2911 IS Router configuration...

Answered Question
Aug 23rd, 2010

Hello-

My company recently purchased a 2911 Integrated services router and I have been charged with figuring out how to configure it.  Our ISP has provided us with the following information:

Our carriers circuit is coming to us via Chicago Loop's metro-ethernet, and we have a VLAN ID: 105

Here is ths IP info provided:

WAN Block: X.X.254.108/30,

WAN Subnet: 255.255.255.252,

LAN Block: X.X.255.72/29,

LAN Subnet: 255.255.255.248,

Usable IPs: X.X.255.74-.78,

Cust Serial: X.X.254.110,

AOI Serial: X.X.254.109 <I believe this is our ISP's serial?

I currently have the 2911's interfaces configured as:

WAN facing GigabitEthernet0/0 IP: X.X.254.110 , 255.255.255.252

LAN facing GigabitEthernet0/1 IP: X.X.255.74 , 255.255.255.248

I would assume I need to incorporate the VLAN ID of 105 into the mix somehow as well but am not sure where it goes.

NOTE:

We also have a firewall behind the router, which I am fairly certain will get one of our usable IP's...

ANYWAY- THANKS FOR THE HELP, and if at all possible seeing configurations would help me!

-Dan

I have this problem too.
0 votes
Correct Answer by Nagaraja Thanthry about 4 years 9 months ago

Hello,

Does the ISP router has a route back to your LAN IP? If not you need to

configure NAT.

access-list 1 permit

ip nat inside source list 1 interface Gi 0/0.105 overload

interface gi 0/0.105

ip nat enable

exit

interface gi 0/1

ip nat enable

exit

ex:

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface Gi 0/0.105 overload

Hope this helps.

Regards,

NT

Correct Answer by Chetan Kumar Ress about 4 years 9 months ago

Hi Dainel

Below is the config

R1# conf  terminal

R1(config)#int gi0/0

R1(config-if)#no ip add

R1(config-if)# no shut

R1(config-if)#exit

R1(config)#int gi0/0.105

R1(config-if)#encapsulation dot1q 105

R1(config-if)# ip add x.x.x.x x.x.x.x

The above config will give you connectivity between ISP router & your Router as a point 2 point  link .

The you need to configure Routing protocol or static route for communication between your locaitons.

Regards

Chetan kumar

http://chetanress.blogspot.com

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Chetan Kumar Ress Mon, 08/23/2010 - 11:59

Hi Dainel

When ISP provide an Metro - Ethernet service then they assign an VLAN for Customer link.

If ISP told you to configure the Vlan ID in you router then you have to create an sub-interface .

For Example :

int g0/0

no ip add

int g0/0.105 --- 105 is sub-interface number  ( Subinterface between ISP interface and your interface  )

encapsulation dot1q 105

ip add x.x.x.x x.x.x.x

so you will be using subinterface for communication between ISP and your router.

Regards

Chetan Kumar

http://chetanress.blogspot.com

DanielMHussey Mon, 08/23/2010 - 12:04

Thanks-

I will give that a try... any idea on the commands to create a sub interface? I am pretty new to terminal, and there is clearly a learning curve.  I am sure I will figure it out but any help is greatly needed and will save me from having to /? every 30 seconds

-Dan

Correct Answer
Chetan Kumar Ress Mon, 08/23/2010 - 12:08

Hi Dainel

Below is the config

R1# conf  terminal

R1(config)#int gi0/0

R1(config-if)#no ip add

R1(config-if)# no shut

R1(config-if)#exit

R1(config)#int gi0/0.105

R1(config-if)#encapsulation dot1q 105

R1(config-if)# ip add x.x.x.x x.x.x.x

The above config will give you connectivity between ISP router & your Router as a point 2 point  link .

The you need to configure Routing protocol or static route for communication between your locaitons.

Regards

Chetan kumar

http://chetanress.blogspot.com

DanielMHussey Mon, 08/23/2010 - 12:44

I am getting the message:

RN(config-subif)#ip address X.X.254.110 255.255.255.252

% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.

I am unsure if the IP i put here is OUR serial or the ISP serial? theres wouls be .109... I am assuming the static route should be to the .109 correct?

-Dan

Chetan Kumar Ress Mon, 08/23/2010 - 13:14

HI

Frist configure the dot1q encapsulation undersubinterface then assign IP Address.

Regards

Chetan Kumar

http://chetanress.blogspot.com

DanielMHussey Mon, 08/23/2010 - 14:15

Here is what I am getting:

R1(config-subif)#encapsulation dot1q 105
802.1Q VID 105 is already a part of VLAN range 105

R1(config-subif)#ip address X.X.254.110 255.255.255.252

% Configuring IP routing on a LAN subinterface is only allowed if that
subinterface is already configured as part of an IEEE 802.10, IEEE 802.1Q,
or ISL vLAN.

Is this not what you are reffering to above?

I appologize for my lack of  knowledge on this subject...

Nagaraja Thanthry Mon, 08/23/2010 - 18:00

Hello,

Can you please post the sanitized version of your configuration here? Do you

have any L2 module in the router where you have configured VLAN 105?

Regards,

NT

DanielMHussey Tue, 08/24/2010 - 09:00

Current interface summary:


Interface                  IP-Address          OK?     Method     Status                Protocol
GigabitEthernet0/0         unassigned      YES    manual     up                       up

GigabitEthernet0/0.105     unassigned      YES    unset    up                         up

GigabitEthernet0/1         x.x.255.74   YES     manual    down                  down

GigabitEthernet0/2         unassigned      YES     manual    administratively down down

Virtual-Access1            unassigned      YES       unset          up                    up

Is this what you were looking fo, for the sanatized config? maybe its that virtual-access1 that is causing the problem?

we dont have any pyshical modules installed on it.

-Dan

Nagaraja Thanthry Tue, 08/24/2010 - 09:51

Hello,

Can you please send the entire running configuration (remove any public IP

address)?

Regards,

NT

DanielMHussey Tue, 08/24/2010 - 13:51

Olenick.com#show config

Using 1281 out of 262136 bytes

!

! Last configuration change at 19:35:59 UTC Mon Aug 23 2010

!

version 15.0

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname XXXXX.com

!

boot-start-marker

boot-end-marker

!

enable secret XXXXXXXXXXXXXXXXXXXXXXXX

enable password XXXX

!

no aaa new-model

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

vlan ifdescr detail

multilink bundle-name authenticated

!

!

!

trunk group 1

!

!

trunk group switchport

!

!

!

license udi pid CISCO2911/K9 sn FTX1429A13F

!

!

username XXXXX privilege 15 password 0 LINE XXXXXX

!

!

!

!

!

!

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

vlan-id dot1q 125

  exit-vlan-config

!

vlan-id dot1q 105

  exit-vlan-config

!

pppoe enable group global

no mop enabled

ethernet oam

!

interface GigabitEthernet0/0.105

!

interface GigabitEthernet0/1

ip address XXX.XXX.255.74 255.255.255.248

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

!

dialer-list 1 protocol ip permit

!

!

!

control-plane

!

!

line con 0

line aux 0

line vty 0 4

password XXXXX

login

!

scheduler allocate 20000 1000

end

hope this is what you were lookinh for... agian, I am new to this stuf.. THANKS AGAIN!

DanielMHussey Wed, 08/25/2010 - 07:25

Is this the Runnin Config you were asking to see- this is what i got with the SHOW command, if its not, please let me know what it is you were looking for.

-Dan

Nagaraja Thanthry Wed, 08/25/2010 - 10:10

Hello,

It seems like, for some reason, the router is thinking that it already has

VLAN 105 configured on the router. Can you send the output of "show diag" or

"show inventory" commands? Also, please collect the output of "show vlan"

from the router.

Regards,

NT

Chetan Kumar Ress Wed, 08/25/2010 - 11:01

Hi Daniel

In your config i can see that  vlan 105 is already exist but the none of the port is associate with the vlan 105.

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

vlan-id dot1q 125

  exit-vlan-config

!

vlan-id dot1q 105

  exit-vlan-config

Can you check the vlan data base & Check the Présence of vlan 105 . Also if vlan 105 exist then remove the vlan and then try to config under your sub-interface.

Regards

Chetan Kumar

http://chetanress.blogspot.com

DanielMHussey Wed, 08/25/2010 - 10:49

OK!

Here is what I did-  I cleared the startup-config THEN I entered the commands you previously told me to and NO ERROR was given form the encapsulation command for the vlan- I was ALSO succesfull in pinging our ISP serial.  I am hoping we are live now, and I will be double checking shortly.

Please take a look at the included text files for the request info-  I would really appriciate another set of eyes to make sure its configured correctly!

Chetan Kumar Ress Wed, 08/25/2010 - 11:09

Hi Daniel

You output seems to be fine .

Check whether the you link is working fine & Keep under monitoring.  Now every ISP use the same way to provide the MPLS Metro Ether Net link .

Because it is the easiest way to deliver the link to customer .

Regards

Chetan Kumar

http://chetanress.blogspot.com

DanielMHussey Wed, 08/25/2010 - 12:40

Just wanted to post these just in case but these are the updated SHOW files for DIAG CONFIGURATION VLANS and INVENTORY.

I am curious though as to why this still isn't working? Do I need to setup a static route between our router and the ISP's? Do I need to bridge my router to our firewall?

I am being told by my ISP the link IS up, but then why would i not be able to ping 216.239.51.99 (google) from the router?

-Dan

DanielMHussey Wed, 08/25/2010 - 11:11

ALSO-

You mentioned defining the Routing protocol or static route between out locations> how is this done?

I have connected the firewall to the router now (the firewall has its WAN interface with xxx.xxx.255.75 and controls DCHP for our LAN) and the 0/1 LAN facing interface on the router has xxx.xxx.255.74, while the WAN interface 0/0 has no ip and 0/0.105 has the xxx.xxx.254.110... 

I am able to PING the .110 IP from a computer connected through our LAN, but I am NOT able to PING the .109 ISP's serial that I WAS able to PING from the router... I am assuming this is because the above mentioned routing protocol / static route has not been defined?

I am getting close now, being able to ping these addresses is the first step!

-Dan

DanielMHussey Wed, 08/25/2010 - 13:00

ALSO-

From our firewall I CANNOT ping the .109 serial of our ISP, but I CAN ping the 0/0 interface (wan facing) on the router at .110 ... I feel like I am missing some way of routing from the 0/1 LAN/firewall facing interface THROUGH the 0/0 WAN facing interface to the WAN...

-DAN

Correct Answer
Nagaraja Thanthry Wed, 08/25/2010 - 13:07

Hello,

Does the ISP router has a route back to your LAN IP? If not you need to

configure NAT.

access-list 1 permit

ip nat inside source list 1 interface Gi 0/0.105 overload

interface gi 0/0.105

ip nat enable

exit

interface gi 0/1

ip nat enable

exit

ex:

access-list 1 permit 192.168.1.0 0.0.0.255

ip nat inside source list 1 interface Gi 0/0.105 overload

Hope this helps.

Regards,

NT

Nagaraja Thanthry Wed, 08/25/2010 - 13:08

Hello,

Also make sure that you have a static default route pointing to the ISP

gateway.

ip route 0.0.0.0 0.0.0.0 xx.xx.xx.109

Regards,

NT

Chetan Kumar Ress Wed, 08/25/2010 - 14:12

Hi  Daniel

OK . Now you are able to ping Point -to- Point IP, means your link is UP.

Now  Flollow the below steps :

1] Have a word with ISP for routing , Whether he is ready with dynamic routing ot static routing. ( Static Default route is  Preferred )

becasue it is very easy to setup . But in this case you need to inform the local LAN route that you are using in locations.

2] After having word with ISP if he agree with Static default route then inform your LAN route to ISP  & Configure default route in your router.

i.e. ip route 0.0.0.0 0.0.0.0  ( Ip Address of ISP interface )

Same need to configure in all location . So in every locaiton you need to configure default route towards ISP and inform the LAN route also for that location.

Then try to communicate with other location  It will work .

Regards

Chetan Kumar

http://chetanress.blogspot.com

kyukim Mon, 08/23/2010 - 12:06

Hi,

Unless you are using Metro-E link to expand  your L2 network to other location, you don't have to worry about VLAN ID 105.

In your case, you are using Metro-E as your L3 port to your ISP connection.

For configuration, what routing protocol are you going to run between your 2911 and ISP?

BGP or just static default route?

If you are going to use default static route, you can configure "ip roue 0.0.0.0 0.0.0.0 X.X.254.109"

For your FW, you need to assign one of X.X.255.75-.78 as you used .74 for 2911.

On FW, you create a default static pointing to .74 (your 2911 router IP address)

KK.

DanielMHussey Mon, 08/23/2010 - 13:15

I am unsure what protocol we will use, but I also think I still need the VLAN (for two reasons: 1) they ISP told me I needed to strip the VLAN, and 2) our ISP is re-selling the underlying carriers circuit, thus the VLANS are the underlying carriers method of identifying our ISP's circuit is for our use...)

Correct me if I am wrong in my assumptions here

-Dan

kyukim Mon, 08/23/2010 - 13:25

HI,

In that case, you are correct.

KK.

Actions

Login or Register to take actions

This Discussion

Posted August 23, 2010 at 11:49 AM
Stats:
Replies:24 Overall Rating:5
Views:8268 Votes:0
Shares:0
Tags: No tags.