General discussion

Locked

Cisco 861, E-line configuration problem, I cant pass traffic between sites

By Podium78 ·
Hello All,
am newbie at cisco and I have two customer locations that am trying to connect using E-line (Layer2) instead of leased line, am using two Cisco routers 861, I was able to create the connection and while am in the console mode I can ping both router and telnet them from each other, my problem is I can???t get the traffic from the Pcs behind each router to see the other PCs behind the other router.
??? can???t get the outside traffic to pass to the inside traffic, and vice versa???, here are my config files for both routers

------------------------------------Router1------------------------------------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.1
encapsulation dot1Q 2
ip address 192.168.200.1 255.255.255.0
!
interface Vlan1
ip address 192.168.100.88 255.255.255.0
!
interface Vlan10
no ip address
!
router rip
version 2
network 192.168.100.0
network 192.168.200.0
network 192.168.0.0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip route 192.168.0.0 255.255.255.0 192.168.200.2
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
login
!
scheduler max-task-time 5000
end

------------------------------------Router2------------------------------------------


version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.1
encapsulation dot1Q 2
ip address 192.168.200.2 255.255.255.0
!
interface Vlan1
ip address 192.168.0.200 255.255.255.0

!
interface Vlan10
no ip address
!
router rip
version 2
network 192.168.0.0
network 192.168.100.0
network 192.168.200.0
no auto-summary
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
login
!
scheduler max-task-time 5000
end
----
so from the consol of router 1 , I can ping 192.168.200.2 (WAN of Secondry router) -->!!!!! 100% success also i can pint 192.168.0.200 (the LAN of interface of the Secondary router) -->!!!!! 100% success , put I can???t ping 192.168.0.1 which is a Pc behind the router2, exacly the same story from the side of Router2.
Thank you very much in advance.

This conversation is currently closed to new comments.

14 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Info Needed

by NetMan1958 In reply to Cisco 861, E-line configu ...

On both routers, run the following command and post back here with the output.
show ip route

On router 1 run the following and post the output.
traceroute 192.168.0.1

Edited to add:
Also go to a computer on both sides of the circuit and open a command prompt. Then run the command "route print" and post the output showing the IPv4 routes.

Collapse -

More Info

by Podium78 In reply to Cisco 861, E-line configu ...

Thank you Netman from your reply.
today I don't have eccess to computers on site 2, but the info are below
PC on site 1 --> Route print
IPv4 Route Table
==============================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x10003 ...00 14 5e 21 57 53 ...... Broadcom NetXtreme Gigabit Ethernet
==============================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.100.254 192.168.100.199 10
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.100.88 192.168.100.199 1
192.168.0.0 255.255.255.0 192.168.100.150 192.168.100.199 1
192.168.100.0 255.255.255.0 192.168.100.199 192.168.100.199 10
192.168.100.199 255.255.255.255 127.0.0.1 127.0.0.1 10
192.168.100.255 255.255.255.255 192.168.100.199 192.168.100.199 10
224.0.0.0 240.0.0.0 192.168.100.199 192.168.100.199 10
255.255.255.255 255.255.255.255 192.168.100.199 192.168.100.199 1
Default Gateway: 192.168.100.254
==============================================================
Persistent Routes:
None


Router1> show Ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 192.168.100.254 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.100.254
S 192.168.0.0/24 [1/0] via 192.168.200.2
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Vlan1
L 192.168.100.88/32 is directly connected, Vlan1
192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.200.0/24 is directly connected, FastEthernet4.1
L 192.168.200.1/32 is directly connected, FastEthernet4.1


Router2> Show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, + - replicated route

Gateway of last resort is 192.168.200.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.200.1
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, Vlan1
L 192.168.0.200/32 is directly connected, Vlan1
R 192.168.100.0/24 [120/1] via 192.168.200.1, 00:00:14, FastEthernet4.1
192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.200.0/24 is directly connected, FastEthernet4.1
L 192.168.200.2/32 is directly connected, FastEthernet4.1

Router1> traceroute 192.168.0.1
1 192.168.200.2 48 msec 52 msec 52 msec
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
|
30 * * *

Router2> traceroute 192.168.100.199
1 192.168.200.2 48 msec 52 msec 52 msec
2 * * *
|
30 * * *

Collapse -

More questions

by NetMan1958 In reply to More Info

First let me say,
I used GNS3 and duplicated your topology and router configs that you posted. I created a host in network 1 and configured it based on the output you posted from "route print". Since you weren't able to post the output from "route print" for a host in network 2, I configured a host in network 2 the way I thought it should be configured. I was able to successfully ping from the host in network 1 to the host in network 2 and vice-versa. So based on that, the first thing I would do is check if the host computers on both networks have firewalls enabled and if they do, disable them and test again.

Having said that, I do see some things I would do differently depending on how you answer the following questions.
(1) Is there a particular reason you want or need to run RIP? If the only subnets involved are 192.168.0.0/24, 192.168.100.0/24 and 192.168.200.0/24 this can be done simply with static routes.

(2) Does network 2 access the Internet via 192.168.100.254 on network 1?

(3) How did the host in network 1 get the routes to network 2? That is, did you configure them manually with "route add" or are you also running RIP on the host computers?

(4) This is an excerpt from the routing table you posted for the host in network 1:
"192.168.0.0 255.255.255.0 192.168.100.88 192.168.100.199 1
192.168.0.0 255.255.255.0 192.168.100.150 192.168.100.199 1"
How did you end up with 2 routes 2 192.168.0.0/24? 192.168.100.88 looks correct, but where did 192.168.100.150 come from?

Collapse -

More Info

by Podium78 In reply to More questions

Hi Netman,
thanks a lot for taking the time to help me.
1: the computers do not have firewall, and I can ping each PC from the Router on that network.
2: no there is no particular reason but am not cisco expert and I thought this is the only way.
3: for now Network 2 has it's own gateway 192.168.0.1, but when this connection that am tring to do works fine, then Network 2 will be getting internet from Network 1, and the gateway 192.168.0.1 will be canceled.
4: I added manually the Route on the computer on Network 1, no Rip.
5: before adding this connection, I had the two sites connected via Leased line, and the route 192.168.100.150 was added before, but when I posted for you the results last time I noticed it and I deleted it.

again thank you very much and waiting for your post.

Collapse -

Suggested configs

by NetMan1958 In reply to More Info

OK, here is what I would do.
(1) Remove RIP from both routers with "no router rip"
(2) Leave the static routes you already had configured on the routers:
Router1:
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip route 192.168.0.0 255.255.255.0 192.168.200.2
Router2:
ip route 0.0.0.0 0.0.0.0 192.168.200.1
(3) Hosts on Network 2 should have a defualt gateway of 192.168.0.200 and no static routes.
(4) Hosts on Network 1 should have default gateway of 192.168.100.254 and a static route like this:
"route add -p 192.168.0.0 mask 255.255.255.0 192.168.100.88"
(5) If you try to ping hosts on Network 1 from Router2, the source IP will be the IP of the exit interface on Router2 (192.168.200.2) and since the hosts on Network 1 don't have a specific route to 192.168.200.0/24 they will send the return traffic to their default gateway (192.168.100.254) and Router2 will never receive it. You can fix this by adding a second static route to hosts on Network 1 :
route add -p 192.168.200.0 mask 255.255.255.0 192.168.100.88
Or when you ping from Router2 to hosts on Network 1, use an extended ping and specify 192.168.0.200 as the source IP.
Let me know if you are not familiar with how to do an extended ping on a Cisco router and I will post instructions.

Collapse -

One more thing

by NetMan1958 In reply to More Info

With this setup, for the hosts on Network 2 to access the Internet via the gateway on Network 1, you will need to configure that gateway (or other device that performs NAT) to NAT traffic from the 192.168.0.0/24 subnet.

Collapse -

You are Pro.

by Podium78 In reply to Cisco 861, E-line configu ...

Yesterday I almost gave up, but while reading on the net, I saw something about bridging and I thought that it might work, and I deleted all config and started from the beginning, I did as the examples but it didnt work, I made some changes according to your previous posts and it worked as charm!!!, I don't think what I did was a bridging and I meant to ask you how can I get network two to have internet from net work one, then I saw your last posts and now am sure it's not bridging but I will post them anyway.
ok, just to be sure, the next step now is to work with my firewall(192.168.100.254) on network one to NAT traffic from 192.168.0.0, and nothing to do on those two cisco router?
also I would like to say thank you very very much.
--------Router 1------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname MainRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4J
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
!
!
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917D
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.1
encapsulation dot1Q 2
ip address 192.168.200.1 255.255.255.0
bridge-group 2
!
interface Vlan1
ip address 192.168.100.88 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip route 192.168.0.0 255.255.255.0 192.168.200.2
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
login
!

------------Router 2----------------
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SecondaryRouter
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$LUD8$FHa3UHfIvd9QsSRCe4JLS1
!
no aaa new-model
memory-size iomem 10
!
!
ip source-route
!
ip cef
!
!
license udi pid CISCO861-K9 sn FCZ1510917C
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.1
encapsulation dot1Q 2
ip address 192.168.200.2 255.255.255.0
bridge-group 2
!
interface Vlan1
ip address 192.168.0.150 255.255.255.0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.200.1
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
password cisco
login
!
scheduler max-task-time 5000
end

Collapse -

The next step

by NetMan1958 In reply to Cisco 861, E-line configu ...

Great! You can remove those "bridge-group 2" lines from the routers. What type of device is your firewall at 192.168.100.254? We need to get it configured to apply NAT to traffic sourced from 192.168.0.0/24 and I think you will be in business.

Collapse -

Getting internet from Network1

by Podium78 In reply to Cisco 861, E-line configu ...

Hi Netman,
sorry about the delay, but I was tring to do it before to ask you, no luck of course.
my firewall is VigorPro 5510, on the NAT section there is't a place to include the NAT or at least I couldn't find it, anyway what I did was adding a static route to the firewall 192.168.0.0 255.255.255.0 192.168.100.88, after that I was able to ping the firewall from a PC placed on Network2, I can even connect to the web interface of the Firewall from that PC, but I couldn't get the internet traffic to pass, the PC doesn't even resolve DNS. First I put the default gate way & DNS server =192.168.0.150, then default gate way & DNS server =192.168.100.254 but both ways didn't work.
here is the link to the user manual of the firewall: ftp://ftp.draytek.pl/Seria_5510/Instrukcje/V5510_UserGuide_v2.1.pdf
waiting for your help.
Thank you in advance.

Collapse -

RE: VigorPro 5510

by NetMan1958 In reply to Getting internet from Net ...

Well, I read through that manual carefully and I didn't see a way to configure it to do what we want either. I was hoping your gateway device was a Cisco because it's easy to configure NAT on them. You can check with Draytek tech-support to find out if it is possible and how to do it.

If it turns out that the Draytek can't do what we want or if you just want to try something else, I can offer you another configuration option. This second option involves doing something you already mentioned and that is bridging. The caveat to this option is that you will need both sites to be on the same subnet (192.168.100.0 255.255.255.0).

Let me know which way you want to go.

Back to Networks Forum
14 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums