Cisco 2901 router port works with device connected but not through switch

blueboy2001 · 14 Apr 2016 at 10:08

I'm tearing my hair out with a Cisco 2901 router provided as CPE by an ISP. I have no access to it, I've requested the config from the ISP but they haven't sent it yet.

The ISP has configured a port for the DMZ for a web server. They have configured a NAT rule and given a public and local IP. The DMZ range is 10.100.248.48/29, the router IP is .49.

If I plug a laptop into the port with the correct IP, subnet and gateway etc it works fine.

If I connect it to the core switch in it's own VLAN, other devices in the VLAN can't ping .49. If I put an IP address on the VLAN, that can't ping .49 either.

If I put two devices in the VLAN, they can ping each other.

All I can think is the ISP has configured the port in a strange way - maybe with a config that will only learn a single MAC address.

Am I missing something?

bremen1874 · 14 Apr 2016 at 17:03

Won't you need your own router connected to the Cisco?

It's not the sort of kit I deal with day-to-day, but a while back I had to sort out an EFM connection terminated with a Cisco 2941. We had to connect and configure our own router to use the connection.

LiGhTfasT · 14 Apr 2016 at 17:15

We tend to order some routable IPs and then put our own router on.

Orcvader · 14 Apr 2016 at 17:51

As above, from the sounds of things I'm pretty sure something with a proper DHCP router is required like a router. Since DMZ is set on the Cisco, then it is pretty much bypassed and any port forwarding, firewall, etc will be done on your own router.

the-evaluator · 15 Apr 2016 at 10:25

Orcvader said:
As above, from the sounds of things I'm pretty sure something with a proper DHCP router is required like a router. Since DMZ is set on the Cisco, then it is pretty much bypassed and any port forwarding, firewall, etc will be done on your own router.

I don't think so. The Cisco has got a PAT rule setup and the OP has been given a public and private IP along with a /29 subnet. It would be extremely odd to give a /29 if the OP were meant to use another router.

OP - If you connect the webserver (or any other webserver for test purposes) to the DMZ port on the CPE, is the webserver reachable over the internet on that public IP that the ISP specified?

busbyuk · 17 Apr 2016 at 21:33

Try setting up an svi on the switch and see that if you can then ping straight from the switch to the router.

If interested in the config of the router you could just do the pwd recovery on bootup if you have a console cable?

You can thrn do a show startup to grab the config. Just reboot once done and the isp will be none the wiser. Just make sure you dont write mem.

Illusion · 17 Apr 2016 at 23:22

How have you configured the port on the switch facing the router?