scott.cummins Wed, 08/20/2008 - 09:15
User Badges:

Yes Sir


That is a big help That was my choice, But I am not a Cisco Guy, However I have been asked to wear several hats now. I have some Cisco Experience nad recieved a CCNA in 2000 (But I moved over to become a SAN guy). I would like to ask one other question. If I have a point to point DS3 which is mine alone and I terminate each end with a 3845, Plus the ohter end is only one VLAN worth of traffic and One end is a port on a firewall. Could I configure the 3845 minimally to route with the default route and at my firewall, route that traffic to where it needs to go (internal LAN) and what would that config look like

Collin Clark Wed, 08/20/2008 - 09:23
User Badges:
  • Purple, 4500 points or more

Sure you can do that. On the remote end router you would have a route that would point to either the head end routers IP on the DS3 interface


ip route 0.0.0.0 0.0.0.0 [head end router IP on the ds3]


or since it's a point-to-point connection, you could use the interface to route


ip route 0.0.0.0 0.0.0.0 serial0


In your internal network, you'll need a static route for the remote network pointing to the firewall and in the firewall you'll need a route pointing to the DS3 router. Depending on the config of the DS3 router, you may need a route for the remote network and the corporate (or default) network.

scott.cummins Thu, 08/21/2008 - 06:54
User Badges:

Hi Collin


Thanks again, I thought that was what I wnted, But I always like to ask someone else, Also I went down to my remote site where one of the new CKT's is and I was shocked to discover my cable has two BNC connectors, So I will have to make sure I order the right Module

scott.cummins Thu, 08/21/2008 - 11:58
User Badges:

Yes Sir


I see that, Well that is a relief. I think I originally looked at the wrong card...Thanks again

scott.cummins Mon, 08/25/2008 - 09:00
User Badges:

Good day Gemtlemen and Cisco Guru's


I have two 7206's that I am trying to just get to route traffic on a T1 connection between the two. It is a point-to-point and I have one ethernet connection on each end, with an IP address asigned on the LAN facing side and T1 Controllers cards on the WAN facing side. Do I need to configure the Controller T1 ports in anyway except assigning an IP and assigning default routes on the 7206's

Collin Clark Mon, 08/25/2008 - 09:13
User Badges:
  • Purple, 4500 points or more

Maybe! Typically the default linecode and framing are OK in the US, but for reference, here they are-


framing esf

linecode b8zs


You may also have to set the clock source-


clock source internal


You should also set the timeslots-


channel-group 0 timeslots 1-24


All of the above are set under the controller interface.


If you want to use PPP instead of the default HDLC, you'll need to set that too (under the serial interface)


encapsulation ppp


Hope that helps.

scott.cummins Mon, 08/25/2008 - 09:28
User Badges:

What is the difference or perhaps the pros and cons to useing either HDLC or PPP? and yes, Your input is extremely helpful

Collin Clark Mon, 08/25/2008 - 09:31
User Badges:
  • Purple, 4500 points or more

PPP give you things like authentication & bundling. I suggest you use PPP, but it will work just fine with HDLC too.

scott.cummins Mon, 08/25/2008 - 10:13
User Badges:

I will definetly take your advice and USE PPP, And one last Question( if I direct connect the T1 ports on my routers ( I have them on my bench just rtying to get link) Should I see a link light and will they pass traffic that way just for testing?

Collin Clark Mon, 08/25/2008 - 10:38
User Badges:
  • Purple, 4500 points or more

You should get a green CD light at a minimum. To pass traffic you will need to configure the controllers. Once they are configured correctly, layer 2 traffic (ie CDP) traffic should pass.

scott.cummins Mon, 08/25/2008 - 12:40
User Badges:

Hey Collin (and whoever else wants to spoon feed me..)


I am just going to post these two config files and let you tell me where I am wrong, I am NOT getting a link light for some reason



ROUTER 1


Building configuration...


Current configuration : 1406 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ORLND7206001

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$K6fv$0V2u3dLrVF1aS1rhq2RFM1

!

no aaa new-model

ip subnet-zero

!

!

!

ip cef

!

!

!

!

!

!

!

!

!

!

!

!

controller T1 2/0

framing esf

clock source internal

linecode b8zs

channel-group 0 timeslots 1-24

!

controller T1 2/1

framing esf

linecode b8zs

!

!

!interface GigabitEthernet0/1

description **Scottsdale_Orlando Gateway**

ip address 10.20.40.1 255.255.255.0

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/3

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto


interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/0:0

ip address 10.10.20.1 255.255.255.254

encapsulation ppp

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.20.2

no ip http server

!

!

!

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

stopbits 1

line aux 0

line vty 0 4

!


!

end


ORLND7206001#



Router 2


Building configuration...


Current configuration : 1396 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname ORLND7206002

!

boot-start-marker

boot-end-marker

!

enable password [email protected]

!

no aaa new-model

ip subnet-zero

!

!

!

ip cef

!

!

!

!

!

!

!

!

!

!

!

controller T1 2/0

framing esf

clock source internal

linecode b8zs

channel-group 0 timeslots 1-24

!

controller T1 2/1

framing esf

linecode b8zs

!

!

!interface GigabitEthernet0/1

description **Scottsdale_Orlando Gateway**

ip address 10.20.40.3 255.255.255.0

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/3

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/0:0

ip address 10.10.20.2 255.255.255.254

encapsulation ppp

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.20.1

no ip http server

!

!

!

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

stopbits 1

line aux 0

line vty 0 4



end


ORLND7206002#

!

!

Collin Clark Mon, 08/25/2008 - 12:53
User Badges:
  • Purple, 4500 points or more

If you are not getting a green CD light on the card, you have a physical layer problem (ie cabling). You should have a regular RJ-45, straight-thru patch cord from the smartjack to the serial port on the router. Is that what you have? If so, do you have any green lights on the smartjack when the router is plugged in?

scott.cummins Mon, 08/25/2008 - 13:08
User Badges:

Collin


I agree, I have a straight through RJ-45 and have tested it, I have two PA-MC-2T1 Cards and I am using port 0 on both directly connectced, All I have is an enable light. I am mystified

Collin Clark Mon, 08/25/2008 - 13:12
User Badges:
  • Purple, 4500 points or more

Do you have access to the smartjack? Can you loop one side and see if the other comes up?

scott.cummins Mon, 08/25/2008 - 13:29
User Badges:

If I put my loopback plug in, the link light comes up on both routers, If I put it in a local line loopback I get an amber link light, On Both routers. I do not know where the "smartjack" is, Most confounding thing, I have to be doing something wrong.

Collin Clark Mon, 08/25/2008 - 13:36
User Badges:
  • Purple, 4500 points or more

You have both routers local to you (not in production)? I thought they were connected to your carrier. If they are "back-to-back", you need to make a special cable. Here's a link on how to make it. Please let me know if I'm wrong in my new assumptions.


http://www.cisco.com/en/US/products/hw/routers/ps233/products_tech_note09186a00800a3f09.shtml

scott.cummins Mon, 08/25/2008 - 13:42
User Badges:

No, You are correct, I may not have mentioned that they were back to back and I was just testing them on the bench. I had no Idea I needed a special cable. I apologize for giving you foggy info. I will check the link and follow the directions. Man, I am glad I was so confused..Thanks

scott.cummins Mon, 08/25/2008 - 14:36
User Badges:

Well it is amazing how things will work with the right cable.It is linked up Should my "Line protocol" be up. But I am most appreciate of all your help

scott.cummins Tue, 08/26/2008 - 08:02
User Badges:

Collin


Yes, I was able to rectify that right before I went home, the Cisco Links you posted are quite helpful, thanks so much. I am able to ping through my router to the next router and its ethernet port (10.20.40.1). However, I cannot ping the ethernet port on the other end attached at the other firewall

(10.20.40.3) I have the port up, However at this time it is not connected to anything.


Do you notice anything about my config that stirkes you as incorrect Or do I actually need a connection to bounce back from 10.20.40.3?


Router 1


controller T1 2/0

framing esf

clock source internal

linecode b8zs

channel-group 0 timeslots 1-24

!

controller T1 2/1

framing esf

linecode b8zs

!

!

!interface GigabitEthernet0/1

description **Scottsdale_Orlando Gateway**

ip address 10.20.40.1 255.255.255.0

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/3

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto


interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/0:0

ip address 10.10.20.1 255.255.255.254

encapsulation ppp

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.20.2

no ip http server

!

!

!

!

!

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

stopbits 1

line aux 0

line vty 0 4

!


!

end


Router 2

controller T1 2/0

framing esf

clock source internal

linecode b8zs

channel-group 0 timeslots 1-24

!

controller T1 2/1

framing esf

linecode b8zs

!

!

!interface GigabitEthernet0/1

description **Scottsdale_Orlando Gateway**

ip address 10.20.40.3 255.255.255.0

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface GigabitEthernet0/3

no ip address

shutdown

duplex auto

speed auto

media-type rj45

no negotiation auto

!

interface Serial1/0

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/1

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/2

no ip address

shutdown

serial restart-delay 0

!

interface Serial1/3

no ip address

shutdown

serial restart-delay 0

!

interface Serial2/0:0

ip address 10.10.20.2 255.255.255.254

encapsulation ppp

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.10.20.1

no ip http server

!


Collin Clark Tue, 08/26/2008 - 08:28
User Badges:
  • Purple, 4500 points or more

There are a couple of things to change. The subnet mask on the serial interfaces should be 255.255.255.252, not .254. Your routes look good. The ethernet interfaces on each router are the same subnet. When a packet from R1 hits R2, R2 thinks that subnet is locally connected (because it is!) so it will never router back over the serial connection. On R2 change 10.20.40.3 255.255.255.0 to 10.20.30.3 255.255.255.0, then try and ping.

scott.cummins Tue, 08/26/2008 - 10:34
User Badges:

Collin


Once again, That seemed to do the trick, I am almost there. I do vaguely remember some of this stuff after you mention it, But it has been so long since I have done even the simpliest WAN routing. I really appreciate your help. I have what I believe is one last small hiccup. On the first router plugged into my gi0/1 (10.20.40.1) is my firewall DMZ port (10.20.40.2). Now from my first router I can ping that ip (10.20.40.2) from my remote router I cannot. However I can Ping gi 0/1 (10.20.40.1)from my remote router. That seems odd but As I said, I am relearning all this from the bottom up.

Collin Clark Tue, 08/26/2008 - 10:58
User Badges:
  • Purple, 4500 points or more

Your firewall needs a route to the remote network. Assuming you went with 10.20.30.0/24, the route in your firewall would be something like 10.20.30.0 255.255.255.0 gateway 10.20.40.1.

scott.cummins Tue, 08/26/2008 - 11:27
User Badges:

You are correct, I have that already, It just seems odd, That I can ping it from the first router and not the second. Even when My Firewall routing seems correct. I am going to make sure all ports are connected and examine my firewall again. If think of anything, I am always happy to have your help

Collin Clark Tue, 08/26/2008 - 12:29
User Badges:
  • Purple, 4500 points or more

Do your FW rules allow ICMP from that subnet?

scott.cummins Tue, 08/26/2008 - 14:12
User Badges:

I do have those rules. What I did was I put a route in my firewall for he 10.10.20.0/24 with a gateway of my DMZ interface and VIOLA, I can ping everything. Now I am going to connect the remote end and try the entire shot...

Collin Clark Wed, 08/27/2008 - 04:43
User Badges:
  • Purple, 4500 points or more

Sweet, let us know how it works out.

scott.cummins Wed, 08/27/2008 - 07:16
User Badges:

Well, I could not have gotten this without your expertise and I am very grateful, now I have two 3845, to basically do the same thing, maybe I can accomplish that with little help.


Thanks again so much

Collin Clark Wed, 08/27/2008 - 07:25
User Badges:
  • Purple, 4500 points or more

Glad to hear it's working. The 3845's should be pretty darn close to the 7200's.

Actions

This Discussion