UBR924

Discussion in 'Cisco' started by ctech, Nov 19, 2003.

  1. ctech

    ctech Guest

    Ok, I have my router online and working great, 1 small problem. It is
    assigned a private address on the 10.0.0.0 subnet from my provider. My PC is
    assigned the actual public address. This is great, but now I can't telnet
    into my router from off-site. Is there any way to get my routers interface
    to obtain the public address?

    Thanks,

    Dave
     
    ctech, Nov 19, 2003
    #1
    1. Advertising

  2. The uBR924 is currently operation in the default bridge mode. To make it
    operate as a router, do NAT/PAT, etc., you'll need to upgrade the IOS to
    12.2 as the "cable-modem dhcp proxy" command had serious problems before
    12.2.

    Below is a sample configuration. You'll need to remove the bridge
    statements in your own config in addition to adding new statements.

    Also, a good reference line from Cisco is
    http://www.cisco.com/warp/public/109/cable_dhcp_proxy.shtml

    Here is a working configuration with the private info removed. One key is
    the 'cable-modem dhcp-proxy nat testpool' statement under int cable 0 and
    another is to have an IOS 12.2 rev preferably 12.2(7b) or better.

    version 12.2
    no service pad
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname cable
    !
    logging buffered 20480 debugging
    !
    username xxxxx privilege 15 password 0 yyyyy
    clock timezone - -8
    ip subnet-zero
    ip tftp source-interface cable-modem0
    ip dhcp excluded-address 192.168.1.1
    !
    ip dhcp pool inside
    network 192.168.1.0 255.255.255.0
    default-router 192.168.1.1
    domain-name broadbandISP.com
    dns-server zzz.zzz.zzz.zzz yyy.yyy.yyy.yyy
    lease 30
    !
    ip audit notify log
    ip audit po max-events 100
    ip ssh time-out 120
    ip ssh authentication-retries 3
    call rsvp-sync
    !
    !
    !interface Loopback0********THIS INTERFACE WILL BE CREATED AUTOMATICALLY -
    no need to configure***********
    ! ip address xxx.xxx.xxx.xxx 255.255.255.255
    !
    interface Ethernet0
    ip address 192.168.1.1 255.255.255.0
    ip nat inside
    no ip mroute-cache
    !
    interface cable-modem0
    ip nat outside
    no ip mroute-cache
    no cable-modem compliant bridge
    cable-modem dhcp-proxy nat testpool
    !
    !******THE FOLLOWING 2 LINES WILL BE CREATED AUTOMATICALLY - no need to
    configure********************
    !ip nat pool testpool xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask 255.255.240.0
    !ip nat inside source list 99 pool testpool overload
    ip classless
    no ip pim bidir-enable
    no ip domain-lookup
    no ip http server
    no ip http cable-monitor
    !
    access-list 99 permit 192.168.1.0 0.0.0.255
    snmp-server packetsize 2053
    snmp-server manager
    !
    voice-port 0
    input gain -2
    output attenuation 0
    !
    voice-port 1
    input gain -2
    output attenuation 0
    !
    alias exec c config terminal
    alias exec s show run
    alias exec ib show ip interface brief
    alias exec ir show ip route
    alias exec sc show contr c0 mac state
    !
    line con 0
    exec-timeout 0 0
    privilege level 15
    logging synchronous
    line vty 0 4
    exec-timeout 0 0
    logging synchronous
    login local
    !
    scheduler max-task-time 5000
    end

    "ctech" <> wrote in message
    news:...
    > Ok, I have my router online and working great, 1 small problem. It is
    > assigned a private address on the 10.0.0.0 subnet from my provider. My PC

    is
    > assigned the actual public address. This is great, but now I can't telnet
    > into my router from off-site. Is there any way to get my routers interface
    > to obtain the public address?
    >
    > Thanks,
    >
    > Dave
    >
    >
     
    Bob by The Bay, Nov 19, 2003
    #2
    1. Advertising

  3. One correction:

    I accidentally commented out the "ip nat inside source list 99 pool testpool
    overload" command in the sample config. This statement does in fact need to
    be manually added along with access-list 99.

    A reload is also necessary before any commands are automatically generated.

    Robert


    "Bob by The Bay" <> wrote in message
    news:IMKub.247144$Tr4.754452@attbi_s03...
    > The uBR924 is currently operation in the default bridge mode. To make it
    > operate as a router, do NAT/PAT, etc., you'll need to upgrade the IOS to
    > 12.2 as the "cable-modem dhcp proxy" command had serious problems before
    > 12.2.
    >
    > Below is a sample configuration. You'll need to remove the bridge
    > statements in your own config in addition to adding new statements.
    >
    > Also, a good reference line from Cisco is
    > http://www.cisco.com/warp/public/109/cable_dhcp_proxy.shtml
    >
    > Here is a working configuration with the private info removed. One key is
    > the 'cable-modem dhcp-proxy nat testpool' statement under int cable 0 and
    > another is to have an IOS 12.2 rev preferably 12.2(7b) or better.
    >
    > version 12.2
    > no service pad
    > service timestamps debug datetime msec
    > service timestamps log datetime msec
    > no service password-encryption
    > !
    > hostname cable
    > !
    > logging buffered 20480 debugging
    > !
    > username xxxxx privilege 15 password 0 yyyyy
    > clock timezone - -8
    > ip subnet-zero
    > ip tftp source-interface cable-modem0
    > ip dhcp excluded-address 192.168.1.1
    > !
    > ip dhcp pool inside
    > network 192.168.1.0 255.255.255.0
    > default-router 192.168.1.1
    > domain-name broadbandISP.com
    > dns-server zzz.zzz.zzz.zzz yyy.yyy.yyy.yyy
    > lease 30
    > !
    > ip audit notify log
    > ip audit po max-events 100
    > ip ssh time-out 120
    > ip ssh authentication-retries 3
    > call rsvp-sync
    > !
    > !
    > !interface Loopback0********THIS INTERFACE WILL BE CREATED AUTOMATICALLY -
    > no need to configure***********
    > ! ip address xxx.xxx.xxx.xxx 255.255.255.255
    > !
    > interface Ethernet0
    > ip address 192.168.1.1 255.255.255.0
    > ip nat inside
    > no ip mroute-cache
    > !
    > interface cable-modem0
    > ip nat outside
    > no ip mroute-cache
    > no cable-modem compliant bridge
    > cable-modem dhcp-proxy nat testpool
    > !
    > !******THE FOLLOWING 2 LINES WILL BE CREATED AUTOMATICALLY - no need to
    > configure********************
    > !ip nat pool testpool xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask

    255.255.240.0
    > !ip nat inside source list 99 pool testpool overload
    > ip classless
    > no ip pim bidir-enable
    > no ip domain-lookup
    > no ip http server
    > no ip http cable-monitor
    > !
    > access-list 99 permit 192.168.1.0 0.0.0.255
    > snmp-server packetsize 2053
    > snmp-server manager
    > !
    > voice-port 0
    > input gain -2
    > output attenuation 0
    > !
    > voice-port 1
    > input gain -2
    > output attenuation 0
    > !
    > alias exec c config terminal
    > alias exec s show run
    > alias exec ib show ip interface brief
    > alias exec ir show ip route
    > alias exec sc show contr c0 mac state
    > !
    > line con 0
    > exec-timeout 0 0
    > privilege level 15
    > logging synchronous
    > line vty 0 4
    > exec-timeout 0 0
    > logging synchronous
    > login local
    > !
    > scheduler max-task-time 5000
    > end
    >
    > "ctech" <> wrote in message
    > news:...
    > > Ok, I have my router online and working great, 1 small problem. It is
    > > assigned a private address on the 10.0.0.0 subnet from my provider. My

    PC
    > is
    > > assigned the actual public address. This is great, but now I can't

    telnet
    > > into my router from off-site. Is there any way to get my routers

    interface
    > > to obtain the public address?
    > >
    > > Thanks,
    > >
    > > Dave
    > >
    > >

    >
    >
     
    Bob by The Bay, Nov 19, 2003
    #3
  4. ctech

    ctech Guest

    Thanks, once again you came through and quick. I'll give that a try, you are
    the man.


    "Bob by The Bay" <> wrote in message
    news:ATKub.247167$Tr4.754812@attbi_s03...
    > One correction:
    >
    > I accidentally commented out the "ip nat inside source list 99 pool

    testpool
    > overload" command in the sample config. This statement does in fact need

    to
    > be manually added along with access-list 99.
    >
    > A reload is also necessary before any commands are automatically

    generated.
    >
    > Robert
    >
    >
    > "Bob by The Bay" <> wrote in message
    > news:IMKub.247144$Tr4.754452@attbi_s03...
    > > The uBR924 is currently operation in the default bridge mode. To make

    it
    > > operate as a router, do NAT/PAT, etc., you'll need to upgrade the IOS to
    > > 12.2 as the "cable-modem dhcp proxy" command had serious problems before
    > > 12.2.
    > >
    > > Below is a sample configuration. You'll need to remove the bridge
    > > statements in your own config in addition to adding new statements.
    > >
    > > Also, a good reference line from Cisco is
    > > http://www.cisco.com/warp/public/109/cable_dhcp_proxy.shtml
    > >
    > > Here is a working configuration with the private info removed. One key

    is
    > > the 'cable-modem dhcp-proxy nat testpool' statement under int cable 0

    and
    > > another is to have an IOS 12.2 rev preferably 12.2(7b) or better.
    > >
    > > version 12.2
    > > no service pad
    > > service timestamps debug datetime msec
    > > service timestamps log datetime msec
    > > no service password-encryption
    > > !
    > > hostname cable
    > > !
    > > logging buffered 20480 debugging
    > > !
    > > username xxxxx privilege 15 password 0 yyyyy
    > > clock timezone - -8
    > > ip subnet-zero
    > > ip tftp source-interface cable-modem0
    > > ip dhcp excluded-address 192.168.1.1
    > > !
    > > ip dhcp pool inside
    > > network 192.168.1.0 255.255.255.0
    > > default-router 192.168.1.1
    > > domain-name broadbandISP.com
    > > dns-server zzz.zzz.zzz.zzz yyy.yyy.yyy.yyy
    > > lease 30
    > > !
    > > ip audit notify log
    > > ip audit po max-events 100
    > > ip ssh time-out 120
    > > ip ssh authentication-retries 3
    > > call rsvp-sync
    > > !
    > > !
    > > !interface Loopback0********THIS INTERFACE WILL BE CREATED

    AUTOMATICALLY -
    > > no need to configure***********
    > > ! ip address xxx.xxx.xxx.xxx 255.255.255.255
    > > !
    > > interface Ethernet0
    > > ip address 192.168.1.1 255.255.255.0
    > > ip nat inside
    > > no ip mroute-cache
    > > !
    > > interface cable-modem0
    > > ip nat outside
    > > no ip mroute-cache
    > > no cable-modem compliant bridge
    > > cable-modem dhcp-proxy nat testpool
    > > !
    > > !******THE FOLLOWING 2 LINES WILL BE CREATED AUTOMATICALLY - no need to
    > > configure********************
    > > !ip nat pool testpool xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask

    > 255.255.240.0
    > > !ip nat inside source list 99 pool testpool overload
    > > ip classless
    > > no ip pim bidir-enable
    > > no ip domain-lookup
    > > no ip http server
    > > no ip http cable-monitor
    > > !
    > > access-list 99 permit 192.168.1.0 0.0.0.255
    > > snmp-server packetsize 2053
    > > snmp-server manager
    > > !
    > > voice-port 0
    > > input gain -2
    > > output attenuation 0
    > > !
    > > voice-port 1
    > > input gain -2
    > > output attenuation 0
    > > !
    > > alias exec c config terminal
    > > alias exec s show run
    > > alias exec ib show ip interface brief
    > > alias exec ir show ip route
    > > alias exec sc show contr c0 mac state
    > > !
    > > line con 0
    > > exec-timeout 0 0
    > > privilege level 15
    > > logging synchronous
    > > line vty 0 4
    > > exec-timeout 0 0
    > > logging synchronous
    > > login local
    > > !
    > > scheduler max-task-time 5000
    > > end
    > >
    > > "ctech" <> wrote in message
    > > news:...
    > > > Ok, I have my router online and working great, 1 small problem. It is
    > > > assigned a private address on the 10.0.0.0 subnet from my provider. My

    > PC
    > > is
    > > > assigned the actual public address. This is great, but now I can't

    > telnet
    > > > into my router from off-site. Is there any way to get my routers

    > interface
    > > > to obtain the public address?
    > > >
    > > > Thanks,
    > > >
    > > > Dave
    > > >
    > > >

    > >
    > >

    >
    >
     
    ctech, Nov 19, 2003
    #4
  5. ctech

    ctech Guest

    The only problem is that I can't upgrade to IOS 12.2 , I can't get to the
    files on Cisco's CCO. I don't have the information I need to get the IOS
    updates. Do you thing this may work without the update?

    "Bob by The Bay" <> wrote in message
    news:ATKub.247167$Tr4.754812@attbi_s03...
    > One correction:
    >
    > I accidentally commented out the "ip nat inside source list 99 pool

    testpool
    > overload" command in the sample config. This statement does in fact need

    to
    > be manually added along with access-list 99.
    >
    > A reload is also necessary before any commands are automatically

    generated.
    >
    > Robert
    >
    >
    > "Bob by The Bay" <> wrote in message
    > news:IMKub.247144$Tr4.754452@attbi_s03...
    > > The uBR924 is currently operation in the default bridge mode. To make

    it
    > > operate as a router, do NAT/PAT, etc., you'll need to upgrade the IOS to
    > > 12.2 as the "cable-modem dhcp proxy" command had serious problems before
    > > 12.2.
    > >
    > > Below is a sample configuration. You'll need to remove the bridge
    > > statements in your own config in addition to adding new statements.
    > >
    > > Also, a good reference line from Cisco is
    > > http://www.cisco.com/warp/public/109/cable_dhcp_proxy.shtml
    > >
    > > Here is a working configuration with the private info removed. One key

    is
    > > the 'cable-modem dhcp-proxy nat testpool' statement under int cable 0

    and
    > > another is to have an IOS 12.2 rev preferably 12.2(7b) or better.
    > >
    > > version 12.2
    > > no service pad
    > > service timestamps debug datetime msec
    > > service timestamps log datetime msec
    > > no service password-encryption
    > > !
    > > hostname cable
    > > !
    > > logging buffered 20480 debugging
    > > !
    > > username xxxxx privilege 15 password 0 yyyyy
    > > clock timezone - -8
    > > ip subnet-zero
    > > ip tftp source-interface cable-modem0
    > > ip dhcp excluded-address 192.168.1.1
    > > !
    > > ip dhcp pool inside
    > > network 192.168.1.0 255.255.255.0
    > > default-router 192.168.1.1
    > > domain-name broadbandISP.com
    > > dns-server zzz.zzz.zzz.zzz yyy.yyy.yyy.yyy
    > > lease 30
    > > !
    > > ip audit notify log
    > > ip audit po max-events 100
    > > ip ssh time-out 120
    > > ip ssh authentication-retries 3
    > > call rsvp-sync
    > > !
    > > !
    > > !interface Loopback0********THIS INTERFACE WILL BE CREATED

    AUTOMATICALLY -
    > > no need to configure***********
    > > ! ip address xxx.xxx.xxx.xxx 255.255.255.255
    > > !
    > > interface Ethernet0
    > > ip address 192.168.1.1 255.255.255.0
    > > ip nat inside
    > > no ip mroute-cache
    > > !
    > > interface cable-modem0
    > > ip nat outside
    > > no ip mroute-cache
    > > no cable-modem compliant bridge
    > > cable-modem dhcp-proxy nat testpool
    > > !
    > > !******THE FOLLOWING 2 LINES WILL BE CREATED AUTOMATICALLY - no need to
    > > configure********************
    > > !ip nat pool testpool xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask

    > 255.255.240.0
    > > !ip nat inside source list 99 pool testpool overload
    > > ip classless
    > > no ip pim bidir-enable
    > > no ip domain-lookup
    > > no ip http server
    > > no ip http cable-monitor
    > > !
    > > access-list 99 permit 192.168.1.0 0.0.0.255
    > > snmp-server packetsize 2053
    > > snmp-server manager
    > > !
    > > voice-port 0
    > > input gain -2
    > > output attenuation 0
    > > !
    > > voice-port 1
    > > input gain -2
    > > output attenuation 0
    > > !
    > > alias exec c config terminal
    > > alias exec s show run
    > > alias exec ib show ip interface brief
    > > alias exec ir show ip route
    > > alias exec sc show contr c0 mac state
    > > !
    > > line con 0
    > > exec-timeout 0 0
    > > privilege level 15
    > > logging synchronous
    > > line vty 0 4
    > > exec-timeout 0 0
    > > logging synchronous
    > > login local
    > > !
    > > scheduler max-task-time 5000
    > > end
    > >
    > > "ctech" <> wrote in message
    > > news:...
    > > > Ok, I have my router online and working great, 1 small problem. It is
    > > > assigned a private address on the 10.0.0.0 subnet from my provider. My

    > PC
    > > is
    > > > assigned the actual public address. This is great, but now I can't

    > telnet
    > > > into my router from off-site. Is there any way to get my routers

    > interface
    > > > to obtain the public address?
    > > >
    > > > Thanks,
    > > >
    > > > Dave
    > > >
    > > >

    > >
    > >

    >
    >
     
    ctech, Nov 19, 2003
    #5
  6. I've never tried it under 12.1, so I can't really speak to that from
    experience except to pass on the info from Cisco in that document I
    referenced.

    The "cable-modem dhcp-proxy" command, which is key, was introduced in
    12.1(1)T but there is recommendation from Cisco to use 12.2 stated as
    follows:

    Caution: Be aware of bug CSCdt32356. Dynamic Network Address Translation
    (NAT) using the cable-modem dhcp-proxy nat <pool-name> cable interface
    command does not function correctly. IP address or subnet masks and default
    gateways are not assigned correctly, if at all. After the command is
    entered, the address assigned to the NAT pool does not respond to Address
    Resolution Protocol (ARP). The IP NAT pool that is created is from the cable
    modem scope rather than the customer premises equipment (CPE) scope, so it
    puts an unroutable IP address in the NAT pool. Notice that this problem
    occurs on several cable modem's Cisco IOS software versions, especially
    12.1(5)T. Cisco recommends that you use 12.2 train.



    "ctech" <> wrote in message
    news:...
    > The only problem is that I can't upgrade to IOS 12.2 , I can't get to the
    > files on Cisco's CCO. I don't have the information I need to get the IOS
    > updates. Do you thing this may work without the update?
    >
    > "Bob by The Bay" <> wrote in message
    > news:ATKub.247167$Tr4.754812@attbi_s03...
    > > One correction:
    > >
    > > I accidentally commented out the "ip nat inside source list 99 pool

    > testpool
    > > overload" command in the sample config. This statement does in fact

    need
    > to
    > > be manually added along with access-list 99.
    > >
    > > A reload is also necessary before any commands are automatically

    > generated.
    > >
    > > Robert
    > >
    > >
    > > "Bob by The Bay" <> wrote in message
    > > news:IMKub.247144$Tr4.754452@attbi_s03...
    > > > The uBR924 is currently operation in the default bridge mode. To make

    > it
    > > > operate as a router, do NAT/PAT, etc., you'll need to upgrade the IOS

    to
    > > > 12.2 as the "cable-modem dhcp proxy" command had serious problems

    before
    > > > 12.2.
    > > >
    > > > Below is a sample configuration. You'll need to remove the bridge
    > > > statements in your own config in addition to adding new statements.
    > > >
    > > > Also, a good reference line from Cisco is
    > > > http://www.cisco.com/warp/public/109/cable_dhcp_proxy.shtml
    > > >
    > > > Here is a working configuration with the private info removed. One

    key
    > is
    > > > the 'cable-modem dhcp-proxy nat testpool' statement under int cable 0

    > and
    > > > another is to have an IOS 12.2 rev preferably 12.2(7b) or better.
    > > >
    > > > version 12.2
    > > > no service pad
    > > > service timestamps debug datetime msec
    > > > service timestamps log datetime msec
    > > > no service password-encryption
    > > > !
    > > > hostname cable
    > > > !
    > > > logging buffered 20480 debugging
    > > > !
    > > > username xxxxx privilege 15 password 0 yyyyy
    > > > clock timezone - -8
    > > > ip subnet-zero
    > > > ip tftp source-interface cable-modem0
    > > > ip dhcp excluded-address 192.168.1.1
    > > > !
    > > > ip dhcp pool inside
    > > > network 192.168.1.0 255.255.255.0
    > > > default-router 192.168.1.1
    > > > domain-name broadbandISP.com
    > > > dns-server zzz.zzz.zzz.zzz yyy.yyy.yyy.yyy
    > > > lease 30
    > > > !
    > > > ip audit notify log
    > > > ip audit po max-events 100
    > > > ip ssh time-out 120
    > > > ip ssh authentication-retries 3
    > > > call rsvp-sync
    > > > !
    > > > !
    > > > !interface Loopback0********THIS INTERFACE WILL BE CREATED

    > AUTOMATICALLY -
    > > > no need to configure***********
    > > > ! ip address xxx.xxx.xxx.xxx 255.255.255.255
    > > > !
    > > > interface Ethernet0
    > > > ip address 192.168.1.1 255.255.255.0
    > > > ip nat inside
    > > > no ip mroute-cache
    > > > !
    > > > interface cable-modem0
    > > > ip nat outside
    > > > no ip mroute-cache
    > > > no cable-modem compliant bridge
    > > > cable-modem dhcp-proxy nat testpool
    > > > !
    > > > !******THE FOLLOWING 2 LINES WILL BE CREATED AUTOMATICALLY - no need

    to
    > > > configure********************
    > > > !ip nat pool testpool xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx netmask

    > > 255.255.240.0
    > > > !ip nat inside source list 99 pool testpool overload
    > > > ip classless
    > > > no ip pim bidir-enable
    > > > no ip domain-lookup
    > > > no ip http server
    > > > no ip http cable-monitor
    > > > !
    > > > access-list 99 permit 192.168.1.0 0.0.0.255
    > > > snmp-server packetsize 2053
    > > > snmp-server manager
    > > > !
    > > > voice-port 0
    > > > input gain -2
    > > > output attenuation 0
    > > > !
    > > > voice-port 1
    > > > input gain -2
    > > > output attenuation 0
    > > > !
    > > > alias exec c config terminal
    > > > alias exec s show run
    > > > alias exec ib show ip interface brief
    > > > alias exec ir show ip route
    > > > alias exec sc show contr c0 mac state
    > > > !
    > > > line con 0
    > > > exec-timeout 0 0
    > > > privilege level 15
    > > > logging synchronous
    > > > line vty 0 4
    > > > exec-timeout 0 0
    > > > logging synchronous
    > > > login local
    > > > !
    > > > scheduler max-task-time 5000
    > > > end
    > > >
    > > > "ctech" <> wrote in message
    > > > news:...
    > > > > Ok, I have my router online and working great, 1 small problem. It

    is
    > > > > assigned a private address on the 10.0.0.0 subnet from my provider.

    My
    > > PC
    > > > is
    > > > > assigned the actual public address. This is great, but now I can't

    > > telnet
    > > > > into my router from off-site. Is there any way to get my routers

    > > interface
    > > > > to obtain the public address?
    > > > >
    > > > > Thanks,
    > > > >
    > > > > Dave
    > > > >
    > > > >
    > > >
    > > >

    > >
    > >

    >
    >
     
    Bob by The Bay, Nov 19, 2003
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. troll

    UBR924

    troll, Oct 25, 2003, in forum: Cisco
    Replies:
    2
    Views:
    609
    troll
    Oct 27, 2003
  2. TJ
    Replies:
    3
    Views:
    673
    Bob by The Bay
    Nov 10, 2003
  3. Replies:
    4
    Views:
    603
    B.M. Wright
    Jul 22, 2005
  4. enlaces

    ubr924 - disregard cable

    enlaces, Jul 10, 2003, in forum: VOIP
    Replies:
    1
    Views:
    1,642
    Peter
    Jul 12, 2003
  5. Cisco uBR924

    , Mar 7, 2004, in forum: VOIP
    Replies:
    0
    Views:
    598
Loading...

Share This Page