Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
5
Replies

Bridging fastethernet ports

Go to solution
sosterholm
Level 1
Level 1

‎12-11-2006 03:10 PM - edited ‎03-05-2019 01:17 PM

Newbie, so please help!?! I have a unique setup at one of our branch offices. There is a Cisco 1841 router installed with two T1s (2 WICs installed) and both fastethernet ports configured for different IP segments of the LAN (10.X.1.1 and 10.X.2.1). My problem is that traffic between the segments is being passed over the T1s to our central office, then back along the parallel T1 to the other WIC and out the fastethernet port. Is there a way to turn the traffic around at the router between the fastethernet ports, so the traffic doesn't have to pass over the WAN? There are a couple of lines in the config I'm not sure about, so I'm including them (sanitized), about the access-lists.

interface FastEthernet0/0

description $FW_INSIDE$

ip address 10.X.1.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache same-interface

ip route-cache flow

ip policy route-map source-route

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/1

description $FW_INSIDE$

ip address 10.X.2.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache same-interface

ip route-cache flow

ip policy route-map source-route

duplex auto

speed auto

no mop enabled

!

interface Serial0/0/0

description $FW_INSIDE$

ip address X.X.X.1 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

ip route-cache flow

no fair-queue

!

interface Serial0/1/0

description $FW_INSIDE$

ip address X.X.X.3 255.255.255.252

no ip redirects

no ip unreachables

no ip proxy-arp

encapsulation ppp

ip route-cache flow

no fair-queue

!

ip classless

ip route 0.0.0.0 0.0.0.0 X.X.X.1

ip route 0.0.0.0 0.0.0.0 X.X.X.3

access-list 100 permit ip 10.X.X.2 0.0.0.255 any

access-list 100 deny ip any any

access-list 101 permit ip 10.X.X.1 0.0.0.255 any

access-list 101 deny ip any any

snmp-server ifindex persist

snmp-server manager

no cdp run

route-map source-route permit 10

match ip address 100

set ip next-hop X.X.X.1

!

route-map source-route permit 20

match ip address 101

set ip next-hop X.X.X.3

Any help would be greatly appreciated!

Thanks,

Scott

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
sachinraja
Level 9
Level 9

‎12-11-2006 03:40 PM

Hello Scott,

It all depends on the source and destination ip addresses and the routing configured on the router... the router sees the destination ip address and sees its routing table. if the routing table points it to the Serial WIC, it puts it on the WIC. if the routing table has entries to put it on the ethernet, it switches the packet locally..

if somebody from the branch , say access the servers on 10.x.2.x subnet from 10.x.1.x subnet, it comes to the router and directly puts the traffic to the FE interface.

i guess on ur config, u have configured route-maps, which forcefully puts the packets onto the WAN, just seeing the source address... if route-maps are present, it sees the source address and not the destination.. so , if u dont want the U turn, remove these route maps..

int fa0/0

no ip policy route-map source-route

u will then see packets directly going on the outgoing interface..

hope this helps.. all the best.. rate replies if found useful..

raj

View solution in original post

0 Helpful
5 Replies 5

Go to solution
sachinraja
Level 9
Level 9

‎12-11-2006 03:40 PM

Hello Scott,

It all depends on the source and destination ip addresses and the routing configured on the router... the router sees the destination ip address and sees its routing table. if the routing table points it to the Serial WIC, it puts it on the WIC. if the routing table has entries to put it on the ethernet, it switches the packet locally..

if somebody from the branch , say access the servers on 10.x.2.x subnet from 10.x.1.x subnet, it comes to the router and directly puts the traffic to the FE interface.

i guess on ur config, u have configured route-maps, which forcefully puts the packets onto the WAN, just seeing the source address... if route-maps are present, it sees the source address and not the destination.. so , if u dont want the U turn, remove these route maps..

int fa0/0

no ip policy route-map source-route

u will then see packets directly going on the outgoing interface..

hope this helps.. all the best.. rate replies if found useful..

raj

0 Helpful

Go to solution
sosterholm
Level 1
Level 1
In response to sachinraja

‎12-13-2006 08:58 AM

raj,

u were right on the money! I had to change the statement on both fa0/0 and fa0/1, but that immediately made my WAN congestion clear up. ur scenario was exactly the trouble i was having, and now when i trace the route from a workstation on 10.X.1.X to the server on 10.X.2.X, it's a direct line, instead of travelling over the WAN. huge THANKS!!! scott

0 Helpful

Go to solution
gillispiec
Level 1
Level 1

‎12-12-2006 06:38 AM

It should be taking the connected route. The other option you have is to add additional static routes to the configuration. Currently you have to 0.0.0.0 routes. If you add more specific routes to the routing table they will be taken over the 0.0.0.0 routes. the config would go like this:

ip route 10.x.1.1 255.255.255.0 fa0/0

ip route 10.x.2.1 255.255.255.0 fa0/1

Hope this helps.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to gillispiec

‎12-12-2006 07:00 AM

Scott

What you have done to hide your addresses makes it impossible to give a really accurate answer (and produces some illogical things to interpret such as the access list: access-list 100 permit ip 10.X.X.2 0.0.0.255 any where that address and mask are logically inconsistent and the router would certainly not do what you show).

But I believe that raj is on the right direction. I suspect that if you look at the real content of access lists 100 and 101 that they match the subnets of FastEthernet0/0 and FastEthernet0/1. This results in any traffic arriving on those interfaces being sent out the serial interface even if the destination is the other connected interface. And raj is correct that if you do not want that behavior you can remove the policy based routing. Someone put that policy based routing and those access lists there for some reason. It might be desirable to understand why that was done before you undo it.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
sosterholm
Level 1
Level 1
In response to Richard Burts

‎12-13-2006 08:15 AM

Hi Rick,

I'd love to know if there was a specific reason, but the individual that config'd the router is no longer employed here, so I have no way to find out. We're going to try Raj's suggestion to see if there are any problems. It will be easy enough to undo if there are. Cheers! Scott

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card