Cisco 877w: Fa0-3 Interfaces up but no traffic passes

Discussion in 'Cisco' started by James.Brown, Aug 17, 2007.

  1. James.Brown

    James.Brown Guest

    All,

    Could anyone spare some time to help me troubleshoot a problem with my
    Cisco 877w config please?

    My aim is to create the following setup:

    * Vlan101: Data only, within IP range 192.168.0.0 (/24 - private
    range)
    * Vlan100: Voice only, within IP range 82.x.x.216 (/29 - public isp
    range)
    * Dot11radio: Data Vlan101 only, no voice vlan required, WPA
    * NAT: Only configured for Vlan101
    * Encapsulation Method: 802.1q in desirable mode

    The problem is that when I plug a PC or Phone into a fastethernet
    port, there is only a 1 in 10 (approx) chance that the PC will receive
    an IP address from the DHCP server. I have tried a "debug ip packet",
    but see no traffic. On a positive note, the wireless config seems to
    fine and machines can connect, receive a DHCP offer and ping the
    192.168.0.254 gateway.

    I'm quite new to Cisco and would be really grateful for any advice.
    Troubleshooting info is below.

    Many thanks in advance,

    James.

    ***************************************************************************
    Here is a typical result, when a machine is plugged into
    FastEthernet3:

    74Greenfell#sh ip int brief
    FastEthernet0 unassigned YES unset up down
    FastEthernet1 unassigned YES unset up down
    FastEthernet2 unassigned YES unset down down
    FastEthernet3 unassigned YES unset up up
    Dot11Radio0 unassigned YES NVRAM up up
    Dot11Radio0.1 unassigned YES unset up up
    ATM0 unassigned YES NVRAM down down
    Vlan1 unassigned YES NVRAM up down
    Vlan101 unassigned YES NVRAM up up
    Vlan100 84.xx.xx.217 YES TFTP up up
    Dialer0 84.xx.xx.217 YES NVRAM up up
    NVI0 unassigned NO unset up up
    BVI101 192.168.0.254 YES NVRAM up up
    Virtual-Access1 unassigned YES unset up up

    //Nb: Why are ports fa0,1 showing UP DOWN when nothing is connected!?!

    74Greenfell#sh spanning-tree blockedports
    Number of blocked ports (segments) in the system : 0

    74Greenfell#show interface status | in Fa3
    Fa3 connected 101 a-full a-100 10/100BaseTX

    74Greenfell#sho inter fa3
    FastEthernet3 is up, line protocol is up
    Hardware is Fast Ethernet, address is 001a.e30f.23f4 (bia 001a.e30f.
    23f4)
    MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
    reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input never, output never, output hang never
    Last clearing of "show interface" counters 00:01:08
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops:
    0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
    6 packets input, 2076 bytes, 0 no buffer
    Received 6 broadcasts, 0 runts, 0 giants, 0 throttles
    0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
    0 input packets with dribble condition detected
    3 packets output, 1182 bytes, 0 underruns
    0 output errors, 0 collisions, 0 interface resets
    0 babbles, 0 late collision, 0 deferred
    0 lost carrier, 0 no carrier

    ***************************************************************************
    I'm using IOS 12.4(15)T1 with the Advanced IP Services feature set.
    ***************************************************************************

    74Greenfell#sh running-config
    !
    version 12.4
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    service password-encryption
    !
    hostname 74Greenfell
    !
    boot-start-marker
    boot-end-marker
    !
    enable secret 5 <snip>
    !
    no aaa new-model
    clock timezone GMT 0
    !
    dot11 association mac-list 700
    !
    dot11 ssid GreenfellMansions74
    vlan 101
    authentication open
    authentication key-management wpa
    guest-mode
    wpa-psk ascii 7 <snip>
    !
    ip cef
    !
    !
    no ip dhcp use vrf connected
    ip dhcp excluded-address 84.xx.xx.217 84.xx.xx.218
    ip dhcp excluded-address 192.168.0.254
    !
    ip dhcp pool vlan101
    network 192.168.0.0 255.255.255.0
    default-router 192.168.0.254
    dns-server 212.159.13.50 212.159.6.9
    domain-name plus.com
    lease 14
    !
    ip dhcp pool vlan100
    network 84.xx.xx.216 255.255.255.248
    default-router 84.xx.xx.217
    dns-server 212.159.13.50 212.159.6.9
    domain-name plus.com
    option 66 ip 84.xx.xx.218
    lease 14
    !
    no ip domain lookup
    ip domain name plusnet.com
    !
    multilink bundle-name authenticated
    !
    !
    no spanning-tree vlan 100
    no spanning-tree vlan 101
    username admin password 7 <snip>
    archive
    log config
    hidekeys
    !
    !
    ip ssh maxstartups 2
    ip ssh authentication-retries 2
    !
    bridge irb
    !
    interface ATM0
    no ip address
    ip access-group Internet_Inbound_ACL in
    no atm ilmi-keepalive
    pvc 0/38
    description ** BT ADSL Max **
    encapsulation aal5mux ppp dialer
    dialer pool-member 1
    !
    dsl operating-mode auto
    !
    interface FastEthernet0
    switchport access vlan 101
    switchport trunk native vlan 101
    switchport voice vlan 100
    !
    interface FastEthernet1
    switchport access vlan 101
    switchport trunk native vlan 101
    switchport voice vlan 100
    !
    interface FastEthernet2
    switchport access vlan 101
    switchport trunk native vlan 101
    switchport voice vlan 100
    !
    interface FastEthernet3
    switchport access vlan 101
    switchport trunk native vlan 101
    switchport voice vlan 100
    !
    interface Dot11Radio0
    no ip address
    !
    encryption mode ciphers aes-ccm tkip
    !
    encryption vlan 101 mode ciphers tkip
    !
    broadcast-key vlan 101 change 300
    !
    ssid GreenfellMansions74
    !
    speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0
    36.0 48.0 54.0
    channel 2462
    station-role root
    no cdp enable
    !
    interface Dot11Radio0.1
    encapsulation dot1Q 101 native
    bridge-group 101
    bridge-group 101 subscriber-loop-control
    bridge-group 101 spanning-disabled
    bridge-group 101 block-unknown-source
    no bridge-group 101 source-learning
    no bridge-group 101 unicast-flooding
    !
    interface Vlan1
    no ip address
    !
    interface Vlan101
    description ** Private Data **
    no ip address
    ip virtual-reassembly
    bridge-group 101
    bridge-group 101 subscriber-loop-control
    bridge-group 101 spanning-disabled
    !
    interface Vlan100
    description ** L3 Public Voice **
    ip unnumbered Dialer0
    !
    interface Dialer0
    description ** PlusNet **
    ip address 84.xx.xx.217 255.255.255.248
    ip mtu 1488
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    dialer pool 1
    dialer-group 1
    ppp chap hostname <snip>@plusdsl.net
    ppp chap password 7 <snip>
    !
    interface BVI101
    description ** Fa/802.11 L3 Private Data **
    ip address 192.168.0.254 255.255.255.0
    ip nat inside
    ip virtual-reassembly
    !
    ip route 0.0.0.0 0.0.0.0 Dialer0
    !
    !
    no ip http server
    no ip http secure-server
    ip nat inside source list 1 interface Dialer0 overload
    !
    ip access-list extended Internet_Inbound_ACL
    remark Traffic allowed in from ADSL Link
    permit tcp any any established
    permit icmp any any
    deny ip any any
    !
    access-list 1 remark OUR LAN PUBLIC IP RANGE
    access-list 1 permit 84.xx.xx.216 0.0.0.7
    access-list 1 remark NAT_POOL_PRIVATE_DATA
    access-list 1 permit 192.168.0.0 0.0.0.255
    access-list 700 permit 000e.356a.8c05 0000.0000.0000
    access-list 700 deny 0000.0000.0000 ffff.ffff.ffff
    dialer-list 1 protocol ip permit
    !
    [...]
    !
    bridge 101 protocol ieee
    bridge 101 route ip
    !
    [...]
    !
    end
     
    James.Brown, Aug 17, 2007
    #1
    1. Advertising

  2. James.Brown

    Merv Guest

    Sometimes loading the latest IOS image is not the best course of
    action ...
     
    Merv, Aug 18, 2007
    #2
    1. Advertising

  3. James.Brown

    Guest

    On 18 Aug, 00:20, Merv <> wrote:
    > Sometimes loading the latest IOS image is not the best course of
    > action ...


    Oh dearie me!??

    I have just put that one on a remote router.

    12.4.(15T) was swiftly followed by 12.4(15T1) [fc2 by the way, too]

    Still, damn DSL issues pressure towards the latest.

    My mileage may vary.

    Will report soon.

    I confess that I have not read the post in detail
    however 8[75]x do seem a bit flaky for DSL and
    for other than basic features.
     
    , Aug 18, 2007
    #3
  4. James.Brown

    James.Brown Guest

    On 18 Aug, 00:38, wrote:
    > On 18 Aug, 00:20, Merv <> wrote:
    >
    > > Sometimes loading the latest IOS image is not the best course of
    > > action ...

    >
    > Oh dearie me!??
    >
    > I have just put that one on a remote router.
    >
    > 12.4.(15T) was swiftly followed by 12.4(15T1) [fc2 by the way, too]
    >

    [...]
    >
    > I confess that I have not read the post in detail
    > however 8[75]x do seem a bit flaky for DSL and
    > for other than basic features.


    Thank you both. I will try downgrading the IOS. However, what is your
    opinion on having the the vlan101 as a member of the bridge group 101,
    along with the dot11radio0.1? How does spanning tree work with BVIs
    and can I disable it?

    Should I be achieving dot1q trunking using the alternative
    subinterface method (fa0.1, fa1.1 etc)?
     
    James.Brown, Aug 18, 2007
    #4
  5. James.Brown

    Guest

    On 18 Aug, 01:34, "James.Brown" <> wrote:
    > On 18 Aug, 00:38, wrote:
    >
    >
    >
    >
    >
    > > On 18 Aug, 00:20, Merv <> wrote:

    >
    > > > Sometimes loading the latest IOS image is not the best course of
    > > > action ...

    >
    > > Oh dearie me!??

    >
    > > I have just put that one on a remote router.

    >
    > > 12.4.(15T) was swiftly followed by 12.4(15T1) [fc2 by the way, too]

    >
    > [...]
    >
    > > I confess that I have not read the post in detail
    > > however 8[75]x do seem a bit flaky for DSL and
    > > for other than basic features.

    >
    > Thank you both. I will try downgrading the IOS. However, what is your
    > opinion on having the the vlan101 as a member of the bridge group 101,
    > along with the dot11radio0.1? How does spanning tree work with BVIs
    > and can I disable it?
    >
    > Should I be achieving dot1q trunking using the alternative
    > subinterface method (fa0.1, fa1.1 etc)?- Hide quoted text -


    Here is a bit of a guess at how I would start.
    Not fully worked up but I feel it is a decent start.
    I feel that you are heading towards more
    complexity that is necessary.


    You might try this.
    I propose to work with voice only and data only
    on each ethernet port
    you can probably easily enough sort out the trunking
    on the ethernets after the hard bits are working.



    bvi 101
    ip address 192.168.254 255.255.255.0


    bvi 100
    ip address 82.x.x.217 255.x.x.x


    vl 101
    bridge group 101

    vl 100
    bridge group 100


    int fa 0
    desc data
    sw mode access
    sw access vl 101

    int fa 1
    desc data
    sw mode access
    sw access vl 101

    int fa 2
    desc voice
    sw mode access
    sw access vl 100

    int fa 3
    desc voice
    sw mode access
    sw access vl 100

    no interface Dot11Radio0.1


    int dot 11 0
    no encryption vlan 101 mode ciphers tkip
    encryption mode ciphers tkip

    no ip address
    bridge group 101


    ! I have NEVER seen this but maybe it's worth a go
    ! one thing is that if BVI 100 is DOWN then the dialer may not work.
    ! perhaps not what you want.
    int di 0
    ip address unnumbered bvi 100


    ! Alternatively - clueless whether this is OK with ppp.
    int di 0
    no ip address
    bridge group 100

    Let us know what you think.
     
    , Aug 18, 2007
    #5
  6. James.Brown

    Guest

    On 18 Aug, 02:30, wrote:
    > On 18 Aug, 01:34, "James.Brown" <> wrote:
    >
    >
    >
    >
    >
    > > On 18 Aug, 00:38, wrote:

    >
    > > > On 18 Aug, 00:20, Merv <> wrote:

    >
    > > > > Sometimes loading the latest IOS image is not the best course of
    > > > > action ...

    >
    > > > Oh dearie me!??

    >
    > > > I have just put that one on a remote router.

    >
    > > > 12.4.(15T) was swiftly followed by 12.4(15T1) [fc2 by the way, too]

    >
    > > [...]

    >
    > > > I confess that I have not read the post in detail
    > > > however 8[75]x do seem a bit flaky for DSL and
    > > > for other than basic features.

    >
    > > Thank you both. I will try downgrading the IOS. However, what is your
    > > opinion on having the the vlan101 as a member of the bridge group 101,
    > > along with the dot11radio0.1? How does spanning tree work with BVIs
    > > and can I disable it?

    >
    > > Should I be achieving dot1q trunking using the alternative
    > > subinterface method (fa0.1, fa1.1 etc)?- Hide quoted text -

    >
    > Here is a bit of a guess at how I would start.
    > Not fully worked up but I feel it is a decent start.
    > I feel that you are heading towards more
    > complexity that is necessary.
    >
    > You might try this.
    > I propose to work with voice only and data only
    > on each ethernet port
    > you can probably easily enough sort out the trunking
    > on the ethernets after the hard bits are working.
    >
    > bvi 101
    > ip address 192.168.254 255.255.255.0
    >
    > bvi 100
    > ip address 82.x.x.217 255.x.x.x
    >
    > vl 101
    > bridge group 101
    >
    > vl 100
    > bridge group 100
    >
    > int fa 0
    > desc data
    > sw mode access
    > sw access vl 101
    >
    > int fa 1
    > desc data
    > sw mode access
    > sw access vl 101
    >
    > int fa 2
    > desc voice
    > sw mode access
    > sw access vl 100
    >
    > int fa 3
    > desc voice
    > sw mode access
    > sw access vl 100
    >
    > no interface Dot11Radio0.1
    >
    > int dot 11 0
    > no encryption vlan 101 mode ciphers tkip
    > encryption mode ciphers tkip
    >
    > no ip address
    > bridge group 101
    >
    > ! I have NEVER seen this but maybe it's worth a go
    > ! one thing is that if BVI 100 is DOWN then the dialer may not work.
    > ! perhaps not what you want.
    > int di 0
    > ip address unnumbered bvi 100
    >
    > ! Alternatively - clueless whether this is OK with ppp.
    > int di 0
    > no ip address
    > bridge group 100
    >
    > Let us know what you think.- Hide quoted text -


    There are quite a few different ways that these
    routers can be configured

    e.g. I have right now:-
    Note NO BVIs

    Seperate networks for RAdio and Vlan 1.
    255.255.255.128 mask.

    Vlan 2 clearly seperate too.


    hr#sh ip int br
    Interface IP-Address OK? Method
    Status Protocol
    FastEthernet0 unassigned YES unset
    up up
    FastEthernet1 unassigned YES unset
    up down
    FastEthernet2 unassigned YES unset
    down down
    FastEthernet3 unassigned YES unset
    down down
    Dot11Radio0 10.248.37.129 YES NVRAM
    up up
    ATM0 unassigned YES NVRAM
    up up
    ATM0.1 unassigned YES unset
    up up
    Vlan1 10.248.37.1 YES NVRAM
    up up
    Vlan2 172.16.146.1 YES NVRAM
    up down
    Dialer0 87.15.1.6 YES IPCP
    up up
    Virtual-Dot11Radio0 10.248.37.129 YES TFTP
    down down

    hr#sh vlan-sw

    VLAN Name Status Ports
    ---- -------------------------------- ---------
    -------------------------------
    1 default active Fa0
    2 family active Fa1, Fa2, Fa3



    ######## NOTE:-

    Interface IP-Address OK? Method
    Status Protocol
    FastEthernet1 unassigned YES unset
    up down

    There is NOTHING connected to this interface
    UP...DOWN is a decent state for these routers.
     
    , Aug 18, 2007
    #6
  7. James.Brown

    James.Brown Guest

    On 18 Aug, 02:46, wrote:
    > On 18 Aug, 02:30, wrote:
    > [...]
    > > You might try this.
    > > I propose to work with voice only and data only
    > > on each ethernet port
    > > you can probably easily enough sort out the trunking
    > > on the ethernets after the hard bits are working.

    >
    > > bvi 101
    > > ip address 192.168.254 255.255.255.0

    >
    > > bvi 100
    > > ip address 82.x.x.217 255.x.x.x

    >
    > > vl 101
    > > bridge group 101

    >
    > > vl 100
    > > bridge group 100

    >
    > > int fa 0
    > > desc data
    > > sw mode access
    > > sw access vl 101

    >
    > > int fa 1
    > > desc data
    > > sw mode access
    > > sw access vl 101

    >
    > > int fa 2
    > > desc voice
    > > sw mode access
    > > sw access vl 100

    >
    > > int fa 3
    > > desc voice
    > > sw mode access
    > > sw access vl 100

    >
    > > no interface Dot11Radio0.1

    >
    > > int dot 11 0
    > > no encryption vlan 101 mode ciphers tkip
    > > encryption mode ciphers tkip

    >
    > > no ip address
    > > bridge group 101

    >
    > > ! I have NEVER seen this but maybe it's worth a go
    > > ! one thing is that if BVI 100 is DOWN then the dialer may not work.
    > > ! perhaps not what you want.
    > > int di 0
    > > ip address unnumbered bvi 100

    >
    > > ! Alternatively - clueless whether this is OK with ppp.
    > > int di 0
    > > no ip address
    > > bridge group 100

    >
    > > Let us know what you think.- Hide quoted text -

    >
    > [...]


    Thanks for this, your post got me thinking.

    I just tried removing dot1q config from the interfaces and suddenly
    everything springs to life:

    ** Before/Broken**
    interface FastEthernet0
    desc Voice VLAN announced via CDP
    switchport access vlan 101
    switchport trunk native vlan 101
    switchport voice vlan 100
    end

    ** After/Working **
    interface FastEthernet0
    desc Plain data port
    switchport access vlan 101
    end

    ** Also Working **
    interface FastEthernet0
    desc Voice and Data. Voice vlan hardcoded on phone.
    switchport access vlan 101
    switchport trunk native vlan 101
    switchport trunk allowed vlan 1-100,102-4094
    switchport priority extend trust
    end

    As soon as I add "switchport voice vlan 100", the PCs attached to the
    native vlan (101) cannot obtain a DHCP lease. In fact, dot1q seems to
    be entirely broken and as none of the above would let the phone join
    vlan 100.

    Maybe this is a bug? I'll try downgrading to 124-11.T3 and post back.
     
    James.Brown, Aug 18, 2007
    #7
  8. James.Brown

    James.Brown Guest

    On 18 Aug, 11:16, "James.Brown" <> wrote:
    [...]
    > Maybe this is a bug? I'll try downgrading to 124-11.T3 and post back.- Hide quoted text -
    >
    > - Show quoted text -


    I witnessed the same result with 124-11-T3 - the dot1q trunk would not
    establish when a phone was plugged in.

    After erasing nvram and flash:vlan.dat, then re-creating the same
    config, but without the BVI interface, dot1q trunking is finally
    working as expected! My guess is that there are bugs concerning the
    BVI.

    My only problem now is that without a BVI, the dot11radio is broken -
    clients can associate, but the router doesn't see DHCP discovers. I
    might need to post separately for advice.

    Many thanks for your help.
    Regards,

    James.
     
    James.Brown, Aug 20, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Mephesto
    Replies:
    0
    Views:
    1,210
    Mephesto
    Jun 24, 2005
  2. rambur
    Replies:
    5
    Views:
    619
    rambur
    Apr 25, 2007
  3. James.Brown
    Replies:
    3
    Views:
    1,054
    James.Brown
    Jul 23, 2007
  4. Ender

    fa0/0, s0/0/0

    Ender, Aug 25, 2007, in forum: Cisco
    Replies:
    4
    Views:
    44,595
    nasx12
    Jan 3, 2013
  5. John

    Cannot apply ACL to fa0/5

    John, Jan 9, 2008, in forum: Cisco
    Replies:
    19
    Views:
    1,084
Loading...

Share This Page