Help! Branch Office T1's installed and I cannot get them routing anything!

Unanswered Question
Mar 5th, 2007
User Badges:

My situation is simple. I have two branch offices that need access to my servers at HQ. I have all four serial interfaces up/up at HQ and at both branches, but cannot get any traffic routed across the T1's. I need as much help as possible. After the topology I'll post the sh run of one 1841 (as both are setup identically except for the hostname and ip's).




The topology looks like this


Tellico's 1841 (WIC-DSU-T1-V2)

fe0/0 192.168.1.11/24 (gateway to the internet is at 192.168.1.1)

Serial 0/0/0 10.0.1.2/24 (clock source line)

|

|

T1 (point-to-point)

|

|

HQ - 2821 (VWIC2-2MFT-T1/E1)

GbE0/0 193.2.2.11/24 (inet gateway @ 193.2.2.1)

Serial 0/3/0:0 10.0.0.1/24 (to Vonore)

Serial 0/3/1:0 10.0.1.1/24 (to Tellico)

Clocks both set to internal.

esf/8bzs/no fdl

|

|

T1 (point-to-point. Different T1 than the one going to Tellico)

|

|

Vonore's 1841 (same T1 wic)

FE0/0 192.168.3.11/24 (inet gateway 192.168.3.1)

Serial 0/0/0 10.0.0.2/24 (clock source line)


------------------------------

Sh Run on the 2821:

------------------------------


<snip>

card type t1 0 3

<snip>

!

controller T1 0/3/0

framing esf

clock source internal

linecode b8zs

channel-group 0 timeslots 1-24

!

controller T1 0/3/1

framing esf

clock source internal

linecode b8zs

channel-group 0 timeslots 1-24

!

!

interface GigabitEthernet0/0

ip address 193.2.2.11 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

duplex auto

speed auto

no mop enabled

!

interface Serial0/3/0:0

bandwidth 1544

ip address 10.0.0.1 255.255.255.0

ip mask-reply

no ip redirects

no ip unreachables

ip route-cache flow

no cdp enable

!

interface Serial0/3/1:0

bandwidth 1544

ip address 10.0.1.1 255.255.255.0

ip mask-reply

no ip redirects

no ip unreachables

ip route-cache flow

no cdp enable

!

router rip

network 10.0.0.0

network 193.2.2.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 193.2.2.1

ip route 192.168.3.0 255.255.255.0 Serial0/3/0:0

ip route 192.168.1.0 255.255.255.0 Serial0/3/1:0

!

!

logging trap debugging

logging facility local2

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

<snip>

end



------------------------------

Sh Run on one 1841:

------------------------------

<snip>

mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180

<snip>

!

interface FastEthernet0/0

ip address 192.168.3.11 255.255.255.0

ip verify unicast source reachable-via rx allow-default 100

no ip redirects

no ip unreachables

no ip proxy-arp

speed auto

full-duplex

no mop enabled

!

interface Serial0/0/0

bandwidth 1544

ip address 10.0.0.2 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

no fair-queue

service-module t1 clock source line

service-module t1 remote-alarm-enable

no cdp enable

!

router rip

network 10.0.0.0

network 192.168.3.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.3.1

ip route 192.168.3.0 255.255.255.0 FastEthernet0/0 2

ip route 193.2.2.0 255.255.255.0 10.0.0.1 2

ip dns server

!

ip http server

!

!

logging trap debugging

logging facility local2

access-list 100 permit udp any any eq bootpc

dialer-list 1 protocol ip permit

snmp-server community <removed> RO

no cdp run

!

control-plane

<snip>

end


------------------------------


Thank you in advance,

--Jeremy (jeremy [at) ani1 (dot] com)

405-924-5600

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
PlackSlayer Mon, 03/05/2007 - 22:03
User Badges:

I also forgot to mention that in a terminal session on the 2821 I can ping 10.0.0.1 with 100% success but cannot ping 10.0.1.1 ...


On both 1841's unless I have a loopback cable plugged in, I also cannot ping the ip address of the serial interface (10.0.x.2).


I hope this helps explain my situation a bit more,

--Jeremy

spremkumar Mon, 03/05/2007 - 22:10
User Badges:
  • Red, 2250 points or more

Hi Jeremy


Can you post the output of show ip int brief and show interface commands ?


regds


PlackSlayer Mon, 03/05/2007 - 22:20
User Badges:

Sure thing.


-------------------------

sh ip int b on the 2821

-------------------------


show ip int b

Interface IP-Address OK? Method Status Protocol

GigabitEthernet0/0 193.2.2.11 YES NVRAM up up

GigabitEthernet0/1 unassigned YES NVRAM administratively down down

Serial0/3/0:0 10.0.0.1 YES NVRAM up up

Serial0/3/1:0 10.0.1.1 YES NVRAM up up


-------------------------

sh ip int b on the 1841

-------------------------


Interface IP-Address OK? Method Status Prol

FastEthernet0/0 192.168.3.11 YES NVRAM up up

FastEthernet0/1 unassigned YES NVRAM administratively down dow

Serial0/0/0 10.0.0.2 YES NVRAM up up


-------------------------


--Jeremy

spremkumar Mon, 03/05/2007 - 22:28
User Badges:
  • Red, 2250 points or more

Hi Jeremy


Can you confirm whether the other end which is connected to serial0/3/1:0 is also showing up/up ?


Also did u try pinging the respective remote locations ?


Also any plans behind running RIP between your locations ?


Is it possible to put them on simple static routes ?


Can you post the output show ip route taken from routers here ?


regds


PlackSlayer Mon, 03/05/2007 - 22:45
User Badges:

-------------------------

sh ip int b for the second 1841

-------------------------

Interface IP-Address OK? Method Status Prot

ocol

FastEthernet0/0 192.168.1.11 YES NVRAM up up


FastEthernet0/1 unassigned YES NVRAM administratively down down


Serial0/0/0 10.0.1.2 YES manual up up


-------------------------



I tried pinging any addresses at the remote locations from HQ including 10.0.0.2; 10.0.1.2; 192.168.3.1; 192.168.1.1; 192.168.3.25/192.168.1.25 (the first of the dhcp clients); and the printers at 192.168.3.5/192.168.1.5


All returned 0% success. I do have a VPN setup to allow access to and from those remote locations but it is extremely slow as it is going over rural dsl connections with an up of 256kbit. If this is a problem, I can take the VPN down but I feel this shouldn't interfear with pings to the 10.0.0.0 addresses.


RIP was a last ditch effort to get anything going across the up/up lines.


sh ip route (2821)

-------------------------

Gateway of last resort is 193.2.2.1 to network 0.0.0.0


68.0.0.0/25 is subnetted, 1 subnets

R 68.191.232.0 [120/1] via 193.2.2.1, 00:00:00, GigabitEthernet0/0

10.0.0.0/24 is subnetted, 2 subnets

C 10.0.0.0 is directly connected, Serial0/3/0:0

C 10.0.1.0 is directly connected, Serial0/3/1:0

S 192.168.1.0/24 [2/0] via 10.0.1.2

C 193.2.2.0/24 is directly connected, GigabitEthernet0/0

S 192.168.3.0/24 [2/0] via 10.0.0.2

S* 0.0.0.0/0 [1/0] via 193.2.2.1

-------------------------

sh ip route (Vonore 1841)

-------------------------

Gateway of last resort is 192.168.3.1 to network 0.0.0.0


69.0.0.0/30 is subnetted, 1 subnets

R 69.21.128.220 [120/1] via 192.168.3.1, 00:00:27, FastEthernet0/0

10.0.0.0/24 is subnetted, 1 subnets

C 10.0.0.0 is directly connected, Serial0/0/0

S 193.2.2.0/24 is directly connected, Serial0/0/0

C 192.168.3.0/24 is directly connected, FastEthernet0/0

R* 0.0.0.0/0 [120/1] via 192.168.3.1, 00:00:27, FastEthernet0/0

-------------------------

sh ip route (Tellico 1841)

-------------------------

Gateway of last resort is 192.168.1.1 to network 0.0.0.0


10.0.0.0/24 is subnetted, 1 subnets

C 10.0.1.0 is directly connected, Serial0/0/0

C 192.168.1.0/24 is directly connected, FastEthernet0/0

S 192.168.2.0/24 is directly connected, Serial0/0/0

S* 0.0.0.0/0 [1/0] via 192.168.1.1

-------------------------


--Jeremy

spremkumar Mon, 03/05/2007 - 23:00
User Badges:
  • Red, 2250 points or more

Hi Jeremy


If you are currently planning to have vpn over the point to point connectivity between your locations then you can simply modify the subnets configured on the wan interface and redefine the routing part too accordingly.


regds




controller T1 0/3/0

framing esf

clock source internal

linecode b8zs

channel-group 0 timeslots 1-24

!

controller T1 0/3/1

framing esf

clock source internal

linecode b8zs

channel-group 0 timeslots 1-24

!

!

interface GigabitEthernet0/0

ip address 193.2.2.11 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

duplex auto

speed auto

no mop enabled

!

interface Serial0/3/0:0

bandwidth 1544

ip address 10.0.0.1 255.255.255.252

ip mask-reply

no ip redirects

no ip unreachables

ip route-cache flow

no cdp enable

!

interface Serial0/3/1:0

bandwidth 1544

ip address 10.0.1.1 255.255.255.252

ip mask-reply

no ip redirects

no ip unreachables

ip route-cache flow

no cdp enable

!

!

ip classless

ip route 0.0.0.0 0.0.0.0 193.2.2.1

ip route 192.168.3.0 255.255.255.0 Serial0/3/0:0

ip route 192.168.1.0 255.255.255.0 Serial0/3/1:0

!

!

logging trap debugging

logging facility local2

dialer-list 1 protocol ip permit

no cdp run

!

control-plane


end



------------------------------

Sh Run on one 1841:

------------------------------


mmi polling-interval 60

no mmi auto-configure

no mmi pvc

mmi snmp-timeout 180


!

interface FastEthernet0/0

ip address 192.168.3.11 255.255.255.0

ip verify unicast source reachable-via rx allow-default 100

no ip redirects

no ip unreachables

no ip proxy-arp

speed auto

full-duplex

no mop enabled

!

interface Serial0/0/0

bandwidth 1544

ip address 10.0.0.2 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

no fair-queue

service-module t1 clock source line

service-module t1 remote-alarm-enable

no cdp enable

!

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.3.1

ip route 192.168.3.0 255.255.255.0 FastEthernet0/0 2

ip route 193.2.2.0 255.255.255.0 10.0.0.1 2

ip dns server

!

ip http server

!

!

logging trap debugging

logging facility local2

access-list 100 permit udp any any eq bootpc

dialer-list 1 protocol ip permit

snmp-server community RO

no cdp run

!

control-plane


end


regds


Note:Also do post out the network topology deployed out there in your location..still need few clarifications on the firewall part which i feel is being used there in our locations..

PlackSlayer Mon, 03/05/2007 - 23:14
User Badges:

Right now we are using a VPN to access the servers from the branch offices on netgear 318fvs'. I plan on taking this VPN down once the T1's are up. I will leave the boxes at each location if a T1 goes down, but don't plan to have it active.


As for now, I just want to get any branch office location able to see my servers on the 193.2.2.0 network via the T1's.


The Branch Firewall/Network topology is as follows:


Vonore



DSL Gateway (external IP) . . . . . . . .(2821 @ HQ)

| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |

| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |

(Netgear VPN router - 192.168.3.1) -- (1841 - 192.168.3.11)

\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . /

\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . /

\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . /

Client Computers and printers (192.168.3.X)


Tellico is setup in the same way.


--Jeremy

p.s. the "." are there for spacers.

PlackSlayer Mon, 03/05/2007 - 23:20
User Badges:

I am also planning on using the 1841's in place of the netgear's currently running the VPN, but again, only once the T1's are up and functional.


--Jeremy

spremkumar Mon, 03/05/2007 - 23:44
User Badges:
  • Red, 2250 points or more

Hi Jeremy


If i understand you requirement properly you want to make use of the T1's and 1841's once you have stable T1's connected onto your router.


In that case i would suggest not to include the 1841's on any part of the routing protocol.


Keep the Link tested using the 1841 you can do end to end testing using icmp may be an extended ping with large byte size and increased value of byte counts..


once you have them tested clean you can shift your vpn traffic onto the same..


With the normal /30 subnet mentioned in my earlier mail will help you out in getting normal ip connectivity established..


regds


PlackSlayer Tue, 03/06/2007 - 00:13
User Badges:

After switching to the /30 masks, I still have the same problem.


on tellico's 1841 (192.168.1.11 / 10.0.1.2) I cannot ping 10.0.1.2.


The same goes with Vonore's 10.0.0.2 as well as HQ's 10.0.0.1 and 10.0.1.1


On each of the interfaces though, if I use any of the three available loopbacks I get instant results, does this mean I need to change somthing as major as encapsulation or fdl?


--Jeremy

PlackSlayer Tue, 03/06/2007 - 06:35
User Badges:

After Calling my Telco, they had switching the lines somehow such that the circuits were crossed and the one that was supposed to go to Vonore was actually going to Tellico! How lovely that felt.


I can now ping from the remote sites routers to the router at the HQ, as well as any computer on the HQ's network BUT I cannot ping from any computer on the branch networks through the T1 to the HQ. I believe it has to do with the netgear VPN's residual rip routs but I have not had a chance to completely turn them off and run DHCP through the 1841's yet. That is what I am about to try once I make the drive out there.


Basically, is there any difference in these statements on the remote routers?


(on vonore's 1841)

ip route 193.2.2.0 255.255.255.0 10.0.0.1

or

ip route 193.2.2.0 255.255.255.0 Serial 0/0/0


--Jeremy

Actions

This Discussion