Re: uBR924 and Cable Provider.

andifur · ‎05-30-2003

I am hoping someone can help me out here. I purchased a uBR924 for one of our remote staff members. She used Comcast (PA) for internet.

We are trying to set her up with a tunnel back to work, with a PC and an IP phone. Heres where we run into problems.

Comcast assigns a 10.96.*.* address on the cable-modem 0 int. So I have to keep the router bridged and set my PC to aobtain automaticly. If I hard code the ethernet 0 port I with a 192.168.1.1 then I loose all connectivity

Does anyone know of a way or a config I can use t make this work. I would like to be able have her use all the ports in router. I think it might work if I was able to setthe ethernet 0 card to obtain auto.

I am including a copy of the current contig.

Please help.

Thanks

uBR924#sh run

Building configuration...

Current configuration:

!

! Last configuration change at 01:25:13 - Sat May 31 2003

! NVRAM config last updated at 01:14:46 - Sat May 31 2003

!

version 12.0

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname uBR924

!

!username xxx pass xxx

!

enable password xxxx

!

clock timezone - -5

ip subnet-zero

!

ip dhcp pool LAN

network 192.168.1.32 255.255.255.224

dns-server 4.2.2.2

default-router 192.168.1.1

!

voice-port 0

input gain -2

!

voice-port 1

input gain -2

!

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip access-group 100 in

ip access-group 101 out

no ip directed-broadcast

ip nat inside

!

interface cable-modem0

ip address negotiated

no ip directed-broadcast

ip nat outside

cable-modem downstream saved channel 723000000 58 4

cable-modem mac-timer t2 180000

no cable-modem compliant bridge

!

ip default-gateway 10.96.72.1

ip nat inside source list 105 interface cable-modem0 overload

ip classless

no ip http server

!

access-list 1 permit 172.30.0.0 0.0.255.255

access-list 2 permit 172.30.0.0 0.0.255.255

access-list 3 permit 172.30.1.5

access-list 4 permit 172.30.1.6

access-list 5 permit 172.29.0.0 0.0.255.255

access-list 6 permit 172.29.0.0 0.0.255.255

access-list 100 deny udp any range 0 65535 any range netbios-ns netbios-ss

access-list 100 deny tcp any range 0 65535 any range 137 139

access-list 100 deny udp any range 0 65535 any range bootpc bootpc

access-list 100 deny udp any range 0 65535 any range rip rip

access-list 100 permit ip any any

access-list 101 deny udp any range 0 65535 any range netbios-ns netbios-ss

access-list 101 deny tcp any range 0 65535 any range 137 139

access-list 101 deny udp any range 0 65535 any range rip rip

access-list 101 deny tcp any range 0 65535 any range 1080 1080

access-list 101 permit ip any any

access-list 105 permit ip 192.168.1.0 0.0.0.255 any

snmp-server engineID local 00000009020000B064DBAAAC

snmp-server manager

!

line con 0

transport input none

line vty 0 4

login local

!

end

Here is a copy of what I get from sh C 0::

Below is the private IP.

cable-modem0 is up, line protocol is up

Hardware is BCM3300, address is 00b0.64db.aaad (bia 00b0.64db.aaad)

Internet address is 10.96.75.28/21

MTU 1500 bytes, BW 27000 Kbit, DLY 1000 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation DOCSIS, loopback not set

I dont want ot have to go out and buy another router to sit behind this one.

makchitale · ‎05-31-2003

Yes, in bridging mode Comcast will assign an private (non-routable) ip address to the cable interface & an public ip address to the host (PC) behind the cable modem. What you need to do is use the config given below...use the cable-dhcp-proxy command so C0 gets it's normal 10.x.x.x ip address but an Loopback0 is automatically created that gets the public (which normally would go to the PC) address & we NAT/ PAT against that address.

Ensure you have 12.1(1)T & above on the ubr924.

http://www.cisco.com/warp/customer/109/cable_dhcp_proxy.shtml

Thanks, Mak.

andifur · ‎05-31-2003

Thanks for te reply. I have tried this exact config before with no luck.

here is a copy from after configuring with cable-modem dhcp-proxy

! Last configuration change at 22:08:25 - Sat May 31 2003

!

version 12.2

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname uBR924

!

logging rate-limit console 10 except errors

enable password xx

!

username xx

username xx password xx

clock timezone - -5

ip subnet-zero

no ip finger

!

no ip dhcp-client network-discovery

call rsvp-sync

!

interface Loopback0

ip address 68.81.48.193 255.255.255.255

!

interface Ethernet0

ip address 192.168.1.1 255.255.255.0

ip nat inside

!

interface cable-modem0

ip nat outside

no cable-modem compliant bridge

cable-modem dhcp-proxy nat TEST_POOL

!

ip nat pool TEST_POOL 68.81.48.193 68.81.48.193 netmask 255.255.255.0

ip nat inside source list 1 pool TEST_POOL overload

ip classless

no ip http server

no ip http cable-monitor

!

access-list 1 permit 192.168.1.0 0.0.0.255

!

snmp-server packetsize 4096

snmp-server manager

!

voice-port 0

input gain -2

output attenuation 0

!

voice-port 1

input gain -2

output attenuation 0

!

line con 0

transport input none

line vty 0 4

login local

!

end

I was never able to connect to anything on the ISP side. I could only access internal resources, and of course "Comcast" states they do not support Cisco CM.

I debuged the ip nat and received the followng

NAT* s192.168.1.8--> 68.81.48.193 d=4.2.2.2

so I know its translating the addresses for me. Does any one have any ideas that might help me out.

Thanks

andifur · ‎05-31-2003

There is one more thing I am seeing that I may think is casuing something.

I will do a wr er and an IOS upgrade then bridge the router to my PC, I will get different addresses. If then try to get the router to work this way, I will enter in everything (not from TFTP) and a reload and I am always back to the same IP.

Any thoughts?

thanks.

andifur · ‎06-01-2003

I got it to work. I went from 12.2(1d) to 12.2.(10d) It came right up and is working fine.