10-20-2008 06:07 AM - edited 03-03-2019 11:59 PM
I have 2 1841 routers in a lab config. Both routers have CSU modules in them and I am using a T1 crossover cable to connect them together. After configuring IP addresses on both sides I can ping the serial interfaces from each of the routers, but I cannot go past the interfaces? I configure EIGRP and added the network, but when I do a "sh ip route" no routes for the networks on the other router show up. I am not sure what I am missing? Any advice anyone has would be great.
10-20-2008 06:33 AM
Can you post your configs on both sides?
--John
10-20-2008 06:49 AM
John:
Thanks for replying. Here is the config for the first router. I will have to repost the second due to character restrictions.
********** LAB-TAMPA-**********
Current configuration : 4480 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LAB-TAMPA
!
boot-start-marker
boot system flash:c1841-ipbasek9-mz.124-15.T7.bin
boot-end-marker
!
enable secret 5 $1$IqS9$.FNQIoHaMiblAR8DH0KNo1
!
no aaa new-model
dot11 syslog
ip cef
!
no ip domain lookup
ip domain name lab-aviinc.local
ip name-server 192.168.2.34
multilink bundle-name authenticated
!
ip ssh authentication-retries 5
ip ssh version 2
!
interface FastEthernet0/0
description Connected to TEST VLAN NETWORK
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
description VLAN 2 - Voice Network
encapsulation dot1Q 2
ip address 10.2.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.3
description VLAN 3 - Data Network
encapsulation dot1Q 3
ip address 10.2.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.4
description VLAN 4 - AV Network
encapsulation dot1Q 4
ip address 10.2.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.5
description VLAN 5 - SIG Test Network
encapsulation dot1Q 5
ip address 10.2.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.6
description VLAN 6 - Guest Network
encapsulation dot1Q 6
ip address 10.2.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.7
description VLAN 7 - Public Network
encapsulation dot1Q 7
!
interface FastEthernet0/1
description Connected to ISP (Verizon DSL)
ip address 72.64.198.66 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.0.0.1 255.255.255.252
service-module t1 clock source internal
!
router eigrp 110
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
no ip http server
no ip http secure-server
ip nat inside source list INSIDE_NAT_ADDRESSES interface FastEthernet0/1 overload
!
ip access-list standard INSIDE_NAT_ADDRESSES
permit 10.2.0.0 0.0.255.255
!
control-plane
!
********** LAB-TAMPA-**********
10-20-2008 06:52 AM
John:
Here is the config for the second router.
********** LAB-DALLAS**********
Current configuration : 4679 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LAB-DALLAS
!
boot-start-marker
boot system flash:c1841-ipbasek9-mz.124-15.T7.bin
boot-end-marker
!
logging buffered 4096
enable secret xxx
!
no aaa new-model
clock timezone CST -6
dot11 syslog
ip cef
!
no ip domain lookup
ip domain name lab-aviinc.local
ip name-server 192.168.2.34
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-467634406
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-467634406
revocation-check none
rsakeypair TP-self-signed-467634406
!
username XXXXXX secret xxx
archive
log config
hidekeys
!
ip ssh authentication-retries 5
ip ssh version 2
!
interface FastEthernet0/0
description Connected to TEST VLAN NETWORK
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
description VLAN 2 - Voice Network
encapsulation dot1Q 2
ip address 10.5.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.3
description VLAN 3 - Data Network
encapsulation dot1Q 3
ip address 10.5.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.4
description VLAN 4 - AV Network
encapsulation dot1Q 4
ip address 10.5.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.5
description VLAN 5 - SIG Test Network
encapsulation dot1Q 5
ip address 10.5.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.6
description VLAN 6 - Guest Network
encapsulation dot1Q 6
ip address 10.5.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.7
description VLAN 7 - Public Network
encapsulation dot1Q 7
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.0.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly
!
router eigrp 110
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
no ip http server
no ip http secure-server
ip nat inside source list INSIDE_NAT_ADDRESSES interface Serial0/0/0 overload
!
ip access-list standard INSIDE_NAT_ADDRESSES
permit 10.0.0.0 0.0.0.255
!
no logging trap
!
control-plane
!
banner motd ^C
!
line con 0
exec-timeout 30 0
password xxx
logging synchronous
login local
line aux 0
line vty 0 4
exec-timeout 30 0
password xxx
login local
transport input ssh
line vty 5 15
exec-timeout 30 0
password xxx
login local
transport input ssh
!
scheduler allocate 4000 1000
end
********** LAB-DALLAS**********
10-20-2008 06:58 AM
In reality, you don't need to nat across this connection if you have them connected directly. You can take the nat configuration off of the second router, and see if that helps.
--John
10-20-2008 07:01 AM
You also may need to do a policy map on your first router destined for anything to your second router go out the S0 interface, because I think (and I may be wrong) that anything that comes into the subinterfaces will try to be natted out your other public interface.
Others may have to chime in here though....
--John
10-20-2008 07:20 AM
John:
Thanks for pointing that out. I missed it. I turned off NAT and form the second router (LAB-DALLAS) I can access subnets on the first with out a problem, but from the first (LAB-TAMPA) I still cannot access the subnets on the second (LAB-DALLAS). I am looking through the config but don't see what might be stopping this traffic.
10-20-2008 07:28 AM
If you run sh ip eigrp neighbors, do you see the other side?
What happens if you put in a static route for the "dallas" router in the "tampa" router, like ip route 10.0.0.0 255.255.255.0 serial0?
John
10-20-2008 07:57 AM
I tried a static route already. I even removed EIGRP and entered static routes. What is so odd is I can ping from the LAB-DALLAS to LAB-TAMPA subnets but not the other way.
10-20-2008 08:01 AM
Try this:
ip route 10.0.0.0 255.255.255.0 serial0
and in your access-list:
ip access-list standard INSIDE_NAT_ADDRESSES
deny 10.0.0.0 0.0.0.255
permit 10.2.0.0 0.0.255.255
10-20-2008 06:38 AM
The problem is that the destination host beyond the serial interface does not know the return path.
I suspect that your problem lies with your EIGRP router process configuration, ensure that you have added the network address of the serial i/f into the process.
It is possible that EIGRP is being surpressed because updates cannot be routed out of the respective interface if it is configured as a passive interface. Under the router process input the command 'no passive-interface serial?/?'.
Pls post the configurations.
Rgds
Allan.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: