Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi all,

Due to some ongoing issues with dsl interface firmwares and the kit held in our ISP exchanges; we are havign to resort to substituting out the Cisco 877 ADSL atm interface and using a seperate router supplied by the ISP to make the initial connection.

I am struggling to get the 877 to do what I want it to now though; and have subsequently found it can only handle two VLANs.

So; my ISP provided router/modem connects to the net, anythign connected to it browses fine.

This is on subnet 192.168.1.0/24 and IP 192.168.1.254 is the router

I have a port on the 877 configured in this subnet, and in VLAN666 (so i can apply ip nat outisde)

This is on 192.168.1.139

Additionally I am using VLAN1 for corporate traffic on 172.30.59.0/24 subnet and if it could handle an additional VLAN I'd also be using 10.30.59.0/24 for voice, but that's a seperate issue (unless you have any helpful suggestions!)

The 877 can ping everything, unless I tell it to use source VLAN1.

Laptop connected to to VLAN1 can ping VLAN1, VLAN666 but not 192.168.1.254 or any internet based hosts.

ISP router can ping 192.168.1.139 on the 877 but no further.

This all stinks of NAT issues but I can't figure it out; config below:

ITTEST#show run

Building configuration...

Current configuration : 4282 bytes

!

! Last configuration change at 16:10:10 GMT Mon Nov 11 2013

! NVRAM config last updated at 16:10:14 GMT Mon Nov 11 2013

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname ITTEST

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

logging buffered 10240

logging console critical

enable secret

enable password

!

no aaa new-model

clock timezone GMT 0

clock summer-time BST recurring last Sun Mar 1:00 last Sun Oct 2:00

!

!

dot11 syslog

no ip source-route

ip dhcp excluded-address 172.30.59.1 172.30.59.100

!

ip dhcp pool dhcppool

   import all

   network 172.30.59.0 255.255.255.0

   default-router 172.30.59.1

   dns-server 172.30.59.1 172.20.0.120 172.20.0.121

   domain-name gratte.com

   update arp

!

!

ip cef

ip domain name gratte.com

ip name-server 192.168.1.254

ip name-server 172.20.0.120

ip name-server 172.20.0.121

!

!

!

!

!

!

crypto isakmp policy 1

encr 3des

authentication pre-share

group 2

crypto isakmp key <presharedkey> address xxx.xxx.xxx.xxx no-xauth

!

!

crypto ipsec transform-set 3DESSHA esp-3des esp-sha-hmac

!

crypto ipsec profile IPSEC-VPN

set transform-set 3DESSHA

!

!

archive

log config

  hidekeys

!

!

!

!

!

interface Tunnel0

description --- IPSec Tunnel to KX ---

ip address 172.30.60.1 255.255.255.0

ip ospf mtu-ignore

load-interval 30

tunnel source Vlan1

tunnel destination xxx.xxx.xxx.xxx

tunnel mode ipsec ipv4

tunnel protection ipsec profile IPSEC-VPN

!

interface ATM0

no ip address

shutdown

no atm ilmi-keepalive

!

interface FastEthernet0

description DATA

spanning-tree portfast

!

interface FastEthernet1

description VOICE

switchport access vlan 100

switchport voice vlan 100

spanning-tree portfast

!

interface FastEthernet2

shutdown

!

interface FastEthernet3

switchport access vlan 666

no cdp enable

spanning-tree portfast

!

interface Vlan1

ip address 172.30.59.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface Vlan2

no ip address

!

interface Vlan100

ip address 10.30.59.1 255.255.255.252

ip nat inside

ip virtual-reassembly

!

interface Vlan666

ip address 192.168.1.139 255.255.255.0

ip nat outside

ip virtual-reassembly

!

interface Dialer0

no ip address

!

ip default-gateway 192.168.1.254

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 192.168.1.254

ip route 10.20.0.0 255.255.0.0 Tunnel0

ip route 10.21.0.0 255.255.0.0 Tunnel0

ip route 64.156.192.220 255.255.255.255 Tunnel0

ip route 64.156.192.245 255.255.255.255 Tunnel0

ip route 74.50.50.16 255.255.255.255 Tunnel0

ip route 74.50.63.14 255.255.255.255 Tunnel0

ip route 172.16.0.0 255.240.0.0 Tunnel0

ip route 172.30.59.0 255.255.255.0 Vlan1

no ip http server

no ip http secure-server

!

ip dns server

ip nat source list 100 interface Vlan1 overload

!

access-list 100 permit ip 172.30.59.0 0.0.0.255 any

!

!

!

snmp-server community  RO

snmp-server community  RW

!

control-plane

!

!

line con 0

password

login

no modem enable

line aux 0

line vty 0 4

password

login

!

scheduler max-task-time 5000

ntp server 72.8.140.222

end

Ultimately I'll be using this for a VPN, but I can't even get internet traffic currently.

Any ideas?

Thanks,

  • WAN Routing and Switching
27 REPLIES
Purple

Re: ADSL modem <-> Cisco 877 <-> internal network problems!

Hi,

this line:

ip nat source list 100 interface Vlan1 overload

should be

ip nat source list 100 interface Vlan666 overload

You should also do NAT exemption for your VPN traffic by denying it first in this ACL

Also for voice vlan you can use switchport voice vlan command.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

ADSL modem <-> Cisco 877 <-> internal network problems!

That was my original config, but I could not figure it out and had read enough rubbish on the internet to try setting it otherwise.

Now this is interesting; I've been conducting my ping tests from the user defing the source by using the VLAN1 IP; 172.30.59.1, I've just tried it using the actual interface instead:

ITTEST#ping 8.8.8.8 source vlan 1

% Invalid source interface - IP not enabled or interface is down

VLAN1 is active and the interface assigned is up....

What could that be then?...

Purple

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi,

sh ip int br | i Vlan

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

ADSL modem <-> Cisco 877 <-> internal network problems!

Ok, it shows the protocol as being down for VLAN 1, might this be as my laptop is no longer connect to fastethernet 0 (the only interface configured for vlan 1 access)?

I'm at home now, (UK time coming up to 9pm) so i can't plug my laptop back in to see a change.

ITTEST#sh ip int br | i Vlan

Vlan1                      172.30.59.1     YES NVRAM  up                    down

Vlan2                      unassigned      YES unset  up                    down

Vlan100                    10.30.59.1      YES NVRAM  up                    down

Vlan666                    192.168.1.139   YES NVRAM  up                    up

What can i do to change the protocol state?

New Member

ADSL modem <-> Cisco 877 <-> internal network problems!

additionally, I'm on the firmware that enables 2 vlans not 4, the vlan 100 and vlan 2 are not required in this set up (currently) I will need to get a third vlan in their but I can load a different firmware when this is complete and working to achieve that.

Hall of Fame Super Gold

ADSL modem <-> Cisco 877 <-> internal network problems!

additionally, I'm on the firmware that enables 2 vlans not 4, the vlan 100 and vlan 2 are not required in this set up (currently) I will need to get a third vlan in their but I can load a different firmware when this is complete and working to achieve that.

870 routers, when loaded with IOS version 12.4, can only support 2 VLANs.   If you want to load between 3 to 10 VLANs, you need to downgrade to IOS version 12.3.

Make sure you've created VLAN entries in the VLAN database.

New Member

ADSL modem <-> Cisco 877 <-> internal network problems!

Hi Leo,

From the sh ip int br | i Vlan command that Alain suggested I can see:

ITTEST#sh ip int br | i Vlan

Vlan1                      172.30.59.1     YES NVRAM  up                    down

Vlan2                      unassigned      YES unset  administratively down down

Vlan100                    10.30.59.1      YES NVRAM  administratively down down

Vlan666                    192.168.1.139   YES NVRAM  up                    up

I no longer require vlan2 or vlan 100 in this config, but I am currently connected remotely. If I was on site with this device I would erase the vlan.dat, reload the device, and set the vlans up from scratch.

If I did that currently though, I would lose the connection I am currently using though VLAN 666.

Any suggestions on how to achieve this nicely? Or should I just bite the bullet and wait until I'm back on site?

Thanks,


New Member

ADSL modem <-> Cisco 877 <-> internal network problems!

ITTEST(vlan)#no vlan 100

VLAN 100 does not exist

ITTEST(vlan)#no vlan 2

VLAN 2 does not exist

ITTEST(vlan)#show

  VLAN ISL Id: 1

    Name: default

    Media Type: Ethernet

    VLAN 802.10 Id: 100001

    State: Operational

    MTU: 1500

    Translational Bridged VLAN: 1002

    Translational Bridged VLAN: 1003

  VLAN ISL Id: 666

    Name: VLAN0666

    Media Type: Ethernet

    VLAN 802.10 Id: 100666

    State: Operational

    MTU: 1500

  VLAN ISL Id: 1002

    Name: fddi-default

    Media Type: FDDI

    VLAN 802.10 Id: 101002

    State: Operational

    MTU: 1500

    Bridge Type: SRB

    Translational Bridged VLAN: 1

    Translational Bridged VLAN: 1003

  VLAN ISL Id: 1003

    Name: token-ring-default

    Media Type: Token Ring

    VLAN 802.10 Id: 101003

    State: Operational

    MTU: 1500

    Bridge Type: SRB

    Ring Number: 0

    Bridge Number: 1

    Parent VLAN: 1005

    Maximum ARE Hop Count: 7

    Maximum STE Hop Count: 7

    Backup CRF Mode: Disabled

    Translational Bridged VLAN: 1

    Translational Bridged VLAN: 1002

  VLAN ISL Id: 1004

    Name: fddinet-default

    Media Type: FDDI Net

    VLAN 802.10 Id: 101004

    State: Operational

    MTU: 1500

    Bridge Type: SRB

    Bridge Number: 1

    STP Type: IBM

  VLAN ISL Id: 1005

    Name: trnet-default

    Media Type: Token Ring Net

    VLAN 802.10 Id: 101005

    State: Operational

    MTU: 1500

    Bridge Type: SRB

    Bridge Number: 1

    STP Type: IBM

Hall of Fame Super Gold

ADSL modem <-> Cisco 877 <-> internal network problems!

I no longer require vlan2 or vlan 100 in this config

So all you do is:

conf t

no interface VLAN 2

no interface VLAN 100

end

604
Views
0
Helpful
27
Replies
This widget could not be displayed.