04-09-2003 04:47 AM - edited 03-02-2019 06:31 AM
I was wondering if you could help me out with something I am working on
here. I have on my LAN, 2 VLANs (VLAN10 and VLAN192). My corporate servers are on VLAN192 and corporate users are on VLAN10 I have here at
the corporate office a 2611XM router with 2 Ethernet ports. One port
(fa0/0.1) is ip address 192.168.2.1, encapsulation dot1q 192 native.
The other port (fa0/1.1) is ip address 10.0.2.1, encapsulation dot1q 10.
I have 3 2950s on VLAN192 and 4 2950s on VLAN10. Now, I have a disaster
recovery site in Westchester, PA to which we will be doing real time
mirroring of some servers that reside here at the corporate office to
identical servers at the PA site. At that site I have a 1602 router
with a WIC-T1 card and a 2950 (VLAN192) switch. There is a dedicated 384k
frame-relay line connecting the PA site with corporate. My goal is to
have the servers at the PA site on the same VLAN192 that my servers up
here are on. I do have connectivity to the remote site server, but here is the strange part. I can only connect to the servers at the remote site from computers in corporate that are on VLAN10. Even though the remote site is VLAN192, I cannot connect to it from any computers/servers in corporate that are also on VLAN192. I can provide configs if needed. Thanks!
04-09-2003 04:54 AM
Are you using static or dynamic routing. We would need to look closer at the routing configs on both the 2611, and the 1602.
04-09-2003 05:08 AM
--begin ciscomoderator note-- The following post has been edited to remove potentially confidential information. Please refrain from posting confidential information on the site to reduce security risks to your network. -- end ciscomoderator note --
Here are the configs. I only have one server on line at the remote site right now. Its address is 192.168.2.231, and the matching server on the corporate side is 192.168.2.230, so you will see that I have a static route(s) in thier for those servers.
2611 CONFIG:
version 12.2
service timestamps debug datetime show-timezone
service timestamps log datetime show-timezone
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname --moderator edit--
!
enable secret 5 --moderator edit--
enable password 7 --moderator edit--
!
ip subnet-zero
no ip source-route
!
!
!
call rsvp-sync
!
!
interface FastEthernet0/0
no ip address
speed 100
full-duplex
!
interface FastEthernet0/0.1
encapsulation dot1Q 192 native
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip helper-address 192.168.2.25
shutdown
!
interface Serial0/0
bandwidth 768
no ip address
encapsulation frame-relay
service-module t1 timeslots 1-12
frame-relay lmi-type ansi
!
interface Serial0/0.99 point-to-point
description Frame_Relay PVC to Westchester Mirror
ip address 10.10.3.254 255.255.255.0
frame-relay interface-dlci 475
!
interface FastEthernet0/1
no ip address
speed 100
full-duplex
!
interface FastEthernet0/1.1
encapsulation dot1Q 10
ip address 10.0.2.1 255.255.255.0
ip helper-address 192.168.2.25
!
interface Serial0/1
description xxxxx
ip address xxxxxx
!
interface Serial0/2
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
!
router eigrp 1
network 10.0.0.0
network 172.0.0.0
network 192.168.2.0
network 192.168.254.0
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.2.2
ip route 172.16.0.0 255.255.0.0 192.168.2.80
ip route 192.168.2.231 255.255.255.255 10.10.3.253
ip http server
ip pim bidir-enable
!
logging trap notifications
logging 10.0.2.59
!
dial-peer cor custom
!
!
!
banner motd ^CCCCCCCC
+---------------------------------------------+
| |
| Welcome to |
| Sterling Autobody |
| |
| This is a private computer network. |
| UNAUTHORIZED ACCESS OR USE |
| IS PROHIBITED AND IS PUNISHABLE |
| UNDER FEDERAL, STATE & LOCAL LAW |
| |
+---------------------------------------------+^C
!
line con 0
session-timeout 25
exec-timeout 25 0
password 7 --moderator edit--
flowcontrol hardware
line aux 0
transport input all
line vty 0 4
session-timeout 25
exec-timeout 25 0
password 7 --moderator edit--
login
line vty 5 15
password 7 --moderator edit--
login
!
1602 CONFIG:
version 12.0
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname --moderator edit--
!
enable secret 5 --moderator edit--
enable password 7 --moderator edit--
!
ip subnet-zero
no ip source-route
!
!
!
interface Ethernet0
ip address 192.168.2.205 255.255.255.0
no ip directed-broadcast
no ip proxy-arp
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
service-module 56k clock source line
service-module 56k network-type dds
!
interface Serial1
ip address 10.10.3.253 255.255.255.0
no ip directed-broadcast
encapsulation frame-relay
logging event subif-link-status
logging event dlci-status-change
service-module t1 timeslots 1-6
frame-relay interface-dlci 875
frame-relay lmi-type ansi
!
router eigrp 1
passive-interface Ethernet0
network 10.0.0.0
network 192.168.2.0
!
ip classless
ip route 192.168.2.230 255.255.255.255 10.10.3.254
!
banner motd ^CCCCCCCCCCC
+---------------------------------------------+
| |
| Welcome to |
| Sterling Autobody |
| |
| This is a private computer network. |
| UNAUTHORIZED ACCESS OR USE |
| IS PROHIBITED AND IS PUNISHABLE |
| UNDER FEDERAL, STATE & LOCAL LAW |
| |
------------------------------------------
--+^C
!
line con 0
exec-timeout 120 0
password 7 --moderator edit--
transport input none
line vty 0 4
exec-timeout 0 0
password 7 --moderator edit--
login
!
Thanks!
04-09-2003 07:49 PM
Hi there
Looking at the configs above I can see a few things that puzzled me.
1. You're using the SAME LAN IP subnet/network on both routers. That is you're using /24 subnet mask on F0/0.1 on 2611 (ip address 192.168.2.1 255.255.255.0) and E0 on 1602 (ip address 192.168.2.205 255.255.255.0)!!!! You cannot route like this. The subnets need to be different.
2. Using the information in step 1, I can say that you won't be able to connect to the remote site's server from any of the servers/PCs that reside on your side of VLAN192. That is from VLAN 192 (your side), the PC will send an ARP request for a destination address that it thinks is on the local network (instead of sending it to the default gateway which is the F0/0.1 on 2611). If you want this to work then you'll have to manually enter manual routes on each of the local PC/server to point to the default gateway for any remote destination. For instance on your PC (on VLAN 192), go to DOS, type:
--- route add 192.168.2.230 mask 255.255.255.255 192.168.2.1
Doing the above might not be the ideal solution though for you might have to add manual routes for EACH device that sit on VLAN 192 on your side.
3. From VLAN 10 you can get to the remote server because you have a "host" static route on the router showing the router how to route to the destination remote network.
4. I think that the best solution is to either:
--- A. Run bridging between the local and the remote network - which is NOT a very ideal solution because of bridging on WAN
--- B. Re-address either your VLAN192 or the remote VLAN192 to something different. Say you'll use 192.168.3.0/24 and the remote will use 192.168.2.0/24 (ad before). This way you won't have to put in any static routes and things will definitely work.
5. BTW, I have no idea why you add network 172.0.0.0 and 192.168.254.0 into your "router eigrp ..." section on your 2611. You have NO interfaces that start with those network addresses.
Good luck and let me know how you go.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide