CCNAVoice PPPoE NTP config

essclub

I am currently setting up a home voice lab and using the CBT Nuggets and Cisco press book by Jeremy Ciora. I am trying to set up a 2621XM to have NTP as per the preparing the infrastructure for VoIP part 2 video but Jeremy seems to skim over his Internet connection.

I did see his PPPoE video from CBT nuggets CCNP but I am still stuck as this was very vague and is not related to sub interfaces and VLAN's.

I have an 851W which I have configured for ADSL connection to my ASUS router using PPPoE pap authentication which is working fine.My ISP provides DHCP addresses and my 851W is getting an IP and I can browse the web from that router fine. 192.168.1.1 is my ADLS ASUS and I an getting DHCP allocated IP's from this range to my machines.

Where I am getting confused is when I try to do the same with the sub interface config of the Fa0/0 on the 2621XM. 172.16.1.0 is my VLAN 10 Voice and 172.16.2.0 is my VLAN 50 Data all as per the video. The Nat stuff was what i found hardest on the CCNA but I am going round in circles here. I have trawled the web and tried to come up with my own config but cant seem to get anything to work. If anyone has a working config they could post that would be very much appreciated.

Cheers

Essclub

mikem2te

So to clarify you have an 851 connected to an ASUS ADSL router for the internet connection which all works fine, are you removing the 851 and replacing it with the 2621XM or connecting them up some other way?

I have a voice with vlans etc config but it is pretty big, any chance you can put your config up?

essclub

mikem2te wrote: »

So to clarify you have an 851 connected to an ASUS ADSL router for the internet connection which all works fine, are you removing the 851 and replacing it with the 2621XM or connecting them up some other way?

I have a voice with vlans etc config but it is pretty big, any chance you can put your config up?

Yes, correct I am removing the 851.

I have been using the tech republic spreadsheet for the 851W.

I have tried to use this sheet to generate various configs with no success but I have not saved any of them.

I am trying to create the attached network. My 2621XM ix the CME router with FA0/1 connecting to my ASUS ADSL router, fa 0/0.10 172.16.1.1 VOICE VLAN10 and fa 0/0.50 172.16.2.1.

Any assistance you can provide would be greatly appreciated as I think I am at the stage where I can’t see the woods for the trees now .

my basic 851 cfg is:


851W#sh run
Building configuration...
Current configuration : 2474 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 851W
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid WLAN1
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 Kurhaus46183a
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool internal-net
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name nuggetlab.com
lease 4
!
!
ip cef
no ip domain lookup
!
!
!
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
no dot11 extension aironet
!
encryption vlan 1 mode ciphers tkip
!
ssid WLAN1
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description INTERNAL_NETWORK
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username XXXXXXXX password XXXXXX
ppp ipcp dns request
!
interface BVI1
description BRIDGE_TO_INTERNAL_NETWORK
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
ip access-list extended NAT_ADDRESSES
permit ip 192.168.1.0 0.0.0.255 any
!
!
control-plane
!
bridge 1 route ip
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

essclub

essclub wrote: »

Yes, correct I am removing the 851.

I have been using the tech republic spreadsheet for the 851W.

I have tried to use this sheet to generate various configs with no success but I have not saved any of them.

I am trying to create the attached network. My 2621XM ix the CME router with FA0/1 connecting to my ASUS ADSL router, fa 0/0.10 172.16.1.1 VOICE VLAN10 and fa 0/0.50 172.16.2.1.

Any assistance you can provide would be greatly appreciated as I think I am at the stage where I can’t see the woods for the trees now .

my basic 851 cfg is:


851W#sh run
Building configuration...
Current configuration : 2474 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 851W
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
!
dot11 ssid WLAN1
vlan 1
authentication open
authentication key-management wpa
guest-mode
wpa-psk ascii 0 Kurhaus46183a
!
no ip dhcp use vrf connected
ip dhcp excluded-address 192.168.1.1 192.168.1.99
!
ip dhcp pool internal-net
import all
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
domain-name nuggetlab.com
lease 4
!
!
ip cef
no ip domain lookup
!
!
!
!
!
archive
log config
hidekeys
!
!
!
bridge irb
!
!
interface FastEthernet0
spanning-tree portfast
!
interface FastEthernet1
spanning-tree portfast
!
interface FastEthernet2
spanning-tree portfast
!
interface FastEthernet3
spanning-tree portfast
!
interface FastEthernet4
ip address dhcp
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Dot11Radio0
no ip address
no dot11 extension aironet
!
encryption vlan 1 mode ciphers tkip
!
ssid WLAN1
!
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2462
station-role root
no cdp enable
!
interface Dot11Radio0.1
encapsulation dot1Q 1 native
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Vlan1
description INTERNAL_NETWORK
no ip address
ip nat inside
ip virtual-reassembly
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username XXXXXX password XXXX
ppp ipcp dns request
!
interface BVI1
description BRIDGE_TO_INTERNAL_NETWORK
ip address 192.168.1.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
ip access-list extended NAT_ADDRESSES
permit ip 192.168.1.0 0.0.0.255 any
!
!
control-plane
!
bridge 1 route ip
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
login
!
scheduler max-task-time 5000
end

the network diagram.....

mikem2te

Ah, I just realised my voice and data lan is connected to a HWIC-D-9ESW switch card in my router so it has a switch configuration (trunk and vlans) rather than router on a stick type config.

I'll try and get a 2621 fired up later once I've sorted out my vpn issues

essclub

mikem2te wrote: »

Ah, I just realised my voice and data lan is connected to a HWIC-D-9ESW switch card in my router so it has a switch configuration (trunk and vlans) rather than router on a stick type config.

I'll try and get a 2621 fired up later once I've sorted out my vpn issues

Great, thanks for that. I have been looking at this too long today anyway my eyes ache and it's late here so I'm going to open a beer and grab the remote control... good luck with the visible panty net.... no that's not it....

Cheers

essclub

essclub wrote: »

Great, thanks for that. I have been looking at this too long today anyway my eyes ache and it's late here so I'm going to open a beer and grab the remote control... good luck with the visible panty net.... no that's not it....

Cheers

OK, I had some time to try again this morning and saved my config. Where I am at with this config is I am getting an IP on subnet 172.16.2.0, I can ping 4.2.2.2 from the CME router but I cannot get on the web so looks like I have a DNS issue somewhere. Also my router is not accepting any NTP servers I add instead it just gives me invalid syntax warning from the IOS. Please see attached cfg:

CME_VOICE#sh run
Building configuration...
Current configuration : 1829 bytes
!
! Last configuration change at 10:25:20 BANGKOK Fri Mar 1 2002
! NVRAM config last updated at 10:25:44 BANGKOK Fri Mar 1 2002
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CME_VOICE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone BANGKOK 7
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
no ip domain lookup
ip name-server 4.2.2.2
multilink bundle-name authenticated
!
!
!
!
!
rchive
log config
hidekeys
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0
ip helper-address 172.16.2.5
!
interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 172.16.2.1 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Serial0/1
no ip address
shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username ISPUSERNAME password 0 PASSWORD
ppp ipcp dns request
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
ip access-list extended NAT_ADDRESSES
permit ip 172.16.2.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
voice-port 1/0/0
!
voice-port 1/0/1
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
ntp master
!
end

laidbackfreak

essclub wrote: »

OK, I had some time to try again this morning and saved my config. Where I am at with this config is I am getting an IP on subnet 172.16.2.0, I can ping 4.2.2.2 from the CME router but I cannot get on the web so looks like I have a DNS issue somewhere.
!
no ip domain lookup
ip name-server 4.2.2.2

you need to enable the "ip domain lookup" command

the ip name-server command just specifies the DNS server, without the domain lookup command enabled the router wont even look at this address.

mikem2te

laidbackfreak wrote: »

you need to enable the "ip domain lookup" command

the ip name-server command just specifies the DNS server, without the domain lookup command enabled the router wont even look at this address.

That might explaing yout NTP server issue as well as I believe IOS looks up the ntp server domain name and then puts the IP address in the config rather than the domain name.

essclub

mikem2te wrote: »

That might explaing yout NTP server issue as well as I believe IOS looks up the ntp server domain name and then puts the IP address in the config rather than the domain name.

Mike/Laidbackfreak,

Thanks for your reply. Yes, I noted that today when I had a chance to lay at lunch time and I can now ping from my CME router to 4.2.2.2 etc and www.google.com etc and I also have NTP associations as well. The only thing I cant do is browse the web from a client so I still have a DNS issue somewhere......I have attached an updated dwg of my test setup and the configs are below. I know I am not far away.....

Thanks

C

CME_VOICE#sh run
Building configuration...
Current configuration : 1879 bytes
!
! Last configuration change at 17:03:34 BANGKOK Tue Jan 26 2010
! NVRAM config last updated at 18:18:55 BANGKOK Tue Jan 26 2010
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CME_VOICE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone BANGKOK 7
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0
ip helper-address 172.16.2.5
!
interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 172.16.2.1 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Serial0/1
no ip address
shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username [EMAIL="avb6xkje@truehisp"]avb6xkje@truehisp[/EMAIL] password 0 vkUQ7
ppp ipcp dns request
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
ip access-list extended NAT_ADDRESSES
permit ip 172.16.2.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
voice-port 1/0/0
!
voice-port 1/0/1
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
ntp clock-period 17180143
ntp master
ntp server 133.100.11.8
ntp server 133.243.238.164
!
end

DHCP_ROUTER#sh run
Building configuration...
Current configuration : 1363 bytes
!
version 12.4
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname DHCP_ROUTER
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
!
!
dot11 syslog
ip cef
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.1.1 172.16.1.10
ip dhcp excluded-address 172.16.2.1 172.16.2.10
!
ip dhcp pool VOICE
network 172.16.1.0 255.255.255.0
default-router 172.16.1.1
dns-server 4.2.2.2
option 150 ip 172.16.1.1
!
ip dhcp pool DATA
network 172.16.2.0 255.255.255.0
default-router 172.16.2.1
dns-server 4.2.2.2
option 150 ip 172.16.1.1
!
!
!
!
!
vtp domain esson.com
vtp mode transparent
!
!
archive
log config
hidekeys
!
!
vlan 10
name VOICE
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
ip address 172.16.2.5 255.255.255.0
duplex auto
speed auto
!
interface Dot11Radio0
no ip address
shutdown
speed basic-1.0 basic-2.0 basic-5.5 6.0 9.0 basic-11.0 12.0 18.0 24.0 36.0 48.0 54.0
station-role root
!
interface Vlan1
no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
logging synchronous
no modem enable
line aux 0
line vty 0 4
!
scheduler max-task-time 5000
end


SwitchB#sh run
Building configuration...
Current configuration : 2517 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SwitchB
!
!
ip subnet-zero
no ip domain-lookup
!
spanning-tree extend system-id
!
!
interface FastEthernet0/1
switchport access vlan 50
switchport mode access
switchport voice vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 50
switchport mode access
switchport voice vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 50
switchport mode access
switchport voice vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 50
switchport mode access
switchport voice vlan 10
no ip address
spanning-tree portfast
!
interface FastEthernet0/5
no ip address
spanning-tree portfast
!
interface FastEthernet0/6
no ip address
spanning-tree portfast
!
interface FastEthernet0/7
no ip address
spanning-tree portfast
!
interface FastEthernet0/8
no ip address
spanning-tree portfast
!
interface FastEthernet0/9
no ip address
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 50
switchport mode access
no ip address
spanning-tree portfast
!
interface FastEthernet0/11
no ip address
spanning-tree portfast
!
interface FastEthernet0/12
no ip address
spanning-tree portfast
!
interface FastEthernet0/13
no ip address
spanning-tree portfast
!
interface FastEthernet0/14
no ip address
spanning-tree portfast
!
interface FastEthernet0/15
no ip address
spanning-tree portfast
!
interface FastEthernet0/16
no ip address
spanning-tree portfast
!
interface FastEthernet0/17
no ip address
spanning-tree portfast
!
interface FastEthernet0/18
no ip address
spanning-tree portfast
!
interface FastEthernet0/19
no ip address
spanning-tree portfast
!
interface FastEthernet0/20
switchport mode trunk
no ip address
spanning-tree portfast
!
interface FastEthernet0/21
no ip address
spanning-tree portfast
!
interface FastEthernet0/22
no ip address
spanning-tree portfast
!
interface FastEthernet0/23
no ip address
spanning-tree portfast
!
interface FastEthernet0/24
switchport mode trunk
no ip address
spanning-tree portfast
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
ip http server
!
!
line con 0
exec-timeout 0 0
logging synchronous
line vty 0 4
login
line vty 5 15
login
!
end

mikem2te

So some debugging is required

Is your computer picking up a correct IP address from the DHCP router?

Is the default gateway being set correctly on the computer and can you ping the default gateway?

Can you tracert 4.2.2.2 from your computer? If it gets stuck ot the first hop then it is a routing/NAT issue.


I would be inclined to out the IP NAT INSIDE sttements under the subinterfaces rather than the top level interface

essclub

mikem2te wrote: »

so some debugging is required

yes

is your computer picking up a correct ip address from the dhcp router?

Yes

is the default gateway being set correctly on the computer and can you ping the default gateway?

Yes

can you tracert 4.2.2.2 from your computer? If it gets stuck ot the first hop then it is a routing/nat issue.

I didn't try today.iwill try a trace route first thing tomorrow.


I would be inclined to out the ip nat inside sttements under the subinterfaces rather than the top level interface

will try this also i didnt think about this at all. Would this make any difference?

Cheers mike!
C

hermeszdata

mikem2te wrote: »

So some debugging is required

Is your computer picking up a correct IP address from the DHCP router?

Is the default gateway being set correctly on the computer and can you ping the default gateway?

Can you tracert 4.2.2.2 from your computer? If it gets stuck ot the first hop then it is a routing/NAT issue.


I would be inclined to out the IP NAT INSIDE sttements under the subinterfaces rather than the top level interface

If you are using a Windows Host, open a command prompt and ipconfig /all this will tell you if your DHCP info is initializing properly.

Set your host with static IP, mask, gateway and DNS settings. Try to ping.

This will let you know up front if you have DHCP issues.

One other thing I would do is set up one of your switch interfaces for dot1q trunking and use that as your router interface. this should not make any real difference, but it is generally good practice as it limits some of the problems associated with static access ports.

John

EDIT: After looking more closely at your config, I think part of the problem is with your access list. Try adding:
permit ip 172.16.1.0 0.0.0.255 any

right now, it looks like your are blocking everything except network 172.16.2.0. I am not sure about how the IP Helper address works of if having it overcomes the access-list issue.

essclub

hermeszdata wrote: »

If you are using a Windows Host, open a command prompt and ipconfig /all this will tell you if your DHCP info is initializing properly.

Set your host with static IP, mask, gateway and DNS settings. Try to ping.

This will let you know up front if you have DHCP issues.

One other thing I would do is set up one of your switch interfaces for dot1q trunking and use that as your router interface. this should not make any real difference, but it is generally good practice as it limits some of the problems associated with static access ports.

John

EDIT: After looking more closely at your config, I think part of the problem is with your access list. Try adding:
permit ip 172.16.1.0 0.0.0.255 any

right now, it looks like your are blocking everything except network 172.16.2.0. I am not sure about how the IP Helper address works of if having it overcomes the access-list issue.

As soon as I switched the Nat Inside commands from fa0/0 to the subinterfaces everything was tickety boo. Interesting point and one which I will remember for the future!

I have pasted the working config below should anyone need it.

Many Thanks

Craig

ME_VOICE#sh run
Building configuration...
Current configuration : 1876 bytes
!
! Last configuration change at 09:40:58 BANGKOK Wed Jan 27 2010
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CME_VOICE
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
clock timezone BANGKOK 7
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 172.16.1.1 255.255.255.0
ip helper-address 172.16.2.5
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.50
encapsulation dot1Q 50
ip address 172.16.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 1
!
interface Serial0/1
no ip address
shutdown
!
interface Dialer1
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
ppp authentication pap callin
ppp pap sent-username [EMAIL="avb6xkje@truehisp"]avb6xkje@truehisp[/EMAIL] password 0 vkUQ7
ppp ipcp dns request
ppp ipcp address accept
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Dialer1
!
no ip http server
no ip http secure-server
ip dns server
ip nat inside source list NAT_ADDRESSES interface Dialer1 overload
!
ip access-list extended NAT_ADDRESSES
permit ip 172.16.2.0 0.0.0.255 any
!
!
!
control-plane
!
!
!
voice-port 1/0/0
!
voice-port 1/0/1
!
!
!
!
!
!
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
login
!
ntp clock-period 17180100
ntp master
ntp server 133.100.11.8
ntp server 133.243.238.164
!
end
CME_VOICE#

hermeszdata

I am still studying/learning, but the one thing that sticks im my feble old fart's mind is:

NAT is a LOVE/HATE relationship! Access List too!

One slip of the keyboard will bring the whole system down!

Here @ the Hermesz LAB, I try to do all my experiments after my wife goes to bed and before she gets up in the morning.

This can get a freeky at times. My wife is an artist and is involved in several online communities where she has her work for sale! I would rather have 1000 disgruntled useres mad @ me that the one I am married to.

Hermesz Fine Art, LLC. Photo Gallery

Shameless plug!:)

In any case, this is a great site. the info I have gleened here has been invaluable.

John

mikem2te

essclub wrote: »

As soon as I switched the Nat Inside commands from fa0/0 to the subinterfaces everything was tickety boo. Interesting point and one which I will remember for the future!

I have pasted the working config below should anyone need it.

Awesome.

Next thing to do is get some security setup on the router-

• Setup an enable password.
• Create an ACL and apply it to you VTY lines.
• Create a firewall.

essclub

mikem2te wrote: »

Awesome.

Next thing to do is get some security setup on the router-

• Setup an enable password.
• Create an ACL and apply it to you VTY lines.
• Create a firewall.

Hi Mike,

Yes, I'm not too worried about the aesthetics right now I will tidy things up when i get everything operational.
I run in to another problem today when I tried to get my phones to register with CME but no luck It looks like they are not getting DHCP info . My CIPC was fine on the 172.16.2.0 Data Vlan but no joy on the 7912 or 7940.
I have wiped the lot and will start afresh tomorrow step by step and see how i get on. I am not sure if I need to factory default my phones as evertyhing has come from Ebay and not proven operational yet.

Cheers

C

mikem2te

essclub wrote: »

Hi Mike,

Yes, I'm not too worried about the aesthetics right now I will tidy things up when i get everything operational.
I run in to another problem today when I tried to get my phones to register with CME but no luck It looks like they are not getting DHCP info . My CIPC was fine on the 172.16.2.0 Data Vlan but no joy on the 7912 or 7940.
I have wiped the lot and will start afresh tomorrow step by step and see how i get on. I am not sure if I need to factory default my phones as evertyhing has come from Ebay and not proven operational yet.

Cheers

C

You could try setting an unused port on your switch to an access port but set the vlan to the voice vlan 'switchport access vlan 10' rather than the data vlan.

You could then plug a computer into this port and see if it gets an IP from the voice range, this will kinda test the dhcp process and rule out the phone configs.

essclub

mikem2te wrote: »

You could try setting an unused port on your switch to an access port but set the vlan to the voice vlan 'switchport access vlan 10' rather than the data vlan.

You could then plug a computer into this port and see if it gets an IP from the voice range, this will kinda test the dhcp process and rule out the phone configs.

Hi Mike,

That sounds like a good plan. Thanks for the suggestion. I will try that if after configuring everything again from the top I still have issues.

On a side(ish) note, one thing I did wonder about today; in the CBT nuggets voice video, when Jeremy adds the voice vlans a "show vlan brief" shows the ports allocated to each vlan i.e ports 1-4 are in Vlan 10-Voice and also in vlan data-50.

On my 2950T switch I only see the ports allocated to the Data vlan-50.

When I look at the port interfaces individually, it shows that the ports are allocated to voice vlans. Jeremy uses a 3550 in the video for SwitchB so maybe this is due to the difference in hardware?

Cheers
C

mikem2te

essclub wrote: »

When I look at the port interfaces individually, it shows that the ports are allocated to voice vlans. Jeremy uses a 3550 in the video for SwitchB so maybe this is due to the difference in hardware?

Cheers
C

I've noticed loads of differences between different models and IOS versions. It can be a bit annoying at times.

hermeszdata

essclub wrote: »

Hi Mike,

That sounds like a good plan. Thanks for the suggestion. I will try that if after configuring everything again from the top I still have issues.

On a side(ish) note, one thing I did wonder about today; in the CBT nuggets voice video, when Jeremy adds the voice vlans a "show vlan brief" shows the ports allocated to each vlan i.e ports 1-4 are in Vlan 10-Voice and also in vlan data-50.

On my 2950T switch I only see the ports allocated to the Data vlan-50.

When I look at the port interfaces individually, it shows that the ports are allocated to voice vlans. Jeremy uses a 3550 in the video for SwitchB so maybe this is due to the difference in hardware?

Cheers
C

What phones are you using? I know the issues I had when frist setting up my VoIP lab here. I bought 5 7910s off EvilBay and I had a difficult time getting then to aquire IP addresses (VLAN issues on my switch and DHCP server config on the router.) Generally, if the phones are trying to get an IP address from the network, it is not a phone issue.

Two things I noticed in the latest config you posted:
1.) you do not have configs for your DHCP servers
2.) telephony-service is not active.

regarding your switch, sh vlan br will list the ports active on every vlan in the database.

I am using a combination of 2950, 2950T, and 3550 switches. the config you posted earlier should be good (with the exception of security, it is the same config I am using without issue.)

I would look to points 1 & 2 above. In the original config you posted, the DHCP config was there and looked ok.

I have atttached the config file for one of the voice routers on my network. hope this helps.

John

essclub

hermeszdata wrote: »

what phones are you using? I know the issues i had when frist setting up my voip lab here. I bought 5 7910s off evilbay and i had a difficult time getting then to aquire ip addresses (vlan issues on my switch and dhcp server config on the router.) generally, if the phones are trying to get an ip address from the network, it is not a phone issue.

Hi john, as per my diagram i am using a 7940 and a 7912 and a cipc

two things i noticed in the latest config you posted:
1.) you do not have configs for your dhcp servers
2.) telephony-service is not active.

Dhcp router config is pasted above
the cme voice config above was pasted after my ppoe issue and before i tried to config the phones

regarding your switch, sh vlan br will list the ports active on every vlan in the database.

As my previous post sh vlan brief oes not show ports allocated to voice vlan but they are shown at interface leve.

I am using a combination of 2950, 2950t, and 3550 switches. The config you posted earlier should be good (with the exception of security, it is the same config i am using without issue.)

i would look to points 1 & 2 above. In the original config you posted, the dhcp config was there and looked ok.

I have atttached the config file for one of the voice routers on my network. Hope this helps.

No attachement

john

thanks craig

hermeszdata

I thought the config attachedbut did not.:

Here is what I use on one oc my voice routers.

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Atlanta_Rtr
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 172.16.100.9
ip dhcp excluded-address 172.16.100.1
!
ip dhcp pool AtlantaPhones
import all
network 172.16.100.8 255.255.255.248
default-router 172.16.100.9
option 150 ip 172.16.100.9
!
ip dhcp pool AtlantaHosts
network 172.16.100.0 255.255.255.248
default-router 172.16.100.1
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
username ME privilege 15 password 0 AnYtHiNg
archive
log config
hidekeys
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.101
encapsulation dot1Q 101
ip address 10.10.11.7 255.255.255.224
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/1.201
encapsulation dot1Q 201
ip address 172.16.100.1 255.255.255.248
!
interface FastEthernet0/1.207
encapsulation dot1Q 207
ip address 172.16.100.9 255.255.255.248
!
router ospf 101
log-adjacency-changes
network 10.10.0.0 0.0.255.255 area 0
network 172.16.100.0 0.0.0.255 area 0
!
ip default-gateway 10.10.11.1
ip forward-protocol nd
!
!
ip http server
ip http authentication local
no ip http secure-server
ip http path flash:/gui
!
!
!
!
!
tftp-server flash:P00405000700.bin
tftp-server flash:P00405000700.sbn
!
control-plane
!
!
!
!
!
!
!
dial-peer voice 1000 voip
destination-pattern 1...
session target ipv4:10.10.11.194
!
dial-peer voice 3000 voip
destination-pattern 3...
session target ipv4:172.16.200.9
!
dial-peer voice 2 voip
destination-pattern +9T
session target ipv4:10.10.11.194
!
!
!
!
telephony-service
load 7910 P00405000700
max-ephones 10
max-dn 30
ip source-address 172.16.100.1 port 2000
service phone SEP00044D0770A9 P00405000700
system message atlanta.Hermesz.lcl VoIP
max-conferences 4 gain -6
web admin system name ME password anything
dn-webedit
transfer-system full-consult
create cnf-files version-stamp Jan 01 2002 00:00:00
!
!
ephone-dn 1
number 2001
label Atlanta Main
description Atlanta Main
name Atlanta Main
hold-alert 30 originator
!
!
ephone 1
device-security-mode none
mac-address 0004.4DE1.31E9
type 7910
button 1:1
!
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
login
!
!
end

Hope this helps.

essclub

mikem2te wrote: »

You could try setting an unused port on your switch to an access port but set the vlan to the voice vlan 'switchport access vlan 10' rather than the data vlan.

You could then plug a computer into this port and see if it gets an IP from the voice range, this will kinda test the dhcp process and rule out the phone configs.

Hi Mike,

OK, I tried creating vlan 50 only on ports fa0/1-4 and vlan 10 on ports fa0/5-8. I get an IP address no problem on vlan do but nothing on vlan 10.

I have went through the config with no joy. Must be a DHCP config issue but I can't see it. I have also tried reconfiguring my CME Router on a stick to F0/1 instead of f0/0 with the same results. I am wondering if this is something t do with my 871W router acting as the DHCP server via it's fa4 port.

I have a second 2621XM and 2950T on order but they may take a while to arrive

I suppose in the meantime I could have a full rework and put the DHCP on the CME router to try and get the phones to register that way and taking the 871W out of the loop.

Cheers

C

mikem2te

There doesn't appear to be an 'ip route' on your dhcp router to the voice network. I think it needs this to issue dhcp addressess.

essclub

mikem2te wrote: »

There doesn't appear to be an 'ip route' on your dhcp router to the voice network. I think it needs this to issue dhcp addressess.

Mike, As I understood it the IP helper address on the CME_ROUTER 172.16.1.1 sub interface takes care of this. Certainly there is no ip route in the CBT nuggets or Cisco Press book. I have had to pull everything apart and relocate "my mess" due to the inlaws arriving for a visit tonight (WooHoo....) so will have another look when i get everything back together again.

Cheers C

essclub

mikem2te wrote: »

There doesn't appear to be an 'ip route' on your dhcp router to the voice network. I think it needs this to issue dhcp addressess.

I stand corrected, I found this thread which explains the issue in great detail: https://learningnetwork.cisco.com/thread/7992?start=15&tstart=0

Now if only I didnt have to tidy away my mess I would have been able to try this grrr. Tomorrow....

Thanks

C

hermeszdata

mikem2te wrote: »

There doesn't appear to be an 'ip route' on your dhcp router to the voice network. I think it needs this to issue dhcp addressess.

the request gets to the 877w, but has no way to get back!?!

I no longer have a 877W, but I have an 831 laying around that I can play some games with. I will put something up later.

John