Cisco 877w: Fa0-3 Interfaces up but no traffic passes
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
|||||||||||||
|
Posted by James.Brown on August 17, 2007, 6:55 pm
Please log in for more thread options Could anyone spare some time to help me troubleshoot a problem with my Cisco 877w config please? My aim is to create the following setup: * Vlan101: Data only, within IP range 192.168.0.0 (/24 - private range) * Vlan100: Voice only, within IP range 82.x.x.216 (/29 - public isp range) * Dot11radio: Data Vlan101 only, no voice vlan required, WPA * NAT: Only configured for Vlan101 * Encapsulation Method: 802.1q in desirable mode The problem is that when I plug a PC or Phone into a fastethernet port, there is only a 1 in 10 (approx) chance that the PC will receive an IP address from the DHCP server. I have tried a "debug ip packet", but see no traffic. On a positive note, the wireless config seems to fine and machines can connect, receive a DHCP offer and ping the 192.168.0.254 gateway. I'm quite new to Cisco and would be really grateful for any advice. Troubleshooting info is below. Many thanks in advance, James. *************************************************************************** Here is a typical result, when a machine is plugged into FastEthernet3: 74Greenfell#sh ip int brief FastEthernet0 unassigned YES unset up down FastEthernet1 unassigned YES unset up down FastEthernet2 unassigned YES unset down down FastEthernet3 unassigned YES unset up up Dot11Radio0 unassigned YES NVRAM up up Dot11Radio0.1 unassigned YES unset up up ATM0 unassigned YES NVRAM down down Vlan1 unassigned YES NVRAM up down Vlan101 unassigned YES NVRAM up up Vlan100 84.xx.xx.217 YES TFTP up up Dialer0 84.xx.xx.217 YES NVRAM up up NVI0 unassigned NO unset up up BVI101 192.168.0.254 YES NVRAM up up Virtual-Access1 unassigned YES unset up up //Nb: Why are ports fa0,1 showing UP DOWN when nothing is connected!?! 74Greenfell#sh spanning-tree blockedports Number of blocked ports (segments) in the system : 0 74Greenfell#show interface status | in Fa3 Fa3 connected 101 a-full a-100 10/100BaseTX 74Greenfell#sho inter fa3 FastEthernet3 is up, line protocol is up Hardware is Fast Ethernet, address is 001a.e30f.23f4 (bia 001a.e30f. 23f4) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters 00:01:08 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 6 packets input, 2076 bytes, 0 no buffer Received 6 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 3 packets output, 1182 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier *************************************************************************** I'm using IOS 12.4(15)T1 with the Advanced IP Services feature set. *************************************************************************** 74Greenfell#sh running-config ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname 74Greenfell ! boot-start-marker boot-end-marker ! enable secret 5 <snip>
!
no aaa new-model clock timezone GMT 0 ! dot11 association mac-list 700 ! dot11 ssid GreenfellMansions74 vlan 101 authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 <snip>
!
ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 84.xx.xx.217 84.xx.xx.218 ip dhcp excluded-address 192.168.0.254 ! ip dhcp pool vlan101 network 192.168.0.0 255.255.255.0 default-router 192.168.0.254 dns-server 212.159.13.50 212.159.6.9 domain-name plus.com lease 14 ! ip dhcp pool vlan100 network 84.xx.xx.216 255.255.255.248 default-router 84.xx.xx.217 dns-server 212.159.13.50 212.159.6.9 domain-name plus.com option 66 ip 84.xx.xx.218 lease 14 ! no ip domain lookup ip domain name plusnet.com ! multilink bundle-name authenticated ! ! no spanning-tree vlan 100 no spanning-tree vlan 101 username admin password 7 <snip>
archive
log config hidekeys ! ! ip ssh maxstartups 2 ip ssh authentication-retries 2 ! bridge irb ! interface ATM0 no ip address ip access-group Internet_Inbound_ACL in no atm ilmi-keepalive pvc 0/38 description ** BT ADSL Max ** encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0 switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 ! interface FastEthernet1 switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 ! interface FastEthernet2 switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 ! interface FastEthernet3 switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 ! interface Dot11Radio0 no ip address ! encryption mode ciphers aes-ccm tkip ! encryption vlan 101 mode ciphers tkip ! broadcast-key vlan 101 change 300 ! ssid GreenfellMansions74 ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0 channel 2462 station-role root no cdp enable ! interface Dot11Radio0.1 encapsulation dot1Q 101 native bridge-group 101 bridge-group 101 subscriber-loop-control bridge-group 101 spanning-disabled bridge-group 101 block-unknown-source no bridge-group 101 source-learning no bridge-group 101 unicast-flooding ! interface Vlan1 no ip address ! interface Vlan101 description ** Private Data ** no ip address ip virtual-reassembly bridge-group 101 bridge-group 101 subscriber-loop-control bridge-group 101 spanning-disabled ! interface Vlan100 description ** L3 Public Voice ** ip unnumbered Dialer0 ! interface Dialer0 description ** PlusNet ** ip address 84.xx.xx.217 255.255.255.248 ip mtu 1488 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp chap hostname <snip>@plusdsl.net
!
ppp chap password 7 <snip> interface BVI101 description ** Fa/802.11 L3 Private Data ** ip address 192.168.0.254 255.255.255.0 ip nat inside ip virtual-reassembly ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! no ip http server no ip http secure-server ip nat inside source list 1 interface Dialer0 overload ! ip access-list extended Internet_Inbound_ACL remark Traffic allowed in from ADSL Link permit tcp any any established permit icmp any any deny ip any any ! access-list 1 remark OUR LAN PUBLIC IP RANGE access-list 1 permit 84.xx.xx.216 0.0.0.7 access-list 1 remark NAT_POOL_PRIVATE_DATA access-list 1 permit 192.168.0.0 0.0.0.255 access-list 700 permit 000e.356a.8c05 0000.0000.0000 access-list 700 deny 0000.0000.0000 ffff.ffff.ffff dialer-list 1 protocol ip permit ! [...] ! bridge 101 protocol ieee bridge 101 route ip ! [...] ! end | |||||||||||||
|
Posted by Merv on August 17, 2007, 7:20 pm
Please log in for more thread options Sometimes loading the latest IOS image is not the best course of action ... | |||||||||||||
|
Posted by on August 17, 2007, 7:38 pm
Please log in for more thread options > Sometimes loading the latest IOS image is not the best course of
> action ... Oh dearie me!?? I have just put that one on a remote router. 12.4.(15T) was swiftly followed by 12.4(15T1) [fc2 by the way, too] Still, damn DSL issues pressure towards the latest. My mileage may vary. Will report soon. I confess that I have not read the post in detail however 8[75]x do seem a bit flaky for DSL and for other than basic features. | |||||||||||||
|
Posted by James.Brown on August 17, 2007, 8:34 pm
Please log in for more thread options On 18 Aug, 00:38, Bo...@hotmail.co.uk wrote:
>
> > Sometimes loading the latest IOS image is not the best course of
> > action ... >
[...]
> Oh dearie me!?? > > I have just put that one on a remote router. > > 12.4.(15T) was swiftly followed by 12.4(15T1) [fc2 by the way, too] > >
> I confess that I have not read the post in detail > however 8[75]x do seem a bit flaky for DSL and > for other than basic features. Thank you both. I will try downgrading the IOS. However, what is your opinion on having the the vlan101 as a member of the bridge group 101, along with the dot11radio0.1? How does spanning tree work with BVIs and can I disable it? Should I be achieving dot1q trunking using the alternative subinterface method (fa0.1, fa1.1 etc)? | |||||||||||||
|
Posted by on August 17, 2007, 9:30 pm
Please log in for more thread options > On 18 Aug, 00:38, Bo...@hotmail.co.uk wrote:
> > > > > > > > > Sometimes loading the latest IOS image is not the best course of
> > > action ... >
> > Oh dearie me!??
>
> > I have just put that one on a remote router.
>
> > 12.4.(15T) was swiftly followed by 12.4(15T1) [fc2 by the way, too]
>
> [...] > > > I confess that I have not read the post in detail
> > however 8[75]x do seem a bit flaky for DSL and > > for other than basic features. >
> Thank you both. I will try downgrading the IOS. However, what is your > opinion on having the the vlan101 as a member of the bridge group 101, > along with the dot11radio0.1? How does spanning tree work with BVIs > and can I disable it? > > Should I be achieving dot1q trunking using the alternative > subinterface method (fa0.1, fa1.1 etc)?- Hide quoted text - Here is a bit of a guess at how I would start. Not fully worked up but I feel it is a decent start. I feel that you are heading towards more complexity that is necessary. You might try this. I propose to work with voice only and data only on each ethernet port you can probably easily enough sort out the trunking on the ethernets after the hard bits are working. bvi 101 ip address 192.168.254 255.255.255.0 bvi 100 ip address 82.x.x.217 255.x.x.x vl 101 bridge group 101 vl 100 bridge group 100 int fa 0 desc data sw mode access sw access vl 101 int fa 1 desc data sw mode access sw access vl 101 int fa 2 desc voice sw mode access sw access vl 100 int fa 3 desc voice sw mode access sw access vl 100 no interface Dot11Radio0.1 int dot 11 0 no encryption vlan 101 mode ciphers tkip encryption mode ciphers tkip no ip address bridge group 101 ! I have NEVER seen this but maybe it's worth a go ! one thing is that if BVI 100 is DOWN then the dialer may not work. ! perhaps not what you want. int di 0 ip address unnumbered bvi 100 ! Alternatively - clueless whether this is OK with ppp. int di 0 no ip address bridge group 100 Let us know what you think. | |||||||||||||
| Similar Threads | Posted |
| Cisco 877w: Fa0-3 Interfaces up but no traffic passes | August 17, 2007, 6:55 pm |
| PIX lan-to-lan IPSEC comes up...no traffic passes tunnel | November 2, 2005, 6:28 pm |
| PIX VPN Client connects but not traffic passes through | April 23, 2007, 11:16 pm |
| PIX Ipsec VPN - SA established, no traffic passes | May 3, 2007, 2:34 pm |
| Newbie Question: 802.1q and VLAN interfaces on 877w | July 21, 2007, 7:57 am |
| WCCP on ASA & traffic between physical interfaces on ASA | February 13, 2007, 3:10 pm |
| NAT type of Cisco 877W | November 26, 2005, 8:14 pm |
| Using IPv6 on a Cisco 877W | October 21, 2006, 10:52 am |
| Bridging with a Cisco 877W | December 21, 2006, 1:11 pm |
| Cisco 877W of 857W ? | May 23, 2008, 10:28 am |
| Cisco 877W and Demon | November 22, 2008, 9:39 am |
| Problem config Cisco 877w | October 26, 2005, 5:02 am |
| Cisco 877W Router ( Newbie ) | November 3, 2005, 7:28 pm |
| Upgrading flash in a Cisco 877W | October 27, 2006, 5:31 am |
| Cisco 877W as Wireless client | July 1, 2007, 12:49 pm |