Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Can't get working Cisco STUN (Serial tunneling) in LAN

Hi all!

I am trying to run very simple thing, Cisco STUN (serial tunnelling). I run on 2 Cisco 2811 with IOS 15.x AES edition. They are plugged in the same LAN (192.168.1.0/24) via unmanaged switch and uses FE0/0 for LAN connectivity. FE0/1 ports are not used. HWIC-1T modules installed to enable serial communications. Cisco DCE and DTE cables are plugged in and interfaces shows up / up statuses, both blinks green when COM port is opened at PC side (DCE cable). When I working on it, I followed to this Cisco guide: STUN Basic with Multiple Tunnels and can't get it working. 

Symptoms: no serial comms, no packet count, no debug packets. Looks like there is no connectivity between STUN peers. Of course, the rest services work fine, routers can ping each other in 192.168.1.x network.

All looks very simple in Cisco's sample, but they are omitted Ethernet settings, including FE0/0. I am not networking guru and can't imagine that must be there. Particularly, I am not sure about FE0/0 settings in case of IP address and mask. Also I am not sure about another network set for loopback adapters or not (192.168.168.0/24 for loopback instead of 192.168.1.0/24 for FE0/0 port) . Also, I don't have any NAT enabled as well as static routes. I only can suppose, that 192.168.162.143 peer can't reach 192.168.162.144 peer via LAN.

Please check my network diagram HERE (png file, just 35KB).

Also, please pay attention that I no need 2 tunnels right now, so I simplified Cisco's samples for 1 STUN only (but not 2 as Cisco did). Please check my configuration and output:

R1 STUN section 

stun peer-name 192.168.1.143 
stun protocol-group 9 basic 

interface serial 0 
encapsulation stun 
stun group 9 
stun route all tcp 192.168.1.144

interface loopback 0 
ip address 192.168.1.144 255.255.255.0

R2 STUN section 

stun peer-name 192.168.1.144
stun protocol-group 9 basic 

interface serial 0 
encapsulation stun 
stun group 9 
stun route all tcp 192.168.1.143

interface loopback 0 
ip address 192.168.1.144 255.255.255.0

R1 show stun 

2811_1#show stun
This peer: 192.168.168.143

 Serial0/3/0  (group 9 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.144    closed              0         0         0

R2 show stun 

This peer: 192.168.168.144

 Serial0/3/0  (group 9 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.143    closed              0         0         0

R1 interface s0/3/0

2811_1#
2811_1#show interface serial 0/3/0
Serial0/3/0 is up, line protocol is up
  Hardware is GT96K Serial
  MTU 2104 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation STUN, loopback not set
  Keepalive not set
  Last input never, output 02:53:18, output hang never
  Last clearing of "show interface" counters 02:50:42
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     1 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=up  CTS=up

R2 interface s0/3/0

2811_2#
2811_2#show interface serial 0/3/0
Serial0/3/0 is up, line protocol is up
  Hardware is GT96K Serial
  MTU 2104 bytes, BW 1544 Kbit/sec, DLY 20000 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation STUN, loopback not set
  Keepalive not set
  Last input never, output never, output hang never
  Last clearing of "show interface" counters 02:52:28
  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 0 bits/sec, 0 packets/sec
  5 minute output rate 0 bits/sec, 0 packets/sec
     0 packets input, 0 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
     0 packets output, 0 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out
     0 carrier transitions
     DCD=up  DSR=up  DTR=up  RTS=down  CTS=up

R1 running conf 

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2811_1
!
boot-start-marker
boot system usbflash1:c2800nm-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
ip domain name somedom.com
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
crypto pki token default removal timeout 0
!
redundancy
!
ip tftp source-interface FastEthernet0/0
!
stun peer-name 192.168.168.143
stun protocol-group 9 basic
!
interface Loopback0
 ip address 192.168.168.143 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.1.143 255.255.255.0
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/3/0
 mtu 2104
 no ip address
 encapsulation stun
 stun group 9
 stun route all tcp 192.168.1.144
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
access-list 23 permit 192.168.1.0 0.0.0.255
!
snmp-server community someSTRINGhere RW
!
control-plane
!
mgcp profile default
!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 1440 0
 privilege level 15
 password somePASS
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 access-class 23 in
 exec-timeout 1440 0
 privilege level 15
 logging synchronous
 login local
 transport input ssh
!
scheduler allocate 20000 1000
end

R2 running conf  

version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 2811_2
!
boot-start-marker
boot system usbflash1:c2800nm-adventerprisek9-mz.151-4.M12a.bin
boot-end-marker
!
logging buffered 4096
!
no aaa new-model
!
dot11 syslog
ip source-route
!
ip cef
!
ip domain name somedom.com
no ipv6 cef
!
multilink bundle-name authenticated
!
voice-card 0
!
crypto pki token default removal timeout 0
!
redundancy
!
ip tftp source-interface FastEthernet0/0
!
stun peer-name 192.168.168.144
stun protocol-group 9 basic
!
interface Loopback0
 ip address 192.168.168.144 255.255.255.0
!
interface FastEthernet0/0
 ip address 192.168.1.144 255.255.255.0
 duplex full
 speed auto
 no mop enabled
!
interface FastEthernet0/1
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial0/3/0
 mtu 2104
 no ip address
 encapsulation stun
 stun group 9
 stun route all tcp 192.168.1.143
!
ip forward-protocol nd
ip http server
no ip http secure-server
!
access-list 23 permit 192.168.1.0 0.0.0.255
!
snmp-server community someSTRINGhere RW
!
control-plane
!
mgcp profile default
!
line con 0
line aux 0
line vty 0 4
 access-class 23 in
 exec-timeout 1440 0
 privilege level 15
 password somePASS
 logging synchronous
 login local
 transport input ssh
line vty 5 15
 access-class 23 in
 exec-timeout 1440 0
 privilege level 15
 logging synchronous
 login local
 transport input ssh
!
scheduler allocate 20000 1000
end

My network diagram is attached, please check. It's not very professional I think, but I hope that it will give you all information needed.

Any help will be appreciated.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Hi,

 

The STUN route statement under the serial interface needs to point at the STUN peer IP address of the other STUN router,  Here is the configuration:

 

router 1:

stun peer-name 192.168.168.143
stun protocol-group 101 basic
stun protocol-group 102 basic
!
interface serial 0/3/0
no ip address
encapsulation stun
stun group 101
stun route all tcp 192.168.168.144
no shut
!
interface serial 0/2/0
encapsulation stun
stun group 102
stun route all tcp 192.168.168.144
no shut
!
interface loopback 0
ip address 192.168.168.143 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144
no shut

====================================================
Router 2:

stun peer-name 192.168.168.144
stun protocol-group 101 basic
stun protocol-group 102 basic
!
interface serial 0/3/0
no ip address
encapsulation stun
stun group 101
stun route all tcp 192.168.168.143
no shut
!
interface serial 0/2/0
encapsulation stun
stun group 102
stun route all tcp 192.168.168.143
no shut
!
interface loopback 0
ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.143 255.255.255.255 192.168.1.144
no shut

 

Best Regards,

Jim

12 REPLIES
New Member

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

After the advice of one guy I got ping running beween loopback interfaces in the 192.168.168.0/24 network. Here is what I added: 

R1
conf term
int lo 0
ip address 192.168.168.143 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144
end
R2
conf term
int lo 0
ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.143 255.255.255.255 192.168.1.143
end

But STUN still doesn't work. No packet count, all closed status and all zeros on show stun output.

But in debug I can see local S0/3/0 status changes when I open COM by any app:

*Oct  5 14:14:21.215: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to down
*Oct  5 14:14:22.215: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to down
2811_2(config-if)#
*Oct  5 14:14:34.151: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to up
*Oct  5 14:14:35.151: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up

It confirms that serial interface is OK and need some proper settings to be connected to other peer. IMHO, something wrong with STUN network peering/connectivity.

Here is how I debug it:

show stun
debug stun packet
debug stun event
terminal monitor

Please advise how to fix STUN and get it working via network.

Could my problem be in partially discarded Cisco config in case of 2-nd tunnel (group 13/second local serial interface)?

Hall of Fame Super Silver

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Since we do not know what you omitted from the original example it is difficult to know whether this is a factor in your config not working.

 

I have a suggestion and a question. I am not sure that it is significant but I would suggest that you change your statement for stun route to use the address of the remote peer, like this

 stun route all tcp 192.168.168.144

 

I also have a question about what you are using to send the traffic for stun, and in particular to ask if you are sure that these devices are generating the appropriate clocking for the serial interface.

 

HTH

 

Rick

New Member

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Hi Rick!

Thanks for your response and desire to help. Really appreciate it!

I tried 2 different configs, including full Cisco's example with my addressing:

2811_1 2811_2
conf term conf term
stun peer-name 192.168.168.143 stun peer-name 192.168.168.144
stun protocol-group 9 basic stun protocol-group 9 basic
stun protocol-group 13 basic stun protocol-group 13 basic
! !
interface serial 0/3/0 interface serial 0/3/0
no ip address no ip address
encapsulation stun encapsulation stun
stun group 9 stun group 9
stun route all tcp 192.168.1.144 stun route all tcp 192.168.1.143
no shut no shut
! !
interface serial 0/2/0 interface serial 0/2/0
encapsulation stun encapsulation stun
stun group 13 stun group 13
stun route all tcp 192.168.1.144 stun route all tcp 192.168.1.143
no shut no shut
! !
interface loopback 0 interface loopback 0
ip address 192.168.168.143 255.255.255.0 ip address 192.168.168.144 255.255.255.0
no shut no shut

Because loopback interfaces were not able to reach each other, I added these lines:

int lo 0
ip address 192.168.168.143 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144
end
int lo 0
ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.143 255.255.255.255 192.168.1.143
end

After that loopback interfaces become responsible for ping over network. But serial link still isn't working.

After that I tried another config which come from this board marked as solved in that's thread: https://supportforums.cisco.com/t5/wan-routing-and-switching/serial-tunneling/m-p/1876895/thread-id/184901

Here is a version with my addressing:

hostname 2811_1 hostname 2811_2
interface loopback 0 interface loopback 0
desc *** LOOPBACK 0 FOR STUN PEERING *** desc *** LOOPBACK 0 FOR STUN PEERING ***
ip address 192.168.168.143 255.255.255.255 ip address 192.168.168.144 255.255.255.255
no ip redirect no ip redirect
no ip directed-broadcast no ip directed-broadcast
exit exit
stun peer-name 192.168.168.143 stun peer-name 192.168.168.144
stun protocol-group 100 basic stun protocol-group 100 basic
! !
interface Serial0/3/0 interface Serial0/3/0
desc *** LINK TO ROUTER 2811_2 *** desc *** LINK TO ROUTER 2811_1 ***
ip address 192.168.168.149 255.255.255.252 ip address 192.168.168.150 255.255.255.252
no ip directed-broadcast no ip directed-broadcast
no shut no shut
interface Serial0/2/0 interface Serial0/2/0
desc *** STUN LINK - THIS IS THE DCE END *** desc *** STUN LINK - THIS IS THE DCE END ***
no ip address no ip address
no ip directed-broadcast no ip directed-broadcast
encapsulation stun encapsulation stun
no ip mroute-cache no ip mroute-cache
clockrate 9600 clockrate 9600
stun group 100 stun group 100
stun route all interface serial 0/3/0 direct stun route all interface serial 0/3/0 direct
no shut no shut
interface fast 0/0 interface fast 0/0
desc *** LAN ON ROUTER 2811_1 *** desc *** LAN ON ROUTER 2811_2 ***
ip address 192.168.1.143 255.255.255.0 ip address 192.168.1.144 255.255.255.0
! !
ip route 192.168.168.144 255.255.255.255 192.168.168.150 name LOOPBACK-2811_2 ip route 192.168.168.143 255.255.255.255 192.168.168.149 name LOOPBACK-2811_1
ip route 192.168.1.144 255.255.255.255 192.168.168.150 name LAN-2811_2 ip route 192.168.1.143 255.255.255.255 192.168.168.149 name LAN-2811_1

But still no luck :(

About your question. I am using regular PC with hardware COM port. It's 100% working and tested. I run WinSSD program there and use special serial test plug at remote end:WinSDD-Test-Plug

Also I use Cisco DCE cable on PC side and DTE cable on other side (where I connect test plug).

With no routers inserted in the "serial line path" (just PC, serial cables, adapters and plug), all test passes with no issues. Via routers WinSSD shows no connectivity and no sync:

Sending Test Pattern ( 55 - AA hex )
Error - Timeout!  Check connector.

PC port settings are standard:

BPS: 9600
Data bits: 8
Parity: None
Stop bits: 1
Flow control: None

With the last config I used serial0/3/0 interfaces at the both routers. Cisco 72-1430-01 (CAB-SS-232FC) DCE cable was used to connect PC. Cisco 72-1431-01 (CAB-SS-232MT) DTE cable was used to connect other side (test plug in my case). 

When I connect test plug, I see that local serial interface become active (up status and green LED). When press Port - Open in WinSSD, I see how local serial interface become active too (up status and green LED). So, both serial interfaces up and running before I run any tests.

Any other tests (not WinSSD) also fails and it's predictable, because packet counters in STUN links always shows all zeros in RX/TX lines.

Do you have other ideas after that? I really need them because I am not very good with Cisco. 

Hall of Fame Super Silver

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

The point of my suggestion was to change the stun route command to use the address used by the other router as its stun peer address. It is not clear whether you tried that or not. But thinking about your comment that the stun packet counters consistently show zero, I suspect that changing the stun route command might not have much effect.

 

The other config that you tried is interesting, especially the use of interface direct instead of tcp. I am sorry that it did not work.

 

I continue to wonder if the issue might relate to clocking on the stun link and whether the router is recognizing the clocking signals. But if the serial interfaces are coming to an up/up state then it would seem likely that they do see clocking on the interface.

 

HTH

 

Rick

New Member

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Hi Rick!

Thanks for your reply.

I am not sure about your advice. Because as I see, all peer routing targeted to address of remote router. Or, if I am wrong, can you copy/paste one of two config examples, change what is needed and show me changed data with some highlighting?

And what do you think about local serial port test? How to check that serial port works fine, can accept data, etc.? It would be better to fing some packet counter. To ensure that both ports able to communicate properly and wired properly?

And one important thing. Clocking has nothing on port status. Up/up statuses are easy to get just by changing DTR state to level (e.g. by suppling +7..12VAC to pin #4 on DB9 or pin#20 on DB-25 ). I did this trick and get in console these messages:

*Oct  7 18:52:29.708: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to down
*Oct  7 18:52:30.708: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to down

Do you have ideas how to diag serial port locally or link 2 serial ports on router locally (with no STUN involved)?

Thanks!

New Member

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Here is block diagram of my setup. Is it correct? Especially, cables used, port modes (DCE vs DTW), serial ports used? I run config #2 provided by other member by link.

New Member

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

This is what I see on R2 when I debug serial ports. Looks like nothing bad with S0/3/0, and only S0/2/0 is in trouble (as must be, because I haven't connected any cables to it).

*Oct 7 22:06:32.404: DCE idb->dte_interface = DCE
*Oct 7 22:06:32.404: Dscc4(Serial0/3/0): DTR is up.

2811_2#
*Oct 7 22:06:34.404: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to up
*Oct 7 22:06:35.404: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up
2811_2#
*Oct 7 22:06:56.792: Serial0/2/0: attempting to restart
*Oct 7 22:06:56.792: gt96k_mbrd_serial_mode_reg_init:: was DCE, now set to DCE
2811_2#
*Oct 7 22:07:26.800: Serial0/2/0: attempting to restart
*Oct 7 22:07:26.800: gt96k_mbrd_serial_mode_reg_init:: was DCE, now set to DCE
2811_2#
*Oct 7 22:07:56.800: Serial0/2/0: attempting to restart
*Oct 7 22:07:56.800: gt96k_mbrd_serial_mode_reg_init:: was DCE, now set to DCE
2811_2#
*Oct 7 22:08:26.808: Serial0/2/0: attempting to restart
*Oct 7 22:08:26.808: gt96k_mbrd_serial_mode_reg_init:: was DCE, now set to DCE

PC is keeping S0/3/0 port up and sending test data on 9600 or 115200 speeds. R2's S0/3/0 port configured for clock speed 9600 or 115200 respectively. PC serial test programs configured for the same speed.

Looks like is must work with STUN/IP connectivity/routing.

Hall of Fame Super Silver

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Thank you for the output that shows that the line comes up and the line protocol comes up.

*Oct 7 22:06:34.404: %LINK-3-UPDOWN: Interface Serial0/3/0, changed state to up
*Oct 7 22:06:35.404: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0/3/0, changed state to up

I believe that it is especially significant that the line protocol comes up. Does it stay up? Or does the line protocol go back down while you are attempting to test?

 

HTH

 

Rick

 

New Member

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Rick,

Serial ports always up stay up until infinitely until I de-key DTR or close serial port at PC.

Now I am digging in other direction. I found out, that different serial port test software gives me FRAME errors (and other kind of errors, like garbage in RX window) at the PC end. PC port speed and Cisco's DTE port correspondence to clock rate doesn't matter. Looks like 2811_2's DCE port doesn't provide clocking for some reason. Could it be due to missed clocking off modem (DCE port of 2811_1)? Because I do not send any clocking to that's port, because there is only test plug connected.

Another important thing. Looks like STUN is for synchronous serial links only due to SDLC frames usage (where S is Synchronous). I think that I need to supply sync or set Cisco to do that internally.

Here is my updated block diagram with notes. I drawn some clouds with comments and thoughts. And now I need to clarify those, especially big blue one.

What do you think about?

New Member

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

So guys, I have some progress. I got link working in pseudowire mode, but not in STUN. In the both cases I did a mistake in bench test configuration. STUN and pseudowire provides synchronous link and they doesn't supports asynchronous comms (what is commonly used by PC port). In this case, one device must provide clocking and another device must listen to it and take to account. So, to test setup of such kind, you must have 2 devices that supports synchronous coms and one of them can provide clocking. Test software (like WinSSD) and loopback plug will NOT work.

Here is working config fit pseudowire mode:

2811_1 2811_2
pseudowire-class link1 pseudowire-class link1
encapsulation l2tpv3 encapsulation l2tpv3
ip local interface FastEthernet0/0 ip local interface FastEthernet0/0
exit exit
interface Serial0/3/0 interface Serial0/3/0
no ip address no ip address!no fair-queuexconnect 192.168.1.143 100 pw-class link1
clock rate 9600  !
no fair-queue !
xconnect 192.168.1.144 100 pw-class link1 !

It's tested and works fine.

Current problem - I still can't get working the same link in STUN mode. Here is config based on Cisco and it doesn't work:

2811_1 2811_2
conf term conf term
stun peer-name 192.168.168.143  stun peer-name  192.168.168.144 
stun protocol-group 101 basic stun protocol-group 101 basic 
stun protocol-group 102 basic stun protocol-group 102 basic
   
interface serial 0/3/0 interface serial 0/3/0
no ip address no ip address
encapsulation stun  encapsulation stun 
stun group 101 stun group 101
stun route all tcp 192.168.1.144 stun route all tcp  192.168.1.143
no shut no shut
   
interface serial 0/2/0 interface serial 0/2/0
encapsulation stun encapsulation stun
stun group 102 stun group 102
stun route all tcp 192.168.1.144 stun route all tcp 192.168.1.143
no shut no shut
   
interface loopback 0  interface loopback 0 
ip address 192.168.168.143 255.255.255.0 ip address 192.168.168.144 255.255.255.0
no shut no shut
   
int lo 0 int lo 0
ip address 192.168.168.143 255.255.255.255 ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144 ip route 192.168.168.143 255.255.255.255 192.168.1.143
end end

And have no ideas why it can't provide working link setup that is hooked/wired properly (hardware setup/wiring is the same as was used for pseudowire).

But now STUN shows a lot of debug data and packet counters grow.

R1:

2811_1#show stun
This peer: 192.168.168.143
Serial0/2/0  (group 102 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.144    closed              0         0         0

Serial0/3/0  (group 101 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.144    closed          81563    326257       192

R2:

2811_2#show stun
This peer: 192.168.168.144
Serial0/2/0  (group 102 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.143    closed              0         0         0

Serial0/3/0  (group 101 [basic])
                              state       rx_pkts   tx_pkts     drops
all     TCP 192.168.1.143    closed          80568    322283       633

I am plugged to serial 0/3/0 interfaces of course. Both interfaces are up/up and can ping each other.

STUN debug output is attached.

Any ideas please how to run link in STUN mode? Thanks!

Cisco Employee

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Hi,

 

The STUN route statement under the serial interface needs to point at the STUN peer IP address of the other STUN router,  Here is the configuration:

 

router 1:

stun peer-name 192.168.168.143
stun protocol-group 101 basic
stun protocol-group 102 basic
!
interface serial 0/3/0
no ip address
encapsulation stun
stun group 101
stun route all tcp 192.168.168.144
no shut
!
interface serial 0/2/0
encapsulation stun
stun group 102
stun route all tcp 192.168.168.144
no shut
!
interface loopback 0
ip address 192.168.168.143 255.255.255.255
ip route 192.168.168.144 255.255.255.255 192.168.1.144
no shut

====================================================
Router 2:

stun peer-name 192.168.168.144
stun protocol-group 101 basic
stun protocol-group 102 basic
!
interface serial 0/3/0
no ip address
encapsulation stun
stun group 101
stun route all tcp 192.168.168.143
no shut
!
interface serial 0/2/0
encapsulation stun
stun group 102
stun route all tcp 192.168.168.143
no shut
!
interface loopback 0
ip address 192.168.168.144 255.255.255.255
ip route 192.168.168.143 255.255.255.255 192.168.1.144
no shut

 

Best Regards,

Jim

New Member

Re: Can't get working Cisco STUN (Serial tunneling) in LAN

Thanks a lot Jim, you're right. Issue resolved.

1217
Views
0
Helpful
12
Replies
CreatePlease to create content