Lab Router Config

Unanswered Question
Oct 20th, 2008

I have 2 1841 routers in a lab config. Both routers have CSU modules in them and I am using a T1 crossover cable to connect them together. After configuring IP addresses on both sides I can ping the serial interfaces from each of the routers, but I cannot go past the interfaces? I configure EIGRP and added the network, but when I do a "sh ip route" no routes for the networks on the other router show up. I am not sure what I am missing? Any advice anyone has would be great.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
HMidkiff Mon, 10/20/2008 - 06:49

John:

Thanks for replying. Here is the config for the first router. I will have to repost the second due to character restrictions.

********** LAB-TAMPA-**********

Current configuration : 4480 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname LAB-TAMPA

!

boot-start-marker

boot system flash:c1841-ipbasek9-mz.124-15.T7.bin

boot-end-marker

!

enable secret 5 $1$IqS9$.FNQIoHaMiblAR8DH0KNo1

!

no aaa new-model

dot11 syslog

ip cef

!

no ip domain lookup

ip domain name lab-aviinc.local

ip name-server 192.168.2.34

multilink bundle-name authenticated

!

ip ssh authentication-retries 5

ip ssh version 2

!

interface FastEthernet0/0

description Connected to TEST VLAN NETWORK

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.2

description VLAN 2 - Voice Network

encapsulation dot1Q 2

ip address 10.2.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.3

description VLAN 3 - Data Network

encapsulation dot1Q 3

ip address 10.2.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.4

description VLAN 4 - AV Network

encapsulation dot1Q 4

ip address 10.2.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.5

description VLAN 5 - SIG Test Network

encapsulation dot1Q 5

ip address 10.2.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.6

description VLAN 6 - Guest Network

encapsulation dot1Q 6

ip address 10.2.6.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.7

description VLAN 7 - Public Network

encapsulation dot1Q 7

!

interface FastEthernet0/1

description Connected to ISP (Verizon DSL)

ip address 72.64.198.66 255.255.255.0

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.0.0.1 255.255.255.252

service-module t1 clock source internal

!

router eigrp 110

network 10.0.0.0

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 FastEthernet0/1

!

no ip http server

no ip http secure-server

ip nat inside source list INSIDE_NAT_ADDRESSES interface FastEthernet0/1 overload

!

ip access-list standard INSIDE_NAT_ADDRESSES

permit 10.2.0.0 0.0.255.255

!

control-plane

!

********** LAB-TAMPA-**********

HMidkiff Mon, 10/20/2008 - 06:52

John:

Here is the config for the second router.

********** LAB-DALLAS**********

Current configuration : 4679 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname LAB-DALLAS

!

boot-start-marker

boot system flash:c1841-ipbasek9-mz.124-15.T7.bin

boot-end-marker

!

logging buffered 4096

enable secret xxx

!

no aaa new-model

clock timezone CST -6

dot11 syslog

ip cef

!

no ip domain lookup

ip domain name lab-aviinc.local

ip name-server 192.168.2.34

multilink bundle-name authenticated

!

crypto pki trustpoint TP-self-signed-467634406

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-467634406

revocation-check none

rsakeypair TP-self-signed-467634406

!

username XXXXXX secret xxx

archive

log config

hidekeys

!

ip ssh authentication-retries 5

ip ssh version 2

!

interface FastEthernet0/0

description Connected to TEST VLAN NETWORK

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.2

description VLAN 2 - Voice Network

encapsulation dot1Q 2

ip address 10.5.2.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.3

description VLAN 3 - Data Network

encapsulation dot1Q 3

ip address 10.5.3.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.4

description VLAN 4 - AV Network

encapsulation dot1Q 4

ip address 10.5.4.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.5

description VLAN 5 - SIG Test Network

encapsulation dot1Q 5

ip address 10.5.5.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.6

description VLAN 6 - Guest Network

encapsulation dot1Q 6

ip address 10.5.6.1 255.255.255.0

ip nat inside

ip virtual-reassembly

!

interface FastEthernet0/0.7

description VLAN 7 - Public Network

encapsulation dot1Q 7

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Serial0/0/0

ip address 10.0.0.2 255.255.255.252

ip nat outside

ip virtual-reassembly

!

router eigrp 110

network 10.0.0.0

no auto-summary

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 Serial0/0/0

!

no ip http server

no ip http secure-server

ip nat inside source list INSIDE_NAT_ADDRESSES interface Serial0/0/0 overload

!

ip access-list standard INSIDE_NAT_ADDRESSES

permit 10.0.0.0 0.0.0.255

!

no logging trap

!

control-plane

!

banner motd ^C

!

line con 0

exec-timeout 30 0

password xxx

logging synchronous

login local

line aux 0

line vty 0 4

exec-timeout 30 0

password xxx

login local

transport input ssh

line vty 5 15

exec-timeout 30 0

password xxx

login local

transport input ssh

!

scheduler allocate 4000 1000

end

********** LAB-DALLAS**********

John Blakley Mon, 10/20/2008 - 06:58

In reality, you don't need to nat across this connection if you have them connected directly. You can take the nat configuration off of the second router, and see if that helps.

--John

John Blakley Mon, 10/20/2008 - 07:01

You also may need to do a policy map on your first router destined for anything to your second router go out the S0 interface, because I think (and I may be wrong) that anything that comes into the subinterfaces will try to be natted out your other public interface.

Others may have to chime in here though....

--John

HMidkiff Mon, 10/20/2008 - 07:20

John:

Thanks for pointing that out. I missed it. I turned off NAT and form the second router (LAB-DALLAS) I can access subnets on the first with out a problem, but from the first (LAB-TAMPA) I still cannot access the subnets on the second (LAB-DALLAS). I am looking through the config but don't see what might be stopping this traffic.

John Blakley Mon, 10/20/2008 - 07:28

If you run sh ip eigrp neighbors, do you see the other side?

What happens if you put in a static route for the "dallas" router in the "tampa" router, like ip route 10.0.0.0 255.255.255.0 serial0?

John

HMidkiff Mon, 10/20/2008 - 07:57

I tried a static route already. I even removed EIGRP and entered static routes. What is so odd is I can ping from the LAB-DALLAS to LAB-TAMPA subnets but not the other way.

John Blakley Mon, 10/20/2008 - 08:01

Try this:

ip route 10.0.0.0 255.255.255.0 serial0

and in your access-list:

ip access-list standard INSIDE_NAT_ADDRESSES

deny 10.0.0.0 0.0.0.255

permit 10.2.0.0 0.0.255.255

allan.thomas Mon, 10/20/2008 - 06:38

The problem is that the destination host beyond the serial interface does not know the return path.

I suspect that your problem lies with your EIGRP router process configuration, ensure that you have added the network address of the serial i/f into the process.

It is possible that EIGRP is being surpressed because updates cannot be routed out of the respective interface if it is configured as a passive interface. Under the router process input the command 'no passive-interface serial?/?'.

Pls post the configurations.

Rgds

Allan.

Actions

This Discussion