1. Home
  2. Cisco Systems
  3. CatOS router on a stick configuration

CatOS router on a stick configuration

Hi I'm having an issue setting up a router on a stick configuration with a 4006 running CatOS and a 2621 router. I have set up vlans on the 4006, and set up sub interfaces on the 2621 that corrospond to the different vlan's however when I connect a workstation to the vlan I can only ping out to the ip address of the subinterface on the router not the other VLAN's or to the internal interface on the PIX or internet. I've had this config working on a 2621 previously when working with an IOS switch so I'm wondering if the issue is just my lack of knowledge of CatOS. I have posted the configs of the different devices below as well as the topology, any help with this would be appreciated.

Internet || PIX ||

2621 || 4006 || VLAN106 VLAN104

4006 Configuration

This command shows non-default configurations only. Use 'show config all' to show both default and non-default configurations. ................. ..........................

..........................

..

begin ! # ***** NON-DEFAULT CONFIGURATION ***** ! ! #time: Fri Jan 22 2010, 07:12:02 ! #version 7.6(17) ! ! #system web interface version(s) !

--More-- #dot1x set feature dot1x-radius-keepalive disable ! #frame distribution method set port channel all distribution mac both ! #vtp set vtp mode transparent set vlan 1 name default type ethernet mtu 1500 said 100001 state active set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state active set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004 state active stp ieee set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state active stp ibm set vlan 104,106 set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003 state active mode srb aremaxhop 7 stemaxhop 7 backupcrf off ! #ip set interface sc0 1 192.168.1.14/255.255.255.0 192.168.1.255

set interface sl0 down set interface me1 down set ip route 0.0.0.0/0.0.0.0 192.168.1.1 ! #set boot command set boot config-register 0x2

--More-- set boot system flash bootflash:cat4000-k8.7-6-17.bin set boot system flash bootflash:cat4000-k8.7-6-5.bin ! #multicast filter set igmp filter disable ! #module 1 : 2-port 1000BaseX Supervisor set trunk 1/2 on dot1q 1-1005,1025-4094 ! #module 2 : 6-port 1000BaseX Ethernet ! #module 3 : 48-port 10/100BaseTx Ethernet set vlan 104 3/25-36 set vlan 106 3/13-24 set port speed 3/1-48 100 set port duplex 3/1-48 full set trunk 3/48 desirable dot1q 1-1005,1025-4094 ! #module 4 empty ! #module 5 empty ! #module 6 empty

2621 Configuration

version 12.3

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname tstrtr

!

boot-start-marker

boot-end-marker

!

enable secret ###################

!

no aaa new-model

ip subnet-zero

no ip source-route

--More-- !

!

no ip domain lookup

!

no ip bootp server

ip cef

! ! ! ! ! ! ! ! ! ! ! ! !

interface FastEthernet0/0

description Connection to Edge

ip address 10.1.2.254 255.255.255.0

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

speed 100

full-duplex

!

interface FastEthernet0/1.1

description Management VLAN

encapsulation dot1Q 1 native

ip address 192.168.1.1 255.255.255.0

!

interface FastEthernet0/1.4

description Home VLAN

encapsulation dot1Q 104

ip address 192.168.104.1 255.255.255.0

!

interface FastEthernet0/1.6

description Work VLAN

encapsulation dot1Q 106

ip address 192.168.106.1 255.255.255.0

!

router rip

network 10.0.0.0

network 192.0.0.0

!

no ip http server

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.2.1

! ! ! ! ! !

dial-peer cor custom

! !

! !

line con 0

exec-timeout 15 0

password ############

logging synchronous

login

length 22

history size 30

line aux 0

exec-timeout 5 0

login

length 22

transport output none

line vty 0 4

exec-timeout 20 30

password ###############

login

length 22

history size 30

PIX Configuration

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 100full

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password ################## encrypted

passwd ################# encrypted

hostname testpix

domain-name testdomain.local

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol sip 5060

fixup protocol sip udp 5060

fixup protocol skinny 2000

no fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list 101 permit ip 10.1.2.0 255.255.255.0 10.1.3.0

255.255.255.0

access-list 102 permit icmp any any

access-list 102 permit ip 10.1.3.0 255.255.255.0 10.1.2.0

255.255.255.0

access-list 103 permit ip any any

pager lines 24

mtu outside 1500

mtu inside 1500

ip address outside 111.111.111.111 255.255.255.252

ip address inside 10.1.2.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool pptp-pool 10.2.3.10-10.2.3.50

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list 101

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

conduit permit icmp any any

route outside 0.0.0.0 0.0.0.0 111.111.111.111 1

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225

1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

sysopt connection permit-pptp

telnet 192.168.0.0 255.255.0.0 inside

telnet 10.0.0.0 255.0.0.0 inside

telnet timeout 5

ssh timeout 5

console timeout 0

vpdn group 1 accept dialin pptp

vpdn group 1 ppp authentication pap

vpdn group 1 ppp authentication chap

vpdn group 1 ppp authentication mschap

vpdn group 1 ppp encryption mppe auto

vpdn group 1 client configuration address local pptp-pool

vpdn group 1 client configuration dns 192.168.6.50

vpdn group 1 pptp echo 60

vpdn group 1 client authentication local

vpdn username testuser password *********

vpdn enable outside

dhcpd lease 3600

dhcpd ping_timeout 750

username cisco password ############### encrypted privilege 15

terminal width 80

Reply to
T0nyD
Loading thread data ...

Why are you hard coding the speed/duplex? Unless you specific set the duplex on your workstations (which can be difficult to find), you'll have a duplex conflict on every one. I'd recommend auto speed, auto duplex on everything.

Most likely this is the problematic line. I'd recommend getting 'desireable' out, as that signals the switch to try to negotiate dynamic trunking protocol with the switch on the other side. You don't have a switch on the other side, and a router isn't going to talk dynamic trunking protocol.

Is this port in trunking mode now? What does the port status show? show trunk 3/48

Reply to
Doug McIntyre

I can take out the hard coded speed, I had read that it was best to hard code the speed and duplex on both ends of the trunk at least

The status does show trunking.

What should I use for this line?

set trunk 3/48 desirable dot1q 1-1005,1025-4094

I also tried below with the same results.

set trunk 3/48 on dot1q 1-1005,1025-4094

Reply to
T0nyD

A long long time ago. Auto is definately desireable, especially since GigE requires it.

Hmm, should be working then.

That is the proper form.

Make sure the VLANs exist the same on both sides (show vlan). Use VTP transparent mode (I'd avoid VTP altogether, transparent mode makes it invisible).

Here are config snippets out of a working config exactly as you are trying to do, albeit slightly different gear.

set vtp mode transparent vlan set vlan 103 2/20-29 set vlan 104 2/30-39 set trunk 2/48 on dot1q 1-1005,1025-4094 set trunk 2/49 on dot1q 1-1005,1025-4094

interface FastEthernet2/0.103 description Open encapsulation dot1Q 103 ip address ...

interface FastEthernet2/0.104 description Open encapsulation dot1Q 104 ip address ...

Reply to
Doug McIntyre

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.