1. Home
  2. Cisco Systems
  3. Cisco 877w: Fa0-3 Interfaces up but no traffic passes

Cisco 877w: Fa0-3 Interfaces up but no traffic passes

All,

Could anyone spare some time to help me troubleshoot a problem with my Cisco 877w config please?

My aim is to create the following setup:

  • Vlan101: Data only, within IP range 192.168.0.0 (/24 - private range)
  • Vlan100: Voice only, within IP range 82.x.x.216 (/29 - public isp range)
  • Dot11radio: Data Vlan101 only, no voice vlan required, WPA
  • NAT: Only configured for Vlan101
  • Encapsulation Method: 802.1q in desirable mode

The problem is that when I plug a PC or Phone into a fastethernet port, there is only a 1 in 10 (approx) chance that the PC will receive an IP address from the DHCP server. I have tried a "debug ip packet", but see no traffic. On a positive note, the wireless config seems to fine and machines can connect, receive a DHCP offer and ping the

192.168.0.254 gateway.

I'm quite new to Cisco and would be really grateful for any advice. Troubleshooting info is below.

Many thanks in advance,

James.

*************************************************************************** Here is a typical result, when a machine is plugged into FastEthernet3:

74Greenfell#sh ip int brief FastEthernet0 unassigned YES unset up down FastEthernet1 unassigned YES unset up down FastEthernet2 unassigned YES unset down down FastEthernet3 unassigned YES unset up up Dot11Radio0 unassigned YES NVRAM up up Dot11Radio0.1 unassigned YES unset up up ATM0 unassigned YES NVRAM down down Vlan1 unassigned YES NVRAM up down Vlan101 unassigned YES NVRAM up up Vlan100 84.xx.xx.217 YES TFTP up up Dialer0 84.xx.xx.217 YES NVRAM up up NVI0 unassigned NO unset up up BVI101 192.168.0.254 YES NVRAM up up Virtual-Access1 unassigned YES unset up up

//Nb: Why are ports fa0,1 showing UP DOWN when nothing is connected!?!

74Greenfell#sh spanning-tree blockedports Number of blocked ports (segments) in the system : 0

74Greenfell#show interface status | in Fa3 Fa3 connected 101 a-full a-100 10/100BaseTX

74Greenfell#sho inter fa3 FastEthernet3 is up, line protocol is up Hardware is Fast Ethernet, address is 001a.e30f.23f4 (bia 001a.e30f. 23f4) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Full-duplex, 100Mb/s ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of "show interface" counters 00:01:08 Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0 Queueing strategy: fifo Output queue: 0/40 (size/max) 5 minute input rate 0 bits/sec, 0 packets/sec 5 minute output rate 0 bits/sec, 0 packets/sec 6 packets input, 2076 bytes, 0 no buffer Received 6 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 3 packets output, 1182 bytes, 0 underruns 0 output errors, 0 collisions, 0 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier

*************************************************************************** I'm using IOS 12.4(15)T1 with the Advanced IP Services feature set.

***************************************************************************

74Greenfell#sh running-config ! version 12.4 no service pad service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname 74Greenfell ! boot-start-marker boot-end-marker ! enable secret 5 ! no aaa new-model clock timezone GMT 0 ! dot11 association mac-list 700 ! dot11 ssid GreenfellMansions74 vlan 101 authentication open authentication key-management wpa guest-mode wpa-psk ascii 7 ! ip cef ! ! no ip dhcp use vrf connected ip dhcp excluded-address 84.xx.xx.217 84.xx.xx.218 ip dhcp excluded-address 192.168.0.254 ! ip dhcp pool vlan101 network 192.168.0.0 255.255.255.0 default-router 192.168.0.254 dns-server 212.159.13.50 212.159.6.9 domain-name plus.com lease 14 ! ip dhcp pool vlan100 network 84.xx.xx.216 255.255.255.248 default-router 84.xx.xx.217 dns-server 212.159.13.50 212.159.6.9 domain-name plus.com option 66 ip 84.xx.xx.218 lease 14 ! no ip domain lookup ip domain name plusnet.com ! multilink bundle-name authenticated ! ! no spanning-tree vlan 100 no spanning-tree vlan 101 username admin password 7 archive log config hidekeys ! ! ip ssh maxstartups 2 ip ssh authentication-retries 2 ! bridge irb ! interface ATM0 no ip address ip access-group Internet_Inbound_ACL in no atm ilmi-keepalive pvc 0/38 description ** BT ADSL Max ** encapsulation aal5mux ppp dialer dialer pool-member 1 ! dsl operating-mode auto ! interface FastEthernet0 switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 ! interface FastEthernet1 switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 ! interface FastEthernet2 switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 ! interface FastEthernet3 switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 ! interface Dot11Radio0 no ip address ! encryption mode ciphers aes-ccm tkip ! encryption vlan 101 mode ciphers tkip ! broadcast-key vlan 101 change 300 ! ssid GreenfellMansions74 ! speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0

36.0 48.0 54.0 channel 2462 station-role root no cdp enable ! interface Dot11Radio0.1 encapsulation dot1Q 101 native bridge-group 101 bridge-group 101 subscriber-loop-control bridge-group 101 spanning-disabled bridge-group 101 block-unknown-source no bridge-group 101 source-learning no bridge-group 101 unicast-flooding ! interface Vlan1 no ip address ! interface Vlan101 description ** Private Data ** no ip address ip virtual-reassembly bridge-group 101 bridge-group 101 subscriber-loop-control bridge-group 101 spanning-disabled ! interface Vlan100 description ** L3 Public Voice ** ip unnumbered Dialer0 ! interface Dialer0 description ** PlusNet ** ip address 84.xx.xx.217 255.255.255.248 ip mtu 1488 ip nat outside ip virtual-reassembly encapsulation ppp dialer pool 1 dialer-group 1 ppp chap hostname @plusdsl.net ppp chap password 7 ! interface BVI101 description ** Fa/802.11 L3 Private Data ** ip address 192.168.0.254 255.255.255.0 ip nat inside ip virtual-reassembly ! ip route 0.0.0.0 0.0.0.0 Dialer0 ! ! no ip http server no ip http secure-server ip nat inside source list 1 interface Dialer0 overload ! ip access-list extended Internet_Inbound_ACL remark Traffic allowed in from ADSL Link permit tcp any any established permit icmp any any deny ip any any ! access-list 1 remark OUR LAN PUBLIC IP RANGE access-list 1 permit 84.xx.xx.216 0.0.0.7 access-list 1 remark NAT_POOL_PRIVATE_DATA access-list 1 permit 192.168.0.0 0.0.0.255 access-list 700 permit 000e.356a.8c05 0000.0000.0000 access-list 700 deny 0000.0000.0000 ffff.ffff.ffff dialer-list 1 protocol ip permit ! [...] ! bridge 101 protocol ieee bridge 101 route ip ! [...] ! end
Reply to
James.Brown
Loading thread data ...

Sometimes loading the latest IOS image is not the best course of action ...

Reply to
Merv

Oh dearie me!??

I have just put that one on a remote router.

12.4.(15T) was swiftly followed by 12.4(15T1) [fc2 by the way, too]

Still, damn DSL issues pressure towards the latest.

My mileage may vary.

Will report soon.

I confess that I have not read the post in detail however 8[75]x do seem a bit flaky for DSL and for other than basic features.

Reply to
Bod43

[...]

Thank you both. I will try downgrading the IOS. However, what is your opinion on having the the vlan101 as a member of the bridge group 101, along with the dot11radio0.1? How does spanning tree work with BVIs and can I disable it?

Should I be achieving dot1q trunking using the alternative subinterface method (fa0.1, fa1.1 etc)?

Reply to
James.Brown

Here is a bit of a guess at how I would start. Not fully worked up but I feel it is a decent start. I feel that you are heading towards more complexity that is necessary.

You might try this. I propose to work with voice only and data only on each ethernet port you can probably easily enough sort out the trunking on the ethernets after the hard bits are working.

bvi 101 ip address 192.168.254 255.255.255.0

bvi 100 ip address 82.x.x.217 255.x.x.x

vl 101 bridge group 101

vl 100 bridge group 100

int fa 0 desc data sw mode access sw access vl 101

int fa 1 desc data sw mode access sw access vl 101

int fa 2 desc voice sw mode access sw access vl 100

int fa 3 desc voice sw mode access sw access vl 100

no interface Dot11Radio0.1

int dot 11 0 no encryption vlan 101 mode ciphers tkip encryption mode ciphers tkip

no ip address bridge group 101

! I have NEVER seen this but maybe it's worth a go ! one thing is that if BVI 100 is DOWN then the dialer may not work. ! perhaps not what you want. int di 0 ip address unnumbered bvi 100

! Alternatively - clueless whether this is OK with ppp. int di 0 no ip address bridge group 100

Let us know what you think.

Reply to
Bod43

There are quite a few different ways that these routers can be configured

e.g. I have right now:- Note NO BVIs

Seperate networks for RAdio and Vlan 1.

255.255.255.128 mask.

Vlan 2 clearly seperate too.

hr#sh ip int br Interface IP-Address OK? Method Status Protocol FastEthernet0 unassigned YES unset up up FastEthernet1 unassigned YES unset up down FastEthernet2 unassigned YES unset down down FastEthernet3 unassigned YES unset down down Dot11Radio0 10.248.37.129 YES NVRAM up up ATM0 unassigned YES NVRAM up up ATM0.1 unassigned YES unset up up Vlan1 10.248.37.1 YES NVRAM up up Vlan2 172.16.146.1 YES NVRAM up down Dialer0 87.15.1.6 YES IPCP up up Virtual-Dot11Radio0 10.248.37.129 YES TFTP down down

hr#sh vlan-sw

VLAN Name Status Ports

---- -------------------------------- ---------

-------------------------------

1 default active Fa0 2 family active Fa1, Fa2, Fa3

######## NOTE:-

Interface IP-Address OK? Method Status Protocol FastEthernet1 unassigned YES unset up down

There is NOTHING connected to this interface UP...DOWN is a decent state for these routers.

Reply to
Bod43

Thanks for this, your post got me thinking.

I just tried removing dot1q config from the interfaces and suddenly everything springs to life:

** Before/Broken** interface FastEthernet0 desc Voice VLAN announced via CDP switchport access vlan 101 switchport trunk native vlan 101 switchport voice vlan 100 end

** After/Working ** interface FastEthernet0 desc Plain data port switchport access vlan 101 end

** Also Working ** interface FastEthernet0 desc Voice and Data. Voice vlan hardcoded on phone. switchport access vlan 101 switchport trunk native vlan 101 switchport trunk allowed vlan 1-100,102-4094 switchport priority extend trust end

As soon as I add "switchport voice vlan 100", the PCs attached to the native vlan (101) cannot obtain a DHCP lease. In fact, dot1q seems to be entirely broken and as none of the above would let the phone join vlan 100.

Maybe this is a bug? I'll try downgrading to 124-11.T3 and post back.

Reply to
James.Brown

On 18 Aug, 11:16, "James.Brown" wrote: [...]

quoted text -

I witnessed the same result with 124-11-T3 - the dot1q trunk would not establish when a phone was plugged in.

After erasing nvram and flash:vlan.dat, then re-creating the same config, but without the BVI interface, dot1q trunking is finally working as expected! My guess is that there are bugs concerning the BVI.

My only problem now is that without a BVI, the dot11radio is broken - clients can associate, but the router doesn't see DHCP discovers. I might need to post separately for advice.

Many thanks for your help. Regards,

James.

Reply to
James.Brown

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.