T1 Config

Ok, I apologize if this shouldn't be posted here, but maybe this will be of some help for those studying for the CCNA.

Let me start by saying that I passed my CCNA back in early June 2010. I am now in a work position where I need to do some work on routers/switches and I am a little lost as to what is happening here.

Some background - the company has a Cisco 2811 that they want to use to have a bonded T1, effectively running at around 3mbps. Here is the current config:

Current configuration : 1190 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SprintCisco2811
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
enable secret 5 XXXXX
enable password XXXXX
!
no aaa new-model
no network-clock-participate wic 0
no ip routing
!
!
no ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.0.72 255.255.255.0
no ip route-cache
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip route-cache
shutdown
duplex auto
speed auto
!
interface Serial0/0/0:0
no ip address
!
interface Serial0/0/1:0
no ip address
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password servit2010
login
!
scheduler allocate 20000 1000
!
end

I have configured the WIC controller to at least give me the serial interfaces, but I cannot get the lines to work. When I run "sh ip int bri" I get the following:

Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.0.0.72 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0:0 unassigned YES NVRAM down down
Serial0/0/1:0 unassigned YES NVRAM down down

At this point, since I am getting a down/down on the serial interfaces is there either a cabling problem or an ISP problem? Or is there something that I am missing that is causing the down/down status?

I also went through some steps yesterday to setup a multilink interface and attempted to tie the serial interfaces to it, which worked, but I cannot get the interfaces to come up.

I am thinking a wiring issue or something of that nature, but since I am so new to this in a real world environment I might be completely off.

Any ideas?

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

ipchain

Need more information. Are these back-to-back T1 connections? What is on the other end of the connection? What type of cable are you using?

chmorin

You will need to configure the serial interfaces now, you may need some information from the ISP to properly give it IP information. I'm more familiar with Voice T1's so that is all I can really confidently say.

wrwarwick

Ok so I am completely lost. I have the contact info for the ISP - what do I need to get from them? I have an old email chain but all it has it IP information, but I'm pretty sure I need more than that.

chmorin

wrwarwick wrote: »

Ok so I am completely lost. I have the contact info for the ISP - what do I need to get from them? I have an old email chain but all it has it IP information, but I'm pretty sure I need more than that.

Maybe maybe not. Plop the Ip address they gave you on the serial interface and no-shut it. Maybe they use defaults... who knows. The ISP should tell you any encapsulation changes.

But again, Data T1 not my forte.

wrwarwick

I went out and checked the router and (I don't know how I missed this) but the yellow WIC alarm is on. I believe this is either a cabling or ISP problem so I emailed the ISP to determine if the line was still up.

I also found out that the line has never been used before so who knows if it is still active.

Stotic

You need to configure encapsulation on your serial interfaces. Your IP will go on the multilink.

interface Serial0/0/0:0
encapsulation ppp

interface Serial0/0/1:0
encapsulation ppp

To test the physical if it is still down, create a loopback plug (google it) and plug it on your local ethernet cable at the demarc. You'll see 'looped' when you do a sh interface.

VAHokie56

Need the encapsulation then most likely need to make a multilink interface (this should be where your public ip goes)and add both your serial interfaces to the multilink group(don't forget the chap host name)...this is all assuming your using multilink ppp. I haven't done alot of bonded T1's so I could be way off.

keenon

your config should look something like this

!
interface Multilink1
bandwidth 3000
ip address x.x.x.x
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache policy
ip route-cache flow
load-interval 30
no peer neighbor-route
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100
!
interface Serial0/0/0
bandwidth 1544
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache policy
ip route-cache flow
load-interval 30
no peer neighbor-route
no fair-queue
service-module t1 timeslots 1-24
service-module t1 fdl both
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100
!
interface Serial0/1/0
bandwidth 1544
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache policy
ip route-cache flow
load-interval 30
no peer neighbor-route
no fair-queue
service-module t1 timeslots 1-24
service-module t1 fdl both
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100

Stotic

VAHokie56 wrote: »

\(don't forget the chap host name)

chap really isn't used in the real world anymore. From the sound of it this is an internet connection which most likely doesn't use encryption (your ISP would definitely charge you more for that). If this is a leased line to another site you would want to configure a GRE IPsec tunnel.

wrwarwick

Thanks everyone for the assistance, and I will be sure to refer to it next week, but ya know without power, that T1 ain't gonna do nothing lol.

After checking the demarc there is no power to the ISP box, so we are going to have to wait for them to come out and get the line working again. The above information about the multilink interface is great - and is what I was trying to do before I realized that the line wasn't even working. One question about that - does the ISP have to have anything done on there end for the multilink to work?

Also a little input about the CCNA and real world - it is a whole new game when you are really working on production stuff rather than simulators and tests. Don't get me wrong - the CCNA taught me loads of stuff and I am glad that I took and passed it - but it is definitely a stepping stone into bigger and better things.

wrwarwick

Ok, so just as an update the T1 line is up and I was able to bond them in a multilink configuration and ping 8.8.8.8. Now I have a new question

.

What I am trying to do now is basically setup the router as a bridge or pass through for the T1 to our Sonicwall firewall. I have been trying to read online on how to do it but cannot seem to get it working correctly. The setup would be:

Sprint T1 ----> Cisco 2811 ----> Sonicwall NSA

I have the IP for the Sprint side and our IP, but instead of giving the Multilink interface I want to have the Sonicwall with the IP to perform NAT, etc. Basically this is going to be a failover internet connection if our main line ever dies.

I think I need to setup some sort of bridge connection through the 2811 to the Sonicwall but I am not sure exactly how to set it up. Right now with the following config, I am able to ping hosts on the internet:

Current configuration : 1796 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SprintCisco2811
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
enable secret 5 $1$PkqI$BuNkk6gRvbshE6HovBFJ0/
enable password XXXXX
!
no aaa new-model
no network-clock-participate wic 0
no ip routing
!
!
no ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip name-server 10.0.0.21
!
!
!
!
!
!
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
!
!
!
!
interface Multilink1
ip address 144.22.176.112 255.255.255.252
no ip redirects
ip route-cache policy
load-interval 30
no peer neighbor-route
no cdp enable
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100
!
interface FastEthernet0/0
ip address 10.0.0.72 255.255.255.0
no ip route-cache
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip route-cache
duplex auto
speed auto
!
interface Serial0/0/0:0
no ip address
encapsulation ppp
no ip route-cache
no fair-queue
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100
!
interface Serial0/0/1:0
no ip address
encapsulation ppp
no ip route-cache
no fair-queue
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100
!
ip default-gateway 144.22.176.111
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 144.22.176.111
!
no ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password XXXX
login
!
scheduler allocate 20000 1000
!
end

What do I need to do in order to put our public IP as the WAN interface of our Sonicwall and have the Sonicwall handle everything (NAT, failover, etc)?

Thanks in advanced.

Jollycork

wrwarwick wrote: »

Ok, so just as an update the T1 line is up and I was able to bond them in a multilink configuration and ping 8.8.8.8. Now I have a new question .

What I am trying to do now is basically setup the router as a bridge or pass through for the T1 to our Sonicwall firewall. I have been trying to read online on how to do it but cannot seem to get it working correctly. The setup would be:

Sprint T1 ----> Cisco 2811 ----> Sonicwall NSA

I have the IP for the Sprint side and our IP, but instead of giving the Multilink interface I want to have the Sonicwall with the IP to perform NAT, etc. Basically this is going to be a failover internet connection if our main line ever dies.

I think I need to setup some sort of bridge connection through the 2811 to the Sonicwall but I am not sure exactly how to set it up. Right now with the following config, I am able to ping hosts on the internet:

Current configuration : 1796 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SprintCisco2811
!
boot-start-marker
boot-end-marker
!
card type t1 0 0
enable secret 5 $1$PkqI$BuNkk6gRvbshE6HovBFJ0/
enable password XXXXX
!
no aaa new-model
no network-clock-participate wic 0
no ip routing
!
!
no ip cef
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
ip name-server 10.0.0.21
!
!
!
!
!
!
controller T1 0/0/0
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
controller T1 0/0/1
framing esf
linecode b8zs
cablelength long 0db
channel-group 0 timeslots 1-24
!
!
!
!
!
interface Multilink1
ip address 144.22.176.112 255.255.255.252
no ip redirects
ip route-cache policy
load-interval 30
no peer neighbor-route
no cdp enable
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100
!
interface FastEthernet0/0
ip address 10.0.0.72 255.255.255.0
no ip route-cache
duplex half
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
no ip route-cache
duplex auto
speed auto
!
interface Serial0/0/0:0
no ip address
encapsulation ppp
no ip route-cache
no fair-queue
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100
!
interface Serial0/0/1:0
no ip address
encapsulation ppp
no ip route-cache
no fair-queue
ppp multilink
ppp multilink group 1
max-reserved-bandwidth 100
!
ip default-gateway 144.22.176.111
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 144.22.176.111
!
no ip http server
no ip http secure-server
!
snmp-server community public RO
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
password XXXX
login
!
scheduler allocate 20000 1000
!
end

What do I need to do in order to put our public IP as the WAN interface of our Sonicwall and have the Sonicwall handle everything (NAT, failover, etc)?

Thanks in advanced.

if you want the firewall protection/packet inspection of the Sonicwall NSA 200 series as well as the global VPN capabilities, why stick the cisco in front of it?

if your trying for the layered approach, I'd switch the config where the Sonicwall is your perimeter router and your Cisco is the "corporate" lan router with ACLs.

just my 2 cents here. the NSA series has a lot more capabilities for perimeter protection than your 2800 if your using a standard IOS on it.

again, just my 2 cents.

Stotic

I don't believe you need to set the 2800 up as a bridge. You can just set a default route on your firewall pointing to your router and perform the NATing on the firewall. Put a /30 between your router and the firewall. I'm a little unsure what you mean by failover when you are only have one link down to your firewall. Please elaborate.

Also, enable these:
ip routing
ip cef

I'm a little unsure how you have things working without ip routing enabled.

Also your LAN interface FastEthernet0/0 has it's duplex to half.

Jollycork,

I don't know what kind of model firewall he is using, but he probably needs the Cisco 2800 to terminate the T1's on as those cards have integrated CSU/DSU's.

chrisone

If you want more information on T1s and DS3's i would suggest the following as a great read to supplement your CCNA and give you a good solid foundation into your CCNP studies if you decide to pursue that goals.

Amazon.com: Network Warrior: Everything you need to know that wasn't on the CCNA exam (9780596101510): Gary A. Donahue: Books

Jollycork

Stotic wrote: »

I don't believe you need to set the 2800 up as a bridge. You can just set a default route on your firewall pointing to your router and perform the NATing on the firewall. Put a /30 between your router and the firewall. I'm a little unsure what you mean by failover when you are only have one link down to your firewall. Please elaborate.

Also, enable these:
ip routing
ip cef

I'm a little unsure how you have things working without ip routing enabled.

Also your LAN interface FastEthernet0/0 has it's duplex to half.

Jollycork,

I don't know what kind of model firewall he is using, but he probably needs the Cisco 2800 to terminate the T1's on as those cards have integrated CSU/DSU's.

IIRC Sonicwall's appliances can terminate a T1 and fractional T1s. That's why I wondered why ...

Another IIRC, depending upon the features purchased and model series, the Sonicwall appliances can handle up to 5 public addresses. Netopia's and Motorola equipment can also be simple DSU "bridge" where the block of public addresses are accessible and assignable to hosts connected to it's switchports.

again just my 2 cents...

Ryuksapple84

Hey
Another thing to consider is, getting a cheap and simple media converter from T1 to Ethernet.

Not sure what you are trying to do when you say "bonded". But yeah, put your firewall after the Sprint Demark because a firewall is basically a router as well.