cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1807
Views
0
Helpful
21
Replies

Am I wasting my time here asking for help?

I’ve yet to actually get an answer that has helped me over the past few months when it comes to getting a 4321 router working as a router.

 

This is simple simple stuff that I need to do (I just need the functionality of a $30 router – I’m paying for quality not features. The original Cisco router we got ran for 10 years without a hiccup – that’s ALL I want right now.)

 

- Port 1, aka 0/0/1, aka 192.168.2.254 goes to the ISP’s ADLS/VDSL modem and is the Gateway address (according to the Cisco tech who connected to show me how to update the software and configure the ports this has to be the gateway address – yes, I have a service contract but want to learn how it’s done myself.)
- Port 2, aka 0/0/0, aka 192.168.2.253 goes to the switch (because eventually in our largest location I will be using the fiber link because the router and switch are on different floors.)
- The unit logs onto the ISP using PPPoE (Bell Canada.)
- The unit assigns IP addresses as devices are turned on (and takes them away when they are turned off), aka DHCP.
- I get internet access

 

Why is this proving to be impossible?

 

I get BDI set up on both ports so they are on the same subnet – then find out the hard way that PPPoE doesn’t want to work. (Our new store where this unit was installed was down for an hour Friday morning because the Bell 1000 unit did not want to get out of bridge mode when the test failed.)

 

I disable BDI this morning and then can no longer see the other port on the other subnet that I had to set it to – and still no internet access.

 

This isn't a router - it's a literal nightmare.

21 Replies 21

Hello,

 

can you post the full config ?

 

--> - Port 1, aka 0/0/1, aka 192.168.2.254 goes to the ISP’s ADLS/VDSL modem and is the Gateway address
- Port 2, aka 0/0/0, aka 192.168.2.253 

 

Not sure how this is supposed to work. Your setup sounds fairly simple, let us see the config...

I'll have to post it in the AM, I gave up and went home.

 

I think that my problem is that I thought that the second WAN port was a LAN port when I bought it. I could get to work the way I need it to with that DBI trick if I didn’t have to deal with PPPoE.

 

No way is there the budge for a Lan NIM card and I need both slots for planned future expansion, the ADSL/VDSL modem card so I don’t have to pay the Telco a monthly rental on their modem and the Cell LTE card in case the Telco's internet goes down so that debit/credit transactions still work.

Hello,

 

post a brief schematic drawing of what you are trying to accomplish with the Cisco router. What do you mean by WAN and LAN port ?

What I want is simple (If you do have trouble understanding my rambling I’ll load MS Paint and try to make a picture):

 

1) Port 1, aka GigabitEthernet0/0/0 goes to a port 50 on an SG500-48P and everything that gets plugged into that SG500 should be able to surf the web. It’s just one big happy switch right now (I’ll worry about setting VLANS up on it when I get internet service working on this router - The VLANs on the switch I know how to.)

 

The router assigns IP addresses to each device as they connect starting at IP address 192.168.2.2 (I’d go with 192.168.2.1 but that is the modem’s IP when it is not in bridge mode so I prefer to keep the address range the way it currently is. (The router also unassigns assigned IP addresses when the devices are turned off/disconnected.)

 

The only reason I’m going with Port 1 to the switch instead of the modem is that the fiber thingy slot is also assigned to that port and in one store I’d like to connect the router to the switch using the fiber link because they are on different floors – and I want to have consistency in every location. BUT, if I have to reverse these ports I can live with an ethernet connection at that location instead of the fiber link.

 

Also, if the ports on this router don’t have to be at 192.168.2.254 etc. I also don’t care (I just thought that they had to be – if the devices on the Lan/network can communicate with the internet, and vice versa, through the router if those posts are set to whatever those 10.x.x.x style numbers, I’m good with that (I have the alleged “Management” port already set to a 192.168.2.x address so the alleged “Graphical Interface” can talk to it (One would think that a Management Port and Graphical Interface would interface and manage - Enter the router's IP address if you don't like the default, maybe check a box or two, enter PPPoE ID & PW and instant internet working.)

 

2) Port 2, aka GigabitEthernet0/0/1 goes to a Bell Canada 1000 router/modem that will be in bridge mode and thus losing its ability to logon via PPPoE – so the 4321 needs to do the logging into the ISP.

 

Bell disabled port forwarding on these units (I don’t know if it’s just for business customers) and I need to forward ports. Bell’s tech support told me that I had to buy our own router if I wanted to do that. That Bell 1000 unit connects to another box via Ethernet not via RJ-11/RJ-12 ADSL style normal phone jack (That box has a fiber optic cable coming into it and eight RJ-11 jacks for good old-fashioned POTS phones and 4 RJ-45/Ethernet jacks labeled LAN1-4 with LAN1 going to the Bell 1000 modem – I don’t what it’s make/model is because it’s up high on the wall and I’ll need to get a ladder to get at it.)

Hello,

 

the below should work. All clients on your switch are assumed to be in Vlan 10. If you have other Vlans, create the respective service instances and BDIs.

 

Important parts are marked in bold:

 

version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Carlton_Router
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.03.16.07b.S.155-3.S7b-ext.SPA.bin
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
enable secret 5 $1$d2AV$.x62c8AIL9dVKFN/m1Q61.
enable password Bloor
!
no aaa new-model
ethernet lmi global
no process cpu autoprofile hog
clock timezone GMT -5 0
!
no ip dhcp conflict logging
ip dhcp excluded-address 192.168.2.245 192.168.2.254
!
ip dhcp pool Carlton
import all
network 192.168.2.0 255.255.255.0
default-router 192.168.2.254
dns-server 8.8.8.8 8.8.4.4
!
subscriber templating
multilink bundle-name authenticated
!
license udi pid ISR4321/K9 sn FDO21112KP2
!
spanning-tree extend system-id
!
username admin privilege 15 secret 5 $1$w/4P$sd2z6NvcAOHTKWR.QHRzU0
!
redundancy
mode none
!
no cdp run
!
interface BDI10
ip address 192.168.2.254 255.255.255.0
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
service instance 10 ethernet
encapsulation dot1q 10
rewrite ingress tag pop 1 symmetric
bridge-domain 10
!
interface GigabitEthernet0/0/1
description PrimaryWANDesc_
no ip address
negotiation auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
negotiation auto
no cdp enable
!
interface Dialer1
ip address negotiated
ip nat outside
encapsulation ppp
dialer pool 1
dialer-group 1
ppp authentication chap pap callin
ppp chap hostname dlftzcr3@bellnet.ca
ppp chap password 0 nVSLJRc4
ppp pap sent-username dlftzcr3@bellnet.ca password 0 nVSLJRc4
no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 Dialer1
!
dialer-list 1 protocol ip permit
!
ip nat inside source list 1 interface Dialer1 overload
!
access-list 1 permit 192.168.2.0 0.0.0.255
!
snmp-server community public RO
!
control-plane
!
line con 0
exec-timeout 0 0
stopbits 1
line aux 0
stopbits 1
line vty 0 4
privilege level 15
login local
transport input telnet
transport output telnet
!
end


@Georg Pauwen wrote:

Hello,

 

the below should work. All clients on your switch are assumed to be in Vlan 10. If you have other Vlans, create the respective service instances and BDIs.

 


I really appreciate the post, (and will be most definitely trying it) but this is what is confusing me, why a VLAN 10? What is it for, what does it do, why do I even need a VLAN on the router?

 

Can it be set to "1" - I ask because I believe in keeping things very simple, if there is only one VLAN on the router then I would call it "VLAN 1" and if I find down the road as I learn this stuff that I need a second VLAN, I would call it "VLAN 2." For example if I find I need a second VLAN to implement the scenario in the paragraph below:
 
I'm looking at some of that Retail technology Cisco has, for potential future solutions - like tracking phone locations in a store with the access points (don’t need to know any information about the phone, only that x amount of 'radio transmitters' visited a specific location on a specific day/time to see how many people visit the section(s) the day after we run an Ad, or sending promotional text messages to regular customers that have signed up if they are near the product. (Yes, yes I know I have a very steep learning curve - but even an old dog like me can learn new tricks, just slowly.)

 

 

My switch is currently just set to the default (no VLANs or VLAN 1 if that's the default on the SG500s) and when I set VLANs on it, they, VLANs 1 to 5 or 6, will all (with the exception of the VLAN with the security cameras) be part of Port 50/VLAN 1 so as far as the router should be concerned it is talking to a single switch with no VLANs.

Hello.

 

VLAN 10 was just an example, since you said you had several VLANs running on the switch. To keep everything in the (default) Vlan 1, configure the below:

 

interface BDI1
ip address 192.168.2.254 255.255.255.0
!
interface GigabitEthernet0/0/0
no ip address
negotiation auto
service instance 1 ethernet
encapsulation dot1q 1
rewrite ingress tag pop 1 symmetric
bridge-domain 1

The only reason I am concerned about this VLAN issue is that at one location (the largest) I was considering putting in a SG500-24P in the basement and linking it to the SG500-48P with the fiber link (every other store can run off of one SG500-48P ) on the main floor because that location has accounting and marketing and thus has more IP phones and computers than a store location has and the 50 ports on the SG500 48P aren’t enough. I had planned on "bridging" the VLANS between both switches (phones are on their own VLAN and so are computers.)

 

But like the locations where I have just a single switch I want the connection to appear to the router as a single no-VLANS switch. (That I've figured out how to do and was concerned that if I have to make VLANs on the router that I have to bridge those to the switch instead (on top of) of just plugging in a patch cable.)

 

Like I pointed out in another post, I don’t know Cisco's OS and commands and I just want to get the basics up and running and play with the complex issues (that are currently a want not a need) at 4am when usually get up and the stores are closed and I can quickly return them to a running state before they start opening at 8:30 & 9am.

Sorry for the delay, last weekend I tried entering that configuration but had no clue where to start (I don’t know Cisco's OS and commands from a hole in the ground.)

I did show it to the first tech I had a WebEx "meeting" with yesterday at 9AM EST and I'm not sure what portions he used when he got it running.

BUT, and there is a very big but, after literally 12 hours on the phone being passed from one engineer to the next as they went off and came on shift trying to figure out why webpages that had links to external servers would not load while webpages that did not have links to other "domains" would - an engineer in India (I think) did one small change (at 11PM EST) to all the previous work that four to five other engineers had tried during the day and added a single line command with four numbers in it that got it running like a Swiss watch.

I'll be posting my "config" so that if anyone else has this problem with a Bell 1000 in bridge mode, hopefully they will find it and it will help them. If your contribution helped the first guy at least get it running, I have no problem doing this up-vote thing someone else told me about.


The first engineer got it running to the point where Google would give results (that's usually my test, type in a random word and search, "if there are results = working".) I quickly discovered that there was a problem when I came here to thank you and also search on how to open ports (or "forward" them if that's what it's now called) and found that none of the pages would render, basically a blank whit page.

If I plugged the computer directly into the DSL modem and used a PPPoE dialer that I set up in Windows' network connections configuration, it would connect so I initially thought that the ISP was blocking the use of Google's DNS and wanted their own used (yes yes I know, but it's Bell Canada, nothing would surprise me.)

That wasn't it so I wanted to see the difference between the pages that loaded and those what would not load. If you Google "anything" and examine the page source at Meriam-Webster's page you'll notice a bunch of other servers/domains being linked to versus Wikipedia's pages that only makes calls to Wikipedia's server.

It took around four more engineers until I got the fifth who apparently has seen this problem before.

Hello,

 

first of all, glad that you got it working. I am curious to know what change the engineer did...


@Georg Pauwen wrote:

Hello,

 

first of all, glad that you got it working. I am curious to know what change the engineer did...


I've been too busy doing maintenance jobs (I do that for the stores also) to get back and go through the log to sort out the commands that were entered. (I plan on doing that soon though and posting the configuration for other beginners that may also encounter the problems I have - It's more of an issue of not knowing IOS and being used to programming routers with a browser and just checking off a few boxes to get up and running than anything else.)

 

Next problem - port forwarding. Whatever the engineer did for that isn’t working and the boss is going ballistic (and I mean that literally - I could not use the language he is using on a public forum) because he can’t access the security camera from home.

Hello

It looks like:

gig0/0 = is your LAN port
gig0/1 = what is this being used for?
Dialer 1 -=  is connected to the ISP modem, so this is your WAN port

 

Now for Port forwarding to work you need to have NAT enabled on your LAN/WAN ports and also a static NAT addressing for you camera system. - ( Note: nat is already applied to the dialer interface on your router)

 

Now lets say your camera ip address is 192.168.2.250 and you need to access it via HTTP/HTTPS

conf t
int gig0/0
ip nat inside
exit
ip nat inside source static tcp 192.168.2.250 80 interface dialer 1 80
ip nat inside source static tcp 192.168.2.250 443 interface dialer 1 443

 

 

To test this, you need to try to access the camera system via the public ip address supplied to you via the ISP modem - this you will find by inputting the following command:

sh ip interface brief - and check the ip address of the dialer 1 interface


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Sorry for the delay, I also do store maintenance and had a grease trap problem yesterday. (We are too small for a dedicated IT function.)

 

Now this running configuration may look like a dog’s breakfast in some places because on Sunday morning I was desperately entering all kinds of commands (most of which I have no idea what they changed) that I had written down when the various Cisco techs that connected to this unit were trying to get it working the way I need.

 

I did a "show config" and a "show running" because I don't know if they are the same or different. (the "show running" will be the next reply.)


Carlton_Router#show config
Using 2295 out of 33554432 bytes
!
! Last configuration change at 04:08:18 GMT Sun Jun 17 2018 by admin
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Carlton_Router
!
boot-start-marker
boot system flash bootflash:isr4300-universalk9.03.16.07b.S.155-3.S7b-ext.SPA.bin
boot-end-marker
!
!
vrf definition Mgmt-intf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 $1$d2AV$.x62c8AIL9dVKFN/m1Q61.
enable password Bloor
!
no aaa new-model
ethernet lmi global
no process cpu autoprofile hog
clock timezone GMT -5 0
!
!
!
!
!
!
!
!
!
!
!

 

no ip dhcp conflict logging
ip dhcp excluded-address 192.168.2.245 192.168.2.254
!
ip dhcp pool Carlton
 import all
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.254
 dns-server 8.8.8.8 8.8.4.4
!
!
!
!
!
!
!
!
!
!
subscriber templating
multilink bundle-name authenticated
!
!
!
!
license udi pid ISR4321/K9 sn FDO21112KP2
!
spanning-tree extend system-id
!
username admin privilege 15 secret 5 $1$w/4P$sd2z6NvcAOHTKWR.QHRzU0
!
redundancy
 mode none
!
!
no cdp run
!
!
!
!
!
!
interface GigabitEthernet0/0/0
 no ip address
 negotiation auto
!
interface GigabitEthernet0/0/1
 description PrimaryWANDesc_
 ip address 192.168.2.254 255.255.255.0
 negotiation auto
 pppoe enable group global
 pppoe-client dial-pool-number 1
!
interface GigabitEthernet0
 vrf forwarding Mgmt-intf
 ip address 192.168.2.245 255.255.255.0
 negotiation auto
 no cdp enable
!
interface Dialer1
 ip address negotiated
 ip nat outside
 encapsulation ppp
 dialer pool 1
 ppp authentication chap pap callin
 ppp chap hostname dlftzcr3@bellnet.ca
 ppp chap password 0 nVSLJRc4
 ppp pap sent-username dlftzcr3@bellnet.ca password 0 nVSLJRc4
 no cdp enable
!
interface BDI1
 ip address 192.168.2.254 255.255.255.0
 shutdown
 no cdp enable
!
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip tftp source-interface GigabitEthernet0
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/1
!
!
!
snmp-server community public RO
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 privilege level 15
 login local
 transport input telnet
 transport output telnet
!
!
end

Carlton_Router#

Hello

 


@IT at Very Very Small Business wrote:

Sorry for the delay, I also do store maintenance and had a grease trap problem yesterday. (We are too small for a dedicated IT function.)

 

Now this running configuration may look like a dog’s breakfast in some places because on Sunday morning I was desperately entering all kinds of commands (most of which I have no idea what they changed) that I had written down when the various Cisco techs that connected to this unit were trying to get it working the way I need.

 


I am wondering if you really need to config this rtr as a PPOE client?
If you plug a laptop into the ISP rtr do you get ip address allocation?, If so then all the below configuration isn't necessary?

Also few point on your exiting config.

1) you have the a incorrect default route if your using PPOE
2) gig0/0/0 is in a vrf so anything connected to this interface is logically separate from the rest of your network
3) As stated it looks like BDI isnt is compatible with your rtr

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: