Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
591
Views
0
Helpful
4
Replies

Interface question on c831

markus-schulze
Level 1
Level 1

‎06-13-2006 05:28 AM - edited ‎03-09-2019 03:13 PM

I upgraded the ios to 12.4. After the upgrade the interface behavior is a little diffrent. If there is no client connected to one of the fastethernet ports, the e0 interface is down. My problem is, we use this e0 interface for remote administration of the c831 over a vpn connection. So if no device is turned on in the night, I can't reach the router. Is there a solution to keep the interface up or to reach the router otherwise ?

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname xxx

!

enable secret xxx

!

username admin password xxx

ip subnet-zero

ip domain name xxx

ip dhcp excluded-address 192.168.45.254

ip tftp source-interface Ethernet0

!

ip dhcp pool COUNTER

network 192.168.45.240 255.255.255.240

domain-name xxx

default-router 192.168.45.254

dns-server 10.128.128.1 10.128.128.3

!

vpdn enable

vpdn-group 1

request-dialin

protocol pppoe

!

crypto isakmp policy 1

encr 3des

hash md5

authentication pre-share

group 2

!

crypto isakmp key 0 xxx address 213.xxx.xxx.xxx

crypto ipsec transform-set VPN esp-3des esp-md5-hmac

crypto map VPN 10 ipsec-isakmp

set peer 213.xxx.xxx.xxx

set transform-set VPN

match address 102

!

interface Ethernet0

ip address 192.168.45.254 255.255.255.240

hold-queue 100 out

no shut

interface Ethernet1

no ip address

duplex auto

pppoe enable

pppoe-client dial-pool-number 1

no cdp enable

no shut

interface Dialer1

ip address negotiated

ip mtu 1452

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap callin

ppp chap hostname xxx

ppp chap password 0 xxx

ip access-group 101 in

ip access-group 100 out

crypto map VPN

no cdp enable

!

ip nat inside source list 100 interface Dialer1 overload

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

no ip http server

no ip http secure-server

access-list 1 permit 10.128.128.200 0.0.0.7

access-list 1 permit 10.128.128.208 0.0.0.7

access-list 1 permit 10.128.128.216 0.0.0.3

access-list 100 permit esp host 217.91.19.71 host 213.xxx.xxx.xxx

access-list 100 permit udp host 217.91.19.71 eq isakmp host 213.xxx.xxx.xxx eq isakmp

access-list 100 permit ip 192.168.45.240 0.0.0.15 10.0.0.0 0.255.255.255

access-list 100 permit ip 192.168.45.240 0.0.0.15 192.168.0.0 0.0.255.255

access-list 101 permit udp host 213.xxx.xxx.xxx eq isakmp host 217.91.19.71 eq isakmp

access-list 101 permit esp host 213.xxx.xxx.xxx host 217.91.19.71

access-list 101 permit ip 10.0.0.0 0.255.255.255 192.168.45.240 0.0.0.15

access-list 101 permit ip 192.168.0.0 0.0.255.255 192.168.45.240 0.0.0.15

access-list 102 permit ip 192.168.45.240 0.0.0.15 10.0.0.0 0.255.255.255

access-list 102 permit ip 192.168.45.240 0.0.0.15 192.168.0.0 0.0.255.255

line con 0

login local

no modem enable

length

transport preferred all

transport output all

stopbits 1

line aux 0

login local

transport preferred all

transport output all

stopbits 1

line vty 0 4

exec-timeout 120 0

login local

length 0

transport preferred all

transport input all

transport output all

!

scheduler max-task-time 5000

Labels:
0 Helpful
4 Replies 4

atif.awan
Level 3
Level 3

‎06-13-2006 06:17 AM

Since this ethernet is a logical interface I do not know if this will work or not but try putting a 'no keepalive' under the interface configuration. I will be interested in knowing if the router even accepts this command for a logical interface as this commands is tied to the physical behavior of normal ethernet interfaces.

0 Helpful

markus-schulze
Level 1
Level 1
In response to atif.awan

‎06-13-2006 06:37 AM

The router accepted the command and shows 'Keepalive not set' in the interface status but it did not solve the problem.

The release notes of the 12.4 ios for c831 describes the behavior of the e0 interface, which is now dependent of the fastethernet interfaces 1 trough 4.

My next idea is to create a virtual interface, which is not dependent of a physical 'up' interface fa1-4. But how would I do this ?

0 Helpful

atif.awan
Level 3
Level 3
In response to markus-schulze

‎06-13-2006 06:42 AM

You can create a loopback interface using:

Router(config)# int loopback 0

Router(config-if)# ip address

This interface will always stay up but you have to make sure that the ip address you assign to it is router over the tunnel.

0 Helpful

jim.r.waller
Level 1
Level 1
In response to markus-schulze

‎06-22-2006 11:26 AM

We had the same issue with 871's. The fix was to upgrade to 12.4.6T and use the no autostate command under the vlan internface. Not sure if this is available for the 831.

0 Helpful
Customers Also Viewed These Support Documents