Solved

inhouse testing - computer acting as router

Posted on 2004-09-09
11
389 Views
Last Modified: 2013-11-29
Hi

I am wanting to test our server setup inhouse before colocation deployment.

This is the configuration:

Cisco CSS 11150 (WebNS 6.1) (IP: 211.77.90.38 Subnet: 255.255.255.252) connects to two servers (IPs: 211.77.91.19 & 211.77.91.20 Subnet: 255.255.255.240) and two DNS servers (IPs: 211.77.91.17 & 211.77.91.18 Subnet: 255.255.255.240).

When deployed the Cisco CSS will connect to the ISPs router on the same subnet ie. Router IP: 211.77.90.37 Subnet: 255.255.255.252.

Before deployment, I would like to test this configuration and the Cisco CSS functionality. I have connected a spare computer directly to the CSS (in the place of the router) and put in the same network settings as the router (ie. Router IP: 211.77.90.37 Subnet: 255.255.255.252.)

Currently the configuration does not work ie. from the spare computer that is acting as the ISPs router I can not ping any other the servers or the DNS machines.

Am I missing something? Is this possible?

Thanks in advance.




0
Comment
Question by:rot299
  • 4
  • 3
  • 2
  • +1
11 Comments
 

Expert Comment

by:hit4063
ID: 12024676
211.77.91.17 - 20 are not valid with the 255.255.255.240 Mask! With such a mask you can use the IPs 211.77.91.1 - 211.77.91.15. So give your servers IPs inside of that range.
Which device makes the routing between the Cisco and the servers? Does the Cisco have a second IP Address inside the server range?
Which default gateway did you configure?

0
 
LVL 4

Expert Comment

by:complexymetron
ID: 12024754
That's not correct.
The .240 subnet mask allows Subnets with 16 IP adresses each (14 Hosts + 2 reserved IPs for net and broadcast). The following subnets are perfectly correct:
211.77.91.0    (1-14)
211.77.91.16  (17-30)
211.77.91.32  (31-46)
211.77.91.48  (49-62)
211.77.91.64  (65-78)
...
and so on
0
 
LVL 4

Accepted Solution

by:
complexymetron earned 350 total points
ID: 12024811
When I understand you correctly you want this setup:

       Spare PC (as subsitute for your ISP)  
             I  211.77.90.37
             I
             I
             I  211.77.90.38
     Cisco CSS  .38
             I  211.77.91.??
             I
             I
             I       [211.77.91.16/28]
 -----------------------------------------
    I          I            I                I
 DNS1   DNS2    Server1     Server2
  .17      .18         .19            .20


You didn't mention the IP of the Cisco CSS on your internal network. I'd suggest .30

I'd first try to check each network segment by pinging each station from Cisco and vice versa. Same with your spare PC and the Cisco. Just to check basic installation and then move on to the router config.
0
 
LVL 16

Expert Comment

by:The--Captain
ID: 12033583
hit4063 does not seem to understand subnet masks, and is quite incorrect

I agree with complexymetron's analysis and advice...  Please keep us informed.

Cheers,
-Jon
0
 

Expert Comment

by:hit4063
ID: 12041176
complexymetron  and The--Captain are right. I made a big mistake in my post, sorry for the inconvenience i caused. (we had a similar case at work with someone using ip's 1 - 20 and the same subnet mask as you and somehow my brain made a shortcut. sorry again)

traceroute can also help you check your config. so after doing the ping-checks complexymetron mentioned, try traceroutes from your stations to the spare pc and vice versa.
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:rot299
ID: 12041399
Thanks complexymetron! (and The--Captain and hit4063)

I was intending to set the internal network IP on the Cisco CSS at 211.77.91.16 (but I do not know if this is a usage IP) and how do I set the internal IP for the CSS?

I received this from my ISP:

--------------
Your new allocation is:

211.77.91.16/28

This means that your useable ip's are 211.77.91.17 through to 211.77.91.30

The bridging IP's (ie between your CSS and our router) is:

211.77.90.36/30

This means that our router is 211.77.90.37 and your CSS should sit on 211.77.90.38. You should point all your traffic to 211.77.90.37.
---------------

Hope this helps. Thanks in advance.
0
 
LVL 16

Assisted Solution

by:The--Captain
The--Captain earned 150 total points
ID: 12041443
>I was intending to set the internal network IP on the Cisco CSS at 211.77.91.16 (but I do not know if this is a usage IP)

.16 is not a usable IP - IMO, you should use 17 or .30 (as Complexymetron suggests), since your gateway IP is easier to remember if it's the first or last IP in your block.

>and how do I set the internal IP for the CSS?

Not sure - I'd have to go to cisco.com and read the documentation

>Currently the configuration does not work ie. from the spare computer that is acting as the ISPs router I can not ping any other
>the servers or the DNS machines.

Your ISPs router (which are are currently impersonating with your PC) will certainly have a route to 211.77.91.16/28 through 211.77.90.38 - have you added such a route with the "route" command (or similar mechanisms)?  Or at least have you added a default route (in other words, defined your gateway) on the "router" PC through 211.77.90.38?

Cheers,
-Jon
0
 
LVL 4

Expert Comment

by:complexymetron
ID: 12041910
This (http://www.tomax7.com/mcse/cisco_lab.htm) should give you an idea how to set the ip for the internal interface.

As The--Capatin mentioned, .16 isn't available for a /28-net. The explanation is: all host-bits are set to 0, which would address the network, not a host. The address with all bits set to 1 is also prohibited, because that would address all hosts in that network, so .31 isn't available either, making the useable addresses span from .17 to .30

If your internal interface of the CSS isn't set up properly, things won't work. So check that first. Saying again: pings have to be possible from the CSS to your servers and vice versa.
Can your spare PC reach (i.e. ping) the router?
0
 
LVL 1

Author Comment

by:rot299
ID: 12060986
Hi - Thanks again for your comments.

To make it easier, I have uploaded a powerpoint file of the network. You can download a copy at: www.webation.com/hostingdiagram4a.ppt

The diagram includes features that I didn't mention in the first post - sorry!

The DRAC cards are remote management cards with real IPs. The internal Cisco CSS IP is: 211.77.91.17.

Does the diagram look correct to you? Ask any questions if you like. Do I have to setup the computer that I am setting up in the position of the "ISP Cisco Router" any differently (ie. apart from changing the network settings)?

Thanks in advance.
0
 
LVL 4

Expert Comment

by:complexymetron
ID: 12062642
First: are you able to ping the attached devices directly to ensure proper network installation? E.g. ISP <-> CSS, CSS <-> your servers

The computer you want to be your ISPs router doesn't have to be configured special - just the network settings have to be right:
He has to know where to reach 211.77.91.16/28. The command for windows would be:
"route -p add 211.77.91.16 mask 255.255.255.240 211.77.90.38"
(The "-p" stands for permanent, meaning windows won't forget that route after reboot)

I don't have a very good feeling about using the same gigabit switch for the DRAC-cards. Unless you're using a VLAN for them I'd prefer an extra switch for those cards. Since they seem to be used from the outside (therfore the connection to the gigabit switch), even a 10MBit hub would be sufficient.

I don't know the CSS very well, you're able to attach 5 devices directly to it? Or is there a switch between them, too?
0
 
LVL 1

Author Comment

by:rot299
ID: 12065052
Hi

I have worked it out... thanks for your assistance. CSS works finially! Was a real bastard.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
nmap scanner? 7 77
3Com 5500G-EI 3CR17254-91 dual-purposed ports 2 54
Printer Settings 3 59
What's the problem with my DSL? 4 18
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now