Issues with Cisco 1900 series Router and Sonicwall TZ series with MPLS

Recently our local ISP Charter Communications rolled out an MPLS product they’ve dubbed Ethernet over Coax (EOC).  It’s a great low cost product that creates a Layer 2 connection between two sites.  Very similar to their point to point Fiber solutions.  Currently the physical install consists of a coax connection to a Cisco Cable modem connected via ethernet to a Cisco 1900 series router.  The Cisco router exposes 3 fast Ethernet ports in a WIC interface for customer use.  The theory is that you can connect any device to these ports with the IP information of our choosing and the solution will seamlessly pass the traffic to the remote site.  During a recent installation using a Sonicwall TZ210 as the customer perimeter device we failed to get any sort of connectivity.  We went so far as to verify our configuration with Sonicwall support and the ISP NOC.  NOC engineers informed us that there wasn’t so much of a byte of traffic hitting their interface meanwhile we showed traffic in our Sonicwall doing it’s best to transmit.  We suspected a hardware issue.  After much troubleshooting the key turned out to be the Link settings on the Sonicwall interface.  It turns out Charter configures their Cisco 1900 by hard coding their interface at 100Mbps/Full Duplex.  Our Sonicwall incorrectly auto-detected the link as a 100Mbps/half duplex.  To make matters worse this had the result of causing arp traffic to fail to the Cisco interface.  Adjusting the setting to a fixed state on the Sonicwall instantly corrected the traffic flow.  For those of you who wish to take your hand at this setup you can see a walk-through after the break.

 

 

 

Configuring Sonicwall OS 5.8 for Charter EOC (MPLS)

Log into your Sonicwall Device – Expand “Network” and choose “Portshield Groups”

Log-into-your-Sonicwall-Device---Expand-Network-and-choose-Portshield-Groups

Locate the Interface you wish to connect to your EOC connection and click the edit button

 

Locate-the-Interface-you-wish-to-connect-to-your-EOC-connection-and-click-the-edit-button

 

On the Edit dialog change “Port Enabled” to “Disabled” and “Portshield Interface” to “Unassigned”  – Click “Ok”

On-the-Edit-dialog-change-Port-Enabled-to-Disabled-and-Portshield-Interface-to-Unassigned----Click-Ok

Next navigate to “Network” then “Interfaces”

Next-navigate-to-Nextwork-then-Interfaces

Locate the Interface you chose in the previous step and click the edit button

 

Locate-the-Interface-you-chose-in-the-previous-step-and-click-the-edit-button

 

 

Select “LAN” for zone and choose “Static IP Mode”  – Enter the Static IP Information for the EOC subnet and a comment to identify the Interface.  Select Management options as you see fit and click “Advanced”
Select-LAN-for-zone-and-choose-Static-IP-Mode----Enter-the-Static-IP-Information-for-the-EOC-subnet-and-a-comment-to-identify-the-Interface--Select-Management-options-as-you-see-fit-and-click-Advanced

On the Advanced tab Set the link speed to “100Mbps – Full Duplex” – click the checkbox next to “Use Routed Mode” and choose “Any” under “Set NAT Policy” – Click “Ok” then accept the warning regarding Routed Mode.
On-the-Advanced-tab-Set-the-link-speed-to-100Mbps---Full-Duplex---click-the-checkbox-next-to-Use-Routed-Mode-and-choose-Any-under-Set-NAT-Policy---Click-Ok-then-accept-the-warning-regarding-Routed-Mode

Next Navigate to “Routing” under “Network”

Next-Navigate-to-Routing-under-Network

Click “Add” under “Route Policies”

 

Click-Add-under-Route-Policies

 

 

On the Add Route Policy window choose “Create new address object” under the Destination dropdown

On-the-Add-Route-Policy-window-choose-Create-new-address-object-under-the-Destination-dropdown

In the Add Address Object window Enter a name to identify the destination network.  Choose “LAN” for zone and “Range” for type.  Enter the network subnet on the opposite end of your EOC connection.  Click “Ok”

 

In-the-Add-Address-Object-window-Enter-a-name-to-identify-the-destination-network--Choose-LAN-for-zone-and-Range-for-type--Enter-the-network-subnet-on-the-opposite-end-of-your-EOC-connection--Click-Ok

 

 

Next select “Create new Address object” under the Gateway dropdown.

 

Next-select-Create-new-Address-object-under-the-Gateway-dropdown

 

 

In the Add Address Object window Enter a name to identify the IP address of the remote EOC IP Interface.  Choose “LAN” for zone and “Host” for type.  Enter the IP Address used for the EOC Interface on the opposite firewall.  Click “Ok”

 

In-the-Add-Address-Object-window-Enter-a-name-to-identify-the-IP-address-of-the-remote-EOC-IP-Interface--Choose-LAN-for-zone-and-Host-for-type--Enter-the-IP-Address-used-for-the-EOC-Interface-on-the-opposite-firewall--

 

 

Choose “LAN Subnets” for source.  Choose the newly created Destination Address object.  Select ANY for Service.  Choose the newly create Gateway Address Object.  Next select the interface you modified for the EOC link.  Set the metric to 1.  Add a comment to identify the Route.  Click “OK”  Repeat this process on the opposite firewall.

 

Choose-LAN-Subnets-for-source--Choose-the-newly-created-Destination-Address-object--Select-ANY-for-Service--Choose-the-newly-create-Gateway-Address-Object--Next-selec-the-interface-you-modified-for-the-EOC-link--Set-the-

 

 

Once your configuration is complete we need to test connectivity.  Click “Diagnostics” under “System”

 

Once-your-configuration-is-complete-we-need-to-test-connectivity--Click-Diagnostics-under-System

 

 

First we’ll verify our traffic is finding the proper route – Choose “Find Network Path” and enter an IP Address on the other network.  Click “Go”  In the result look for traffic being located on the interface we configured and for traffic to be reached.

 

First-we-ll-verify-our-traffic-is-finding-the-proper-route---Choose-Find-Network-Path-and-enter-an-IP-Address-on-the-other-network--Click-Go--In-the-result-look-for-traffic-being-located-on-the-interface-we-configured-

 

 

Next select “Ping” from the dropdown.  Enter an address on the other network and click Go.  If the results show the ip alive then we know our traffic is using the expected route and reaching the expected destination.

 

Next-select-Ping-from-the-dropdown--Enter-an-address-on-the-other-network-and-click-Go--If-the-results-show-the-ip-alive-then-we-know-our-traffic-is-using-the-expected-route-and-reaching-the-expected-destination

Comments