1

I’m the chairman of the wiring committee for a hundred-unit condominium, and not a Cisco expert. Yesterday we got Comcast Business service, with an SMC3G router/modem, which works fine in isolation, or when I connect my laptop to it via our old HP dumb switches. But when I connect my laptop via our trio of Cisco Catalyst 3550 switches, DHCP usually works fine, but after that, the SMC3G is invisible: Pinging its IP address fails, even after I manually added its MAC to the arp access-list and ip source binding. Even traceroute mac from the Cisco switch gives “Error: Source Mac address not found.” Turning off DHCP in the SMC3G made no difference.

The interface settings for the port I’m usually connecting the SMC3G to (which works fine with our old AT&T DSL, via a Cisco 1417) are:

interface FastEthernet0/5
 description *2nd router*
 switchport access vlan 101
 switchport mode access
 ip dhcp snooping trust
end

The settings for the normal user ports are:

interface FastEthernet0/42
 switchport access vlan 101
 switchport mode access
 switchport protected
 no cdp enable
 spanning-tree portfast
 service-policy input USER_INGRESS
 service-policy output USER_EGRESS
 ip verify source
 ip dhcp snooping limit rate 10
end

The configuration for the vlan is just:

Current configuration:
!
vlan 101 
end

The Recurrent consultants who sold us the switch configured (but didn’t enable) QoS. It looks to me like they used dhcp snooping to prevent our Rogue Router problem. (This may have been what prevented my old Zyxel router from connecting, and also breaks the new router they told me I had to buy, unless I run it as a bridge instead.)

Flash Sheridan
  • 75
  • 1
  • 11
  • 1
    are you sure you have the ports right `shutdown` means hard down the port _NOTHING_ will work connected to that port. – Zypher May 12 '11 at 19:23
  • What @Zypher said, and also since you have the SMC3G hooked up to a trunk port, you'll need to make sure the SMC3G is 802.1q VLAN-tagging its frames for VLAN ID 101 as well, or make sure that you've defined that the native VLAN for that trunk port is VLAN 101. – Spiff May 13 '11 at 04:45
  • @Zypher, you’re right, I’ve corrected the settings above. @Spiff: Thanks, it looks like the actual settings follow your second suggestion. – Flash Sheridan May 13 '11 at 04:56
  • Thanks for the point about `shutdown`; it wasn’t relevant to the main port, but it did help when I tried an experiment: I disabled DHCP on the SMC3G and plugged it into unused port 5, which I set to the same configuration as the main port I'm using with our old Cisco DSL router. If the problem is just with DHCP, I might have been able to use the new router via static IP; but I still can’t even ping it. – Flash Sheridan May 13 '11 at 18:58
  • There's nothing really wrong with the configuration you've posted. Without s-t portfast the SMC3G's ports will take a little while to start working. Is that the full configuration for each of those ports (ie `show run int eth0/1` [change interface as necessary])? What's the configuration for vlan 101 (ie `show run vlan 101`)? – Chris S May 16 '11 at 04:39
  • Yes, that’s the full configuration for the ports; I’ve edited to make it clearer. The vlan doesn’t seem to have much in the way of configuration; I’ve added that as well. You’re right that the SMC3G takes a while, but I presume that once it shows up so far as DHCP is concerned, it’s connected—though just in case, I’ve left it for hours a couple of times. – Flash Sheridan May 16 '11 at 05:05

1 Answers1

0

The problem was that Comcast told us the wrong hardware address for their router/modem, on both the label and the web interface. This normally wouldn't be a big deal, but the ip source binding and arp access-list settings which the previous consultants set up made this break completely. Our current consultant (Roger Smith from Artegenix) used show mac address to find out what hardware addresses were being used in reality, which made the rest of the adjustment straightforward.

Flash Sheridan
  • 75
  • 1
  • 11