Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cannot get Gig 0/1 to route to gig 0/0

I have a problem that several have been unabvel to solve.  I have gig 0/0 as my primary WAN interface and an Cellular HWIC as my backup WAN interface.  Off of gig 0/1 I have a laptop and I cannot get it to route out to the internet unless I disconneect the gig 0/0, in whihc it then goes out the cellular interface.  However, form the rotuer consol, I can go out gig 0/0.

Current configuration : 4484 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CiscoDemo4GLTE
!
boot-start-marker
boot system flash:c1900-universalk9-mz.SPA.151-4.M3.10
boot-end-marker
!
!
enable secret 5 $1$RDV7$13G5jO/0bPpJiWWiDwO7S/
enable password DanAngst
!
no aaa new-model
no process cpu extended history
no process cpu autoprofile hog
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
ip dhcp pool lan0
network 10.10.10.0 255.255.255.0
default-router 10.10.10.1
dns-server 4.2.2.2
!
!
multilink bundle-name authenticated
!
chat-script ltescript "" "AT
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3645487553
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3645487553
revocation-check none
rsakeypair TP-self-signed-3645487553
!
!
crypto pki certificate chain TP-self-signed-3645487553
certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 33363435 34383735 3533301E 170D3132 30343133 31363535
  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343534
  38373535 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100C0E1 172C26CD FE4EF183 B9B9FF39 6661A3F9 9A623B34 10F19FDB 415C3CDC
  507C834F B3DC74FF 5F7B9529 7BC2107C 3646D810 2AC97239 E07F985D 3700E134
  448EEA16 A1D4FFA5 62D9D204 D2004BA0 13F843E4 8E4D84BA C4B172EF 8530DE3A
  DFA7AD7E 55F7F2A6 D1C9988A 15367502 A8B44E21 16228E21 E65269B4 CF230F69
  B95B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 146C09AD D15833D3 DC949C08 FDF65EA8 EA5ACA91 5C301D06
  03551D0E 04160414 6C09ADD1 5833D3DC 949C08FD F65EA8EA 5ACA915C 300D0609
  2A864886 F70D0101 05050003 81810032 16C06137 36204621 57635F4D F546E5FB
  E3DDF625 52C9F512 0BF1910A FF1210DF F645C218 A5BDFBA3 44C66C24 969450AE
  FE4382A8 BDE67BDC 5555043C 515229A7 A75DF22E AAE20FD5 BDBED744 D90710D0
  DD37D67C 83472DCE CA461911 152C92F1 36642B47 49A6533C FF8F2154 A57CDFA6
  9108676B 7EC7C6D9 78ADF971 1D4621
        quit
license udi pid CISCO1921/K9 sn FTX160685BJ
!
!
!
!
controller Cellular 0/1
!
!
!
!
!
interface Loopback1
ip address 1.2.3.9 255.255.255.255
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
no cdp enable
no mop enabled
!
interface GigabitEthernet0/0
ip address dhcp
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface GigabitEthernet0/1
ip address 10.10.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
no cdp enable
!
interface Cellular0/1/0
ip address negotiated
no ip unreachables
ip nat outside
ip virtual-reassembly in
encapsulation slip
load-interval 30
dialer in-band
dialer idle-timeout 0
dialer string ltescript
dialer watch-group 1
async mode interactive
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
ip nat inside source list 100 interface Cellular0/1/0 overload
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 90
ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 200
!
access-list 100 permit ip any any
dialer watch-list 1 ip 5.6.7.8 0.0.0.0
dialer watch-list 1 delay route-check initial 60
dialer watch-list 1 delay connect 1
!
no cdp run
route-map clear-df permit 10
set ip df 0
!
!
snmp-server community public RO
tftp-server exit
!
control-plane
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line 0/1/0
script dialer ltescript
modem InOut
no exec
rxspeed 100000000
txspeed 50000000
line vty 0 4
password cisco
login
transport input all
line vty 5 15
password cisco
login
transport input all
!
scheduler allocate 20000 1000
event manager environment cell_int Cellular0/0/0
event manager environment modem_reset_count 0
event manager environment reload_required 1
event manager environment poll_time 30
event manager environment max_pwrcycles 3
event manager directory user policy "flash:/"
event manager directory user repository flash:/
event manager scheduler script thread class N number 1
event manager policy lte_cli.tcl
event manager policy lte_recovery_v1.tcl class N
!
end

CiscoDemo4GLTE#

  • WAN Routing and Switching
20 REPLIES
Hall of Fame Super Bronze

Re: Cannot get Gig 0/1 to route to gig 0/0

G0/0 should have 'ip nat outside' instead of 'ip nat inside'

New Member

Cannot get Gig 0/1 to route to gig 0/0

When I do that I break the access out gig 0/0

Hall of Fame Super Bronze

Cannot get Gig 0/1 to route to gig 0/0

Follow Peter's suggestion. There are other missing NAT configuration in the router.

Cisco Employee

Re: Cannot get Gig 0/1 to route to gig 0/0

Hello Sam,

One obvious issue that hit my eye is that the Gi0/0 is configured with ip nat inside - should it not rather be ip nat outside, assuming it is the outside interface?

In addition, the default route defined by the command

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 90

may not be working properly, because it specifies only the egress interface and not the IP of the next hop - under certain circumstances, this static route may not work. Remove it, and replace it with the following modification:

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp 90

This modification will force your router to create a default route using the gateway IP address obtained via DHCP on Gi0/0, and assign it the AD of 90.

Also, the NAT configuration is not correct. It does not take into account that the traffic must be NATted according to the interface it is being sent out through. Currently, everything is being NATted to the IP of the cellular interface, even if it tries to go out the Gi0/0, which is wrong.

Configure the following:

route-map NAT-Gi permit 10

  match ip address 100

  match interface Gi0/0

route-map NAT-Cell permit 10

  match ip address 100

  match interface Cellular0/1/0

no ip nat inside source list 100 interface Cell0/1/0 overload

ip nat inside source route-map NAT-Gi interface Gi0/0 overload

ip nat inside source route-map NAT-Cell interface Cell0/1/0 overload

Perform these configuration modifications, and test it out. If it does not work, please post your then-current configuration again. Thanks!

Best regards,

Peter

New Member

Cannot get Gig 0/1 to route to gig 0/0

Peter - you fixed the issue with getting out GIg 0/0 - thanks you.  However, now when I pull Gig 0/0 I do not failover to the Cellualr interface.  I tryign to have gig 0/0 be my primary WAN and the Cell be my backup/failover. 

I appreciate the help

New Member

Re: Cannot get Gig 0/1 to route to gig 0/0

Here is the updated config

Current configuration : 4881 bytes

!

! Last configuration change at 19:36:19 UTC Tue Apr 17 2012

! NVRAM config last updated at 19:44:43 UTC Tue Apr 17 2012

! NVRAM config last updated at 19:44:43 UTC Tue Apr 17 2012

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CiscoDemo4GLTE

!

boot-start-marker

boot system flash:c1900-universalk9-mz.SPA.151-4.M3.10

boot-end-marker

!

!

enable secret 5 $1$RDV7$13G5jO/0bPpJiWWiDwO7S/

enable password DanAngst

!

no aaa new-model

no process cpu extended history

no process cpu autoprofile hog

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

ip dhcp pool lan0

network 10.10.10.0 255.255.255.0

default-router 10.10.10.1

dns-server 4.2.2.2

!

!

multilink bundle-name authenticated

!

chat-script ltescript "" "AT

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-3645487553

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3645487553

revocation-check none

rsakeypair TP-self-signed-3645487553

!

!

crypto pki certificate chain TP-self-signed-3645487553

certificate self-signed 01

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33363435 34383735 3533301E 170D3132 30343133 31363535

  35305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36343534

  38373535 3330819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100C0E1 172C26CD FE4EF183 B9B9FF39 6661A3F9 9A623B34 10F19FDB 415C3CDC

  507C834F B3DC74FF 5F7B9529 7BC2107C 3646D810 2AC97239 E07F985D 3700E134

  448EEA16 A1D4FFA5 62D9D204 D2004BA0 13F843E4 8E4D84BA C4B172EF 8530DE3A

  DFA7AD7E 55F7F2A6 D1C9988A 15367502 A8B44E21 16228E21 E65269B4 CF230F69

  B95B0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

  551D2304 18301680 146C09AD D15833D3 DC949C08 FDF65EA8 EA5ACA91 5C301D06

  03551D0E 04160414 6C09ADD1 5833D3DC 949C08FD F65EA8EA 5ACA915C 300D0609

  2A864886 F70D0101 05050003 81810032 16C06137 36204621 57635F4D F546E5FB

  E3DDF625 52C9F512 0BF1910A FF1210DF F645C218 A5BDFBA3 44C66C24 969450AE

  FE4382A8 BDE67BDC 5555043C 515229A7 A75DF22E AAE20FD5 BDBED744 D90710D0

  DD37D67C 83472DCE CA461911 152C92F1 36642B47 49A6533C FF8F2154 A57CDFA6

  9108676B 7EC7C6D9 78ADF971 1D4621

        quit

license udi pid CISCO1921/K9 sn FTX160685BJ

!

!

!

!

controller Cellular 0/1

!

!

!

!

!

interface Loopback1

ip address 1.2.3.9 255.255.255.255

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

no cdp enable

no mop enabled

!

interface GigabitEthernet0/0

ip address dhcp

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

!

interface GigabitEthernet0/1

ip address 10.10.10.1 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

no cdp enable

!

interface Cellular0/1/0

ip address negotiated

no ip unreachables

ip nat outside

ip virtual-reassembly in

encapsulation slip

load-interval 30

dialer in-band

dialer idle-timeout 0

dialer string ltescript

dialer watch-group 1

async mode interactive

!

ip forward-protocol nd

!

ip http server

ip http secure-server

!

ip nat inside source route-map NAT-Cell interface Cellular0/1/0 overload

ip nat inside source route-map NAT-Gi interface GigabitEthernet0/0 overload

ip route 0.0.0.0 0.0.0.0 Cellular0/1/0 200

ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0 dhcp 90

!

access-list 100 permit ip any any

dialer watch-list 1 ip 5.6.7.8 0.0.0.0

dialer watch-list 1 delay route-check initial 60

dialer watch-list 1 delay connect 1

!

no cdp run

route-map NAT-Cell permit 10

match ip address 100

match interface Cellular0/1/0

!

route-map clear-df permit 10

set ip df 0

!

route-map NAT-Gi permit 10

match ip address 100

match interface GigabitEthernet0/0

!

!

snmp-server community public RO

tftp-server exit

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

line aux 0

line 2

no activation-character

no exec

transport preferred none

transport input all

transport output pad telnet rlogin lapb-ta mop udptn v120 ssh

stopbits 1

line 0/1/0

script dialer ltescript

modem InOut

no exec

rxspeed 100000000

txspeed 50000000

line vty 0 4

password cisco

login

transport input all

line vty 5 15

password cisco

login

transport input all

!

scheduler allocate 20000 1000

event manager environment cell_int Cellular0/0/0

event manager environment modem_reset_count 0

event manager environment reload_required 1

event manager environment poll_time 30

event manager environment max_pwrcycles 3

event manager directory user policy "flash:/"

event manager directory user repository flash:/

event manager scheduler script thread class N number 1

event manager policy lte_cli.tcl

event manager policy lte_recovery_v1.tcl class N

!

end

Hall of Fame Super Silver

Cannot get Gig 0/1 to route to gig 0/0

Sam

Your updated config still seems to have ip nat inside on the Gig0/0 interface.

I suspect that the problem with failover to the cellular is caused by the fact that the static default route using Gig0/0 does not get removed from the routing table. You can verify that by causing the connection on Gig 0/0 to fail and then doing show ip route. I suspect that you will find the routing table still has the default route using Gig0/0 and not the floating static for Cellular.

This is a fairly common issue with static routes (and especially static default routes) which use Ethernet interfaces. IOS will not remove the static route unless the Ethernet interface goes line protocol down. It happens frequently that you lose connectivity through the Ethernet interface but the interface does not go line protocol down. The solution to this is to use Object Tracking to check connectivity through the interface and to force withdrawal of the route if you lose connectivity through the Ethernet interface.

HTH

Rick

New Member

Cannot get Gig 0/1 to route to gig 0/0

I fixed the NAT statement and when I pull the gig 0/0 cable my router show the cellular interface as the default.  If I ping from the console fo the router, I can get everywhere regardless of gig 0/0 up or not. 

Cisco Employee

Cannot get Gig 0/1 to route to gig 0/0

Sam,

So what is the current state of things after implementing all the suggested corrections?

Rick - yes, you are correct about the static route not being removed from the routing table until the egress interface comes down. However, Sam has indicated he "pulls out gi0/0" so that should definitely make the interface go line protocol down, and remove the static default route via gi0/0 from the routing table.

Best regards,

Peter

1532
Views
5
Helpful
20
Replies
This widget could not be displayed.