1811W WAN Interface/VSAT Modem

Unanswered Question
Sep 1st, 2010

Hello...

I had a "funny" but serious experience today at a client's office. I had  configured an 1811 wireless router, only to go and install. But there, I  could NOT ping the Ethernet interface of the VSAT Modem.

The IP addresses were correctly configured and both interfaces were in  the same subnet. I even configured the same speed (auto/full duplex) on  both interfaces, used both straight through and cross-over cables, all  to no avail.

Please can somebody help me? I want a solution to this issue. I  configured the same subnet on my laptop and plugged directly to the  Modem, and it worked perfectly. But its not working with the 1811 ISR  FastEthernet 0 interface.

Could it be an encapsulation mismatch? The router in use presently is a Mikrotik router and its working fine.

Please help me out!
Thanks for your usual useful contributions.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
srereddy Wed, 09/01/2010 - 11:21

Did u try connecting your system to Router directly and check if that works fine. Also, post your config here (i know it is st forward). Also, paste the sh interface output.

alabedekenny Tue, 09/07/2010 - 02:19

Hello...

Thanks for your reply. I plugged my system to the laptop and it worked fine.

The show ip inteface brief command shows that the Fa0 interface of the router is up/up

But I cant ping the router's Fa0 interface through the console, and cant ping the modem's interface as well.

Yet the sh ip int br command shows up/up.

This is the router's config:

crypto pki trustpoint TP-self-signed-4049932617
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4049932617
revocation-check none
rsakeypair TP-self-signed-4049932617
!
!
crypto pki certificate chain TP-self-signed-4049932617
certificate self-signed 01

dot11 syslog
!
dot11 ssid ADMIN_WIRELESS
vlan 2
authentication open
mbssid guest-mode
!
ip source-route
!
!
ip dhcp excluded-address 192.168.3.1 192.168.3.15
!
ip dhcp pool LAN
import all
network 192.168.3.0 255.255.255.0
dns-server 81.199.3.7 81.199.3.18
default-router 192.168.3.1
!
!
ip cef
ip domain name yourdomain.com
ip name-server 81.199.3.7
ip name-server 81.199.3.18
no ipv6 cef
!
multilink bundle-name authenticated
!

crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
crypto isakmp client configuration group ADMIN_STAFF
key sef_adm1n
pool SDM_POOL_1
group-lock
save-password
netmask 255.255.255.0
!
crypto isakmp client configuration group TEACHING_STAFF
key sef_teach1ng
pool SDM_POOL_2
group-lock
save-password
netmask 255.255.255.0
!
crypto isakmp client configuration group TECHNICAL
key sef_tech
pool SDM_POOL_3
max-users 10
netmask 255.255.255.0
crypto isakmp profile ciscocp-ike-profile-1
match identity group ADMIN_STAFF
match identity group TEACHING_STAFF
match identity group TECHNICAL
client authentication list ciscocp_vpn_xauth_ml_1
isakmp authorization list ciscocp_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile CiscoCP_Profile1
set security-association idle-time 10800
set transform-set ESP-3DES-SHA
set isakmp-profile ciscocp-ike-profile-1
!
!
crypto ctcp port 10000
archive
log config
hidekeys
!
!
bridge irb
!
!
!
interface Loopback0
ip address 172.17.1.1 255.255.255.0
!
interface Dot11Radio0
no ip address
!
encryption vlan 2 key 1 size 40bit 7 C7846CDFA6A6 transmit-key
encryption vlan 2 mode wep mandatory
!
broadcast-key vlan 2 change 30
!
!
ssid ADMIN_WIRELESS
!
mbssid
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0
channel 2437
station-role root
!
interface Dot11Radio0.2
encapsulation dot1Q 2 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1
no ip address
!
encryption vlan 2 key 1 size 40bit 7 1F6A7ED8DF3F transmit-key
encryption vlan 2 mode wep mandatory
!
broadcast-key vlan 2 change 30
!
!
ssid ADMIN_WIRELESS
!
mbssid
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 basic-54.0
channel 5745
station-role root
no cdp enable
!
interface Dot11Radio1.2
encapsulation dot1Q 2 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface FastEthernet0
description $ETH-WAN$
ip address 81.199.160.100 255.255.255.248
ip access-group 100 in
ip access-group LAN_USERS out
ip nat outside
ip virtual-reassembly
speed auto
full-duplex
!
interface FastEthernet1
ip address 172.16.1.1 255.255.255.240
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
switchport trunk native vlan 3
!
interface FastEthernet5
!
interface FastEthernet6
!
interface FastEthernet7
!
interface FastEthernet8
!
interface FastEthernet9
!
interface Virtual-Template1 type tunnel
ip unnumbered Loopback0
tunnel mode ipsec ipv4
tunnel protection ipsec profile CiscoCP_Profile1
!
interface Vlan1
description $ES_LAN$
ip address 172.16.20.1 255.255.255.0
bridge-group 1
!
interface Vlan2
no ip address
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan3
no ip address
bridge-group 1
!
interface Async1
no ip address
encapsulation slip
!
interface BVI1
ip address 192.168.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip local pool SDM_POOL_3 172.20.1.2 172.20.1.254
ip local pool SDM_POOL_2 172.19.1.2 172.19.1.254
ip local pool SDM_POOL_1 172.18.1.2 172.18.1.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0
ip http server
ip http access-class 40
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
ip nat inside source list 1 interface FastEthernet0 overload
!
ip access-list standard LAN_USERS
remark CCP_ACL Category=1
permit 192.168.3.0 0.0.0.255
permit 172.16.1.0 0.0.0.255
!
ip access-list extended VPN_Remote
remark VPN Users Remote Login
remark CCP_ACL Category=4
permit ip 172.18.1.0 0.0.0.255 any
permit ip 172.19.1.0 0.0.0.255 any
permit ip 172.20.1.0 0.0.0.255 any
!
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.3.0 0.0.0.255
access-list 1 permit 172.16.1.0 0.0.0.255
access-list 40 permit 192.168.3.0 0.0.0.15 log
access-list 40 permit 172.16.1.0 0.0.0.15 log
access-list 100 remark CCP_ACL Category=1
access-list 100 permit udp host 81.199.3.18 eq domain any
access-list 100 permit udp host 81.199.3.7 eq domain any
access-list 100 permit ip 192.168.3.0 0.0.0.15 any log
access-list 100 permit ip 172.16.1.0 0.0.0.15 any log
!
!
!
!
!
!
control-plane
!
bridge 1 protocol ieee
bridge 1 route ip

!
line con 0
password 7 122A27502D28232A
line 1
modem InOut
stopbits 1
speed 115200
flowcontrol hardware
line aux 0
line vty 0 4
access-class 40 in
transport input telnet ssh
line vty 5 15
access-class 40 in
transport input telnet ssh
!
end

Actions

This Discussion