interent since for now I'll be behind the RV082's firewall.

In CCA or through CLI I can see my WAN interfaces IP set to the 192.168.1.80 as it should be and the DNS servers listed are those of my gateway so this looks good.


I beleive NAT is disable or at times fa0/0 was set to "outside". I forget where I am now.

Through CCA or CLI I can ping interent IP's or domain names since they apparently are being resolved fine.

Through my PC connected to the UC520 and assigned a DHCP IP address by the UC520 in the 192.168.10.0 LAN I can't ping anything via IP or domain name in the internet but I can ping and pull up the web interface for the gateway router at 192.168.1.65.

I've already copied the factory flash file to the start up flash file in CLI to start all over again but that was mainly due to another problem (java exception being thrown when loading pages in CCA). The problem loading the voice page went away but I still get this exception occasionaly when going to the smartport config page.


I really don't want to re-configure my entire network by making the UC520 my gateway just to get a working test system up working. Besides this should be an easy set up.


Any help or ideas would be greatly appreciated since I've run out of things to try.


TIA.

Dan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
David Trad Wed, 06/10/2009 - 22:29
User Badges:
  • Gold, 750 points or more
  • Cisco Designated VIP,

    2013 Small Business

Hi Dan,


Whilst i am sure that Marco and Steve will jump in and help you out, i am not having much luck working out your network with the way you have typed it out.


Is it possible to post up a basic network diagram with some IP listings in it?


I cant see why you are getting this much trouble especially when you are going through the WAN port and it is using DHCP, but to better understand your issue i need to see how your network is designed.


Even if it is just something small done in Paint would suffice.




Cheers,



David.

viningele Thu, 06/11/2009 - 04:54
User Badges:

Here's a pic of the network.



I take a look at the links when I get back to the office.

viningele Thu, 06/11/2009 - 04:58
User Badges:

Here's the network:




CiscoNetwork_VAV.jpg

I'll take a look at the links when I get back to the office, thxs for the quick responses.


Dan

Marcos Hernandez Thu, 06/11/2009 - 05:21
User Badges:
  • Blue, 1500 points or more

When you ping from the UC500, the default source IP is the one of the outbound interface used to route the traffic, in this case 192.168.1.80 (FE0/0). This IP is in a subnet known to your Internet router/firewall. When you ping from behind the UC500 (from a  PC), your source IP is now in the 192.168.10.X subnet. You seem to have everything in place in terms of IP routing (i.e. a static route on your RV082 to the UC500's LAN). If indeed NAT is off and the firewall is off (No ACL applied to FE0/0 and no "ip inspect" command under FE0/0), then I would be willing to bet that the issue is your Internet firewall or also very likely, NAT settings not there for the "192.168.10.X" subnet. Take a look there initially.


You can do two things to prove this theory:


1) Do an extended ping from the UC500 ("ping ip", enter) and select yes when prompted about advanced options, then use "192.168.10.1" as the source of traffic. It should fail.


2) Re-enable NAT on the UC500. This should work.


Finally, check that there isn't an ACL applied to VLAN 1 or BVI 1 (just checking).


Let us know,


Marcos

viningele Thu, 06/11/2009 - 17:45
User Badges:

"then I would be willing to bet that the issue is your Internet firewall or also very likely, NAT settings not there for the "192.168.10.X" subnet. Take a look there initially"


NAT settings in the RV082?


I've attached my current config (partial).  In this config I can ping the internet from within my telnet session CLI.  I don't know how to get the prompt for extended ping although I did see that inside the HTTP CLI interface.  I don't see anything for extended ping in the CCA GUI.



VAVUC520#ping ip disney.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 199.181.132.250, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 84/84/84 ms


VAVUC520#ping ip yahoo.com

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 209.131.36.159, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 92/104/144 ms


VAVUC520#ping ip amx.com

Translating "amx.com"...domain server (68.94.156.1) [OK]

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 12.5.138.150, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 60/62/64 ms


Same thing through my PC's CLI gets "0" but this time when using the IP addresses I got:


C:\Documents and Settings\VAV>ping 12.5.138.150

Pinging 12.5.138.150 with 32 bytes of data:

Reply from 12.5.138.150: bytes=32 time=61ms TTL=116
Reply from 12.5.138.150: bytes=32 time=62ms TTL=116
Reply from 12.5.138.150: bytes=32 time=61ms TTL=116
Reply from 12.5.138.150: bytes=32 time=61ms TTL=116

Ping statistics for 12.5.138.150:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 62ms, Average = 61ms


C:\Documents and Settings\VAV>ping 68.94.156.1

Pinging 68.94.156.1 with 32 bytes of data:

Reply from 68.94.156.1: bytes=32 time=16ms TTL=251
Reply from 68.94.156.1: bytes=32 time=11ms TTL=251
Reply from 68.94.156.1: bytes=32 time=12ms TTL=251
Reply from 68.94.156.1: bytes=32 time=10ms TTL=251

Ping statistics for 68.94.156.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 16ms, Average = 12ms


C:\Documents and Settings\VAV>ping 199.181.132.250

Pinging 199.181.132.250 with 32 bytes of data:

Reply from 199.181.132.250: bytes=32 time=84ms TTL=243
Reply from 199.181.132.250: bytes=32 time=84ms TTL=243
Reply from 199.181.132.250: bytes=32 time=84ms TTL=243
Reply from 199.181.132.250: bytes=32 time=84ms TTL=243

Ping statistics for 199.181.132.250:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 84ms, Maximum = 84ms, Average = 84ms

C:\Documents and Settings\VAV>



So now it appears to be DNS related?


Could we get the forum admin to enable quote & code tags in the posts?  It would make posting so much clearer and easier.

viningele Thu, 06/11/2009 - 18:10
User Badges:

Here's some additional config stats:


FastEthernet0/0 is up, line protocol is up
  Internet address is 192.168.1.80/27
  Broadcast address is 255.255.255.255
  Address determined by DHCP
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain outside
  BGP Policy Mapping is disabled


Vlan1 is up, line protocol is up
  Internet address is 192.168.10.1/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP fast switching on the same interface is disabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF Feature Fast switching turbo vector
  IP multicast fast switching is enabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Policy routing is disabled
  Network address translation is enabled, interface in domain inside
  BGP Policy Mapping is disabled

DNS View default parameters:
Logging is off
DNS Resolver settings:
  Domain lookup is enabled
  Default domain name: VAV HQ
  Domain search list:
  Lookup timeout: 3 seconds
  Lookup retries: 2
  Domain name-servers:
    68.94.156.1
    68.94.157.1
DNS Server settings:
  Forwarding of queries is enabled
  Forwarder addresses:

(these servers are the RV082 DNS servers)


Again TIA for any help.


Dan

Marcos Hernandez Thu, 06/11/2009 - 18:57
User Badges:
  • Blue, 1500 points or more

Please post this:


show run | section ip dhcp pool data


If there is a DNS server there, that might be the reason it doesn't work. Remove that command and enter "import all". Then release/renew the IP on your PC.


BTW, to enter extended ping mode you need to type "ping ip" and then ENTER.


Marcos

viningele Fri, 06/12/2009 - 07:56
User Badges:

Show run is attached.


First time I ran this I got:


!
ip dhcp pool data
   import all
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.1
   dns-server 63.203.35.55
!


which did have a dns server address that is not one of the RV082 (gateway) listed servers so I removed it I did the "import all" which may have already been there.


PC's CLI I ipconfig/release & renew.

PC's CLI ipconfig/all results:


Windows IP Configuration

        Host Name . . . . . . . . . . . . : macwindows-pc
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter AMX_NET:

        Connection-specific DNS Suffix  . : VAV HQ
        Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network Connection with I/O Acceleration
        Physical Address. . . . . . . . . : 00-17-F2-0F-C4-C8
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.1
        DHCP Server . . . . . . . . . . . : 192.168.10.1
        Lease Obtained. . . . . . . . . . : Friday, June 12, 2009 10:09:44 AM
        Lease Expires . . . . . . . . . . : Saturday, June 13, 2009 10:09:44 AM


still no internet ping using domain names.


I also didn't like the default gateway but couldn't find a means to change the setting for gateway through the ip dhcp pool data route so I changed the "default router" to the ip of my gateway.  RV082 = 192.168.1.65.


!


ip dhcp pool data
   import all
   network 192.168.10.0 255.255.255.0
   default-router 192.168.1.65


!


PC's CLI I ipconfig/release & renew.

PC's CLI ipconfig/all results:


Windows IP Configuration

        Host Name . . . . . . . . . . . . : macwindows-pc
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter AMX_NET:

        Connection-specific DNS Suffix  . : VAV HQ
        Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network Connection with I/O Acceleration
        Physical Address. . . . . . . . . : 00-17-F2-0F-C4-C8
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.65
        DHCP Server . . . . . . . . . . . : 192.168.10.1
        Lease Obtained. . . . . . . . . . : Friday, June 12, 2009 10:20:19 AM
        Lease Expires . . . . . . . . . . : Saturday, June 13, 2009 10:20:19 AM


This looked better but still can't ping domain names from my PC's CLI.  Show ipconfig/all also doesn't show any DNS server so I added the RV082 DNS server to ip dhcp pool data.


!


ip dhcp pool data
   import all
   network 192.168.10.0 255.255.255.0
   default-router 192.168.1.65
   dns-server 68.94.156.1 68.94.157.1


!


PC's CLI I ipconfig/release & renew.

PC's CLI ipconfig/all results:


Windows IP Configuration

        Host Name . . . . . . . . . . . . : macwindows-pc
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : VAV HQ

Ethernet adapter AMX_NET:

        Connection-specific DNS Suffix  . : VAV HQ
        Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network Connection with I/O Acceleration
        Physical Address. . . . . . . . . : 00-17-F2-0F-C4-C8
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.10.10
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.65
        DHCP Server . . . . . . . . . . . : 192.168.10.1
        DNS Servers . . . . . . . . . . . : 68.94.156.1
                                            68.94.157.1
        Lease Obtained. . . . . . . . . . : Friday, June 12, 2009 10:23:27 AM
        Lease Expires . . . . . . . . . . : Saturday, June 13, 2009 10:23:27 AM


Now it's working but will the DNS servers update automatically if they change on my gateway?

Marcos Hernandez Fri, 06/12/2009 - 08:04
User Badges:
  • Blue, 1500 points or more

No they won't. "import all" will be overridden by the static DNS configuration.


Thanks,


Marcos

viningele Fri, 06/12/2009 - 10:58
User Badges:

Is there a way to keep the DNS dynamic and pull the entries from the gateway (default router).  Maybe I just needed to allow the "ip dhcp pool data" to refresh and "import all" would have taken care of everything?


Would be nice to get this nailed down before concentrating on other stuff.


Is there any difference between "show config" & "show run" ?


When do config changes take affect?  Realtime after "end" ?

Skyler Spence Fri, 06/12/2009 - 11:54
User Badges:
  • Bronze, 100 points or more

Is the UC 500 getting the DNS server information dynamically from your gateway?  If so, the "import all" statement in the dhcp pool will push those name servers down to connecting clients.  Check that interface FastEthernet 0/0 is set for a dhcp address, and then from the UC500 command line try pinging a web server (ping www.yahoo.com), you should see a statement such as "Translating "www.yahoo.com"...domain server (12.46.104.253) [OK]" where 12.46.104.253 is the name server obtained through dhcp by the UC500.  If this IP matches what your gateway is configured with, the import all statement should be all you need.  If not, you should check to make sure the gateway is indeed pushing down DNS servers, and that the interface is configured for dhcp.


I believe that the "show configuration" command is actually legacy, and is replaced by the "show startup-config" command.  So the difference between it and "show run" is that the latter shows the current running configuration and the former shows the configuration stored on the system.  To make them the same, issue a "write mem" or "copy run start" command.


Most configuration changes will take place immediately, but changes to things like ports and some interface changes require you to issue the "shutdown" command, then the "no shutdown" command.  When the port comes back up the changes will be in place.


Hope this helps.

viningele Fri, 06/12/2009 - 14:01
User Badges:

The WAN for the most part has been set up DHCP and usually had the correct DNS servers matching the RV082 (gateway) router.  It appears the problem was in the "ip dhcp pool data" table where at some point probably through something I did a static DNS was added which wasn't valid, didn't match the gateway.


The dhcp pool data also had the default router (probably should be renamed "default gateway" (router)) had the ip of the UC520 data VLAN of 192.168.10.1 not the ip of the gateway.


Marcus, thx for more links, they've been added to my references folder, reading them is another story.


So if I don't issue a "write mem" cmd or "copy run start" cmd my running config will reflect the changes (for most changes) but upon a reboot I would load the start up file again which I assume wouild then overwrite the running config file?


What ever happened to making syntax changes to the script, re-compile and upload?


I removed the DNS entry for the DHCP data pool so hopefully this part of my set up should be good and I can spend more time with the phones now.


Thanks again guys.


Any links to setting up a Linksys SPA962 in CME.  I have one of these for SIP testing as well as a SIP callbox.  I also have the 79xx phones but they seem more straigh forward and the SIP items which will include SIP capable AMX touch panels are keys to my intended set ups.

Marcos Hernandez Fri, 06/12/2009 - 16:05
User Badges:
  • Blue, 1500 points or more

You need the "write mem". If you use CCA, configurations are saved with every screen interaction (after hitting "Apply" or "OK").


SPA phones are not supported in CME (TAC won't accept cases on it). You can make them work, but as I said, they are not officially supported. There is a sample configuration here (for SPA8000):


https://supportforums.cisco.com/docs/DOC-9465


Thanks,


Marcos

Marcos Hernandez Fri, 06/12/2009 - 11:55
User Badges:
  • Blue, 1500 points or more

Your WAN interface (FE0/0) would have to be changed to DHCP for import all to dynamically insert the DNS servers into the client DHCP pool:


http://www.cisco.com/en/US/docs/ios/12_1t/12_1t2/feature/guide/dt_dhcpi.html


Here are some fundamentasl about "show" commands:


http://www.cisco.com/en/US/docs/ios/12_3t/fun/command/reference/cfrgt_10.html#wp1095030


You need to do a "write memory" for the running config to be saved to the startup-config. This is a manual step.


Thanks,


Marcos

viningele Fri, 06/12/2009 - 17:17
User Badges:

I realize SIP phones aren't TAC supported but most of what I want to do won't be TAC supported.  Door call boxes (although CyberData in the works) AMX SIP capable touch panels, etc.  The SPA962 is just a stepping stone for me to try to get SIP capable products to work.  For actual phones I would typically want to use the 79xx series and primarily the 7975's once I give the XML scripting a shot and if I can create buttons that can send HTTP "GET" commands.  Then I can create a server to recieve these command on an AMX processor that can control anything I want.  But first I need to get a basic hybrid system working.


Any way that link seemed more for a SIP Trunk and not for a phone but I did see that the SPA9000 used dtmf-relay rtp-nte so I'm assuming that's what the phones use.  Finding info can be a real pain especially when I don't know what half the stuff meaqs yet.


I found this link a little while ago:

https://www.myciscocommunity.com/servlet/JiveServlet/download/7130-3587/CME-SIP-Config-Guidev3%20Oct%202007.pdf


Which may be of some use plus I've have other references from CyberData and other sources on file.  Just got to do alot of reading and cross my finger.

Steven DiStefano Thu, 06/11/2009 - 03:23
User Badges:
  • Blue, 1500 points or more

Marcos has posted a nice document about setting up the UC500 behind an external FW, which may help.

https://supportforums.cisco.com/docs/DOC-9476


I have always set mine up with a real public routable address, so never ventured down this path, but I liked this document alot....

Actions

This Discussion