cable modem on cisco 887va-k9

[codeler]

Hi to All! This is my first post to the portal so forgive me for any mistakes during post.

I took my ccna some years ago and since then I have setup some cisco routers(mostly basic setup) but it hasn't been an everyday job! Since last year I own a cisco 887va-k9 router and I have setup my adsl connection successfuly and also some basic nat for some sarver that I host. The problem is that I recently got a cable connection so I have asked from my ISP for a modem in order to connect it to my router. Until now I haven't been able to successfuly setup a connection from the router through the modem to the internet. I can some how get only upload but not downloads!

The things that I have tried are: first created a new vlan10 assigned that to port fa0, set ip address to dhcp and nat ouside, so when I connect the modem to port fa0 the interface gets an ip from the dhcp.

Then I have created acl1 nat rule (permit 192.168.1.0 0.0.0.255), and used that rule to a dynamic nat rule (from inside to outside-translate from acl1 to interface vlan10)

Finally created a static route (ip route 0.0.0.0 0.0.0.0 vlan10 1) in my configuration there is also onother static route(ip route 0.0.0.0 0.0.0.0 Dialer0 10) which is for my adsl dialer and I changed the metric distance to 10 so cable connection will be preffered. Also tried to use dhcp on the next hop of the static route but no luck with that also.

I know that somthing is missing but I can't figure it out! I have also saerched so much but I haven't found any posts for this scenario!

Thank you in advance!

 

[imbadatthis]

post the config for fa0, and vlan 10...



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[codeler]

Hello and thank you for the immidiate response!
Below you will find the entire configuration. I have only removed some usernames and password hashes...

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Cisco-887VA
!
boot-start-marker
boot-end-marker
!
!
no logging buffered
enable secret 4 ********************************************
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local 
!
!
!
!
!
aaa session-id common
memory-size iomem 10
!
crypto pki trustpoint TP-self-signed-2127420899
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-2127420899
 revocation-check none
 rsakeypair TP-self-signed-2127420899
!
!
crypto pki certificate chain TP-self-signed-2127420899
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 32313237 34323038 3939301E 170D3133 31323239 32323231 
  35325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D32 31323734 
  32303839 3930819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100BD0E 032F496D 831FB014 69A0293A 92939BFF CFE47670 1DF9D3A5 B8208CBB 
  A281DAA1 6FB4010B 67C0F944 BA2A3E6E ACB95C37 2FA77A46 9E9382A8 E503BEE7 
  0CB8F407 F7581F0C 1CB50AAC D4A82F60 51201104 1EC0595F 71702673 5E803FE8 
  FC90E9ED 5FC6F60A 0ED6C40B 93A7FFB1 F1CD5D99 9E40D78D 6ED8EAA3 4D3DA827 
  838D0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603 
  551D2304 18301680 14E7C35F AFE1DB91 01FA9DE4 D0393D8D 6752C92F EC301D06 
  03551D0E 04160414 E7C35FAF E1DB9101 FA9DE4D0 393D8D67 52C92FEC 300D0609 
  2A864886 F70D0101 05050003 81810090 6B770F0F 3A15C03C 2CCCD42B 5550C0DC 
  B47B2F84 89B784FD E431F6E8 9279FF87 BFC9AB5D 0BADCBBD EE0F6170 864C76C1 
  3A70A861 503974EC 80F58E58 8568E000 E91C12CC AB5E7E3C 1C44A619 E03C5487 
  D1D64485 AA6BEC93 E828A38D E0AA2F10 09D15217 358C36EF 4F8272B8 E0D3FA81 
  90961E96 EDCC07EE ED729B3B FAE811
  	quit
!
!
!
!


!
ip dhcp excluded-address 192.168.1.1 192.168.1.99
ip dhcp excluded-address 192.168.1.151 192.168.1.254
ip dhcp excluded-address 10.10.10.1 10.10.10.99
ip dhcp excluded-address 10.10.10.151 10.10.10.254
!
ip dhcp pool Cisco-DHCP
 import all
 network 192.168.1.0 255.255.255.0
 dns-server 8.8.8.8 8.8.4.4 
 default-router 192.168.1.1 
!
ip dhcp pool Cisco-DHCP-2
 import all
 network 10.10.10.0 255.255.255.0
 dns-server 8.8.8.8 8.8.4.4 
 default-router 10.10.10.1 
!
!
!
ip name-server 8.8.8.8
ip name-server 8.8.4.4
ip ddns update method ccp_ddns1
 HTTP
  add [URL unfurl="true"]http://lerasioannis:************@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>[/URL]
  remove [URL unfurl="true"]http://lerasioannis:************@members.dyndns.org/nic/update?system=dyndns&hostname=<h>&myip=<a>[/URL]
!
ip cef
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO887VA-SEC-K9 sn FCZ1734C0E9
!
!
username ********* privilege 15 secret 4 ************************************************
username ********* privilege 15 view root secret 4 *******************************************
!
!
!
!
!
controller VDSL 0
 operating mode adsl2+ 
!
! 
!
!
!
!
!
!
!
!
interface Ethernet0
 no ip address
 shutdown
!
interface ATM0
 no ip address
 no atm ilmi-keepalive
!
interface ATM0.1 point-to-point
 pvc 8/35 
  pppoe-client dial-pool-number 1
 !
!
interface FastEthernet0
 switchport access vlan 10
 no ip address
!
interface FastEthernet1
 no ip address
!
interface FastEthernet2
 switchport access vlan 2
 no ip address
!
interface FastEthernet3
 no ip address
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 ip tcp adjust-mss 1412
!
interface Vlan2
 ip address 10.10.10.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
!
interface Vlan10
 ip address dhcp
 ip nat outside
 ip virtual-reassembly in
!
interface Dialer0
 ip ddns update hostname Cisco-887VA.myftp.dyndns.org
 ip ddns update ccp_ddns1
 ip address negotiated
 ip mtu 1452
 ip nat outside
 ip virtual-reassembly in
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 ppp authentication chap callin
 ppp chap hostname *************.ath.forthnet.gr
 ppp chap password 0 ***********
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip nat inside source list 1 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.2 21 interface Dialer0 21
ip nat inside source static tcp 192.168.1.2 443 interface Dialer0 443
ip nat inside source static tcp 192.168.1.2 3389 interface Dialer0 3389
ip nat inside source static tcp 192.168.1.2 46755 interface Dialer0 46755
ip nat inside source static tcp 192.168.1.2 50000 interface Dialer0 50000
ip nat inside source static tcp 192.168.1.2 50001 interface Dialer0 50001
ip nat inside source static tcp 192.168.1.2 50002 interface Dialer0 50002
ip nat inside source static tcp 192.168.1.2 50003 interface Dialer0 50003
ip nat inside source static tcp 192.168.1.2 50004 interface Dialer0 50004
ip nat inside source static tcp 192.168.1.2 50005 interface Dialer0 50005
ip nat inside source static tcp 192.168.1.2 50006 interface Dialer0 50006
ip nat inside source static tcp 192.168.1.2 50007 interface Dialer0 50007
ip nat inside source static tcp 192.168.1.2 50008 interface Dialer0 50008
ip nat inside source static tcp 192.168.1.2 50009 interface Dialer0 50009
ip nat inside source static tcp 192.168.1.2 50010 interface Dialer0 50010
ip nat inside source list 2 interface Dialer0 overload
ip nat inside source static tcp 192.168.1.2 80 interface Dialer0 80
ip nat inside source list 3 interface Vlan10 overload
ip route 0.0.0.0 0.0.0.0 Vlan10 37.98.193.1
ip route 0.0.0.0 0.0.0.0 ATM0 10
!
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark CCP_ACL Category=2
access-list 1 permit 192.168.1.0 0.0.0.255
access-list 2 remark INSIDE_IF=Vlan2
access-list 2 remark CCP_ACL Category=2
access-list 2 permit 10.10.10.0 0.0.0.255
access-list 3 remark INSIDE_IF=Vlan1
access-list 3 remark CCP_ACL Category=2
access-list 3 permit 192.168.1.0 0.0.0.255
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
!
line con 0
 no modem enable
line aux 0
line vty 0 4
 transport input telnet
!
ntp update-calendar
ntp server time-a.nist.gov prefer source Dialer0
ntp server time-b.nist.gov prefer source Dialer0
!
end

 

[imbadatthis]

can you also provide:

sh ip int bri
sh ip route

thanks,



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[codeler]

Hello, sorry for my late response... I have been little busy...
Here are the show results :

sh ip int bri

Cisco-887VA#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES NVRAM  up                    up  
ATM0.1                     unassigned      YES unset  up                    up  
Dialer0                    79.103.25.250   YES IPCP   up                    up  
Ethernet0                  unassigned      YES NVRAM  administratively down down
FastEthernet0              unassigned      YES unset  up                    up  
FastEthernet1              unassigned      YES unset  up                    up  
FastEthernet2              unassigned      YES unset  up                    up  
FastEthernet3              unassigned      YES unset  up                    up  
NVI0                       unassigned      YES unset  administratively down down
Virtual-Access1            unassigned      YES unset  up                    up  
Vlan1                      192.168.1.1     YES NVRAM  up                    up  
Vlan2                      10.10.10.1      YES NVRAM  up                    up  
Vlan10                     37.98.193.168   YES DHCP   up                    up  
Cisco-887VA#

sh ip route

Cisco-887VA#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES NVRAM  up                    up  
ATM0.1                     unassigned      YES unset  up                    up  
Dialer0                    79.103.25.250   YES IPCP   up                    up  
Ethernet0                  unassigned      YES NVRAM  administratively down down
FastEthernet0              unassigned      YES unset  up                    up  
FastEthernet1              unassigned      YES unset  up                    up  
FastEthernet2              unassigned      YES unset  up                    up  
FastEthernet3              unassigned      YES unset  up                    up  
NVI0                       unassigned      YES unset  administratively down down
Virtual-Access1            unassigned      YES unset  up                    up  
Vlan1                      192.168.1.1     YES NVRAM  up                    up  
Vlan2                      10.10.10.1      YES NVRAM  up                    up  
Vlan10                     37.98.193.168   YES DHCP   up                    up  
Cisco-887VA#

I hope you will get a hint!
Thanks.

 

[codeler]

[Edit]:Sorry I couldn't edit my reply so this is the correct reply!

Hello, sorry for my late response... I have been little busy...
Here are the show results :

sh ip int bri

Cisco-887VA#sh ip int bri
Interface                  IP-Address      OK? Method Status                Protocol
ATM0                       unassigned      YES NVRAM  up                    up  
ATM0.1                     unassigned      YES unset  up                    up  
Dialer0                    79.103.25.250   YES IPCP   up                    up  
Ethernet0                  unassigned      YES NVRAM  administratively down down
FastEthernet0              unassigned      YES unset  up                    up  
FastEthernet1              unassigned      YES unset  up                    up  
FastEthernet2              unassigned      YES unset  up                    up  
FastEthernet3              unassigned      YES unset  up                    up  
NVI0                       unassigned      YES unset  administratively down down
Virtual-Access1            unassigned      YES unset  up                    up  
Vlan1                      192.168.1.1     YES NVRAM  up                    up  
Vlan2                      10.10.10.1      YES NVRAM  up                    up  
Vlan10                     37.98.193.168   YES DHCP   up                    up  
Cisco-887VA#

sh ip route

Cisco-887VA#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 37.98.193.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 37.98.193.1, Vlan10
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.10.10.0/24 is directly connected, Vlan2
L        10.10.10.1/32 is directly connected, Vlan2
      37.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        37.98.193.0/24 is directly connected, Vlan10
L        37.98.193.168/32 is directly connected, Vlan10
      79.0.0.0/32 is subnetted, 1 subnets
C        79.103.25.250 is directly connected, Dialer0
      82.0.0.0/32 is subnetted, 1 subnets
S        82.192.29.250 [254/0] via 37.98.193.1, Vlan10
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan1
L        192.168.1.1/32 is directly connected, Vlan1
      213.16.246.0/32 is subnetted, 1 subnets
C        213.16.246.48 is directly connected, Dialer0
Cisco-887VA#

I hope you will get a hint!
Thanks.

 

[codeler]

With this configuration, when I run speed tests I get dowloads with my adsl line and uploads with my cable connection!

 

[imbadatthis]

from what you've posted, going out from your network should use the 37.98.193.168 nat.
coming in to your network however from outside, only static nats are created on your adsl line.. i dont see any static entries for your cable modem. (fa1/vl10)

that said, how are you testing? is the source / dest the server you host or the router.



We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[codeler]

I am running a simple speed test from a pc which is connected to vlan1(192.168.1.0) and has nothing to do with the server being hosted! From the speed results that I get I understand that somehow my download is routed through my adsl and my upload is routed through my cable modem. Also when I try to open a page it takes more than normally to open. Is it possible that something is wrong with my static/dynamic routing or maybe a conflict? Can you suggest some steps on how would you implement this scenario?

Thanks.

 

[imbadatthis]

that doesn't really make any sense..
that said ,... i'd start with:
clear the interface counters
send pings from your PC in vlan 1 to say 8.8.8.8 and then check the counters on both vlan 10 and dialer0 see which one actually went up .
you can also shut down dialer0 and see if you get the same results.


Im pretty sure it should be picking the default route - as no other one shows up in the table.. once a packet leaves your router it will have the vlan 10 interface address as its NAT so it should never be coming back any other way ..

that said your vlan10 is on DHCP .. most DHCP devices will inject their own default route into your table. IF you remove the static route pointed to your interface does the default route still show up for vlan 10 ?
you are seeing slowness probably because you are using an interface as the exit instead of the next hop ..


We must go always forward, not backward
always up, not down and always twirling twirling towards infinity.

 

[codeler]

Hello there, so after trying everything from scratch it turned out that the configurtion path that I had followed was correct. The thing that did the trick (I think was changing acl rules between the interfaces (dialer0 - Vlan10). Until now everything seems to work well and in the next days I'm going to try IP SLA for failover. So again, thanks a lot!

 

[codeler]

Hello there! I came back to post some info that found out and also ask for any ideas about my new problem.
After trying to implement ip sla for wan failover in the last few days, I actually understood which was exactlly the problem in my last post.
So I had alredy setup my dsl and after that I had setup my cable connection and applied acl,nat,static routes... So in a few words , the thing was that when default routes changes, NAT inside must be updated!
I have found two solution about that: the first is to set nat timout, which is not that cpu frendly and the second solution that I have applied and does the trick every time switching nat to the different connections is:

ip access-list 100 extended NAT
 permit ip 192.168.1.0 0.0.0.255 any
 permit ip 10.10.10.0 0.0.0.255 any


route-map WAN1 permit 10
 match ip address 100
 match interface Vlan10

route-map WAN2 permit 10
 match ip address 100
 match interface Dialer0


ip nat inside source route-map WAN1 interface Vlan10 overload
ip nat inside source route-map WAN2 interface Dialer0 overload

So after doing all these I came up to ip sla and the proble is that after applying the following commands the track doesnt come up after failing! I have search every forum that exists end everybody agree to the exact ip sla implementation as shown bellow.

ip sla 1
icmp-echo 8.8.4.4 source-interface Vlan10
timeout 3000
threshold 3
frequency 3
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability
Delay down 10 up 1

no ip route 0.0.0.0 0.0.0.0 Vlan10 37.98.193.1 track 1
no ip route 0.0.0.0 0.0.0.0 Dialer0 10

So if I unplug the cable modem the routes do the trick and I successfully failover and also restore!
But as we already know usually the real failure is not going to there but somewhere after the next hop...
So, again any ides would be much appreciated!

 

[codeler]

[EDIT]:

ip sla 1
icmp-echo 8.8.4.4 source-interface Vlan10
timeout 3000
threshold 3
frequency 3
ip sla schedule 1 life forever start-time now

track 1 ip sla 1 reachability
Delay down 10 up 1

ip route 0.0.0.0 0.0.0.0 Vlan10 37.98.193.1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer0 10

 

[codeler]

Here some additional info that I found out and also tried to apply with no luck:
I have also tried a permanent route (ip route 8.8.4.4 255.255.255.255 Vlan10 permanent) the track goes down as expected and static route (ip route 0.0.0.0 0.0.0.0 Dialer0 10) is used. The awkward thing is that althogh the permanent route is present and the primary link is restored the pings don’t get reply! As far as I can understand it seems that there is a conflict between the default route installed (ip route 0.0.0.0 0.0.0.0 Dialer0 10) and the permanent route (ip route 8.8.4.4 255.255.255.255 Vlan10 permanent) so the pings get dropped!
Again if I remove the fallback route (ip route 0.0.0.0 0.0.0.0 Dialer0 10) manually the track goes up and the primary route is installed.

 

[codeler]

Ok, it seems that I have figure it out!
The permanent route is correct and should do the job. The problem in my config was a conflict between the (icmp-echo 8.8.4.4 source-interface Vlan10) and the permanent route (ip route 8.8.4.4 255.255.255.255 Vlan10 37.98.193.1 permanent). Removing the (source-interface Vlan10) from the icmp-echo command everything seems to work fine!
Again, thanks a lot!

 

[codeler]

Hello there again!
So after some more test I realized that this isn’t working exactly well. I mean that after the config the tests that I have made were removing the ethernet cable from the router and pluging it back again and with this it seems that the track comes up back again and the default route is restored. On the other hand I get sticked to the same problem when I desconect the cable from the cable modem (just the link from the modem is lost) and connect it back again.
Anyway, any help would be appreciated!
Thanks.