WAN inaccesible through serial frame relay

Unanswered Question
Apr 15th, 2008

I have just replaced a 2500 with a 2801 router, added wic serial module and it is connected) and 9 port ethernet switch (8 pc's static addressed connected to 9 port switch), I have entered the same config as I had on the 2500 with the exception of "router igrp 2". I cannot get to internet through any of the pc's connected. I know enough to know I know nothing. Should I be bridging the 9 port switch, instead of int fa 0/0? Do i need to enable EIGRP? I have included the config below. If anyone has any ideas as to why I cannot get to internet or even ping the router please help. Any information is greatly appreciated. The subinterface s0/2/0.1 is PPP to another remote site and I am just not sure if the bridge-grouping is right. Let me know if I should include remote config.

!version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime

service timestamps log datetime

service password-encryption

service udp-small-servers

service tcp-small-servers

service sequence-numbers

!

hostname option_care_clksbrg

!

boot-start-marker

boot system flash:c2801-entbasek9-mz.124-16b.bin

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

!

no aaa new-model

clock timezone PCTime -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

no ip source-route

ip cef

!

no ip bootp server

no ip domain lookup

ip domain name comprecare.local

ip host main 172.16.254.1

ip name-server 192.0.0.4

ip name-server 69.43.55.2

ip ddns update method sdm_ddns1

DDNS both

!

ipx routing 00e0.b055.c109

!

ip tcp synwait-time 10

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$

ip address 192.0.2.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

ipx network 20

no mop enabled

bridge-group 1

!

interface FastEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1/0

!

interface FastEthernet0/1/1

!

interface FastEthernet0/1/2

!

interface FastEthernet0/1/3

!

interface FastEthernet0/1/4

!

interface FastEthernet0/1/5

!

interface FastEthernet0/1/6

!

interface FastEthernet0/1/7

!

interface FastEthernet0/1/8

!

interface Serial0/2/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation frame-relay

ip route-cache flow

frame-relay lmi-type ansi

!

interface Serial0/2/0.1 point-to-point

ip address 172.16.2.1 255.255.255.0

ipx network 1620

no cdp enable

frame-relay interface-dlci 100 CISCO

bridge-group 1

!

interface Vlan1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

!

no ip classless

ip route 0.0.0.0 0.0.0.0 172.16.2.2

!

ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

logging trap debugging

snmp-server community public RO

no cdp run

!

control-plane

!

bridge 1 protocol dec

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

scheduler allocate 20000 1000

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Istvan_Rabai Tue, 04/15/2008 - 18:55

Hi Paul,

Please try this:

Give an ip address to interface vlan 1 in a separate subnet, like 192.168.1.1 255.255.255.0

Configure the hosts with their ip addresses in this same subnet and default gateway of 192.168.1.1 255.255.255.0.

Please inform me about the results.

Thanks:

Istvan

Richard Burts Tue, 04/15/2008 - 19:08

Paul

There are several things that may need to be investigated as the source of your problem. I will ask about a couple now and if that does not lead to a solution then there may be some others.

My first theory of the problem has to do with running/not running IGRP. I know that IGRP was supported on your old router and is not supported on your new router. I am not sure about the impact of this change. Ordinarily I would say the problem was the absence of a routing protocol which prevents outside connectivity. But the router has a static default route, so everything should be routed up the Frame Relay link.

As I think about what I just typed I recognize a flaw in my theory. The default route will forward data up the Frame Relay. But the absence of a routing protocol may mean that the upstream router does not have a route to the LAN subnet on your router. I would strongly suggest that you check with the upstream router (perhaps you are the administrator of that router also?) and see if they have a route to the subnet of the LAN on your new router.

Perhaps the solution is to get both routers to run EIGRP instead of IGRP.

If that is not the problem I do have some other theories.

HTH

Rick

paulpagecisco Tue, 04/15/2008 - 19:41

Hey Rick, clksburg had

router igrp 2

network 172.16.0.0

network 192.0.2.0

I have no IGRP or EIGRP on clksburg

The Upstream router or MAIN has

router igrp 2

network 172.16.0.0

network 192.0.0.0

Any ideas? should I enable the following on clksburg, can I enable eigrp on this one and have igrp on MAIN?

EIGRP 2

network 172.16.0.0

network 192.0.2.0

Here are the other configs

ip subnet-zero

ipx routing 99e9-1e60-70c4

interface ethernet0

ip address 192.0.0.254

ipx network 3

bridge-group 1

!

interface serial0.1 point-to-point

ip address 172.16.254.1 255.255.255.0

shutdown

frame-relay interface-dlci 101

bridge-group 1

!

interface serial1

no ip address

encapsulation frame-relay

frame-relay lmi-type ansi

!

interface serail1.1 point-to-point

ip address 172.16.254.1 255.255.255.0

ipx network 200

frame-relay interface-dlci 106

!

interface serail1.2 point-to-point

ip address 172.16.4.2 255.255.255.0

ipx network 1640

frame-relay interface-dlci 102

bridge-group 1

!

interface serail1.3 point-to-point

ip address 172.16.3.2 255.255.255.0

ipx network 1630

frame-relay interface-dlci 104

bridge-group 1

!

interface serail1.4 point-to-point

ip address 172.16.2.2 255.255.255.0

ipx network 1620

frame-relay interface-dlci 105

bridge-group 1

!

interface serail1.5 point-to-point

ip address 172.16.5.254 255.255.255.0

ipx network 1650

frame-relay interface-dlci 107

bridge-group 1

!

router igrp 2

network 172.16.0.0

network 192.0.0.0

ip host remote 172.16.254.2

ip host clksbrg 172.16.2.1

ip host hunt 172.16.5.1

ip host park 172.16.4.1

ip host chaz 172.16.3.1

ip host beck 172.16.4.1

!

no ip classless

ip route 0.0.0.0 0.0.0.0 192.0.0.250

!

snmp-server community public RO

bridge 1 protocol dec

!

Hopefully that will shed some light on this. This is all the information I was given when I walked into this position last week. Any help is greatly appreciated.

Thanks for your reply

Paolo Bevilacqua Wed, 04/16/2008 - 02:28

Can you subnet the sites and do a regular ip network, to eliminate bridging? That will help you immensely.

Richard Burts Wed, 04/16/2008 - 02:55

Paul

Thanks for posting the additional information. I believe that it confirms my theory that the biggest problem is that not having IGRP means that MAIN no longer has a route to the LAN at clksbrg.

Unfortunately it does not work to run EIGRP at one end and IGRP at the other end. So I believe that either you will need to run EIGRP at MAIN (at least on the point to point Frame Relay to clksbrg) or you will need to configure a static route at MAIN for the LAN subnet at clksbrg.

Like Paolo I had noticed the bridging and wondered about it. But I do not believe that it is the cause of your problem. As far as I can tell you are not bridging IP. You are routing IP and you are routing IPX so I assume that there must be some other non-routed protocol (maybe its AppleTalk or maybe netBEUI, or maybe something else like SNA) which is being bridged.

Note that if you run EIGRP 2 on MAIN then there will be automatic redistribution between IGRP and EIGRP since they use a common autonomous system number.

[edit] If you configure this:

router eigrp 2

network 172.16.2.0 0.0.0.255

network 192.0.0.0

it should result in EIGRP running on the point to point to clksbrg but not the other Frame Relay subinterfaces.

HTH

Rick

paulpagecisco Wed, 04/16/2008 - 10:31

Thanks for the info, so you are saying if I add router eigrp 2 to MAIN with network 172.16.0.0.0.0.255 and 192.0.0.0 that I should not have to run eigrp to my other ppp sites?

Can I have igrp running and eigrp at the same time or are you saying to specify eigrp for the interface that connects to ppp at clksburg? Your help is greatly appreciated Rick, thanks for taking the time to try and help me.

Richard Burts Wed, 04/16/2008 - 10:55

Paul

clksburg has to run EIGRP as its only routing protocol (since IGRP is not supported on its IOS). MAIN needs to run both EIGRP (to communicate with clksburg) and IGRP to communicate with other sites. You do not need to run EIGRP at the other sites.

Having said that you do not need to run EIGRP at the other sites, I would advocate that it would be a good thing to plan to convert all of the sites to EIGRP. In the short term you do not NEED to run EIGRP on the other remotes but in the longer term I believe that you SHOULD run EIGRP on them.

It is not a problem to run both EIGRP and IGRP on MAIN. By using the optional mask in the EIGRP network statement for clksburg it is possible to run EIGRP on that interface but not on the other Frame Relay subinterfaces. (and it would not hurt anything if you did run EIGRP on those interfaces).

HTH

Rick

paulpagecisco Wed, 04/16/2008 - 11:21

Ok, so for main I can just add

Router#eigrp 2 or router(config-sub-ifs1.4)eigrp2

network 172.16.0.0.0.0.255

network 192.0.0.0

or is that how I configure clksbrg?

I currently have clksburg configured

eigrp 2

network 172.16.0.0

network 192.0.2.0

Thanks again!

Richard Burts Wed, 04/16/2008 - 11:59

Paul

What you have for clksburg is fine. For MAIN it is not quite right. It should be

router eigrp 2

network 172.16.2.0 0.0.0.255

network 192.0.0.0

HTH

Rick

paulpagecisco Thu, 04/17/2008 - 05:48

Rick, when I enter

option_care_main(config-rout)#network 172.16.2.0 0.0.0.255

I get a invalid input detected at marker on the first zero of the SM >0.0.0.255

Any ideas?

Richard Burts Thu, 04/17/2008 - 06:44

Paul

Yes. If it is not working my first idea is to find what version of code you are running. Earlier versions of code did not support the mask in EIGRP network statements. I tend not to think much about that any more because most of the situations I deal with are running more recent code. But remembering that your routers seem to be 2500s I guess the version of code is a variable that we need to investigate.

If your version of code does not support the mask (and if you do not want to update to code that does) then your alternative is to just use the network 172.16.0.0 statement. It will activate EIGRP on the interface that you want and will also activate on the other interfaces to other sites. It should not impact the other sites to receive an EIGRP hello. If they are not configured to run EIGRP they should just ignore the hello message. I suggested using the mask as a way to keep things clean and to reduce (slightly) the amount of traffic on the Frame Relay network. But if the mask does not work it should not be a big deal to just use network 172.16.0.0.

HTH

Rick

paulpagecisco Thu, 04/17/2008 - 08:15

I went ahead and entered the eigrp settings on main without the mask and then I was able to ping all the other routers. Thanks for all your help Rick, you definitely deserve honorable metnion for your assistance and time, thanks a great deal.

Now if I can get the pc's connected to the 9 port switch to get to the internet we will be up and running after one week.

Richard Burts Thu, 04/17/2008 - 08:29

Paul

I am glad that you got the routing protocol issue resolved. Are you having problems with the PCs or are you just saying that you are now just getting to the PC question?

HTH

Rick

paulpagecisco Thu, 04/17/2008 - 09:02

the pc's cant get to the internet or mapped drives back on Main. I bridge-grouped the vlan 1 with the serial 0/2/0.1 and then switchported all the 0/1/0-8 to vlan1 but they still cannot see the internet. I am getting so frustrated. My boss is getting even more frustrated, they have been down for a week now. ):

Thanks again.

Richard Burts Thu, 04/17/2008 - 09:16

Paul

How about posting the current version of the config?

While bridging may be been the way to do things on the 2500 I am not at all certain that it works as you hope on the new router.

HTH

Rick

paulpagecisco Thu, 04/17/2008 - 18:04

Hey Rick, here is the current config. On another note, did you notice the CISCO listed after the frame-relay dlci 100 on sub-serial. I had ansi selected, not sure why the CISCO shows up. Anyways, here is the Current configuration : 3047 bytes

!

! Last configuration change at 00:08:44 EST Thu Apr 17 2008

! NVRAM config last updated at 23:58:55 EST Wed Apr 16 2008

!

version 12.4

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime

service timestamps log datetime

service password-encryption

service udp-small-servers

service tcp-small-servers

service sequence-numbers

!

hostname option_care_clksbrg

!

boot-start-marker

boot system flash:c2801-entbasek9-mz.124-16b.bin

boot-end-marker

!

logging buffered 51200 debugging

logging console critical

enable secret xxx.

!

no aaa new-model

clock timezone EST -5

clock summer-time PCTime date Apr 6 2003 2:00 Oct 26 2003 2:00

no ip source-route

ip cef

!

!

!

!

no ip bootp server

ip host main 172.16.254.1

ip name-server 192.0.0.4

ip name-server 69.43.55.2

ipx routing 001e.bebd.8eb2

!

!

!

!

username BANI-WV privilege 15 secret xxx

!

!

ip tcp synwait-time 10

!

!

interface FastEthernet0/0

description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$ES_LAN$$FW_INSIDE$

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1/0

!

interface FastEthernet0/1/1

!

interface FastEthernet0/1/2

!

interface FastEthernet0/1/3

!

interface FastEthernet0/1/4

!

interface FastEthernet0/1/5

!

interface FastEthernet0/1/6

!

interface FastEthernet0/1/7

!

interface FastEthernet0/1/8

!

interface Serial0/2/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation frame-relay

ip route-cache flow

frame-relay lmi-type ansi

!

interface Serial0/2/0.1 point-to-point

ip address 172.16.2.1 255.255.255.0

ipx network 1620

no cdp enable

frame-relay interface-dlci 100 CISCO

bridge-group 1

!

!

interface Vlan1

ip address 192.0.2.254 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

ipx network 20

bridge-group 1

!

router eigrp 2

passive-interface FastEthernet0/0

passive-interface FastEthernet0/1

passive-interface Serial0/2/0

passive-interface Serial0/2/0.1

passive-interface Vlan1

network 172.16.0.0

network 192.0.2.0

auto-summary

!

no ip classless

ip route 0.0.0.0 0.0.0.0 172.16.2.2

!

ip http server

ip http authentication local

no ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

logging trap debugging

snmp-server community public RO

no cdp run

!

!

!

!

!

!

control-plane

!

bridge 1 protocol dec

banner login ^CAuthorized access only!

Disconnect IMMEDIATELY if you are not an authorized user!^C

!

line con 0

login local

line aux 0

password xxx

login

line vty 0 4

privilege level 15

password xxx

login

transport input telnet

transport output telnet

line vty 5 15

privilege level 15

login local

transport input telnet

!

scheduler allocate 20000 1000

end

Richard Burts Fri, 04/18/2008 - 04:29

Paul

I saw the config posted in another thread and responded with several comments and suggestions. So see that response. In that response I did comment on the ansi or cisco for the Frame Relay. I do note that in one of the posts in this thread you say that you were able to ping other routers in the network. If the ansi or cisco was configured at that point and you were able to ping other routers it shows that the Frame Relay was providing connectivity.

HTH

Rick

Actions

This Discussion