CatOS router on a stick configuration

Discussion in 'Cisco' started by T0nyD, Jan 22, 2010.

  1. T0nyD

    T0nyD Guest

    Hi I'm having an issue setting up a router on a stick configuration
    with a 4006 running CatOS and a 2621 router. I have set up vlans on
    the 4006, and set up sub interfaces on the 2621 that corrospond to the
    different vlan's however when I connect a workstation to the vlan I
    can only ping out to the ip address of the subinterface on the router
    not the other VLAN's or to the internal interface on the PIX or
    internet. I've had this config working on a 2621 previously when
    working with an IOS switch so I'm wondering if the issue is just my
    lack of knowledge of CatOS. I have posted the configs of the
    different devices below as well as the topology, any help with this
    would be appreciated.

    Internet
    ||
    PIX
    ||
    2621
    ||
    4006
    ||
    VLAN106 VLAN104


    4006 Configuration

    This command shows non-default configurations only.
    Use 'show config all' to show both default and non-default
    configurations.
    ..................
    ...........................

    ...........................



    ...

    begin
    !
    # ***** NON-DEFAULT CONFIGURATION *****
    !
    !
    #time: Fri Jan 22 2010, 07:12:02
    !
    #version 7.6(17)
    !
    !
    #system web interface version(s)
    !
    --More--
    #dot1x
    set feature dot1x-radius-keepalive disable
    !
    #frame distribution method
    set port channel all distribution mac both
    !
    #vtp
    set vtp mode transparent
    set vlan 1 name default type ethernet mtu 1500 said 100001 state
    active
    set vlan 1002 name fddi-default type fddi mtu 1500 said 101002 state
    active
    set vlan 1004 name fddinet-default type fddinet mtu 1500 said 101004
    state active stp ieee
    set vlan 1005 name trnet-default type trbrf mtu 1500 said 101005 state
    active stp ibm
    set vlan 104,106
    set vlan 1003 name token-ring-default type trcrf mtu 1500 said 101003
    state active mode srb aremaxhop 7 stemaxhop 7 backupcrf off
    !
    #ip
    set interface sc0 1 192.168.1.14/255.255.255.0 192.168.1.255

    set interface sl0 down
    set interface me1 down
    set ip route 0.0.0.0/0.0.0.0 192.168.1.1
    !
    #set boot command
    set boot config-register 0x2
    --More--
    set boot system flash bootflash:cat4000-k8.7-6-17.bin
    set boot system flash bootflash:cat4000-k8.7-6-5.bin
    !
    #multicast filter
    set igmp filter disable
    !
    #module 1 : 2-port 1000BaseX Supervisor
    set trunk 1/2 on dot1q 1-1005,1025-4094
    !
    #module 2 : 6-port 1000BaseX Ethernet
    !
    #module 3 : 48-port 10/100BaseTx Ethernet
    set vlan 104 3/25-36
    set vlan 106 3/13-24
    set port speed 3/1-48 100
    set port duplex 3/1-48 full
    set trunk 3/48 desirable dot1q 1-1005,1025-4094
    !
    #module 4 empty
    !
    #module 5 empty
    !
    #module 6 empty


    2621 Configuration

    version 12.3

    no service pad

    service tcp-keepalives-in

    service tcp-keepalives-out

    service timestamps debug datetime msec

    service timestamps log datetime msec

    service password-encryption

    !

    hostname tstrtr

    !

    boot-start-marker

    boot-end-marker

    !

    enable secret ###################

    !

    no aaa new-model

    ip subnet-zero

    no ip source-route

    --More--
    !

    !

    no ip domain lookup

    !

    no ip bootp server

    ip cef

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    !

    interface FastEthernet0/0

    description Connection to Edge

    ip address 10.1.2.254 255.255.255.0

    duplex auto

    speed auto

    !

    interface FastEthernet0/1

    no ip address

    speed 100

    full-duplex

    !

    interface FastEthernet0/1.1

    description Management VLAN

    encapsulation dot1Q 1 native

    ip address 192.168.1.1 255.255.255.0

    !

    interface FastEthernet0/1.4

    description Home VLAN

    encapsulation dot1Q 104

    ip address 192.168.104.1 255.255.255.0

    !

    interface FastEthernet0/1.6

    description Work VLAN

    encapsulation dot1Q 106

    ip address 192.168.106.1 255.255.255.0

    !

    router rip

    network 10.0.0.0

    network 192.0.0.0

    !

    no ip http server

    ip classless

    ip route 0.0.0.0 0.0.0.0 10.1.2.1

    !

    !

    !

    !

    !

    !

    dial-peer cor custom

    !
    !

    !
    !

    line con 0

    exec-timeout 15 0

    password ############

    logging synchronous

    login

    length 22

    history size 30

    line aux 0

    exec-timeout 5 0

    login

    length 22

    transport output none

    line vty 0 4

    exec-timeout 20 30

    password ###############

    login

    length 22

    history size 30


    PIX Configuration



    PIX Version 6.3(5)

    interface ethernet0 auto

    interface ethernet1 100full

    nameif ethernet0 outside security0

    nameif ethernet1 inside security100

    enable password ################## encrypted

    passwd ################# encrypted

    hostname testpix

    domain-name testdomain.local

    fixup protocol dns maximum-length 512

    fixup protocol ftp 21

    fixup protocol h323 h225 1720

    fixup protocol h323 ras 1718-1719

    fixup protocol http 80

    fixup protocol rsh 514

    fixup protocol rtsp 554

    fixup protocol sip 5060

    fixup protocol sip udp 5060

    fixup protocol skinny 2000

    no fixup protocol smtp 25

    fixup protocol sqlnet 1521

    fixup protocol tftp 69

    <--- More --->

    names

    access-list 101 permit ip 10.1.2.0 255.255.255.0 10.1.3.0
    255.255.255.0

    access-list 102 permit icmp any any

    access-list 102 permit ip 10.1.3.0 255.255.255.0 10.1.2.0
    255.255.255.0

    access-list 103 permit ip any any

    pager lines 24

    mtu outside 1500

    mtu inside 1500

    ip address outside 111.111.111.111 255.255.255.252

    ip address inside 10.1.2.1 255.255.255.0

    ip audit info action alarm

    ip audit attack action alarm

    ip local pool pptp-pool 10.2.3.10-10.2.3.50

    pdm logging informational 100

    pdm history enable

    arp timeout 14400

    global (outside) 1 interface

    nat (inside) 0 access-list 101

    nat (inside) 1 0.0.0.0 0.0.0.0 0 0

    conduit permit icmp any any

    route outside 0.0.0.0 0.0.0.0 111.111.111.111 1

    timeout xlate 0:05:00

    timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225
    1:00:00

    timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00

    <--- More --->

    timeout sip-disconnect 0:02:00 sip-invite 0:03:00

    timeout uauth 0:05:00 absolute

    aaa-server TACACS+ protocol tacacs+

    aaa-server TACACS+ max-failed-attempts 3

    aaa-server TACACS+ deadtime 10

    aaa-server RADIUS protocol radius

    aaa-server RADIUS max-failed-attempts 3

    aaa-server RADIUS deadtime 10

    aaa-server LOCAL protocol local

    http 192.168.1.0 255.255.255.0 inside

    no snmp-server location

    no snmp-server contact

    snmp-server community public

    no snmp-server enable traps

    floodguard enable

    sysopt connection permit-pptp

    telnet 192.168.0.0 255.255.0.0 inside

    telnet 10.0.0.0 255.0.0.0 inside

    telnet timeout 5

    ssh timeout 5

    console timeout 0

    vpdn group 1 accept dialin pptp

    vpdn group 1 ppp authentication pap

    vpdn group 1 ppp authentication chap

    <--- More --->

    vpdn group 1 ppp authentication mschap

    vpdn group 1 ppp encryption mppe auto

    vpdn group 1 client configuration address local pptp-pool

    vpdn group 1 client configuration dns 192.168.6.50

    vpdn group 1 pptp echo 60

    vpdn group 1 client authentication local

    vpdn username testuser password *********

    vpdn enable outside

    dhcpd lease 3600

    dhcpd ping_timeout 750

    username cisco password ############### encrypted privilege 15

    terminal width 80
     
    T0nyD, Jan 22, 2010
    #1
    1. Advertising

  2. T0nyD <> writes:
    >Hi I'm having an issue setting up a router on a stick configuration
    >with a 4006 running CatOS and a 2621 router. I have set up vlans on
    >the 4006, and set up sub interfaces on the 2621 that corrospond to the
    >different vlan's however when I connect a workstation to the vlan I
    >can only ping out to the ip address of the subinterface on the router
    >not the other VLAN's or to the internal interface on the PIX or
    >internet. I've had this config working on a 2621 previously when
    >working with an IOS switch so I'm wondering if the issue is just my
    >lack of knowledge of CatOS. I have posted the configs of the
    >different devices below as well as the topology, any help with this
    >would be appreciated.



    >#module 3 : 48-port 10/100BaseTx Ethernet
    >set vlan 104 3/25-36
    >set vlan 106 3/13-24
    >set port speed 3/1-48 100
    >set port duplex 3/1-48 full


    Why are you hard coding the speed/duplex? Unless you specific set the
    duplex on your workstations (which can be difficult to find), you'll
    have a duplex conflict on every one. I'd recommend auto speed, auto
    duplex on everything.

    >set trunk 3/48 desirable dot1q 1-1005,1025-4094


    Most likely this is the problematic line. I'd recommend getting 'desireable'
    out, as that signals the switch to try to negotiate dynamic trunking
    protocol with the switch on the other side. You don't have a switch on
    the other side, and a router isn't going to talk dynamic trunking protocol.

    Is this port in trunking mode now? What does the port status show?
    show trunk 3/48
     
    Doug McIntyre, Jan 22, 2010
    #2
    1. Advertising

  3. T0nyD

    T0nyD Guest

    On Jan 22, 12:32 pm, Doug McIntyre <> wrote:
    > T0nyD <> writes:
    > >Hi I'm having an issue setting up a router on a stick configuration
    > >with a 4006 running CatOS and a 2621 router.  I have set up vlans on
    > >the 4006, and set up sub interfaces on the 2621 that corrospond to the
    > >different vlan's however when I connect a workstation to the vlan I
    > >can only ping out to the ip address of the subinterface on the router
    > >not the other VLAN's or to the internal interface on the PIX or
    > >internet.  I've had this config working on a 2621 previously when
    > >working with an IOS switch so I'm wondering if the issue is just my
    > >lack of knowledge of CatOS.  I have posted the configs of the
    > >different devices below as well as the topology, any help with this
    > >would be appreciated.
    > >#module 3 : 48-port 10/100BaseTx Ethernet
    > >set vlan 104  3/25-36
    > >set vlan 106  3/13-24
    > >set port speed      3/1-48  100
    > >set port duplex     3/1-48  full

    >
    > Why are you hard coding the speed/duplex? Unless you specific set the
    > duplex on your workstations (which can be difficult to find), you'll
    > have a duplex conflict on every one. I'd recommend auto speed, auto
    > duplex on everything.
    >
    > >set trunk 3/48 desirable dot1q 1-1005,1025-4094

    >
    > Most likely this is the problematic line. I'd recommend getting 'desireable'
    > out, as that signals the switch to try to negotiate dynamic trunking
    > protocol with the switch on the other side. You don't have a switch on
    > the other side, and a router isn't going to talk dynamic trunking protocol.
    >
    > Is this port in trunking mode now? What does the port status show?
    > show trunk 3/48- Hide quoted text -
    >
    > - Show quoted text -


    I can take out the hard coded speed, I had read that it was best to
    hard code the speed and duplex on both ends of the trunk at least

    The status does show trunking.

    What should I use for this line?

    set trunk 3/48 desirable dot1q 1-1005,1025-4094

    I also tried below with the same results.

    set trunk 3/48 on dot1q 1-1005,1025-4094
     
    T0nyD, Jan 23, 2010
    #3
  4. T0nyD <> writes:
    >I can take out the hard coded speed, I had read that it was best to
    >hard code the speed and duplex on both ends of the trunk at least


    A long long time ago. Auto is definately desireable, especially since
    GigE requires it.

    >The status does show trunking.


    Hmm, should be working then.

    >What should I use for this line?


    >set trunk 3/48 desirable dot1q 1-1005,1025-4094


    > I also tried below with the same results.


    >set trunk 3/48 on dot1q 1-1005,1025-4094


    That is the proper form.

    Make sure the VLANs exist the same on both sides (show vlan).
    Use VTP transparent mode (I'd avoid VTP altogether, transparent mode
    makes it invisible).

    Here are config snippets out of a working config exactly as you are
    trying to do, albeit slightly different gear.

    set vtp mode transparent vlan
    set vlan 103 2/20-29
    set vlan 104 2/30-39
    set trunk 2/48 on dot1q 1-1005,1025-4094
    set trunk 2/49 on dot1q 1-1005,1025-4094

    interface FastEthernet2/0.103
    description Open
    encapsulation dot1Q 103
    ip address ...

    interface FastEthernet2/0.104
    description Open
    encapsulation dot1Q 104
    ip address ...
     
    Doug McIntyre, Jan 25, 2010
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Guan Foo Wah
    Replies:
    5
    Views:
    6,896
    nover
    Nov 15, 2010
  2. jwv

    Sony Memory Stick Pro vs Standard Memory Stick

    jwv, Jul 17, 2003, in forum: Digital Photography
    Replies:
    13
    Views:
    1,043
    Godfrey DiGiorgi
    Jul 19, 2003
  3. Barry Lovelace

    Sony DSC-U30 Memory Stick vs. Memory Stick Pro

    Barry Lovelace, Feb 11, 2004, in forum: Digital Photography
    Replies:
    1
    Views:
    847
  4. fanfaron

    Memory stick pro is cheaper than normal memory stick

    fanfaron, Jun 6, 2004, in forum: Digital Photography
    Replies:
    2
    Views:
    533
    fanfaron
    Jun 7, 2004
  5. zxcvar
    Replies:
    3
    Views:
    888
    Joe Hotchkiss
    Nov 28, 2004
Loading...

Share This Page