Solved

Frame relay (lab setup). Users can no longer access internet

Posted on 2004-10-13
18
261 Views
Last Modified: 2010-04-17
Ok, I have 2 routers connected back to back. Initially, I was running PPP encapsulation between them . And users on both networks could ping the internet.  Everything was great.

Just recently, I set up frame relay between the two routers instead of the PPP.  It is not the typcal frame relay setup, since its using a back to back serial.   My problem is users in 192.168.2.0 cant even get an IP from my DHCP server anymore.  None of the clients in 192.168.2.0 can even ping RouterB.   Yet 192.168.2.1 (router B) can ping everywhere.

Here is a diagram of the network
http://mvpbaseball.cc/ee.jpg

Here is my sh run from RouterA (192.168.1.40)
http://mvpbaseball.cc/routera.txt

Here is my sh run from RouterB (192.168.2.1)
http://mvpbaseball.cc/routerb.txt

What is set wrong? Users in the 192.168.2.0 network cant even get an IP.  Yet, Router A can ping Router B's interfaces fine.
Thanks!
0
Comment
Question by:dissolved
  • 9
  • 8
18 Comments
 
LVL 4

Assisted Solution

by:celsmk
celsmk earned 50 total points
Comment Utility
Hi,

Looks like you need an extra mapping for broadcasts sent from DHCP clients on 192.168.2.0 subnet in order to get to your DHCP server.

First try configuring the following in your RouterB:
!
ip helper-address 192.168.1.xx <--put here the DHCP server IP address!
!

This will instruct your RouterB to transform broadcast packets sent from your stations on 192.168.2.0 into unicast packets sent to your DHCP server (192.168.1.xx).

I do think this will be enough, but in case it doesn't, configure the following frame-relay map:
!
interface Serial0.1 point-to-point
 frame-relay interface-dlci 101
 frame-relay map ip 192.168.1.xx broadcast
!

Regards,

Celsmk
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
You probably should add this to one of the routers serial configuration too “frame-relay switching”. I know I have needed it to run frame relay across back to back routers via a crossover T1, so you may also need it for back to back routers via a crossover serial interface.

Also I’d remove RIP, and Replace it with EIGRP, as it’s a considerable more robust dynamic routing protocol than RIP.

router eigrp 10
redistribute connected
redistribute static
network 192.168.0.0
no auto-summary

0
 
LVL 13

Accepted Solution

by:
Dr-IP earned 450 total points
Comment Utility
Also for your lab setup only one router should have 0.0.0.0 0.0.0.0 pointed to the other routers serial interface, that one that isn’t connected to the internet. And the one connected to the internet should have a route to the network on the other router Ethernet interface. But if you get EIGRP working, you don’t need any static routes.

Example router connected to the internet.

E0 192.168.1.1  255.255.255.0
S0 192.168.0.5 255.255.255.252

IP route 172.168.2.0 255.255.255.0 192.168.0.6
IP route 0.0.0.0 0.0.0.0 <IP address of next hop>


Second router

E0 192.168.2.1  255.255.255.0
S0 192.168.0.6 255.255.255.252

IP route 0.0.0.0 0.0.0.0 192.168.0.5




0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
PS Except one on the router connected to the internet, the rest of the routes will be learned dynamically.
0
 

Author Comment

by:dissolved
Comment Utility
Ok thanks guys. So the gateway of last resort (0.0.0.0 0.0.0.0 etc) should only be placed in routers that are NOT connected to the internet????

celmsk, I will try that map command now thanks. I already have ip helper address in there though, hmm.


dr ip: thanks i will try the frame-relay switching command

0
 

Author Comment

by:dissolved
Comment Utility
ok, I tried


Router(config-subif)#frame-relay map ip 192.168.1.98 101 broadcast
FRAME-RELAY INTERFACE-DLCI command should be used on point-to-point interfaces
Router(config-subif)#


But I didnt try the frame-relay switching command. What does it entail?
thanks!
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
Just add it to one of the serial interfaces.

Also what do you get when you do a "sh frame-relay pvc"
0
 

Author Comment

by:dissolved
Comment Utility
I know that LMI is inactive since I have my frame setup this way (as stated here by Cisco):  http://www.cisco.com/warp/public/125/frbacktoback.html  
Is that a correct assumption?

Anyway, here it is on router B:
Router#sh frame-relay pvc

PVC Statistics for interface Serial0 (Frame Relay DTE)

              Active     Inactive      Deleted       Static
  Local          0            0            0            1
  Switched       0            0            0            0
  Unused         0            0            0            0

DLCI = 101, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE = Serial0.1

  input pkts 6495          output pkts 6238         in bytes 940709
  out bytes 726190         dropped pkts 0           in pkts dropped 0
  out pkts dropped 0                out bytes dropped 0
  in FECN pkts 0           in BECN pkts 0           out FECN pkts 0
  out BECN pkts 0          in DE pkts 0             out DE pkts 0
  out bcast pkts 5197      out bcast bytes 667050
  pvc create time 1d03h, last time pvc status changed 1d03h


--------------------------------
Also, I gave this command in router B. Is this correct ( i wont be able to test it until tomorrow)

Router(config)#int s0.1 point-to-point
Router(config-subif)#frame-relay switching
Router(config)#


Thanks Dr IP!
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
It looks like the protocol is up and passing traffic, so you probably have a routing issue like I thought. As for the frame relay command, that's so you can get LMI active like in the real world. I see Cisco recommends putting it in the root config, but I have always stuck it on the primary interface, it probably will work on the sub interface to, but I am not sure of that one, but it should not hurt anything if it's there too.

http://www.cisco.com/warp/public/125/frbacktoback_hybrid.html



0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
Tests to check basic routing

From router A

Ping router B serial interface

Ping router B Ethernet interface

From router B

Ping router A serial interface
 
Ping router A Ethernet interface




0
 

Author Comment

by:dissolved
Comment Utility
Ok everything pings and responds ok. It did prior to any configurations as well. It's just the clients that are having trouble on the 192.168.2.0 network. hmmmm
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
Remove the access list from that routers Ethernet interface.
0
 

Author Comment

by:dissolved
Comment Utility
Yea thats whats weird. The e0 of router B (192.168.2.1) can ping anywhere fine

It's just the hosts behind it that cant. And they are statically assigned IPs.  It may be the ACLs. I'll try that.

When you get a chance, could you elaborate on the default routes more and where to place them? My setup has been working great (when using ppp between the two routers). I set a gateway of last resort on both routers and enabled ip classless. WOrked like a charm.
thanks!
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
Default routes, or in proper router nomenclature, routes of last resort, generally point towards the next router, that is unless they are connected to multiple routers, then it’s usually to towards the attached router with the greatest link speed followed by the shortest path towards the core.

But as always in the router world general rules don’t always apply, like when you add an edge router to a large network to allow for Internet access. Then ever thing will ultimately end up having their routes of last resort pointed towards it regardless of link speed. Also there are times the shortest path is chosen over link speed, but now we are getting into performance tuning.

There is a hierarchy of route types by the way, directly connected, static routes, and dynamic. And when there are two matches of the same route type, i.e. 10.10.10.0 255.255.255.0 or 10.0.0.0 255.0.0.0, for the destination 10.10.10.10, the best match is used, in this case 10.10.10.0 255.255.255.0.
0
 

Author Comment

by:dissolved
Comment Utility
Thanks for the explanation. I'm going to give the ACL thing a try. I have a feeling thats the problem. Especially since router B can ping anywhere.
Thanks!
0
 

Author Comment

by:dissolved
Comment Utility
It was the ACL. Works great now. I took off the frame-relay switching command (to see what would happen) and everything still worked.  Whats the frame-relay switching command do?

Thank you for the help fellas
0
 
LVL 13

Expert Comment

by:Dr-IP
Comment Utility
The “frame-relay switching” command with the “frame-relay intf-type dce” command will make the router act like a frame relay switch. That way you can get LMI enabled. As for what was wrong with the access list, you forgot to add a permit any. An access list without it, only allows what is expressly permitted, and since you had nothing permitted, all LAN traffic was blocked.

Router1#show frame-relay pvc
PVC Statistics for interface Serial0 (Frame Relay DCE)

              Active     Inactive      Deleted       Static
  Local          1            0            0            0
  Switched       0            0            0            0
  Unused         0            0            0            0

DLCI = 101, DLCI USAGE = LOCAL, PVC STATUS = ACTIVE, INTERFACE = Serial0

  input pkts 207           output pkts 239          in bytes 15223
  out bytes 14062          dropped pkts 0           in FECN pkts 0
  in BECN pkts 0           out FECN pkts 0          out BECN pkts 0
  in DE pkts 0             out DE pkts 0
  out bcast pkts 17        out bcast bytes 3264
  PVC create time 00:11:32, last time PVC status changed 00:11:32
Router1#show frame-relay lmi
LMI Statistics for interface Serial0 (Frame Relay DCE) LMI TYPE = CISCO
  Invalid Unnumbered info 0             Invalid Prot Disc 0
  Invalid dummy Call Ref 0              Invalid Msg Type 0
  Invalid Status Message 0              Invalid Lock Shift 0
  Invalid Information ID 0              Invalid Report IE Len 0
  Invalid Report Request 0              Invalid Keep IE Len 0
  Num Status Enq. Rcvd 72               Num Status msgs Sent 71
  Num Update Status Sent 0              Num St Enq. Timeouts 0
Router1#

0
 

Author Comment

by:dissolved
Comment Utility
Thanks!!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now