T1 Config

wrwarwickwrwarwick Member Posts: 104
Ok, I apologize if this shouldn't be posted here, but maybe this will be of some help for those studying for the CCNA.

Let me start by saying that I passed my CCNA back in early June 2010. I am now in a work position where I need to do some work on routers/switches and I am a little lost as to what is happening here.

Some background - the company has a Cisco 2811 that they want to use to have a bonded T1, effectively running at around 3mbps. Here is the current config:

Current configuration : 1190 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SprintCisco2811
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
enable secret 5 XXXXX
enable password XXXXX
!
no aaa new-model
no network-clock-participate wic 0
no ip routing
!
!
no ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.72 255.255.255.0
no ip route-cache
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:0
no ip address
!
interface Serial0/0/1:0
no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password servit2010
login
!
scheduler allocate 20000 1000
!
end

I have configured the WIC controller to at least give me the serial interfaces, but I cannot get the lines to work. When I run "sh ip int bri" I get the following:

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.0.0.72 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0:0 unassigned YES NVRAM down down
Serial0/0/1:0 unassigned YES NVRAM down down

At this point, since I am getting a down/down on the serial interfaces is there either a cabling problem or an ISP problem? Or is there something that I am missing that is causing the down/down status?

I also went through some steps yesterday to setup a multilink interface and attempted to tie the serial interfaces to it, which worked, but I cannot get the interfaces to come up.

I am thinking a wiring issue or something of that nature, but since I am so new to this in a real world environment I might be completely off.

Any ideas?

Comments

  • ipchainipchain Member Posts: 297
    Need more information. Are these back-to-back T1 connections? What is on the other end of the connection? What type of cable are you using?
    Every day hurts, the last one kills.
  • chmorinchmorin Member Posts: 1,446 ■■■■■□□□□□
    You will need to configure the serial interfaces now, you may need some information from the ISP to properly give it IP information. I'm more familiar with Voice T1's so that is all I can really confidently say.
    Currently Pursuing
    WGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)
    mikej412 wrote:
    Cisco Networking isn't just a job, it's a Lifestyle.
  • wrwarwickwrwarwick Member Posts: 104
    Ok so I am completely lost. I have the contact info for the ISP - what do I need to get from them? I have an old email chain but all it has it IP information, but I'm pretty sure I need more than that.
  • chmorinchmorin Member Posts: 1,446 ■■■■■□□□□□
    wrwarwick wrote: »
    Ok so I am completely lost. I have the contact info for the ISP - what do I need to get from them? I have an old email chain but all it has it IP information, but I'm pretty sure I need more than that.

    Maybe maybe not. Plop the Ip address they gave you on the serial interface and no-shut it. Maybe they use defaults... who knows. The ISP should tell you any encapsulation changes.

    But again, Data T1 not my forte.
    Currently Pursuing
    WGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)
    mikej412 wrote:
    Cisco Networking isn't just a job, it's a Lifestyle.
  • wrwarwickwrwarwick Member Posts: 104
    I went out and checked the router and (I don't know how I missed this) but the yellow WIC alarm is on. I believe this is either a cabling or ISP problem so I emailed the ISP to determine if the line was still up.

    I also found out that the line has never been used before so who knows if it is still active.
  • StoticStotic Member Posts: 248
    You need to configure encapsulation on your serial interfaces. Your IP will go on the multilink.

    interface Serial0/0/0:0
    encapsulation ppp

    interface Serial0/0/1:0
    encapsulation ppp

    To test the physical if it is still down, create a loopback plug (google it) and plug it on your local ethernet cable at the demarc. You'll see 'looped' when you do a sh interface.
  • VAHokie56VAHokie56 Member Posts: 783
    Need the encapsulation then most likely need to make a multilink interface (this should be where your public ip goes)and add both your serial interfaces to the multilink group(don't forget the chap host name)...this is all assuming your using multilink ppp. I haven't done alot of bonded T1's so I could be way off.
    .ιlι..ιlι.
    CISCO
    "A flute without holes, is not a flute. A donut without a hole, is a Danish" - Ty Webb
    Reading:NX-OS and Cisco Nexus Switching: Next-Generation Data Center Architectures
  • keenonkeenon Member Posts: 1,922 ■■■■□□□□□□
    your config should look something like this

    !
    interface Multilink1
    bandwidth 3000
    ip address x.x.x.x
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    ip route-cache policy
    ip route-cache flow
    load-interval 30
    no peer neighbor-route
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    !
    interface Serial0/0/0
    bandwidth 1544
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation ppp
    ip route-cache policy
    ip route-cache flow
    load-interval 30
    no peer neighbor-route
    no fair-queue
    service-module t1 timeslots 1-24
    service-module t1 fdl both
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    !
    interface Serial0/1/0
    bandwidth 1544
    no ip address
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    encapsulation ppp
    ip route-cache policy
    ip route-cache flow
    load-interval 30
    no peer neighbor-route
    no fair-queue
    service-module t1 timeslots 1-24
    service-module t1 fdl both
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    Become the stainless steel sharp knife in a drawer full of rusty spoons
  • StoticStotic Member Posts: 248
    VAHokie56 wrote: »
    \(don't forget the chap host name)

    chap really isn't used in the real world anymore. From the sound of it this is an internet connection which most likely doesn't use encryption (your ISP would definitely charge you more for that). If this is a leased line to another site you would want to configure a GRE IPsec tunnel.
  • wrwarwickwrwarwick Member Posts: 104
    Thanks everyone for the assistance, and I will be sure to refer to it next week, but ya know without power, that T1 ain't gonna do nothing lol.

    After checking the demarc there is no power to the ISP box, so we are going to have to wait for them to come out and get the line working again. The above information about the multilink interface is great - and is what I was trying to do before I realized that the line wasn't even working. One question about that - does the ISP have to have anything done on there end for the multilink to work?

    Also a little input about the CCNA and real world - it is a whole new game when you are really working on production stuff rather than simulators and tests. Don't get me wrong - the CCNA taught me loads of stuff and I am glad that I took and passed it - but it is definitely a stepping stone into bigger and better things.
  • wrwarwickwrwarwick Member Posts: 104
    Ok, so just as an update the T1 line is up and I was able to bond them in a multilink configuration and ping 8.8.8.8. Now I have a new question :).

    What I am trying to do now is basically setup the router as a bridge or pass through for the T1 to our Sonicwall firewall. I have been trying to read online on how to do it but cannot seem to get it working correctly. The setup would be:

    Sprint T1 ----> Cisco 2811 ----> Sonicwall NSA

    I have the IP for the Sprint side and our IP, but instead of giving the Multilink interface I want to have the Sonicwall with the IP to perform NAT, etc. Basically this is going to be a failover internet connection if our main line ever dies.

    I think I need to setup some sort of bridge connection through the 2811 to the Sonicwall but I am not sure exactly how to set it up. Right now with the following config, I am able to ping hosts on the internet:

    Current configuration : 1796 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname SprintCisco2811
    !
    boot-start-marker
    boot-end-marker
    !
    card type t1 0 0
    enable secret 5 $1$PkqI$BuNkk6gRvbshE6HovBFJ0/
    enable password XXXXX
    !
    no aaa new-model
    no network-clock-participate wic 0
    no ip routing
    !
    !
    no ip cef
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    ip name-server 10.0.0.21
    !
    !
    !
    !
    !
    !
    controller T1 0/0/0
    framing esf
    linecode b8zs
    cablelength long 0db
    channel-group 0 timeslots 1-24
    !
    controller T1 0/0/1
    framing esf
    linecode b8zs
    cablelength long 0db
    channel-group 0 timeslots 1-24
    !
    !
    !
    !
    !
    interface Multilink1
    ip address 144.22.176.112 255.255.255.252
    no ip redirects
    ip route-cache policy
    load-interval 30
    no peer neighbor-route
    no cdp enable
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    !
    interface FastEthernet0/0
    ip address 10.0.0.72 255.255.255.0
    no ip route-cache
    duplex half
    speed auto
    no mop enabled
    !
    interface FastEthernet0/1
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    !
    interface Serial0/0/0:0
    no ip address
    encapsulation ppp
    no ip route-cache
    no fair-queue
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    !
    interface Serial0/0/1:0
    no ip address
    encapsulation ppp
    no ip route-cache
    no fair-queue
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    !
    ip default-gateway 144.22.176.111
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 144.22.176.111
    !
    no ip http server
    no ip http secure-server
    !
    snmp-server community public RO
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password XXXX
    login
    !
    scheduler allocate 20000 1000
    !
    end

    What do I need to do in order to put our public IP as the WAN interface of our Sonicwall and have the Sonicwall handle everything (NAT, failover, etc)?

    Thanks in advanced.
  • JollycorkJollycork Member Posts: 149
    wrwarwick wrote: »
    Ok, so just as an update the T1 line is up and I was able to bond them in a multilink configuration and ping 8.8.8.8. Now I have a new question :).

    What I am trying to do now is basically setup the router as a bridge or pass through for the T1 to our Sonicwall firewall. I have been trying to read online on how to do it but cannot seem to get it working correctly. The setup would be:

    Sprint T1 ----> Cisco 2811 ----> Sonicwall NSA

    I have the IP for the Sprint side and our IP, but instead of giving the Multilink interface I want to have the Sonicwall with the IP to perform NAT, etc. Basically this is going to be a failover internet connection if our main line ever dies.

    I think I need to setup some sort of bridge connection through the 2811 to the Sonicwall but I am not sure exactly how to set it up. Right now with the following config, I am able to ping hosts on the internet:

    Current configuration : 1796 bytes
    !
    version 12.4
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    !
    hostname SprintCisco2811
    !
    boot-start-marker
    boot-end-marker
    !
    card type t1 0 0
    enable secret 5 $1$PkqI$BuNkk6gRvbshE6HovBFJ0/
    enable password XXXXX
    !
    no aaa new-model
    no network-clock-participate wic 0
    no ip routing
    !
    !
    no ip cef
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    ip name-server 10.0.0.21
    !
    !
    !
    !
    !
    !
    controller T1 0/0/0
    framing esf
    linecode b8zs
    cablelength long 0db
    channel-group 0 timeslots 1-24
    !
    controller T1 0/0/1
    framing esf
    linecode b8zs
    cablelength long 0db
    channel-group 0 timeslots 1-24
    !
    !
    !
    !
    !
    interface Multilink1
    ip address 144.22.176.112 255.255.255.252
    no ip redirects
    ip route-cache policy
    load-interval 30
    no peer neighbor-route
    no cdp enable
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    !
    interface FastEthernet0/0
    ip address 10.0.0.72 255.255.255.0
    no ip route-cache
    duplex half
    speed auto
    no mop enabled
    !
    interface FastEthernet0/1
    no ip address
    no ip route-cache
    duplex auto
    speed auto
    !
    interface Serial0/0/0:0
    no ip address
    encapsulation ppp
    no ip route-cache
    no fair-queue
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    !
    interface Serial0/0/1:0
    no ip address
    encapsulation ppp
    no ip route-cache
    no fair-queue
    ppp multilink
    ppp multilink group 1
    max-reserved-bandwidth 100
    !
    ip default-gateway 144.22.176.111
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 144.22.176.111
    !
    no ip http server
    no ip http secure-server
    !
    snmp-server community public RO
    !
    !
    control-plane
    !
    !
    !
    line con 0
    line aux 0
    line vty 0 4
    password XXXX
    login
    !
    scheduler allocate 20000 1000
    !
    end

    What do I need to do in order to put our public IP as the WAN interface of our Sonicwall and have the Sonicwall handle everything (NAT, failover, etc)?

    Thanks in advanced.

    if you want the firewall protection/packet inspection of the Sonicwall NSA 200 series as well as the global VPN capabilities, why stick the cisco in front of it?

    if your trying for the layered approach, I'd switch the config where the Sonicwall is your perimeter router and your Cisco is the "corporate" lan router with ACLs.

    just my 2 cents here. the NSA series has a lot more capabilities for perimeter protection than your 2800 if your using a standard IOS on it.

    again, just my 2 cents.
  • StoticStotic Member Posts: 248
    I don't believe you need to set the 2800 up as a bridge. You can just set a default route on your firewall pointing to your router and perform the NATing on the firewall. Put a /30 between your router and the firewall. I'm a little unsure what you mean by failover when you are only have one link down to your firewall. Please elaborate.

    Also, enable these:
    ip routing
    ip cef

    I'm a little unsure how you have things working without ip routing enabled.

    Also your LAN interface FastEthernet0/0 has it's duplex to half.


    Jollycork,

    I don't know what kind of model firewall he is using, but he probably needs the Cisco 2800 to terminate the T1's on as those cards have integrated CSU/DSU's.
  • chrisonechrisone Senior Member Member Posts: 2,148 ■■■■■■■■■□
    If you want more information on T1s and DS3's i would suggest the following as a great read to supplement your CCNA and give you a good solid foundation into your CCNP studies if you decide to pursue that goals.

    Amazon.com: Network Warrior: Everything you need to know that wasn't on the CCNA exam (9780596101510): Gary A. Donahue: Books
    Certs: CISSP, OSCP, CRTP, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2020 Goals:
    Courses: VHL (completed), CQURE: Windows Security Crash Course (completed), BlackHills InfoSec: Breaching the Cloud (completed), eLearnSecurity: WAPTv3 (completed), IHRP (completed), THPv2 (completed), PTXv2 (completed)
    Certs: VHL: Advanced+ (completed), OSCP (completed), AZ-500 (failed 1st attempt), eWPT (failed 2x, no further attempts), eCIR (complete), eCTHPv2 (report: awaiting results), eCPTXv2 (Dec)
    2021: AZ-500, AZ-104, AZ-204, AZ-303, AZ-304, MS-500
  • JollycorkJollycork Member Posts: 149
    Stotic wrote: »
    I don't believe you need to set the 2800 up as a bridge. You can just set a default route on your firewall pointing to your router and perform the NATing on the firewall. Put a /30 between your router and the firewall. I'm a little unsure what you mean by failover when you are only have one link down to your firewall. Please elaborate.

    Also, enable these:
    ip routing
    ip cef

    I'm a little unsure how you have things working without ip routing enabled.

    Also your LAN interface FastEthernet0/0 has it's duplex to half.


    Jollycork,

    I don't know what kind of model firewall he is using, but he probably needs the Cisco 2800 to terminate the T1's on as those cards have integrated CSU/DSU's.

    IIRC Sonicwall's appliances can terminate a T1 and fractional T1s. That's why I wondered why ...

    Another IIRC, depending upon the features purchased and model series, the Sonicwall appliances can handle up to 5 public addresses. Netopia's and Motorola equipment can also be simple DSU "bridge" where the block of public addresses are accessible and assignable to hosts connected to it's switchports.


    again just my 2 cents...
  • Ryuksapple84Ryuksapple84 Member Posts: 183
    Hey
    Another thing to consider is, getting a cheap and simple media converter from T1 to Ethernet.

    Not sure what you are trying to do when you say "bonded". But yeah, put your firewall after the Sprint Demark because a firewall is basically a router as well.
    Eating humble pie.
Sign In or Register to comment.