Solved

Cisco Router IP & IPX config for over a P2P T1

Posted on 2004-10-07
27
852 Views
Last Modified: 2010-08-05
I am overhauling a network that is in need of serious upgrades -- the "core" router is a Novell 4.11 server w/ 4 nics.  There are remote connections that tunnel IPX using SIB installed on old LINUX PC's.  Worse of all, they have hubs plugged into hubs plugged into hubs then to a low-end HP switch (!!).  If a protocol and frame type exists, the IT people before me turned them on!  So far, I have gotten all the AppleTalk turned off and the Novells standardized on 802.3 frame.  But I have several remote sites that are connected point-to-point with indivdual T1's back to HQ.  I have no provisioning docs for the T1's although I do know they are ATT T1s.  

I have some Cisco 2621's, 1751's and a couple of 1601's that I would like to replace some very old Ascend P130's that are used.  I have read some articles and Cisco docs trying to figure out the best config to use.  All our nets are Class C's.  Right now I'll run RIP v2 as that is what all the Novell 4.11 servers run.  There are multiple Class C's inside our HQ LAN.
So here is a basic diagram I would like to use as a template:

<-------------------- HQ ----------------------->                                                   <------------- Remote----------------->
LAN Seg <------------------> (E0) Router (S0) -----  ATT P2P T1 ------------------ (S0)  Router (E0) <------ LAN Seg--->
IP:  192.168.70.0/24           .253            192.168.1.1/30              192.168.1.2 / 30                .254   192.168.100.x/24
IPX: ace (802.3)                                    ace02e                         ace02e (HDLC)                            2e (802.3)

I do not know IPX very well...but I'd like to block any unnecessary SAP's from crossing the T1's if that is needed.  Users authenticate to the local Novell IPX server but map drives and print queues off the HQ main Novell 4.11 server.

I do know some basic router config's but I want  some clarity on:
1) clock source on the Serial I/Fs' for the p2p t1's. Routers contain WIC1 DSU/CSU cards
2) Do I set default route on the Remote Routers to the Serial interface itself or use an IP address?  The default gateway on the HQ router is this Novell 4.11 server i.e. 192.168.70.1
3) Do I need to set up a default IPX route?
4) I'd like to block SAP 7's (printers) from crossing the T1's if that is needed. Lots of HP JetDirects!
5) set up a Loopback interface?
6) Probably a really dumb question, but the /30 network connecting the Serial ports.  Can I reuse the same pair of addresses on the other HQ to Remote Serial links or does each pair need to be unique?
7) Do I need to specify bandwidth?  Its a full T1 for data only.

Any other config tunings I can use to maximize throughput over the T1's?

Thanks...
0
Comment
Question by:pmcgrew7
  • 14
  • 13
27 Comments
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
I can tackle most of these real quick...

1) clock source depends on the T1 provider. Many provide the clocking for both ends, some require you to provide the clocking. Suggest a call to AT&T. If you provide clocking, do it on the main site router only. Set remote serial interfaces to default line source.

2) Serial interfaces are OK to use as default:
  ip route 0.0.0.0 0.0.0.0 serial 0
Better, though, to use the remote serial ip:
  ip route 0.0.0.0 0.0.0.0 192.168.255.2  <== upstream serial ip, not your own

3) IPX RIP will take care of that

4) This I'll have to get back to you on....

5) No real purpose for loobacks in your case

6) Each point-point link must be a separate subnet. That's one reason for using the /30
 i.e.   192.168.255.1 - .2
         192.168.255.5 - .6
         192.168.255.9 - .10
<etc>

7) no particular reason to specify bandwidth. If full t1, then everything assumes 1.54 as the default anway with no config entry to say otherwise.
0
 

Author Comment

by:pmcgrew7
Comment Utility
Thanks...  Since I am "forces" to run RIPv2 should I include all the networks on each router end. (see below)

router rip
 version 2
 network 192.168.70.0    <---- network on the HQ ETH0
 network 192.168.255.0   <--- network on the HQ - Remote SER0
 network 192.168.100.0  <---- network on the Remote ETH0

I am still trying to get something from ATT on the clocking for the point-to-point T1.  
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Only include the connected subnets on the router in your RIP config
You don't need to include the Remote subnet.

0
 

Author Comment

by:pmcgrew7
Comment Utility
Then are you saying I need a stauic route on the HQ Router pointing to the Remote


ip route 192.168.100.0 255.255.255.0 192.168.255.254 name Remote_Location
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 125 total points
Comment Utility
Not at all. That's the whole purpose of RIP - to tell other routers what networks you have connected to you, and to learn what networks are connected to/through your neighbors

Your side:
  router rip
    ver 2
     network 192.168.70.0
     network 192.168.255.0

Remote side:
   router rip
    ver 2
    network 192.168.255.0  <== this is common to both
    network 192.168.100.0

Your side will "learn" about the 192.168.100.0 subnet
Remote side will "learn" about the 192.168.70.0 subnet
0
 

Author Comment

by:pmcgrew7
Comment Utility
Well, I have a setup like the one described....but I can not ping or traceroute from the remote location

Remote Rtr config
=================
interface Ethernet0
  ip address 192.168.110.254 255.255.255.0
 no ip route-cache
 ipx input-sap-filter 1007
 ipx network 5E
!
interface Serial1
 ip address 192.168.1.254 255.255.255.252
 ipx network E5
 ipx accounting
 service-module t1 remote-alarm-enable
 service-module t1 fdl att
!
router rip
 version 2
 network 192.168.1.0
 network 192.168.110.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.253
!
access-list 1007 deny FFFFFFFF 7
access-list 1007 permit FFFFFFFF

The Router Config at HQ
====================
interface Ethernet0
 description Loretto Campus connection
 ip address 192.168.70.247 255.255.255.0
 ipx input-sap-filter 1007
 ipx network ACE
!
interface Serial1
 ip address 192.168.1.253 255.255.255.252
 ipx network E5
 service-module t1 remote-alarm-enable
 service-module t1 fdl att
!
router rip
 version 2
 network 192.168.1.0
 network 192.168.70.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.70.1
ip route 192.168.110.0 255.255.255.0 Serial1  <=== probably unnecessary because of RIPv2 on remote
!
access-list 1007 deny FFFFFFFF 7
access-list 1007 permit FFFFFFFF

First when I display sh ip route rip on the HQ router, the 110 subnet is not there.  I assume it is because I have a static.  
Second, I am telneted into both routers.  I try to traceroute to my PC which is on different subnet (192.168.111.2),  I can do it on the HQ router but I cannot from the remote Router.  Same with ping.  From the Remote Router, Traceroute shows the 192.168.1.253 hop (Serial1 on the HQ router) then nothing.  I am wondering if it is because the addresses used on the Serial i/f's are not known to the Novell 4.11 server...(our "core") and

0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
>First when I display sh ip route rip on the HQ router, the 110 subnet is not there.  I assume it is because I have a static.  
Exactly...

>I try to traceroute to my PC which is on different subnet (192.168.111.2),  I can do it on the HQ router but I cannot from the remote Router.
I can't see in your HQ router where it knows how to get to the 192.168.111.x subnet. It must be getting to it through the default. Therefore, the router that has the .111. subnet does not know how to get back to either the .1.x WAN link subnet or the .100.x remote lan. You need to have full routing participation. I assume this is the Novell 4.11 server? Add static routes on it pointing to the local router for these two subnets..



0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Is the Novell server perchance using RIP v1 for IP?
0
 

Author Comment

by:pmcgrew7
Comment Utility
I don't know Novell too well....I'll check on Monday to see which version of RIP.  But if I remember, RIPv1 is classfull and our subnets, with the exception of one, are true class C (192.168.x.x /24) so would it really matter which version?  I know the Novell 4.11 server has a route table that points to the remote subnets out its 70.1 interface.  The HQ based routers E0 i/f are on the 70.x subnet.  My PC is connected off one of the other Novell NICs that sit on the 111.0 subnet.  So if the HQ router's default is the Novell IP (70.1) and my PC is basically directly attached off another NIC in that server...will RIP even matter?
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
As long as you are all class C's, then it won't matter.
Will RIP matter at all? RIP won't make any difference until you try to get to a remote site. The Novell server needs to know how to get to that subnet. Enabling RIP all around will make all the routing devices aware of all of the subnets. That's the whole idea.
I'm not a Novell expert by any means, but I don't think 4.x it is capable of v2

>Since I am "forces" to run RIPv2
What is it that is forcing you to use RIPv2?
0
 

Author Comment

by:pmcgrew7
Comment Utility
The "forces" are that this place has several 4.11 servers being used as "routers".  They also have several Red Hat LINUX machines at various releases performing routing and IPX tunneling.  I have purchased a Cisco 6509 that I want to use as a core.  I'd rather run OSPF and create a simple VLAN structure.  The RedHat boxes have been prone to frequent panics and kernel dumps -- basically I would rather use a true router device for this purpose.  I have done some sniffing on the netwoek and I have seen RIP packets...I'd rather not introduce another routing protocol until I have the proper equipment in place so I can have a DR / BDR properly set up.

In regards to one of your previous suggestions to put statics....the core Novell 4.11 server has statics to send the remote destination through the .70.1 interface.  But you are correct that it does not know of the addresses on the Serial I/Fs -- so it must ne sending them out it's default g/w and eventually to the internet.  So I guess I'll need to figu reout how to add statics into this Novell Server.  That brings up the issue I had posted another question on but got no real definitive solution for.  Currently, theses remote routers are Ascend P130's.  When I got here, one location was failing quite regulary.  So I replaced this pair of routers with Cisco's.  These Ascends configure quite differently than Cisco's.....they don't have an IP address or IPX network assgned to their Serial.  So I don't know how these devices route IP or IPX.  I had to assign IP and IPX addresses on the Cisco's to get them to function properly.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Sounds like you have quite a project on your hands..
Have you confirmed that Novell 4.11 uses RIP V2, or plain old RIP ?
0
 

Author Comment

by:pmcgrew7
Comment Utility
It appears that Novell 4.11 does not support RIPv2.  Looking at the Novell 4.11 route tables, it appears to be all static routing entries.  

So, configuring the Cisco's using RIPv2 is not really going to help me much in the short term.  But I will leave them in because I want to eventually relieve the Novell of serving as the "core" router.  In the meantime, I placed this statement on the router inside HQ:

ip route 0.0.0.0 0.0.0.0 192.168.70.1 name Core-Rtr

But when I do a "sh ip route", the resulting table says "Gateway of last resort not set".  Why would it not be the 192.168.70.1 address?

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
>ip route 0.0.0.0 0.0.0.0 192.168.70.1 name Core-Rtr
                                                         ^^^^^

Just leave it at the IP:
    ip route 0.0.0.0 0.0.0.0 192.168.70.1

Have you tried using RIP v1 on the router?

0
 

Author Comment

by:pmcgrew7
Comment Utility
I thought the "name" part of the command was for documentational purposes.  From what you say, it does not seem to be for that purpose.  I can't run RIPv1.  There is a Class C network that is subdivided into 4 subnets (/26).  Why? I have no clue why the previous regime chose to do that for only this particular network.  I would rather run OSPF but sinec I do not have the new core in place, I don't want to go thru the hassles of DR / BDR.  
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Like they say 'the devil's in the details'...

Good luck!
0
 

Author Comment

by:pmcgrew7
Comment Utility
Well, I tried your suggestion...here is a section of the show run:
.
.
router rip
 version 2
 network 192.168.70.0   <== /24 network on fa0/0
 network 192.168.255.0 <== /30 networks on se0/0 and ser0/1 to the p2p T1 connected remotes se i/f's
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.70.1
no ip http server

I still get....

RTR#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set <====

Why?  Running 12.2(26) of the IOS.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
This is not the same config that you posted.
Post config for interface fa 0/0 of this router..
0
 

Author Comment

by:pmcgrew7
Comment Utility
Sorry...I am working several routers.  This config will server as a model for all my rollouts...just the IP's will change!

interface FastEthernet0/0
 ip address 192.168.70.253 255.255.255.0
 duplex auto
 speed auto
 ipx input-sap-filter 1007
 ipx network ACE
 no mop enabled
0
 

Author Comment

by:pmcgrew7
Comment Utility
I am looking to put this router into productions today...anyone know why the "sh ip route" still says gateway of last resort not set ?
0
 

Author Comment

by:pmcgrew7
Comment Utility
Well I found out that when I connect the router to the networks, the "sh ip route" displayed the gateway of last resort.  Very strange....  But I ran into an even odder issue.  Serial 0/0 was connected to the T1.  The WIC had alarm light and I could not even ping the IP assigned to the Serial 0/0.  I spent several hours trying to figure out why.  Called ATT to test the circuit... The sh int ser 0/0 had line down, protocol down....  On a hunch, I shutdoen the Serial 0/1 interface which I plan to connect to another T1 to one of our other remotes.  Once I did that, the Serial 0/0 came up.  This makes no sense to me.  Here is the part of the 2621 config.  I am going to try and connect the 2nd T1 tomorrow...but I want to know why this happened.

interface FastEthernet0/0
 ip address 192.168.70.253 255.255.255.0
 duplex auto
 speed auto
 ipx input-sap-filter 1007
 ipx network ACE
 no mop enabled

interface Serial0/0
 ip address 192.168.255.253 255.255.255.252
 ipx network ACE0008E
 service-module t1 remote-alarm-enable
 service-module t1 fdl att

interface Serial0/1  <===  Issued "shutdown" on this interface
 ip address 192.168.255.249 255.255.255.252
 ipx network ACE0002E
 service-module t1 remote-alarm-enable
 service-module t1 fdl att

router rip
 version 2
 network 192.168.70.0
 network 192.168.255.0
 no auto-summary

ip classless
ip route 0.0.0.0 0.0.0.0 192.168.70.1
no ip http server

access-list 1007 deny FFFFFFFF 47
access-list 1007 permit FFFFFFFF
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
Part 1 makes perfect sense. The interface has to be up for the route to be availble. The route has to be available to show up as "gateway of last resort". I never realized you didn't even have it plugged into anything....

>service-module t1 fdl att
Were you given that command by the telco? Suggest removing it if not..

I have no explanation as to why Serial 0/0 would not come up until serial 0/1 was administratively shut down...
I'm curious to know what happens when you enable the second line..

0
 

Author Comment

by:pmcgrew7
Comment Utility
Circuit is ATT and they told me that is correct FDL.  I had used defaults for most of the commands as I have no provisioning.  But the circuit ID's are ATT but the LEC is Verizon...so who knows!  I don't think there is anyway to tell!  

I still have issues on clock source.  ATT tech told me that they provide no clock.  So one end the clock must be set to internal and the other end set to line.  Of course, I have 2 1601's between HQ and another location....both clock sources are set to default which is "line".  The location I set up yesterday, I had to chnage the remote 1751 to internal and the 2621 at HQ set to line.  

I "no shut" the 2nd 2621 Serial which I plan to connect today to another remote.  So far, the Serial 0/0 is still up and working fine.  This does not make sense!  But I bet my bottom dollar that I will have problems swapping out the remote router for the 1751 like I had yesterday!
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
If you don't provide the clocking, your line will get timing errors. If you look at the interfaces on the point-to-point that have both ends set to line, you might see a bunch of errors. Setting one end to provide the line clocking will correct the errors and dramatically increase the effieciency of the link.
0
 

Author Comment

by:pmcgrew7
Comment Utility
Yes, I agree.  But someone has told me that clocking can be done by the provider so w/o any T1 provisioning docs, I just let the defaults stay where I was not 100% sure.   Anyway, I did change the remote 1601's clock source to internal because I agree with your statement.  Doing that took the T1 down :(.  DCD and CTS on the HQ's side went down -- the clock source on this side was "line".  Had to call ATT to test the line.  It just came back up.  I really don't understand why the T1's get "hung" like that.  I expect that I will run into this same issue when I swap out the next remote router today and connect the HQ end into that 2nd WIC DSU/CSU in the 2621.  I already have the configd clocking set to internal at the remote site and line on the HQ side.  Any suggestiong on how to "reset" the connection w/o having to wait for ATT to test the line??  I have tried almost every Cisco clear / shut command I can think of to try and get the ends to talk.
0
 
LVL 79

Expert Comment

by:lrmoore
Comment Utility
I would suggest power-cycling the 1601 after making the change, but then you lose the change because you lose contact before you can save the changes - catch 22... unless you can make the change onsite at the remote through the console, or with out-of-band modem access...
Did you look at the interface error stats before you made the change? What did the error counts look like?
If it's clean with no errors, then leave status quo alone..
0
 

Author Comment

by:pmcgrew7
Comment Utility
CRC's were not too bad....a few 100 or so...a huge improvement over the 1000's the Ascend P130's.    But I telneted and changed the remote side clock source to internal.  I just wanted the configs to be consistent and correct.  Once I exited out of the config mode, the T1 "hung".  It appeared to clear up after the ATT autotesting...now it is down again.... Murphy strikes again!
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now