10-20-2008 06:07 AM - edited 03-03-2019 11:59 PM
I have 2 1841 routers in a lab config. Both routers have CSU modules in them and I am using a T1 crossover cable to connect them together. After configuring IP addresses on both sides I can ping the serial interfaces from each of the routers, but I cannot go past the interfaces? I configure EIGRP and added the network, but when I do a "sh ip route" no routes for the networks on the other router show up. I am not sure what I am missing? Any advice anyone has would be great.
10-20-2008 06:33 AM
Can you post your configs on both sides?
--John
10-20-2008 06:49 AM
John:
Thanks for replying. Here is the config for the first router. I will have to repost the second due to character restrictions.
********** LAB-TAMPA-**********
Current configuration : 4480 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LAB-TAMPA
!
boot-start-marker
boot system flash:c1841-ipbasek9-mz.124-15.T7.bin
boot-end-marker
!
enable secret 5 $1$IqS9$.FNQIoHaMiblAR8DH0KNo1
!
no aaa new-model
dot11 syslog
ip cef
!
no ip domain lookup
ip domain name lab-aviinc.local
ip name-server 192.168.2.34
multilink bundle-name authenticated
!
ip ssh authentication-retries 5
ip ssh version 2
!
interface FastEthernet0/0
description Connected to TEST VLAN NETWORK
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
description VLAN 2 - Voice Network
encapsulation dot1Q 2
ip address 10.2.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.3
description VLAN 3 - Data Network
encapsulation dot1Q 3
ip address 10.2.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.4
description VLAN 4 - AV Network
encapsulation dot1Q 4
ip address 10.2.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.5
description VLAN 5 - SIG Test Network
encapsulation dot1Q 5
ip address 10.2.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.6
description VLAN 6 - Guest Network
encapsulation dot1Q 6
ip address 10.2.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.7
description VLAN 7 - Public Network
encapsulation dot1Q 7
!
interface FastEthernet0/1
description Connected to ISP (Verizon DSL)
ip address 72.64.198.66 255.255.255.0
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.0.0.1 255.255.255.252
service-module t1 clock source internal
!
router eigrp 110
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 FastEthernet0/1
!
no ip http server
no ip http secure-server
ip nat inside source list INSIDE_NAT_ADDRESSES interface FastEthernet0/1 overload
!
ip access-list standard INSIDE_NAT_ADDRESSES
permit 10.2.0.0 0.0.255.255
!
control-plane
!
********** LAB-TAMPA-**********
10-20-2008 06:52 AM
John:
Here is the config for the second router.
********** LAB-DALLAS**********
Current configuration : 4679 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname LAB-DALLAS
!
boot-start-marker
boot system flash:c1841-ipbasek9-mz.124-15.T7.bin
boot-end-marker
!
logging buffered 4096
enable secret xxx
!
no aaa new-model
clock timezone CST -6
dot11 syslog
ip cef
!
no ip domain lookup
ip domain name lab-aviinc.local
ip name-server 192.168.2.34
multilink bundle-name authenticated
!
crypto pki trustpoint TP-self-signed-467634406
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-467634406
revocation-check none
rsakeypair TP-self-signed-467634406
!
username XXXXXX secret xxx
archive
log config
hidekeys
!
ip ssh authentication-retries 5
ip ssh version 2
!
interface FastEthernet0/0
description Connected to TEST VLAN NETWORK
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
description VLAN 2 - Voice Network
encapsulation dot1Q 2
ip address 10.5.2.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.3
description VLAN 3 - Data Network
encapsulation dot1Q 3
ip address 10.5.3.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.4
description VLAN 4 - AV Network
encapsulation dot1Q 4
ip address 10.5.4.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.5
description VLAN 5 - SIG Test Network
encapsulation dot1Q 5
ip address 10.5.5.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.6
description VLAN 6 - Guest Network
encapsulation dot1Q 6
ip address 10.5.6.1 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface FastEthernet0/0.7
description VLAN 7 - Public Network
encapsulation dot1Q 7
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0/0
ip address 10.0.0.2 255.255.255.252
ip nat outside
ip virtual-reassembly
!
router eigrp 110
network 10.0.0.0
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0/0
!
no ip http server
no ip http secure-server
ip nat inside source list INSIDE_NAT_ADDRESSES interface Serial0/0/0 overload
!
ip access-list standard INSIDE_NAT_ADDRESSES
permit 10.0.0.0 0.0.0.255
!
no logging trap
!
control-plane
!
banner motd ^C
!
line con 0
exec-timeout 30 0
password xxx
logging synchronous
login local
line aux 0
line vty 0 4
exec-timeout 30 0
password xxx
login local
transport input ssh
line vty 5 15
exec-timeout 30 0
password xxx
login local
transport input ssh
!
scheduler allocate 4000 1000
end
********** LAB-DALLAS**********
10-20-2008 06:58 AM
In reality, you don't need to nat across this connection if you have them connected directly. You can take the nat configuration off of the second router, and see if that helps.
--John
10-20-2008 07:01 AM
You also may need to do a policy map on your first router destined for anything to your second router go out the S0 interface, because I think (and I may be wrong) that anything that comes into the subinterfaces will try to be natted out your other public interface.
Others may have to chime in here though....
--John
10-20-2008 07:20 AM
John:
Thanks for pointing that out. I missed it. I turned off NAT and form the second router (LAB-DALLAS) I can access subnets on the first with out a problem, but from the first (LAB-TAMPA) I still cannot access the subnets on the second (LAB-DALLAS). I am looking through the config but don't see what might be stopping this traffic.
10-20-2008 07:28 AM
If you run sh ip eigrp neighbors, do you see the other side?
What happens if you put in a static route for the "dallas" router in the "tampa" router, like ip route 10.0.0.0 255.255.255.0 serial0?
John
10-20-2008 07:57 AM
I tried a static route already. I even removed EIGRP and entered static routes. What is so odd is I can ping from the LAB-DALLAS to LAB-TAMPA subnets but not the other way.
10-20-2008 08:01 AM
Try this:
ip route 10.0.0.0 255.255.255.0 serial0
and in your access-list:
ip access-list standard INSIDE_NAT_ADDRESSES
deny 10.0.0.0 0.0.0.255
permit 10.2.0.0 0.0.255.255
10-20-2008 06:38 AM
The problem is that the destination host beyond the serial interface does not know the return path.
I suspect that your problem lies with your EIGRP router process configuration, ensure that you have added the network address of the serial i/f into the process.
It is possible that EIGRP is being surpressed because updates cannot be routed out of the respective interface if it is configured as a passive interface. Under the router process input the command 'no passive-interface serial?/?'.
Pls post the configurations.
Rgds
Allan.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide