cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4975
Views
5
Helpful
20
Replies

Cannot get Gig 0/1 to route to gig 0/0

hightide185
Level 1
Level 1

I have a problem that several have been unabvel to solve.  I have gig 0/0 as my primary WAN interface and an Cellular HWIC as my backup WAN interface.  Off of gig 0/1 I have a laptop and I cannot get it to route out to the internet unless I disconneect the gig 0/0, in whihc it then goes out the cellular interface.  However, form the rotuer consol, I can go out gig 0/0.

Current configuration : 4484 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CiscoDemo4GLTE
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.151-4.M3.10
boot-end-marker
!
!
enable secret 5 $1$RDV7$13G5jO/0bPpJiWWiDwO7S/
enable password DanAngst
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip dhcp pool lan0
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 4.2.2.2
!
!
multilink bundle-name authenticated
!
chat-script ltescript "" "AT
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3645487553
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3645487553
revocation-check none
rsakeypair TP-self-signed-3645487553
!
!
crypto pki certificate chain TP-self-signed-3645487553
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363435 34383735 3533301E 170D3132 30343133 31363535
  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343534
  38373535 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C0E1 172C26CD FE4EF183 B9B9FF39 6661A3F9 9A623B34 10F19FDB 415C3CDC
  507C834F B3DC74FF 5F7B9529 7BC2107C 3646D810 2AC97239 E07F985D 3700E134
  448EEA16 A1D4FFA5 62D9D204 D2004BA0 13F843E4 8E4D84BA C4B172EF 8530DE3A
  DFA7AD7E 55F7F2A6 D1C9988A 15367502 A8B44E21 16228E21 E65269B4 CF230F69
  B95B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 146C09AD D15833D3 DC949C08 FDF65EA8 EA5ACA91 5C301D06
  03551D0E 04160414 6C09ADD1 5833D3DC 949C08FD F65EA8EA 5ACA915C 300D0609
  2A864886 F70D0101 05050003 81810032 16C06137 36204621 57635F4D F546E5FB
  E3DDF625 52C9F512 0BF1910A FF1210DF F645C218 A5BDFBA3 44C66C24 969450AE
  FE4382A8 BDE67BDC 5555043C 515229A7 A75DF22E AAE20FD5 BDBED744 D90710D0
  DD37D67C 83472DCE CA461911 152C92F1 36642B47 49A6533C FF8F2154 A57CDFA6
  9108676B 7EC7C6D9 78ADF971 1D4621
        quit
license udi pid CISCO1921/K9 sn FTX160685BJ
!
!
!
!
controller Cellular 0/1
!
!
!
!
!
interface Loopback1
ip address 1.2.3.9 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
no cdp enable
no mop enabled
!
interface GigabitEthernet0/0
ip address dhcp
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Cellular0/1/0
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string ltescript
dialer watch-group 1
async mode interactive
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list 100 interface Cellular0/1/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 90
ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 200
!
access-list 100 permit ip any any
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
!
no cdp run
route-map clear-df permit 10
set ip df 0
!
!
snmp-server community public RO
tftp-server exit
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/1/0
script dialer ltescript
modem InOut
no exec
rxspeed 100000000
txspeed 50000000
line vty 0 4
password cisco
login
transport input all
line vty 5 15
password cisco
login
transport input all
!
scheduler allocate 20000 1000
event manager environment cell_int Cellular0/0/0
event manager environment modem_reset_count 0
event manager environment reload_required 1
event manager environment poll_time 30
event manager environment max_pwrcycles 3
event manager directory user policy "flash:/"
event manager directory user repository flash:/
event manager scheduler script thread class N number 1
event manager policy lte_cli.tcl
event manager policy lte_recovery_v1.tcl class N
!
end

CiscoDemo4GLTE#

20 Replies 20

Edison Ortiz
Hall of Fame
Hall of Fame

G0/0 should have 'ip nat outside' instead of 'ip nat inside'

When I do that I break the access out gig 0/0

Follow Peter's suggestion. There are other missing NAT configuration in the router.

Peter Paluch
Cisco Employee
Cisco Employee

Hello Sam,

One obvious issue that hit my eye is that the Gi0/0 is configured with ip nat inside - should it not rather be ip nat outside, assuming it is the outside interface?

In addition, the default route defined by the command

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 90

may not be working properly, because it specifies only the egress interface and not the IP of the next hop - under certain circumstances, this static route may not work. Remove it, and replace it with the following modification:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp 90

This modification will force your router to create a default route using the gateway IP address obtained via DHCP on Gi0/0, and assign it the AD of 90.

Also, the NAT configuration is not correct. It does not take into account that the traffic must be NATted according to the interface it is being sent out through. Currently, everything is being NATted to the IP of the cellular interface, even if it tries to go out the Gi0/0, which is wrong.

Configure the following:

route-map NAT-Gi permit 10

  match ip address 100

  match interface Gi0/0

route-map NAT-Cell permit 10

  match ip address 100

  match interface Cellular0/1/0

no ip nat inside source list 100 interface Cell0/1/0 overload

ip nat inside source route-map NAT-Gi interface Gi0/0 overload

ip nat inside source route-map NAT-Cell interface Cell0/1/0 overload

Perform these configuration modifications, and test it out. If it does not work, please post your then-current configuration again. Thanks!

Best regards,

Peter

Peter - you fixed the issue with getting out GIg 0/0 - thanks you.  However, now when I pull Gig 0/0 I do not failover to the Cellualr interface.  I tryign to have gig 0/0 be my primary WAN and the Cell be my backup/failover. 

I appreciate the help

Here is the updated config

Current configuration : 4881 bytes

!

! Last configuration change at 19:36:19 UTC Tue Apr 17 2012

! NVRAM config last updated at 19:44:43 UTC Tue Apr 17 2012

! NVRAM config last updated at 19:44:43 UTC Tue Apr 17 2012

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CiscoDemo4GLTE

!

boot-start-marker

boot system flash:c1900-universalk9-mz.SPA.151-4.M3.10

boot-end-marker

!

!

enable secret 5 $1$RDV7$13G5jO/0bPpJiWWiDwO7S/

enable password DanAngst

!

no aaa new-model

no process cpu extended history

no process cpu autoprofile hog

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

ip dhcp pool lan0

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 4.2.2.2

!

!

multilink bundle-name authenticated

!

chat-script ltescript "" "AT

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3645487553

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3645487553

revocation-check none

rsakeypair TP-self-signed-3645487553

!

!

crypto pki certificate chain TP-self-signed-3645487553

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33363435 34383735 3533301E 170D3132 30343133 31363535

  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343534

  38373535 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100C0E1 172C26CD FE4EF183 B9B9FF39 6661A3F9 9A623B34 10F19FDB 415C3CDC

  507C834F B3DC74FF 5F7B9529 7BC2107C 3646D810 2AC97239 E07F985D 3700E134

  448EEA16 A1D4FFA5 62D9D204 D2004BA0 13F843E4 8E4D84BA C4B172EF 8530DE3A

  DFA7AD7E 55F7F2A6 D1C9988A 15367502 A8B44E21 16228E21 E65269B4 CF230F69

  B95B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 146C09AD D15833D3 DC949C08 FDF65EA8 EA5ACA91 5C301D06

  03551D0E 04160414 6C09ADD1 5833D3DC 949C08FD F65EA8EA 5ACA915C 300D0609

  2A864886 F70D0101 05050003 81810032 16C06137 36204621 57635F4D F546E5FB

  E3DDF625 52C9F512 0BF1910A FF1210DF F645C218 A5BDFBA3 44C66C24 969450AE

  FE4382A8 BDE67BDC 5555043C 515229A7 A75DF22E AAE20FD5 BDBED744 D90710D0

  DD37D67C 83472DCE CA461911 152C92F1 36642B47 49A6533C FF8F2154 A57CDFA6

  9108676B 7EC7C6D9 78ADF971 1D4621

        quit

license udi pid CISCO1921/K9 sn FTX160685BJ

!

!

!

!

controller Cellular 0/1

!

!

!

!

!

interface Loopback1

ip address 1.2.3.9 255.255.255.255

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

no cdp enable

no mop enabled

!

interface GigabitEthernet0/0

ip address dhcp

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/1

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

!

interface Cellular0/1/0

ip address negotiated

no ip unreachables

ip nat outside

ip virtual-reassembly in

encapsulation slip

load-interval 30

dialer in-band

dialer idle-timeout 0

dialer string ltescript

dialer watch-group 1

async mode interactive

!

ip forward-protocol nd

!

ip http server

ip http secure-server

!

ip nat inside source route-map NAT-Cell interface Cellular0/1/0 overload

ip nat inside source route-map NAT-Gi interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 200

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp 90

!

access-list 100 permit ip any any

dialer watch-list 1 ip 5.6.7.8 0.0.0.0

dialer watch-list 1 delay route-check initial 60

dialer watch-list 1 delay connect 1

!

no cdp run

route-map NAT-Cell permit 10

match ip address 100

match interface Cellular0/1/0

!

route-map clear-df permit 10

set ip df 0

!

route-map NAT-Gi permit 10

match ip address 100

match interface GigabitEthernet0/0

!

!

snmp-server community public RO

tftp-server exit

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line 0/1/0

script dialer ltescript

modem InOut

no exec

rxspeed 100000000

txspeed 50000000

line vty 0 4

password cisco

login

transport input all

line vty 5 15

password cisco

login

transport input all

!

scheduler allocate 20000 1000

event manager environment cell_int Cellular0/0/0

event manager environment modem_reset_count 0

event manager environment reload_required 1

event manager environment poll_time 30

event manager environment max_pwrcycles 3

event manager directory user policy "flash:/"

event manager directory user repository flash:/

event manager scheduler script thread class N number 1

event manager policy lte_cli.tcl

event manager policy lte_recovery_v1.tcl class N

!

end

Sam

Your updated config still seems to have ip nat inside on the Gig0/0 interface.

I suspect that the problem with failover to the cellular is caused by the fact that the static default route using Gig0/0 does not get removed from the routing table. You can verify that by causing the connection on Gig 0/0 to fail and then doing show ip route. I suspect that you will find the routing table still has the default route using Gig0/0 and not the floating static for Cellular.

This is a fairly common issue with static routes (and especially static default routes) which use Ethernet interfaces. IOS will not remove the static route unless the Ethernet interface goes line protocol down. It happens frequently that you lose connectivity through the Ethernet interface but the interface does not go line protocol down. The solution to this is to use Object Tracking to check connectivity through the interface and to force withdrawal of the route if you lose connectivity through the Ethernet interface.

HTH

Rick

HTH

Rick

I fixed the NAT statement and when I pull the gig 0/0 cable my router show the cellular interface as the default.  If I ping from the console fo the router, I can get everywhere regardless of gig 0/0 up or not. 

Sam,

So what is the current state of things after implementing all the suggested corrections?

Rick - yes, you are correct about the static route not being removed from the routing table until the egress interface comes down. However, Sam has indicated he "pulls out gi0/0" so that should definitely make the interface go line protocol down, and remove the static default route via gi0/0 from the routing table.

Best regards,

Peter

If I am understanding correctly Sam is saying that now Gig0/0 has Internet access. And if he pulls the cable for Gig0/0 that the routing table does update and the default route through the cellular interface is in the routing table. But clients connected on Gig0/0 do not have Internet access but the router console does still have Internet access. If something in what I understand is wrong please correct me.

If I am right then it points pretty clearly to an issue with address translation when Gig0/0 is going out the cellular interface.

HTH

Rick

[edit] Peter - I was not sure from the initial description that Sam was actually pulling the cable. Now that is clear.

And I still suggest that Sam think about Object Tracking as part of his solution because after he gets done testing and starts to actually use this he will encounter a failure scenario where he loses connectivity to the next hop but that the interface does not go down.

HTH

Rick

Hi Rick,

Agreed, the object tracking is the way to go after Sam gets the basic connectivity up and running. Still, I wanted to avoid cluttering his config with fancy things before establishing the basic functionality.

Best regards,

Peter

Peter

No problem with that approach. In the early stage simple is good

HTH

Rick

HTH

Rick

you guys got it.  I see the Cellular static route as my gateway of last resort but get destination unreachable on a ping.  So when everything is up,I can get on gig 0/0 but if I pull gig 0/0 and fail over to cellular, I now die.  I've been playign with the static routes to see if that is it.

As it stand right now, I can route out gig 0/0 but cannot failover to the cellular interface.  If I ping from my laptop behind gig 0/1 and I pull gig 0/0, my ping dies.  Even though I see the route as going out the cellular interface.  Here is the current config.  I did change the static routes a little as inthe cellular world we really don't care about the default gateway but Cisco needs it.

Current configuration : 4895 bytes
!
! Last configuration change at 23:00:55 UTC Tue Apr 17 2012
! NVRAM config last updated at 22:58:03 UTC Tue Apr 17 2012
! NVRAM config last updated at 22:58:03 UTC Tue Apr 17 2012
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CiscoDemo4GLTE
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.151-4.M3.10
boot-end-marker
!
!
enable secret 5 $1$RDV7$13G5jO/0bPpJiWWiDwO7S/
enable password DanAngst
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip dhcp pool lan0
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 4.2.2.2
!
!
multilink bundle-name authenticated
!
chat-script ltescript "" "AT
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3645487553
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3645487553
revocation-check none
rsakeypair TP-self-signed-3645487553
!
!
crypto pki certificate chain TP-self-signed-3645487553
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363435 34383735 3533301E 170D3132 30343133 31363535
  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343534
  38373535 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C0E1 172C26CD FE4EF183 B9B9FF39 6661A3F9 9A623B34 10F19FDB 415C3CDC
  507C834F B3DC74FF 5F7B9529 7BC2107C 3646D810 2AC97239 E07F985D 3700E134
  448EEA16 A1D4FFA5 62D9D204 D2004BA0 13F843E4 8E4D84BA C4B172EF 8530DE3A
  DFA7AD7E 55F7F2A6 D1C9988A 15367502 A8B44E21 16228E21 E65269B4 CF230F69
  B95B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 146C09AD D15833D3 DC949C08 FDF65EA8 EA5ACA91 5C301D06
  03551D0E 04160414 6C09ADD1 5833D3DC 949C08FD F65EA8EA 5ACA915C 300D0609
  2A864886 F70D0101 05050003 81810032 16C06137 36204621 57635F4D F546E5FB
  E3DDF625 52C9F512 0BF1910A FF1210DF F645C218 A5BDFBA3 44C66C24 969450AE
  FE4382A8 BDE67BDC 5555043C 515229A7 A75DF22E AAE20FD5 BDBED744 D90710D0
  DD37D67C 83472DCE CA461911 152C92F1 36642B47 49A6533C FF8F2154 A57CDFA6
  9108676B 7EC7C6D9 78ADF971 1D4621
        quit
license udi pid CISCO1921/K9 sn FTX160685BJ
!
!
!
!
controller Cellular 0/1
!
!
!
!
!
interface Loopback1
ip address 1.2.3.9 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
no cdp enable
no mop enabled
!
interface GigabitEthernet0/0
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Cellular0/1/0
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string ltescript
dialer watch-group 1
async mode interactive
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source route-map NAT-Cell interface Cellular0/1/0 overload
ip nat inside source route-map NAT-Gi interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 10.164.150.1 200
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp 90
!
access-list 100 permit ip any any
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
!
no cdp run
route-map NAT-Cell permit 10
match ip address 100
match interface Cellular0/1/0
!
route-map clear-df permit 10
set ip df 0
!
route-map NAT-Gi permit 10
match ip address 100
match interface GigabitEthernet0/0
!
!
snmp-server community public RO
tftp-server exit
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/1/0
script dialer ltescript
modem InOut
no exec
rxspeed 100000000
txspeed 50000000
line vty 0 4
password cisco
login
transport input all
line vty 5 15
password cisco
login
transport input all
!
scheduler allocate 20000 1000
event manager environment cell_int Cellular0/0/0
event manager environment modem_reset_count 0
event manager environment reload_required 1
event manager environment poll_time 30
event manager environment max_pwrcycles 3
event manager directory user policy "flash:/"
event manager directory user repository flash:/
event manager scheduler script thread class N number 1
event manager policy lte_cli.tcl
event manager policy lte_recovery_v1.tcl class N
!
end

CiscoDemo4GLTE#

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: