StephenTh Posted December 16, 2011 Share Posted December 16, 2011 Hi ive got my first managed router to replace a buggy netgear one. I upgraded cisco sdm to 2.5 and setup a host name + password. At this point i had the router directly connected to the forefront tmg server's embedded nic with cat 6 ip's were 10.10.10.1 255.255.255.0 10.10.10.2 255.255.255.0 Router TMG external network nic And i had internet access + Cisco Configuration + SDM working Everything seemed to be perfect until i changed the ip back from the default 10.10.10.1 to 10.0.2.1 255.255.255.0 to match the rules in forefront tmg for the old router. Since then i cant connect with SDM or Cisco Configuration the network connection seems to be up and ive got packets flowing . My current configuration is 10.0.2.1 255.255.255.0 10.0.2.2 255.255.255.0 Router TMG external network nic ive tried pinging the 10.0.2.2 from the router's serial port (Since lan is unavailable) but got nothing. Ive completely shutdown tmg with no effect. Ive connected the router to a laptop (to rule out tmg blocking it) but again when i try to visit the routers url the connection just times out. Can anyone suggest whats the problem ? Link to comment Share on other sites More sharing options...
gpctexas Posted December 16, 2011 Share Posted December 16, 2011 Use the serial cable to look at the config. Look for a line that looks like: ip http access-class some number then You can then either update the access list with your new ip range or temporarily remove the access-class by no ip access-class <the number listed from above> this will get the sdm working Link to comment Share on other sites More sharing options...
S.MULLA Posted December 16, 2011 Share Posted December 16, 2011 Connect via serial console as mentioned and take a look at the management ip for 10.0.2.1 vlan. Link to comment Share on other sites More sharing options...
StephenTh Posted December 16, 2011 Author Share Posted December 16, 2011 Router#show configUsing 745 out of 29688 bytes!version 12.3service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname Router!boot-start-markerboot-end-marker!!mmi polling-interval 60no mmi auto-configureno mmi pvcmmi snmp-timeout 180no aaa new-modelip subnet-zero!!!!ip cefip ips po max-events 100no ftp-server write-enable!!!!!!!!interface ATM0no ip addressshutdownno atm ilmi-keepalivedsl operating-mode auto!interface BRI0no ip addressshutdown!interface FastEthernet0ip address 10.0.2.1 255.255.255.0speed auto!ip classlessip http serverip http secure-server!!!access-list 23 permit 10.0.0.0 0.255.255.255!!control-plane!!line con 0line aux 0line vty 0 4!end[/CODE] Is this the correct config ? Im still not getting a responce from the ip address Link to comment Share on other sites More sharing options...
+BudMan MVC Posted December 17, 2011 MVC Share Posted December 17, 2011 show the interface, is it up? What is this suppose to route to? looks like both ATM0 and BRIO are shutdown, and I don't see a no shut for Fastethernet 0 so for all we know its shut. Which would explain why you can not talk to it ;) Link to comment Share on other sites More sharing options...
giantsnyy Posted December 17, 2011 Share Posted December 17, 2011 correct me if I'm wrong... but shouldn't it read access-list 23 permit 10.0.0.0 0.0.255.255 ? also, like budman said... Fast0 might be shutdown. run the following command and paste it: sho int Fast0 Link to comment Share on other sites More sharing options...
StephenTh Posted December 17, 2011 Author Share Posted December 17, 2011 FastEthernet0 is up, line protocol is upHardware is PQUICC_FEC, address is 0019.5690.f232 (bia 0019.5690.f232)Internet address is 10.0.2.1/24MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,reliability 255/255, txload 1/255, rxload 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Full-duplex, 100Mb/s, 100BaseTX/FXARP type: ARPA, ARP Timeout 04:00:00Last input 00:00:05, output 00:00:03, output hang neverLast clearing of "show interface" counters neverInput queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0Queueing strategy: fifoOutput queue: 0/40 (size/max)5 minute input rate 0 bits/sec, 1 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec4579 packets input, 364389 bytesReceived 485 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored0 watchdog0 input packets with dribble condition detected1012 packets output, 83060 bytes, 0 underruns4 output errors, 0 collisions, 2 interface resets0 babbles, 0 late collision, 0 deferred4 lost carrier, 0 no carrier0 output buffer failures, 0 output buffers swapped out[/CODE] Yeah it seems to be up and im getting traffic when i try to install cisco sdm or connect using cisco config. Ive tried ccess-list 23 permit 10.0.0.0 0.0.255.255 Link to comment Share on other sites More sharing options...
offroadaaron Posted December 17, 2011 Share Posted December 17, 2011 correct me if I'm wrong... but shouldn't it read access-list 23 permit 10.0.0.0 0.0.255.255 ? access-list 23 isn't associated with anything at this stage so the access-list isn't actually doing nothing. So the OP has either completed the 'no ip access-class 23' or it's just not in there. also, like budman said... Fast0 might be shutdown. run the following command and paste it: sho int Fast0 The config shows it's not shutdown. -------------------------------------- You've statically configured 10.0.2.2 into the laptop? Turned off the firewall on the laptop and tested ICMP (ping)? And maybe show arp on both the laptop and the router. Link to comment Share on other sites More sharing options...
giantsnyy Posted December 17, 2011 Share Posted December 17, 2011 The config shows it's not shutdown. I have a 2821 router who's GigE0/1 port is in a perpetual state of shutdown even if you type no shutdown. It's a faulty port. Just covering all the bases. Link to comment Share on other sites More sharing options...
StephenTh Posted December 17, 2011 Author Share Posted December 17, 2011 So after 24 hours of head scratching i figured out what was happening, Forefront was blocking the router because it thought it was spoofing its ip address. The client i tested to eliminate this never worked because it applied the forefront proxy settings to windows and opera every time it booted up. After disabling the proxy sdm installs without any issue. Thanks for the help. Link to comment Share on other sites More sharing options...
Recommended Posts