12-11-2006 03:10 PM - edited 03-05-2019 01:17 PM
Newbie, so please help!?! I have a unique setup at one of our branch offices. There is a Cisco 1841 router installed with two T1s (2 WICs installed) and both fastethernet ports configured for different IP segments of the LAN (10.X.1.1 and 10.X.2.1). My problem is that traffic between the segments is being passed over the T1s to our central office, then back along the parallel T1 to the other WIC and out the fastethernet port. Is there a way to turn the traffic around at the router between the fastethernet ports, so the traffic doesn't have to pass over the WAN? There are a couple of lines in the config I'm not sure about, so I'm including them (sanitized), about the access-lists.
interface FastEthernet0/0
description $FW_INSIDE$
ip address 10.X.1.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache same-interface
ip route-cache flow
ip policy route-map source-route
duplex auto
speed auto
no mop enabled
!
interface FastEthernet0/1
description $FW_INSIDE$
ip address 10.X.2.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache same-interface
ip route-cache flow
ip policy route-map source-route
duplex auto
speed auto
no mop enabled
!
interface Serial0/0/0
description $FW_INSIDE$
ip address X.X.X.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache flow
no fair-queue
!
interface Serial0/1/0
description $FW_INSIDE$
ip address X.X.X.3 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
encapsulation ppp
ip route-cache flow
no fair-queue
!
ip classless
ip route 0.0.0.0 0.0.0.0 X.X.X.1
ip route 0.0.0.0 0.0.0.0 X.X.X.3
access-list 100 permit ip 10.X.X.2 0.0.0.255 any
access-list 100 deny ip any any
access-list 101 permit ip 10.X.X.1 0.0.0.255 any
access-list 101 deny ip any any
snmp-server ifindex persist
snmp-server manager
no cdp run
route-map source-route permit 10
match ip address 100
set ip next-hop X.X.X.1
!
route-map source-route permit 20
match ip address 101
set ip next-hop X.X.X.3
Any help would be greatly appreciated!
Thanks,
Scott
Solved! Go to Solution.
12-11-2006 03:40 PM
Hello Scott,
It all depends on the source and destination ip addresses and the routing configured on the router... the router sees the destination ip address and sees its routing table. if the routing table points it to the Serial WIC, it puts it on the WIC. if the routing table has entries to put it on the ethernet, it switches the packet locally..
if somebody from the branch , say access the servers on 10.x.2.x subnet from 10.x.1.x subnet, it comes to the router and directly puts the traffic to the FE interface.
i guess on ur config, u have configured route-maps, which forcefully puts the packets onto the WAN, just seeing the source address... if route-maps are present, it sees the source address and not the destination.. so , if u dont want the U turn, remove these route maps..
int fa0/0
no ip policy route-map source-route
u will then see packets directly going on the outgoing interface..
hope this helps.. all the best.. rate replies if found useful..
raj
12-11-2006 03:40 PM
Hello Scott,
It all depends on the source and destination ip addresses and the routing configured on the router... the router sees the destination ip address and sees its routing table. if the routing table points it to the Serial WIC, it puts it on the WIC. if the routing table has entries to put it on the ethernet, it switches the packet locally..
if somebody from the branch , say access the servers on 10.x.2.x subnet from 10.x.1.x subnet, it comes to the router and directly puts the traffic to the FE interface.
i guess on ur config, u have configured route-maps, which forcefully puts the packets onto the WAN, just seeing the source address... if route-maps are present, it sees the source address and not the destination.. so , if u dont want the U turn, remove these route maps..
int fa0/0
no ip policy route-map source-route
u will then see packets directly going on the outgoing interface..
hope this helps.. all the best.. rate replies if found useful..
raj
12-13-2006 08:58 AM
raj,
u were right on the money! I had to change the statement on both fa0/0 and fa0/1, but that immediately made my WAN congestion clear up. ur scenario was exactly the trouble i was having, and now when i trace the route from a workstation on 10.X.1.X to the server on 10.X.2.X, it's a direct line, instead of travelling over the WAN. huge THANKS!!! scott
12-12-2006 06:38 AM
It should be taking the connected route. The other option you have is to add additional static routes to the configuration. Currently you have to 0.0.0.0 routes. If you add more specific routes to the routing table they will be taken over the 0.0.0.0 routes. the config would go like this:
ip route 10.x.1.1 255.255.255.0 fa0/0
ip route 10.x.2.1 255.255.255.0 fa0/1
Hope this helps.
12-12-2006 07:00 AM
Scott
What you have done to hide your addresses makes it impossible to give a really accurate answer (and produces some illogical things to interpret such as the access list: access-list 100 permit ip 10.X.X.2 0.0.0.255 any where that address and mask are logically inconsistent and the router would certainly not do what you show).
But I believe that raj is on the right direction. I suspect that if you look at the real content of access lists 100 and 101 that they match the subnets of FastEthernet0/0 and FastEthernet0/1. This results in any traffic arriving on those interfaces being sent out the serial interface even if the destination is the other connected interface. And raj is correct that if you do not want that behavior you can remove the policy based routing. Someone put that policy based routing and those access lists there for some reason. It might be desirable to understand why that was done before you undo it.
HTH
Rick
12-13-2006 08:15 AM
Hi Rick,
I'd love to know if there was a specific reason, but the individual that config'd the router is no longer employed here, so I have no way to find out. We're going to try Raj's suggestion to see if there are any problems. It will be easy enough to undo if there are. Cheers! Scott
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: