03-05-2007 09:59 PM - edited 03-03-2019 04:02 PM
My situation is simple. I have two branch offices that need access to my servers at HQ. I have all four serial interfaces up/up at HQ and at both branches, but cannot get any traffic routed across the T1's. I need as much help as possible. After the topology I'll post the sh run of one 1841 (as both are setup identically except for the hostname and ip's).
The topology looks like this
Tellico's 1841 (WIC-DSU-T1-V2)
fe0/0 192.168.1.11/24 (gateway to the internet is at 192.168.1.1)
Serial 0/0/0 10.0.1.2/24 (clock source line)
|
|
T1 (point-to-point)
|
|
HQ - 2821 (VWIC2-2MFT-T1/E1)
GbE0/0 193.2.2.11/24 (inet gateway @ 193.2.2.1)
Serial 0/3/0:0 10.0.0.1/24 (to Vonore)
Serial 0/3/1:0 10.0.1.1/24 (to Tellico)
Clocks both set to internal.
esf/8bzs/no fdl
|
|
T1 (point-to-point. Different T1 than the one going to Tellico)
|
|
Vonore's 1841 (same T1 wic)
FE0/0 192.168.3.11/24 (inet gateway 192.168.3.1)
Serial 0/0/0 10.0.0.2/24 (clock source line)
------------------------------
Sh Run on the 2821:
------------------------------
<snip>
card type t1 0 3
<snip>
!
controller T1 0/3/0
framing esf
clock source internal
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/3/1
framing esf
clock source internal
linecode b8zs
channel-group 0 timeslots 1-24
!
!
interface GigabitEthernet0/0
ip address 193.2.2.11 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no mop enabled
!
interface Serial0/3/0:0
bandwidth 1544
ip address 10.0.0.1 255.255.255.0
ip mask-reply
no ip redirects
no ip unreachables
ip route-cache flow
no cdp enable
!
interface Serial0/3/1:0
bandwidth 1544
ip address 10.0.1.1 255.255.255.0
ip mask-reply
no ip redirects
no ip unreachables
ip route-cache flow
no cdp enable
!
router rip
network 10.0.0.0
network 193.2.2.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 193.2.2.1
ip route 192.168.3.0 255.255.255.0 Serial0/3/0:0
ip route 192.168.1.0 255.255.255.0 Serial0/3/1:0
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
<snip>
end
------------------------------
Sh Run on one 1841:
------------------------------
<snip>
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
<snip>
!
interface FastEthernet0/0
ip address 192.168.3.11 255.255.255.0
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
no mop enabled
!
interface Serial0/0/0
bandwidth 1544
ip address 10.0.0.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
no fair-queue
service-module t1 clock source line
service-module t1 remote-alarm-enable
no cdp enable
!
router rip
network 10.0.0.0
network 192.168.3.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.1
ip route 192.168.3.0 255.255.255.0 FastEthernet0/0 2
ip route 193.2.2.0 255.255.255.0 10.0.0.1 2
ip dns server
!
ip http server
!
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
snmp-server community <removed> RO
no cdp run
!
control-plane
<snip>
end
------------------------------
Thank you in advance,
--Jeremy (jeremy [at) ani1 (dot] com)
405-924-5600
03-05-2007 10:03 PM
I also forgot to mention that in a terminal session on the 2821 I can ping 10.0.0.1 with 100% success but cannot ping 10.0.1.1 ...
On both 1841's unless I have a loopback cable plugged in, I also cannot ping the ip address of the serial interface (10.0.x.2).
I hope this helps explain my situation a bit more,
--Jeremy
03-05-2007 10:10 PM
Hi Jeremy
Can you post the output of show ip int brief and show interface commands ?
regds
03-05-2007 10:20 PM
Sure thing.
-------------------------
sh ip int b on the 2821
-------------------------
show ip int b
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 193.2.2.11 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/3/0:0 10.0.0.1 YES NVRAM up up
Serial0/3/1:0 10.0.1.1 YES NVRAM up up
-------------------------
sh ip int b on the 1841
-------------------------
Interface IP-Address OK? Method Status Prol
FastEthernet0/0 192.168.3.11 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down dow
Serial0/0/0 10.0.0.2 YES NVRAM up up
-------------------------
--Jeremy
03-05-2007 10:28 PM
Hi Jeremy
Can you confirm whether the other end which is connected to serial0/3/1:0 is also showing up/up ?
Also did u try pinging the respective remote locations ?
Also any plans behind running RIP between your locations ?
Is it possible to put them on simple static routes ?
Can you post the output show ip route taken from routers here ?
regds
03-05-2007 10:45 PM
-------------------------
sh ip int b for the second 1841
-------------------------
Interface IP-Address OK? Method Status Prot
ocol
FastEthernet0/0 192.168.1.11 YES NVRAM up up
FastEthernet0/1 unassigned YES NVRAM administratively down down
Serial0/0/0 10.0.1.2 YES manual up up
-------------------------
I tried pinging any addresses at the remote locations from HQ including 10.0.0.2; 10.0.1.2; 192.168.3.1; 192.168.1.1; 192.168.3.25/192.168.1.25 (the first of the dhcp clients); and the printers at 192.168.3.5/192.168.1.5
All returned 0% success. I do have a VPN setup to allow access to and from those remote locations but it is extremely slow as it is going over rural dsl connections with an up of 256kbit. If this is a problem, I can take the VPN down but I feel this shouldn't interfear with pings to the 10.0.0.0 addresses.
RIP was a last ditch effort to get anything going across the up/up lines.
sh ip route (2821)
-------------------------
Gateway of last resort is 193.2.2.1 to network 0.0.0.0
68.0.0.0/25 is subnetted, 1 subnets
R 68.191.232.0 [120/1] via 193.2.2.1, 00:00:00, GigabitEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.0.0.0 is directly connected, Serial0/3/0:0
C 10.0.1.0 is directly connected, Serial0/3/1:0
S 192.168.1.0/24 [2/0] via 10.0.1.2
C 193.2.2.0/24 is directly connected, GigabitEthernet0/0
S 192.168.3.0/24 [2/0] via 10.0.0.2
S* 0.0.0.0/0 [1/0] via 193.2.2.1
-------------------------
sh ip route (Vonore 1841)
-------------------------
Gateway of last resort is 192.168.3.1 to network 0.0.0.0
69.0.0.0/30 is subnetted, 1 subnets
R 69.21.128.220 [120/1] via 192.168.3.1, 00:00:27, FastEthernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Serial0/0/0
S 193.2.2.0/24 is directly connected, Serial0/0/0
C 192.168.3.0/24 is directly connected, FastEthernet0/0
R* 0.0.0.0/0 [120/1] via 192.168.3.1, 00:00:27, FastEthernet0/0
-------------------------
sh ip route (Tellico 1841)
-------------------------
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.1.0 is directly connected, Serial0/0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
S 192.168.2.0/24 is directly connected, Serial0/0/0
S* 0.0.0.0/0 [1/0] via 192.168.1.1
-------------------------
--Jeremy
03-05-2007 11:00 PM
Hi Jeremy
If you are currently planning to have vpn over the point to point connectivity between your locations then you can simply modify the subnets configured on the wan interface and redefine the routing part too accordingly.
regds
controller T1 0/3/0
framing esf
clock source internal
linecode b8zs
channel-group 0 timeslots 1-24
!
controller T1 0/3/1
framing esf
clock source internal
linecode b8zs
channel-group 0 timeslots 1-24
!
!
interface GigabitEthernet0/0
ip address 193.2.2.11 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
duplex auto
speed auto
no mop enabled
!
interface Serial0/3/0:0
bandwidth 1544
ip address 10.0.0.1 255.255.255.252
ip mask-reply
no ip redirects
no ip unreachables
ip route-cache flow
no cdp enable
!
interface Serial0/3/1:0
bandwidth 1544
ip address 10.0.1.1 255.255.255.252
ip mask-reply
no ip redirects
no ip unreachables
ip route-cache flow
no cdp enable
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 193.2.2.1
ip route 192.168.3.0 255.255.255.0 Serial0/3/0:0
ip route 192.168.1.0 255.255.255.0 Serial0/3/1:0
!
!
logging trap debugging
logging facility local2
dialer-list 1 protocol ip permit
no cdp run
!
control-plane
end
------------------------------
Sh Run on one 1841:
------------------------------
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
interface FastEthernet0/0
ip address 192.168.3.11 255.255.255.0
ip verify unicast source reachable-via rx allow-default 100
no ip redirects
no ip unreachables
no ip proxy-arp
speed auto
full-duplex
no mop enabled
!
interface Serial0/0/0
bandwidth 1544
ip address 10.0.0.2 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
no fair-queue
service-module t1 clock source line
service-module t1 remote-alarm-enable
no cdp enable
!
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.3.1
ip route 192.168.3.0 255.255.255.0 FastEthernet0/0 2
ip route 193.2.2.0 255.255.255.0 10.0.0.1 2
ip dns server
!
ip http server
!
!
logging trap debugging
logging facility local2
access-list 100 permit udp any any eq bootpc
dialer-list 1 protocol ip permit
snmp-server community
no cdp run
!
control-plane
end
regds
Note:Also do post out the network topology deployed out there in your location..still need few clarifications on the firewall part which i feel is being used there in our locations..
03-05-2007 11:14 PM
Right now we are using a VPN to access the servers from the branch offices on netgear 318fvs'. I plan on taking this VPN down once the T1's are up. I will leave the boxes at each location if a T1 goes down, but don't plan to have it active.
As for now, I just want to get any branch office location able to see my servers on the 193.2.2.0 network via the T1's.
The Branch Firewall/Network topology is as follows:
Vonore
DSL Gateway (external IP) . . . . . . . .(2821 @ HQ)
| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
| . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . |
(Netgear VPN router - 192.168.3.1) -- (1841 - 192.168.3.11)
\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . /
\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . /
\ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . /
Client Computers and printers (192.168.3.X)
Tellico is setup in the same way.
--Jeremy
p.s. the "." are there for spacers.
03-05-2007 11:20 PM
I am also planning on using the 1841's in place of the netgear's currently running the VPN, but again, only once the T1's are up and functional.
--Jeremy
03-05-2007 11:44 PM
Hi Jeremy
If i understand you requirement properly you want to make use of the T1's and 1841's once you have stable T1's connected onto your router.
In that case i would suggest not to include the 1841's on any part of the routing protocol.
Keep the Link tested using the 1841 you can do end to end testing using icmp may be an extended ping with large byte size and increased value of byte counts..
once you have them tested clean you can shift your vpn traffic onto the same..
With the normal /30 subnet mentioned in my earlier mail will help you out in getting normal ip connectivity established..
regds
03-06-2007 12:13 AM
After switching to the /30 masks, I still have the same problem.
on tellico's 1841 (192.168.1.11 / 10.0.1.2) I cannot ping 10.0.1.2.
The same goes with Vonore's 10.0.0.2 as well as HQ's 10.0.0.1 and 10.0.1.1
On each of the interfaces though, if I use any of the three available loopbacks I get instant results, does this mean I need to change somthing as major as encapsulation or fdl?
--Jeremy
03-06-2007 06:35 AM
After Calling my Telco, they had switching the lines somehow such that the circuits were crossed and the one that was supposed to go to Vonore was actually going to Tellico! How lovely that felt.
I can now ping from the remote sites routers to the router at the HQ, as well as any computer on the HQ's network BUT I cannot ping from any computer on the branch networks through the T1 to the HQ. I believe it has to do with the netgear VPN's residual rip routs but I have not had a chance to completely turn them off and run DHCP through the 1841's yet. That is what I am about to try once I make the drive out there.
Basically, is there any difference in these statements on the remote routers?
(on vonore's 1841)
ip route 193.2.2.0 255.255.255.0 10.0.0.1
or
ip route 193.2.2.0 255.255.255.0 Serial 0/0/0
--Jeremy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: